Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/5/326131333a633030373a383130303a3a2f34302d3438203d3e20323135323332.roa
File:                     326131333a633030373a383130303a3a2f34302d3438203d3e20323135323332.roa (raw, json)
Hash identifier:          HBFjL9ODEqfwz8m4S8DWBXJ170pYaKsJEvNzhfx6LGE=
Subject key identifier:   E9:D6:0C:58:CE:30:FD:2F:1B:0D:C6:B3:0D:56:1D:97:F4:82:8D:30
Certificate issuer:       /CN=AD4A224A9565F67E4914E6F8C2B3C34303C9C875
Certificate serial:       09509C2163749C025D5EEDD298BC6CEAB7A4AC1B
Authority key identifier: AD:4A:22:4A:95:65:F6:7E:49:14:E6:F8:C2:B3:C3:43:03:C9:C8:75
Authority info access:    rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer
Subject info access:      rsync://rpki.co/repo/AS945/5/326131333a633030373a383130303a3a2f34302d3438203d3e20323135323332.roa
Signing time:             Wed 27 Mar 2024 13:15:50 +0000
ROA not before:           Wed 27 Mar 2024 13:10:50 +0000
ROA not after:            Wed 26 Mar 2025 13:15:50 +0000
asID:                     215232
IP address blocks:        2a13:c007:8100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.crl
                          rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.mft
                          rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 22:47:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:50:9c:21:63:74:9c:02:5d:5e:ed:d2:98:bc:6c:ea:b7:a4:ac:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AD4A224A9565F67E4914E6F8C2B3C34303C9C875
        Validity
            Not Before: Mar 27 13:10:50 2024 GMT
            Not After : Mar 26 13:15:50 2025 GMT
        Subject: CN=E9D60C58CE30FD2F1B0DC6B30D561D97F4828D30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f6:f8:ba:14:55:6b:ad:e9:5c:9c:06:70:5b:
                    29:40:3e:cc:58:ed:39:7d:e6:db:f1:b5:25:95:a6:
                    e5:fe:6d:29:25:60:3e:19:2c:d9:69:32:8c:47:b8:
                    eb:c1:35:b5:a8:b3:25:df:70:14:f0:aa:4e:73:45:
                    1e:f9:03:b5:a2:14:6d:fc:f2:dc:27:e9:c3:e1:fc:
                    b3:0e:9b:af:eb:56:bd:56:47:57:c5:9a:e7:99:66:
                    f3:c4:50:3c:fd:ba:e6:1f:0a:d2:2e:0c:99:54:0c:
                    32:ec:5a:08:ff:8d:32:59:2a:a3:7f:54:2f:ba:cf:
                    04:36:50:aa:dd:c6:d1:50:1e:68:41:70:e1:2d:93:
                    24:79:d5:c2:b1:7f:c3:10:54:24:10:65:e8:8a:d5:
                    ad:a7:bd:50:09:16:72:71:db:67:c8:ea:36:9c:86:
                    e5:e6:6d:8c:c0:2d:7f:54:98:d3:b7:fa:d9:6b:16:
                    bf:46:2f:0c:22:ed:4d:60:9d:4a:b9:76:49:29:fc:
                    20:d2:4e:54:6d:e3:69:48:2a:da:53:62:69:41:71:
                    c0:51:6d:55:aa:37:9e:70:ad:f9:d6:bb:93:0b:e3:
                    a9:92:05:d9:f3:7a:15:02:d7:11:6b:d6:39:8c:52:
                    d5:8b:08:84:b4:52:09:2e:51:12:b0:c9:25:77:5e:
                    48:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:D6:0C:58:CE:30:FD:2F:1B:0D:C6:B3:0D:56:1D:97:F4:82:8D:30
