Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/5/326131333a633030373a383062303a3a2f34342d3434203d3e20313939313833.roa
File:                     326131333a633030373a383062303a3a2f34342d3434203d3e20313939313833.roa (raw, json)
Hash identifier:          F2KMKRYTZW8VQv0CDWFKJD8wFn8BDVibVW458yP8ses=
Subject key identifier:   4E:CD:E4:D5:93:09:05:0D:B8:7E:4A:0D:50:82:D7:3A:AB:E6:A1:3B
Certificate issuer:       /CN=AD4A224A9565F67E4914E6F8C2B3C34303C9C875
Certificate serial:       3C2B86B26F83C82EDF4AD11229DBC4E6E272ACDE
Authority key identifier: AD:4A:22:4A:95:65:F6:7E:49:14:E6:F8:C2:B3:C3:43:03:C9:C8:75
Authority info access:    rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer
Subject info access:      rsync://rpki.co/repo/AS945/5/326131333a633030373a383062303a3a2f34342d3434203d3e20313939313833.roa
Signing time:             Mon 11 Mar 2024 04:13:53 +0000
ROA not before:           Mon 11 Mar 2024 04:08:53 +0000
ROA not after:            Mon 10 Mar 2025 04:13:53 +0000
asID:                     199183
IP address blocks:        2a13:c007:80b0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.crl
                          rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.mft
                          rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 22:47:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:2b:86:b2:6f:83:c8:2e:df:4a:d1:12:29:db:c4:e6:e2:72:ac:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AD4A224A9565F67E4914E6F8C2B3C34303C9C875
        Validity
            Not Before: Mar 11 04:08:53 2024 GMT
            Not After : Mar 10 04:13:53 2025 GMT
        Subject: CN=4ECDE4D59309050DB87E4A0D5082D73AABE6A13B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:80:b3:5b:3e:39:cb:8b:b0:16:c5:49:cf:05:
                    69:c9:1e:84:8a:72:af:76:ba:ee:75:06:54:c8:06:
                    76:d1:d3:29:e8:77:fe:19:60:6c:d2:46:25:f0:02:
                    3c:7b:d4:da:2b:10:20:98:c2:85:63:cd:a9:a4:d9:
                    fd:fa:46:6e:d6:a3:e5:f5:d9:1a:16:7d:fe:09:36:
                    cb:f4:6e:51:4a:c0:38:88:41:69:e3:50:5d:16:4d:
                    1d:c4:ad:83:3b:2b:fe:59:22:3b:ef:d8:42:56:e2:
                    56:1e:15:f6:1a:9b:e6:9c:a0:db:ab:1b:6a:30:32:
                    47:a9:05:43:86:fd:9b:f1:6d:5b:00:6b:0f:0e:e8:
                    30:b4:60:e7:fc:d3:5c:20:df:7d:97:a7:a4:70:27:
                    6a:12:56:d3:c2:f9:b9:27:36:49:30:7d:c4:70:7f:
                    96:fd:38:14:da:55:00:58:cb:18:17:b3:8b:6c:a9:
                    66:78:cd:c6:d5:a7:b2:c8:e7:31:c5:d5:23:47:79:
                    71:0e:a3:1a:0a:e7:1d:6c:86:2a:bd:4a:0e:62:6d:
                    cd:69:42:51:d7:86:b2:d8:28:a8:20:36:52:c3:49:
                    2f:f0:c6:73:fa:f8:c7:b8:ec:54:70:8b:48:55:f4:
                    b2:f4:a2:94:0f:a3:9a:31:de:e0:79:75:5c:1c:02:
                    6c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:CD:E4:D5:93:09:05:0D:B8:7E:4A:0D:50:82:D7:3A:AB:E6:A1:3B
