Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/5/326131333a633030373a393030303a3a2f34302d3438203d3e20323135323632.roa
File:                     326131333a633030373a393030303a3a2f34302d3438203d3e20323135323632.roa (raw, json)
Hash identifier:          v0+u+j1yCAVsdVPWNArr9gMstXicayDRBrny8v2Fvzk=
Subject key identifier:   CD:1C:38:65:03:06:52:A6:2B:0D:AF:67:45:5A:23:F3:29:A6:DF:B5
Certificate issuer:       /CN=AD4A224A9565F67E4914E6F8C2B3C34303C9C875
Certificate serial:       2DE87787CB2F40C9638F2D2EC5E261ECB5FD3BBF
Authority key identifier: AD:4A:22:4A:95:65:F6:7E:49:14:E6:F8:C2:B3:C3:43:03:C9:C8:75
Authority info access:    rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer
Subject info access:      rsync://rpki.co/repo/AS945/5/326131333a633030373a393030303a3a2f34302d3438203d3e20323135323632.roa
Signing time:             Sun 24 Mar 2024 09:42:28 +0000
ROA not before:           Sun 24 Mar 2024 09:37:28 +0000
ROA not after:            Sun 23 Mar 2025 09:42:28 +0000
asID:                     215262
IP address blocks:        2a13:c007:9000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.crl
                          rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.mft
                          rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.crl
                          rsync://dev.tw/rpki/August/1/442C354A483A8B70D839D3F798CD870684F02186.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RCw1Skg6i3DYOdP3mM2HBoTwIYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 22:47:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:e8:77:87:cb:2f:40:c9:63:8f:2d:2e:c5:e2:61:ec:b5:fd:3b:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AD4A224A9565F67E4914E6F8C2B3C34303C9C875
        Validity
            Not Before: Mar 24 09:37:28 2024 GMT
            Not After : Mar 23 09:42:28 2025 GMT
        Subject: CN=CD1C3865030652A62B0DAF67455A23F329A6DFB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:12:70:ae:3d:1b:e3:41:97:f9:a9:99:67:13:
                    5b:11:db:96:b9:b6:13:f8:ad:d8:7c:9d:d0:47:bb:
                    21:39:0c:e5:ac:cc:c8:a2:fd:c9:b5:c5:47:b6:59:
                    38:b7:bb:cb:ce:50:39:7a:42:e0:39:4d:e4:59:d8:
                    3b:84:ad:69:29:11:19:84:a9:c1:67:3e:53:16:e3:
                    a9:9a:c8:95:59:ab:04:8b:13:9a:0a:3c:14:da:3e:
                    4a:0b:60:6c:3f:33:99:44:9a:10:7b:50:0b:e2:cf:
                    7b:c0:6f:04:6c:93:14:0c:5f:02:3e:f6:85:4b:de:
                    03:43:74:20:35:49:3c:0d:98:0b:03:b8:41:79:69:
                    c7:db:f8:c1:93:2a:0f:ff:5a:a6:9d:8e:e7:3d:c6:
                    17:51:a7:58:5f:cd:fb:e3:06:a2:29:d4:40:00:8c:
                    73:f6:56:9a:9f:ac:d9:3a:b8:a3:2b:cd:ed:f1:ca:
                    23:49:d0:40:7b:0d:23:df:b2:81:9f:05:80:bd:bd:
                    74:02:fd:73:56:a8:77:c5:64:0d:a6:54:b7:47:7b:
                    ee:1d:41:77:a2:41:d7:85:20:6f:71:e5:be:5d:e1:
                    42:dc:d9:1b:68:30:4a:f4:12:c2:86:c1:72:ed:3b:
                    1e:6d:63:80:34:14:b2:bf:aa:b8:66:d5:fa:07:cd:
