Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/323030313a3637633a6138303a3a2f34382d3438203d3e20393435.roa
File:                     323030313a3637633a6138303a3a2f34382d3438203d3e20393435.roa (raw, json)
Hash identifier:          0Seb52j6PEmCjp42Q3+prVF8HHOF+pKleKIV9SbvV60=
Subject key identifier:   4C:BD:3A:8E:17:A8:BB:5C:23:A6:26:A1:8F:E7:1D:95:EE:83:ED:B7
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       3816B2240B9BE29092126305C36D04A4C08BBD76
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/323030313a3637633a6138303a3a2f34382d3438203d3e20393435.roa
Signing time:             Tue 17 Oct 2023 16:13:32 +0000
ROA not before:           Tue 17 Oct 2023 16:08:32 +0000
ROA not after:            Tue 15 Oct 2024 16:13:32 +0000
asID:                     945
IP address blocks:        2001:67c:a80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:16:b2:24:0b:9b:e2:90:92:12:63:05:c3:6d:04:a4:c0:8b:bd:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:32 2023 GMT
            Not After : Oct 15 16:13:32 2024 GMT
        Subject: CN=4CBD3A8E17A8BB5C23A626A18FE71D95EE83EDB7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5e:41:b2:0e:fb:ab:a3:1c:b7:73:c0:a4:77:
                    be:a7:e3:67:00:98:d7:8b:19:92:38:1d:c9:b0:b7:
                    44:f5:e3:66:97:fc:83:51:56:5d:b6:c9:c8:d5:38:
                    af:8d:fa:bd:42:cc:a9:9d:bc:dc:ff:83:7c:fc:77:
                    1b:2a:be:d8:6d:c8:47:d0:64:22:09:0b:5e:39:52:
                    1b:52:b8:68:c0:fe:93:03:f7:ae:de:b9:5d:d2:3b:
                    a3:e8:a8:c6:a6:4e:04:d8:f7:85:fc:ae:62:3a:26:
                    c2:1d:06:70:8f:66:3d:65:ee:b8:16:cf:eb:7e:9d:
                    cc:5f:fe:90:34:3a:44:53:6a:f5:90:b5:cc:6f:93:
                    e7:d3:a6:5b:ca:80:87:7d:b8:58:a4:1f:3b:86:a9:
                    4c:a6:e9:fd:9f:6d:a7:9f:4d:3a:e0:48:97:9d:50:
                    0a:99:e6:9a:8f:59:0b:1a:4d:6e:bf:b5:86:53:df:
                    fb:73:28:2a:b7:0c:af:2c:a1:b1:99:4a:00:6c:17:
                    71:80:4b:27:a1:9e:b0:83:cf:9e:90:84:74:cd:2b:
                    e4:e9:93:2f:f1:70:bc:97:46:21:c8:1a:27:c0:db:
                    18:ee:62:e2:39:40:8d:35:a6:dd:23:20:b0:c0:61:
                    3e:20:88:2c:78:e6:e7:d0:a0:9e:16:06:c1:f8:76:
                    e9:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:BD:3A:8E:17:A8:BB:5C:23:A6:26:A1:8F:E7:1D:95:EE:83:ED:B7
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/323030313a3637633a6138303a3a2f34382d3438203d3e20393435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a80::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:b5:b6:4e:cc:e3:68:0e:3f:e4:ef:fd:6c:bf:e5:d4:9e:46:
         ad:40:e7:73:eb:ad:54:78:c7:95:13:77:b3:4b:16:3f:e0:03:
         ab:0b:4e:f9:c5:55:67:8d:a9:d9:a0:02:77:09:4a:1d:3c:b3:
         b4:75:06:c6:da:5b:0a:3b:5a:21:e5:83:33:3e:05:60:93:f8:
         6b:1f:d3:04:42:b0:63:2e:b9:0a:92:84:05:ab:48:54:9b:76:
         5b:4c:48:e2:f1:8d:59:9d:4f:59:a4:b0:06:94:b1:88:8b:1a:
         3d:bb:d3:c0:04:e8:b6:3d:5e:e8:95:67:e0:7c:a9:d2:98:05:
         76:41:73:26:9c:20:8e:f1:54:29:13:2c:30:ea:99:9f:b9:52:
         26:7a:13:7b:2d:11:38:2c:61:58:31:eb:5c:34:11:e8:d6:2a:
         76:67:97:1d:1f:e9:c4:e9:2f:be:d4:91:26:d0:aa:46:2d:af:
         91:38:db:a2:56:40:52:97:9b:0f:75:b5:90:bf:24:09:07:1b:
         81:f2:32:f3:96:8a:9a:b6:b1:55:fe:91:d9:10:da:88:91:e3:
         91:76:d3:6b:a3:bc:51:08:3d:ac:e5:09:2b:db:44:85:44:8b:
         11:8b:12:9b:5f:b4:68:9f:d6:d1:d0:98:d8:bb:2e:af:ac:e0:
         d3:aa:83:72
-----BEGIN CERTIFICATE-----
MIIEwDCCA6igAwIBAgIUOBayJAub4pCSEmMFw20EpMCLvXYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzJaFw0yNDEwMTUxNjEzMzJaMDMxMTAvBgNV
BAMTKDRDQkQzQThFMTdBOEJCNUMyM0E2MjZBMThGRTcxRDk1RUU4M0VEQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7XkGyDvuroxy3c8Ckd76n42cA
mNeLGZI4Hcmwt0T142aX/INRVl22ycjVOK+N+r1CzKmdvNz/g3z8dxsqvthtyEfQ
ZCIJC145UhtSuGjA/pMD967euV3SO6PoqMamTgTY94X8rmI6JsIdBnCPZj1l7rgW
z+t+ncxf/pA0OkRTavWQtcxvk+fTplvKgId9uFikHzuGqUym6f2fbaefTTrgSJed
UAqZ5pqPWQsaTW6/tYZT3/tzKCq3DK8sobGZSgBsF3GASyehnrCDz56QhHTNK+Tp
ky/xcLyXRiHIGifA2xjuYuI5QI01pt0jILDAYT4giCx45ufQoJ4WBsH4duk9AgMB
AAGjggHKMIIBxjAdBgNVHQ4EFgQUTL06jheou1wjpiahj+cdle6D7bcwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMHMG
CCsGAQUFBwELBGcwZTBjBggrBgEFBQcwC4ZXcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjMwMzAzMTNhMzYzNzYzM2E2MTM4MzAzYTNhMmYzNDM4MmQzNDM4
MjAzZDNlMjAzOTM0MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYI
KwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ8CoAwDQYJKoZIhvcNAQELBQAD
ggEBAAK1tk7M42gOP+Tv/Wy/5dSeRq1A53PrrVR4x5UTd7NLFj/gA6sLTvnFVWeN
qdmgAncJSh08s7R1BsbaWwo7WiHlgzM+BWCT+Gsf0wRCsGMuuQqShAWrSFSbdltM
SOLxjVmdT1mksAaUsYiLGj2708AE6LY9XuiVZ+B8qdKYBXZBcyacII7xVCkTLDDq
mZ+5UiZ6E3stETgsYVgx61w0EejWKnZnlx0f6cTpL77UkSbQqkYtr5E426JWQFKX
mw91tZC/JAkHG4HyMvOWipq2sVX+kdkQ2oiR45F202ujvFEIPazlCSvbRIVEixGL
EptftGif1tHQmNi7Lq+s4NOqg3I=
-----END CERTIFICATE-----