Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/5/326131333a633030373a383031623a3a2f34382d3438203d3e20313939313038.roa
File:                     326131333a633030373a383031623a3a2f34382d3438203d3e20313939313038.roa (raw, json)
Hash identifier:          ISzPUFI1xjPaDo/BMrkwegvcxx3VywINY6SubcJHFUM=
Subject key identifier:   E0:2D:65:34:34:3D:0E:77:AE:B7:07:D7:84:41:6F:6A:25:23:9F:5A
Certificate issuer:       /CN=AD4A224A9565F67E4914E6F8C2B3C34303C9C875
Certificate serial:       748C7010C30A5C3F3BE8B721AB804FE4A28650FC
Authority key identifier: AD:4A:22:4A:95:65:F6:7E:49:14:E6:F8:C2:B3:C3:43:03:C9:C8:75
Authority info access:    rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer
Subject info access:      rsync://rpki.co/repo/AS945/5/326131333a633030373a383031623a3a2f34382d3438203d3e20313939313038.roa
Signing time:             Mon 11 Mar 2024 04:13:53 +0000
ROA not before:           Mon 11 Mar 2024 04:08:53 +0000
ROA not after:            Mon 10 Mar 2025 04:13:53 +0000
asID:                     199108
IP address blocks:        2a13:c007:801b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.crl
                          rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.mft
                          rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 15:36:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:8c:70:10:c3:0a:5c:3f:3b:e8:b7:21:ab:80:4f:e4:a2:86:50:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AD4A224A9565F67E4914E6F8C2B3C34303C9C875
        Validity
            Not Before: Mar 11 04:08:53 2024 GMT
            Not After : Mar 10 04:13:53 2025 GMT
        Subject: CN=E02D6534343D0E77AEB707D784416F6A25239F5A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:97:4a:49:9a:11:ba:9a:c1:70:22:e5:56:9c:
                    a7:3d:e7:f7:4f:57:42:c8:fa:b2:d2:74:53:13:38:
                    dd:4e:60:40:e2:8f:a7:0d:da:d1:d7:b0:33:b9:06:
                    e8:b1:0b:cb:9a:eb:2e:4e:90:86:16:54:d8:99:3f:
                    6c:f1:46:da:86:e8:47:4a:ad:4b:8b:67:be:76:52:
                    a7:47:1b:92:83:16:05:a2:68:e8:7c:14:f8:f1:dd:
                    24:ba:2e:f1:2e:d8:0a:68:da:30:ce:d6:6b:ce:24:
                    9a:7e:a6:19:5d:23:cf:9a:ce:46:ad:69:a5:2e:85:
                    e3:2d:77:78:5a:c2:19:29:31:83:62:6c:ac:35:8c:
                    2d:39:c1:f7:70:26:44:5e:c4:21:f4:52:2b:7b:2b:
                    1f:7a:b4:c1:bb:6f:8e:c3:8a:bf:bf:7a:70:d8:87:
                    6e:00:2b:7a:87:46:cf:b2:c7:02:db:60:aa:e1:ec:
                    f9:d3:ab:ec:92:5f:33:90:49:b6:37:4b:b9:91:3d:
                    b9:f7:8d:ba:30:da:66:5b:40:58:37:32:e4:67:77:
                    22:ef:90:1e:dd:a4:81:1b:49:ce:d7:0c:6e:e8:ef:
                    cc:b0:36:ac:45:d9:39:82:06:b3:f9:ae:d8:e1:01:
                    98:fc:93:fc:c9:ec:de:af:01:d0:55:15:82:3b:56:
                    1b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:2D:65:34:34:3D:0E:77:AE:B7:07:D7:84:41:6F:6A:25:23:9F:5A
