Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/5/326131333a633030373a383230303a3a2f34302d3438203d3e20313939303434.roa
File:                     326131333a633030373a383230303a3a2f34302d3438203d3e20313939303434.roa (raw, json)
Hash identifier:          XhzQnP/gk58quV8ZrzVnctcxqMGmWdqzIgJcU6mCosI=
Subject key identifier:   06:F2:0F:E9:6C:FD:2A:64:55:41:C2:80:8B:1C:D2:C4:B4:FA:FD:4A
Certificate issuer:       /CN=AD4A224A9565F67E4914E6F8C2B3C34303C9C875
Certificate serial:       6802D963A3C568FB57CE3B049DE5BB93F84499F6
Authority key identifier: AD:4A:22:4A:95:65:F6:7E:49:14:E6:F8:C2:B3:C3:43:03:C9:C8:75
Authority info access:    rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer
Subject info access:      rsync://rpki.co/repo/AS945/5/326131333a633030373a383230303a3a2f34302d3438203d3e20313939303434.roa
Signing time:             Mon 11 Mar 2024 04:13:51 +0000
ROA not before:           Mon 11 Mar 2024 04:08:51 +0000
ROA not after:            Mon 10 Mar 2025 04:13:51 +0000
asID:                     199044
IP address blocks:        2a13:c007:8200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.crl
                          rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.mft
                          rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 22:47:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:02:d9:63:a3:c5:68:fb:57:ce:3b:04:9d:e5:bb:93:f8:44:99:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AD4A224A9565F67E4914E6F8C2B3C34303C9C875
        Validity
            Not Before: Mar 11 04:08:51 2024 GMT
            Not After : Mar 10 04:13:51 2025 GMT
        Subject: CN=06F20FE96CFD2A645541C2808B1CD2C4B4FAFD4A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:62:ea:54:65:33:62:53:c6:0d:6e:ec:b6:a0:
                    b7:81:52:af:79:5c:b8:93:19:4f:b5:18:43:d6:c7:
                    16:8f:ad:fd:1b:c2:51:0c:b6:07:9b:70:7c:8b:84:
                    22:a5:df:e3:ed:27:a3:0b:0e:60:34:f3:43:3a:f9:
                    90:4c:d7:eb:5c:60:f3:96:d7:88:ff:b2:48:7e:23:
                    89:bc:83:d3:e4:c3:33:f6:23:76:c8:94:96:39:ff:
                    9a:48:ee:d0:24:14:a5:72:72:69:87:3a:a7:ef:4a:
                    50:53:77:1e:26:2a:7f:be:ae:50:39:50:98:e5:45:
                    77:5c:51:11:f4:0f:e9:63:4e:6f:50:1d:b5:4c:df:
                    b5:03:45:15:4f:c6:30:c8:52:89:36:34:94:01:0d:
                    a5:28:df:08:0f:05:43:c1:9f:34:d5:4c:b1:8f:d9:
                    69:0a:c4:0a:60:db:e0:85:0b:c9:2f:17:42:c0:20:
                    46:2d:e6:21:c0:d8:ad:89:8f:08:8e:1e:6a:ca:71:
                    c4:ce:6e:2f:9d:44:42:42:ab:01:f7:74:86:aa:28:
                    3b:61:e9:17:94:d4:dc:e9:22:55:56:62:6d:eb:63:
                    c1:cb:02:17:8b:6f:25:6a:38:f9:41:a6:c5:f6:61:
                    e2:84:8e:97:19:6b:de:46:c0:d3:16:5e:aa:93:5c:
                    51:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:F2:0F:E9:6C:FD:2A:64:55:41:C2:80:8B:1C:D2:C4:B4:FA:FD:4A