            X509v3 Authority Key Identifier:
                keyid:AD:4A:22:4A:95:65:F6:7E:49:14:E6:F8:C2:B3:C3:43:03:C9:C8:75

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/5/326131333a633030373a383062303a3a2f34342d3434203d3e20313939313833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:80b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         5e:b7:9e:b8:48:2d:61:8a:f7:4e:5d:95:24:35:02:3d:71:f2:
         40:29:37:c4:36:9c:fb:7d:bc:7c:25:51:a7:d5:64:93:a9:24:
         b4:d0:8f:23:ad:90:c5:3f:db:98:29:65:ff:bd:21:dc:d9:71:
         22:8a:a6:11:bf:6c:0c:6c:b2:5c:73:3b:93:c8:c0:6c:0d:cd:
         fc:ac:c4:2d:13:67:c5:36:2a:fe:ba:ae:1e:95:ad:01:01:ab:
         ea:16:9f:42:1b:87:d7:e8:33:2f:de:4b:f1:fc:1d:4e:a1:ae:
         7e:86:b7:86:81:c9:62:60:ac:e6:ee:32:e9:c9:5e:86:ae:2b:
         d4:8c:70:09:74:35:47:aa:a7:2d:a9:b2:91:c9:f5:f3:c4:77:
         a0:1c:d7:76:2a:97:c8:d7:3d:14:a4:1e:f8:f9:57:20:ed:6c:
         cd:fe:f0:f1:34:a6:9d:69:7a:a3:f8:59:f0:c7:0c:d2:36:b4:
         86:26:8d:00:10:03:8a:02:a5:cc:fd:42:f1:d3:83:10:18:db:
         a3:c7:09:47:75:0b:f7:69:3e:ff:2d:9d:cf:74:cb:bf:fb:83:
         63:84:36:f7:0d:d5:0a:e4:e9:ec:c4:de:e4:e6:de:79:0b:0e:
         5a:f6:78:3e:74:48:e1:9d:59:e2:04:8d:c8:f6:e1:9f:5b:1a:
         bc:5c:d7:7a
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUPCuGsm+DyC7fStESKdvE5uJyrN4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUQ0QTIyNEE5NTY1RjY3RTQ5MTRFNkY4QzJCM0MzNDMw
M0M5Qzg3NTAeFw0yNDAzMTEwNDA4NTNaFw0yNTAzMTAwNDEzNTNaMDMxMTAvBgNV
BAMTKDRFQ0RFNEQ1OTMwOTA1MERCODdFNEEwRDUwODJENzNBQUJFNkExM0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClgLNbPjnLi7AWxUnPBWnJHoSK
cq92uu51BlTIBnbR0ynod/4ZYGzSRiXwAjx71NorECCYwoVjzamk2f36Rm7Wo+X1
2RoWff4JNsv0blFKwDiIQWnjUF0WTR3ErYM7K/5ZIjvv2EJW4lYeFfYam+acoNur
G2owMkepBUOG/ZvxbVsAaw8O6DC0YOf801wg332Xp6RwJ2oSVtPC+bknNkkwfcRw
f5b9OBTaVQBYyxgXs4tsqWZ4zcbVp7LI5zHF1SNHeXEOoxoK5x1shiq9Sg5ibc1p
QlHXhrLYKKggNlLDSS/wxnP6+Me47FRwi0hV9LL0opQPo5ox3uB5dVwcAmy/AgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUTs3k1ZMJBQ24fkoNUILXOqvmoTswHwYDVR0j
BBgwFoAUrUoiSpVl9n5JFOb4wrPDQwPJyHUwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzUvQUQ0QTIy
NEE5NTY1RjY3RTQ5MTRFNkY4QzJCM0MzNDMwM0M5Qzg3NS5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC8x
L0FENEEyMjRBOTU2NUY2N0U0OTE0RTZGOEMyQjNDMzQzMDNDOUM4NzUuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvNS8zMjYxMzEzMzNhNjMzMDMwMzczYTM4MzA2MjMwM2EzYTJmMzQzNDJk
MzQzNDIwM2QzZTIwMzEzOTM5MzEzODMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhPAB4CwMA0GCSqG
SIb3DQEBCwUAA4IBAQBet564SC1hivdOXZUkNQI9cfJAKTfENpz7fbx8JVGn1WST
qSS00I8jrZDFP9uYKWX/vSHc2XEiiqYRv2wMbLJcczuTyMBsDc38rMQtE2fFNir+
uq4ela0BAavqFp9CG4fX6DMv3kvx/B1Ooa5+hreGgcliYKzm7jLpyV6GrivUjHAJ
dDVHqqctqbKRyfXzxHegHNd2KpfI1z0UpB74+Vcg7WzN/vDxNKadaXqj+FnwxwzS
NrSGJo0AEAOKAqXM/ULx04MQGNujxwlHdQv3aT7/LZ3PdMu/+4NjhDb3DdUK5Ons
xN7k5t55Cw5a9ng+dEjhnVniBI3I9uGfWxq8XNd6
-----END CERTIFICATE-----