            X509v3 Authority Key Identifier:
                keyid:AD:4A:22:4A:95:65:F6:7E:49:14:E6:F8:C2:B3:C3:43:03:C9:C8:75

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/5/326131333a633030373a383130303a3a2f34302d3438203d3e20323135323332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:8100::/40

    Signature Algorithm: sha256WithRSAEncryption
         0b:04:dd:66:1a:b6:d8:fc:9d:d1:83:63:ff:57:b0:cd:34:f2:
         dd:03:dc:f8:00:b0:c6:38:89:77:ac:03:54:7a:48:ac:bf:57:
         26:35:63:c2:2a:f0:0e:8f:e2:e2:22:63:1a:07:e8:1d:ca:5e:
         84:bb:b1:52:16:d5:12:e9:70:0e:51:63:b8:39:a4:bc:57:d4:
         48:d5:88:d9:22:d4:6a:6b:07:fa:cf:42:72:32:59:e0:90:1b:
         12:1a:b3:6b:e5:fe:ad:9b:14:8b:66:5b:29:6e:c9:ec:08:32:
         cd:6e:71:4f:91:6d:b5:41:87:c5:3e:b4:73:5c:f5:89:8f:31:
         8c:81:64:c4:01:bc:be:4c:86:60:a5:33:89:9a:f1:8a:9a:72:
         61:5b:41:f4:cf:0d:78:f2:a1:80:7d:b0:cf:0f:2d:be:fc:92:
         72:4a:6e:26:d5:81:53:e6:e0:d9:bf:c2:b3:e1:66:35:7c:ed:
         e2:a4:d0:1b:74:1e:45:17:47:a6:36:c2:fc:94:dd:ce:c4:dd:
         42:07:d2:c9:c2:84:59:6d:3b:a6:e8:c4:29:af:bd:ce:66:fa:
         7e:75:60:92:0b:e1:d8:53:6f:2a:11:9c:b5:8b:48:9b:99:1f:
         1c:50:b6:37:ee:39:43:b3:c9:e3:13:4a:f3:9e:4b:94:61:76:
         ed:a9:54:6f
-----BEGIN CERTIFICATE-----
MIIEyTCCA7GgAwIBAgIUCVCcIWN0nAJdXu3SmLxs6rekrBswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUQ0QTIyNEE5NTY1RjY3RTQ5MTRFNkY4QzJCM0MzNDMw
M0M5Qzg3NTAeFw0yNDAzMjcxMzEwNTBaFw0yNTAzMjYxMzE1NTBaMDMxMTAvBgNV
BAMTKEU5RDYwQzU4Q0UzMEZEMkYxQjBEQzZCMzBENTYxRDk3RjQ4MjhEMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE9vi6FFVrrelcnAZwWylAPsxY
7Tl95tvxtSWVpuX+bSklYD4ZLNlpMoxHuOvBNbWosyXfcBTwqk5zRR75A7WiFG38
8twn6cPh/LMOm6/rVr1WR1fFmueZZvPEUDz9uuYfCtIuDJlUDDLsWgj/jTJZKqN/
VC+6zwQ2UKrdxtFQHmhBcOEtkyR51cKxf8MQVCQQZeiK1a2nvVAJFnJx22fI6jac
huXmbYzALX9UmNO3+tlrFr9GLwwi7U1gnUq5dkkp/CDSTlRt42lIKtpTYmlBccBR
bVWqN55wrfnWu5ML46mSBdnzehUC1xFr1jmMUtWLCIS0UgkuURKwySV3XkhVAgMB
AAGjggHTMIIBzzAdBgNVHQ4EFgQU6dYMWM4w/S8bDcazDVYdl/SCjTAwHwYDVR0j
BBgwFoAUrUoiSpVl9n5JFOb4wrPDQwPJyHUwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzUvQUQ0QTIy
NEE5NTY1RjY3RTQ5MTRFNkY4QzJCM0MzNDMwM0M5Qzg3NS5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC8x
L0FENEEyMjRBOTU2NUY2N0U0OTE0RTZGOEMyQjNDMzQzMDNDOUM4NzUuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvNS8zMjYxMzEzMzNhNjMzMDMwMzczYTM4MzEzMDMwM2EzYTJmMzQzMDJk
MzQzODIwM2QzZTIwMzIzMTM1MzIzMzMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhPAB4EwDQYJKoZI
hvcNAQELBQADggEBAAsE3WYattj8ndGDY/9XsM008t0D3PgAsMY4iXesA1R6SKy/
VyY1Y8Iq8A6P4uIiYxoH6B3KXoS7sVIW1RLpcA5RY7g5pLxX1EjViNki1GprB/rP
QnIyWeCQGxIas2vl/q2bFItmWyluyewIMs1ucU+RbbVBh8U+tHNc9YmPMYyBZMQB
vL5MhmClM4ma8YqacmFbQfTPDXjyoYB9sM8PLb78knJKbibVgVPm4Nm/wrPhZjV8
7eKk0Bt0HkUXR6Y2wvyU3c7E3UIH0snChFltO6boxCmvvc5m+n51YJIL4dhTbyoR
nLWLSJuZHxxQtjfuOUOzyeMTSvOeS5Rhdu2pVG8=
-----END CERTIFICATE-----