            X509v3 Authority Key Identifier:
                keyid:AD:4A:22:4A:95:65:F6:7E:49:14:E6:F8:C2:B3:C3:43:03:C9:C8:75

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/5/326131333a633030373a383230303a3a2f34302d3438203d3e20313939303434.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:8200::/40

    Signature Algorithm: sha256WithRSAEncryption
         af:00:34:9c:f4:ff:6e:b1:c0:0f:bc:6a:a8:c5:bb:72:a7:9f:
         e6:81:19:27:17:17:74:de:62:59:31:e8:1c:98:ea:6d:3c:a1:
         49:da:f3:56:bc:3d:e5:13:b3:73:5b:9e:67:f7:b5:cb:f1:4f:
         8c:ee:5d:52:01:27:b4:59:21:21:24:ec:da:18:1c:57:d4:d1:
         a9:c6:f7:06:25:d6:ad:59:80:d6:a3:8a:bf:3d:cd:4a:6c:24:
         7c:33:1b:5b:75:31:ee:62:69:99:ec:c1:81:74:e6:bc:7e:ef:
         04:62:7c:81:6a:3a:78:46:9f:32:ee:5a:a5:82:41:45:28:c4:
         dd:27:f3:6d:98:4e:f8:93:15:61:54:da:22:1b:7d:68:d5:ec:
         d6:b5:a1:26:d4:2a:c2:fc:51:43:d3:4c:c0:21:4b:44:00:76:
         6b:5f:c9:78:78:8a:24:38:db:d8:9b:78:35:64:77:46:14:1f:
         c3:28:5b:e6:b8:01:46:b5:a8:99:cb:e6:34:be:44:f5:f5:d1:
         84:cc:f2:9e:79:bd:54:6f:1b:b6:58:ef:8b:8a:ef:46:ca:32:
         e2:cf:ac:53:37:71:6f:cd:b2:42:38:58:60:d5:da:ef:08:2b:
         27:15:2a:ce:ba:69:e1:07:5b:ad:b8:9b:81:15:3e:f7:ab:76:
         3a:7a:f3:aa
-----BEGIN CERTIFICATE-----
MIIEyTCCA7GgAwIBAgIUaALZY6PFaPtXzjsEneW7k/hEmfYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUQ0QTIyNEE5NTY1RjY3RTQ5MTRFNkY4QzJCM0MzNDMw
M0M5Qzg3NTAeFw0yNDAzMTEwNDA4NTFaFw0yNTAzMTAwNDEzNTFaMDMxMTAvBgNV
BAMTKDA2RjIwRkU5NkNGRDJBNjQ1NTQxQzI4MDhCMUNEMkM0QjRGQUZENEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhYupUZTNiU8YNbuy2oLeBUq95
XLiTGU+1GEPWxxaPrf0bwlEMtgebcHyLhCKl3+PtJ6MLDmA080M6+ZBM1+tcYPOW
14j/skh+I4m8g9PkwzP2I3bIlJY5/5pI7tAkFKVycmmHOqfvSlBTdx4mKn++rlA5
UJjlRXdcURH0D+ljTm9QHbVM37UDRRVPxjDIUok2NJQBDaUo3wgPBUPBnzTVTLGP
2WkKxApg2+CFC8kvF0LAIEYt5iHA2K2JjwiOHmrKccTObi+dREJCqwH3dIaqKDth
6ReU1NzpIlVWYm3rY8HLAheLbyVqOPlBpsX2YeKEjpcZa95GwNMWXqqTXFFBAgMB
AAGjggHTMIIBzzAdBgNVHQ4EFgQUBvIP6Wz9KmRVQcKAixzSxLT6/UowHwYDVR0j
BBgwFoAUrUoiSpVl9n5JFOb4wrPDQwPJyHUwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzUvQUQ0QTIy
NEE5NTY1RjY3RTQ5MTRFNkY4QzJCM0MzNDMwM0M5Qzg3NS5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC8x
L0FENEEyMjRBOTU2NUY2N0U0OTE0RTZGOEMyQjNDMzQzMDNDOUM4NzUuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvNS8zMjYxMzEzMzNhNjMzMDMwMzczYTM4MzIzMDMwM2EzYTJmMzQzMDJk
MzQzODIwM2QzZTIwMzEzOTM5MzAzNDM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhPAB4IwDQYJKoZI
hvcNAQELBQADggEBAK8ANJz0/26xwA+8aqjFu3Knn+aBGScXF3TeYlkx6ByY6m08
oUna81a8PeUTs3Nbnmf3tcvxT4zuXVIBJ7RZISEk7NoYHFfU0anG9wYl1q1ZgNaj
ir89zUpsJHwzG1t1Me5iaZnswYF05rx+7wRifIFqOnhGnzLuWqWCQUUoxN0n822Y
TviTFWFU2iIbfWjV7Na1oSbUKsL8UUPTTMAhS0QAdmtfyXh4iiQ429ibeDVkd0YU
H8MoW+a4AUa1qJnL5jS+RPX10YTM8p55vVRvG7ZY74uK70bKMuLPrFM3cW/NskI4
WGDV2u8IKycVKs66aeEHW624m4EVPverdjp686o=
-----END CERTIFICATE-----