                    08:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:1C:38:65:03:06:52:A6:2B:0D:AF:67:45:5A:23:F3:29:A6:DF:B5
            X509v3 Authority Key Identifier:
                keyid:AD:4A:22:4A:95:65:F6:7E:49:14:E6:F8:C2:B3:C3:43:03:C9:C8:75

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/5/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/AD4A224A9565F67E4914E6F8C2B3C34303C9C875.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/5/326131333a633030373a393030303a3a2f34302d3438203d3e20323135323632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b2:34:54:03:da:b3:5d:06:8f:ac:81:0c:68:30:bd:08:b5:b3:
         da:a9:64:95:56:7a:74:b5:c0:ac:e3:4e:23:33:a0:25:85:c8:
         dd:fe:e3:cd:df:38:47:7a:75:a9:8d:70:83:f3:17:24:29:67:
         9c:c5:f6:91:be:21:0a:6f:21:51:58:25:52:75:c1:c1:44:fc:
         bc:ba:aa:60:03:c2:87:da:a5:c4:16:1d:a6:5f:29:58:dc:a7:
         5f:ee:7b:44:e5:85:c1:5f:d6:d7:fc:e7:cb:c6:48:ee:67:8e:
         75:af:f0:5c:26:98:11:d5:9f:31:b1:07:d8:bb:35:92:ea:27:
         db:72:04:c7:fe:3c:be:2c:b7:7c:bc:6e:25:8c:68:c5:5a:3b:
         1f:71:73:55:93:56:74:d4:f6:cf:0d:82:dd:87:dd:95:a3:b7:
         a0:7a:1a:65:41:e3:fc:a7:9f:f2:f2:01:b9:f2:05:d8:e9:f6:
         02:4c:88:66:f3:fa:3e:6e:ad:0d:92:51:f0:cc:12:c8:68:6b:
         84:42:6a:4b:91:03:a8:6e:7a:a2:a3:dc:e6:73:f9:5f:7b:d4:
         6d:c7:f9:18:9e:e9:a8:89:cb:6d:6c:2d:34:4f:fc:43:f3:9a:
         d5:32:52:61:5b:59:b7:8d:4c:9e:f2:eb:1d:6f:70:e4:b3:d9:
         03:8b:4a:3d
-----BEGIN CERTIFICATE-----
MIIEyTCCA7GgAwIBAgIULeh3h8svQMljjy0uxeJh7LX9O78wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUQ0QTIyNEE5NTY1RjY3RTQ5MTRFNkY4QzJCM0MzNDMw
M0M5Qzg3NTAeFw0yNDAzMjQwOTM3MjhaFw0yNTAzMjMwOTQyMjhaMDMxMTAvBgNV
BAMTKENEMUMzODY1MDMwNjUyQTYyQjBEQUY2NzQ1NUEyM0YzMjlBNkRGQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7EnCuPRvjQZf5qZlnE1sR25a5
thP4rdh8ndBHuyE5DOWszMii/cm1xUe2WTi3u8vOUDl6QuA5TeRZ2DuErWkpERmE
qcFnPlMW46mayJVZqwSLE5oKPBTaPkoLYGw/M5lEmhB7UAviz3vAbwRskxQMXwI+
9oVL3gNDdCA1STwNmAsDuEF5acfb+MGTKg//Wqadjuc9xhdRp1hfzfvjBqIp1EAA
jHP2VpqfrNk6uKMrze3xyiNJ0EB7DSPfsoGfBYC9vXQC/XNWqHfFZA2mVLdHe+4d
QXeiQdeFIG9x5b5d4ULc2RtoMEr0EsKGwXLtOx5tY4A0FLK/qrhm1foHzQiRAgMB
AAGjggHTMIIBzzAdBgNVHQ4EFgQUzRw4ZQMGUqYrDa9nRVoj8ymm37UwHwYDVR0j
BBgwFoAUrUoiSpVl9n5JFOb4wrPDQwPJyHUwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzUvQUQ0QTIy
NEE5NTY1RjY3RTQ5MTRFNkY4QzJCM0MzNDMwM0M5Qzg3NS5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC8x
L0FENEEyMjRBOTU2NUY2N0U0OTE0RTZGOEMyQjNDMzQzMDNDOUM4NzUuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvNS8zMjYxMzEzMzNhNjMzMDMwMzczYTM5MzAzMDMwM2EzYTJmMzQzMDJk
MzQzODIwM2QzZTIwMzIzMTM1MzIzNjMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhPAB5AwDQYJKoZI
hvcNAQELBQADggEBALI0VAPas10Gj6yBDGgwvQi1s9qpZJVWenS1wKzjTiMzoCWF
yN3+483fOEd6damNcIPzFyQpZ5zF9pG+IQpvIVFYJVJ1wcFE/Ly6qmADwofapcQW
HaZfKVjcp1/ue0TlhcFf1tf858vGSO5njnWv8FwmmBHVnzGxB9i7NZLqJ9tyBMf+
PL4st3y8biWMaMVaOx9xc1WTVnTU9s8Ngt2H3ZWjt6B6GmVB4/ynn/LyAbnyBdjp
9gJMiGbz+j5urQ2SUfDMEshoa4RCakuRA6hueqKj3OZz+V971G3H+Rie6aiJy21s
LTRP/EPzmtUyUmFbWbeNTJ7y6x1vcOSz2QOLSj0=
-----END CERTIFICATE-----