            X509v3 Authority Key Identifier:
                keyid:AD:4A:22:4A:95:65:F6:7E:49:14:E6:F8:C2:B3:C3:43:03:C9:C8:75

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/5/326131333a633030373a383031623a3a2f34382d3438203d3e20313939313038.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:801b::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:c0:20:c9:a6:ca:f8:a2:91:49:d5:6a:17:e0:dc:62:ab:38:
         cf:99:20:f4:f4:97:a4:5c:fd:f1:69:9a:ae:a3:e2:d1:32:cb:
         ee:b1:27:09:69:cc:31:9d:b8:65:b9:a6:27:f0:b0:58:ea:f6:
         36:d7:0d:15:ee:7b:63:f0:ad:7c:05:e1:8d:7f:cd:f5:f6:f9:
         3e:7e:21:f2:cc:0e:17:76:53:82:2a:43:a5:74:f5:6b:c5:60:
         2f:96:88:53:8e:a2:3f:a1:43:7b:cc:fb:9b:87:bc:c1:f4:66:
         3b:2c:0f:0c:b9:56:48:8f:0c:98:47:dd:c2:90:c1:83:81:30:
         a9:db:f1:d6:a7:cd:00:c1:19:a2:2a:16:5c:a1:c0:51:91:48:
         8b:93:14:99:ad:31:a7:2c:1e:bf:3e:91:2d:43:43:aa:11:ff:
         f6:5c:a6:9f:27:d5:2b:1d:d4:67:5e:a7:0a:9d:23:91:58:d4:
         d2:fd:1b:42:9d:87:ff:44:cc:2d:74:2d:0f:c8:37:b3:e5:0e:
         0d:00:6b:c9:68:09:58:0f:4c:f9:cf:5f:0e:3d:ea:9e:2a:81:
         93:e4:b4:ff:28:35:e8:9b:6c:0e:30:c4:5d:78:be:c8:e9:c1:
         2f:2a:07:71:0c:e5:1c:45:9b:f2:c7:3d:02:2c:4f:cf:e9:94:
         21:5d:26:62
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUdIxwEMMKXD876Lchq4BP5KKGUPwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUQ0QTIyNEE5NTY1RjY3RTQ5MTRFNkY4QzJCM0MzNDMw
M0M5Qzg3NTAeFw0yNDAzMTEwNDA4NTNaFw0yNTAzMTAwNDEzNTNaMDMxMTAvBgNV
BAMTKEUwMkQ2NTM0MzQzRDBFNzdBRUI3MDdENzg0NDE2RjZBMjUyMzlGNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFl0pJmhG6msFwIuVWnKc95/dP
V0LI+rLSdFMTON1OYEDij6cN2tHXsDO5BuixC8ua6y5OkIYWVNiZP2zxRtqG6EdK
rUuLZ752UqdHG5KDFgWiaOh8FPjx3SS6LvEu2Apo2jDO1mvOJJp+phldI8+azkat
aaUuheMtd3hawhkpMYNibKw1jC05wfdwJkRexCH0Uit7Kx96tMG7b47Dir+/enDY
h24AK3qHRs+yxwLbYKrh7PnTq+ySXzOQSbY3S7mRPbn3jbow2mZbQFg3MuRndyLv
kB7dpIEbSc7XDG7o78ywNqxF2TmCBrP5rtjhAZj8k/zJ7N6vAdBVFYI7VhvDAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQU4C1lNDQ9DneutwfXhEFvaiUjn1owHwYDVR0j
BBgwFoAUrUoiSpVl9n5JFOb4wrPDQwPJyHUwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzUvQUQ0QTIy
NEE5NTY1RjY3RTQ5MTRFNkY4QzJCM0MzNDMwM0M5Qzg3NS5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC8x
L0FENEEyMjRBOTU2NUY2N0U0OTE0RTZGOEMyQjNDMzQzMDNDOUM4NzUuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvNS8zMjYxMzEzMzNhNjMzMDMwMzczYTM4MzAzMTYyM2EzYTJmMzQzODJk
MzQzODIwM2QzZTIwMzEzOTM5MzEzMDM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPAB4AbMA0GCSqG
SIb3DQEBCwUAA4IBAQARwCDJpsr4opFJ1WoX4NxiqzjPmSD09JekXP3xaZquo+LR
MsvusScJacwxnbhluaYn8LBY6vY21w0V7ntj8K18BeGNf8319vk+fiHyzA4XdlOC
KkOldPVrxWAvlohTjqI/oUN7zPubh7zB9GY7LA8MuVZIjwyYR93CkMGDgTCp2/HW
p80AwRmiKhZcocBRkUiLkxSZrTGnLB6/PpEtQ0OqEf/2XKafJ9UrHdRnXqcKnSOR
WNTS/RtCnYf/RMwtdC0PyDez5Q4NAGvJaAlYD0z5z18OPeqeKoGT5LT/KDXom2wO
MMRdeL7I6cEvKgdxDOUcRZvyxz0CLE/P6ZQhXSZi
-----END CERTIFICATE-----