Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a3730303a3a2f34302d3438203d3e20313938393534.roa
File:                     326131323a646434373a3730303a3a2f34302d3438203d3e20313938393534.roa (raw, json)
Hash identifier:          HUjyfHBdZWV03WQ7MuxOyIjCbsI9x6bfTgtxnQL7DUg=
Subject key identifier:   4E:D6:77:39:9D:8F:FA:42:02:6A:F7:72:37:6D:55:ED:68:45:42:44
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       3B0F68C8075EF7A4FB0A4A4F25B225798B09EBF2
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a3730303a3a2f34302d3438203d3e20313938393534.roa
Signing time:             Tue 17 Oct 2023 16:13:32 +0000
ROA not before:           Tue 17 Oct 2023 16:08:32 +0000
ROA not after:            Tue 15 Oct 2024 16:13:32 +0000
asID:                     198954
IP address blocks:        2a12:dd47:700::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:0f:68:c8:07:5e:f7:a4:fb:0a:4a:4f:25:b2:25:79:8b:09:eb:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:32 2023 GMT
            Not After : Oct 15 16:13:32 2024 GMT
        Subject: CN=4ED677399D8FFA42026AF772376D55ED68454244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9d:c4:29:fc:f2:df:7e:88:a5:8d:e8:c5:dd:
                    f5:50:1c:99:17:8e:8a:f6:6c:e2:d5:27:f9:47:22:
                    58:56:63:e7:a0:7a:2b:8c:7a:b4:23:b4:f0:55:da:
                    40:a9:97:5f:74:20:7f:62:85:1d:b9:79:e3:00:c8:
                    e0:95:a8:c3:61:39:72:2e:bf:6c:a2:09:c5:50:41:
                    3a:df:76:8c:a3:e7:72:5e:46:9c:fb:5c:c3:fc:55:
                    b6:f0:70:a6:5b:e1:7f:d4:23:3d:bc:83:05:96:1e:
                    cc:1e:ce:bc:89:6d:1c:8f:cc:d9:86:50:e0:c4:43:
                    4c:ff:37:e4:a0:d2:02:7f:0b:b1:2f:f0:64:1f:ce:
                    8d:88:e3:da:f4:17:0e:86:22:19:f2:20:2a:01:15:
                    97:f5:f2:fd:b8:0e:70:75:f9:da:7a:0c:70:2e:d2:
                    c7:4d:b1:7d:c9:13:41:7d:fa:d8:bd:9c:c2:0a:a2:
                    b4:64:67:81:4e:81:cd:c4:f2:5d:de:d2:db:87:79:
                    b2:62:5d:40:35:42:21:6a:60:3c:60:3f:08:4d:3d:
                    2c:36:85:3e:b5:da:65:76:fc:a7:4c:7c:65:e3:be:
                    2e:18:f6:c1:5c:db:f5:62:1c:4f:cc:8e:72:bf:39:
                    03:d2:e2:6a:92:58:48:4b:0b:7a:4d:3a:66:b1:5f:
                    43:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:D6:77:39:9D:8F:FA:42:02:6A:F7:72:37:6D:55:ED:68:45:42:44
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a3730303a3a2f34302d3438203d3e20313938393534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         6e:bd:55:f3:9f:7d:64:f3:fd:4f:15:96:cc:2b:42:10:42:03:
         01:62:26:fd:e4:e5:92:e2:70:f4:1e:ae:6c:07:dc:fb:95:c4:
         43:04:61:cb:bb:0c:ad:97:6a:59:b4:8b:97:d8:e2:47:74:28:
         49:4c:91:de:ba:d3:b7:58:9e:31:fc:bb:ec:89:97:2b:be:a1:
         ee:a8:43:a5:9b:33:1e:49:3d:d4:6a:2a:d2:84:03:76:3d:53:
         6a:21:9f:18:89:cb:6a:76:97:ad:46:cd:c6:19:23:96:fd:1b:
         83:0a:5b:6b:fd:7c:cc:05:dd:ce:0c:c2:3e:c6:f0:6c:51:1c:
         91:49:a4:c6:92:44:fd:5d:27:0e:7b:57:06:fd:cd:ce:2f:48:
         50:6a:0a:04:a8:56:c2:bd:dc:be:9f:50:de:53:cc:1b:09:1b:
         43:8c:08:5e:f8:d7:90:ad:69:80:12:82:14:c0:5d:f9:98:c1:
         05:a9:c8:81:09:b8:3d:b5:7b:e5:00:67:6d:2a:61:8c:41:5f:
         73:ad:6a:b3:69:0e:e1:e6:98:5d:aa:55:df:ca:08:b2:12:4d:
         8e:97:50:73:c8:2e:84:5f:1c:18:49:0b:58:b5:95:2d:ad:52:
         09:e7:c0:81:38:23:5c:ad:c1:f4:62:92:a2:00:60:22:dd:52:
         8c:e0:a0:16
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUOw9oyAde96T7CkpPJbIleYsJ6/IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzJaFw0yNDEwMTUxNjEzMzJaMDMxMTAvBgNV
BAMTKDRFRDY3NzM5OUQ4RkZBNDIwMjZBRjc3MjM3NkQ1NUVENjg0NTQyNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMncQp/PLffoiljejF3fVQHJkX
jor2bOLVJ/lHIlhWY+egeiuMerQjtPBV2kCpl190IH9ihR25eeMAyOCVqMNhOXIu
v2yiCcVQQTrfdoyj53JeRpz7XMP8VbbwcKZb4X/UIz28gwWWHswezryJbRyPzNmG
UODEQ0z/N+Sg0gJ/C7Ev8GQfzo2I49r0Fw6GIhnyICoBFZf18v24DnB1+dp6DHAu
0sdNsX3JE0F9+ti9nMIKorRkZ4FOgc3E8l3e0tuHebJiXUA1QiFqYDxgPwhNPSw2
hT612mV2/KdMfGXjvi4Y9sFc2/ViHE/MjnK/OQPS4mqSWEhLC3pNOmaxX0NDAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUTtZ3OZ2P+kICavdyN21V7WhFQkQwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMHsG
CCsGAQUFBwELBG8wbTBrBggrBgEFBQcwC4ZfcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM3MzAzMDNhM2EyZjM0MzAyZDM0
MzgyMDNkM2UyMDMxMzkzODM5MzUzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoS3UcHMA0GCSqGSIb3
DQEBCwUAA4IBAQBuvVXzn31k8/1PFZbMK0IQQgMBYib95OWS4nD0Hq5sB9z7lcRD
BGHLuwytl2pZtIuX2OJHdChJTJHeutO3WJ4x/LvsiZcrvqHuqEOlmzMeST3UairS
hAN2PVNqIZ8YictqdpetRs3GGSOW/RuDCltr/XzMBd3ODMI+xvBsURyRSaTGkkT9
XScOe1cG/c3OL0hQagoEqFbCvdy+n1DeU8wbCRtDjAhe+NeQrWmAEoIUwF35mMEF
qciBCbg9tXvlAGdtKmGMQV9zrWqzaQ7h5phdqlXfygiyEk2Ol1BzyC6EXxwYSQtY
tZUtrVIJ58CBOCNcrcH0YpKiAGAi3VKM4KAW
-----END CERTIFICATE-----