Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/323030313a3637633a6138633a3a2f34382d3438203d3e20393435.roa
File:                     323030313a3637633a6138633a3a2f34382d3438203d3e20393435.roa (raw, json)
Hash identifier:          keoK8ltJCz/Wo0LpqsxKpGGk07ACEFcZyJc0ZV5fdmQ=
Subject key identifier:   70:A3:D7:F4:CE:82:8D:47:BE:18:EC:D8:BA:2E:35:F2:5A:D9:F0:98
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       25AAAAE086C7C37BEB3D4E869C824B37249637BA
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/323030313a3637633a6138633a3a2f34382d3438203d3e20393435.roa
Signing time:             Tue 17 Oct 2023 16:13:29 +0000
ROA not before:           Tue 17 Oct 2023 16:08:29 +0000
ROA not after:            Tue 15 Oct 2024 16:13:29 +0000
asID:                     945
IP address blocks:        2001:67c:a8c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:aa:aa:e0:86:c7:c3:7b:eb:3d:4e:86:9c:82:4b:37:24:96:37:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:29 2023 GMT
            Not After : Oct 15 16:13:29 2024 GMT
        Subject: CN=70A3D7F4CE828D47BE18ECD8BA2E35F25AD9F098
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c1:5e:4c:f8:44:c1:4e:1c:18:db:cb:d2:bd:
                    46:f2:9f:f1:a4:71:c7:6b:53:b6:03:47:60:cc:71:
                    58:43:1f:0e:fa:66:7c:a7:ee:cc:0d:a8:42:76:6a:
                    1f:d1:76:66:35:4a:6e:6a:0d:4f:31:aa:07:af:28:
                    fe:b9:a5:ee:03:31:0c:b8:94:2d:a1:b7:b0:f6:7b:
                    77:83:0b:7b:a6:63:38:e6:cd:ef:39:51:72:d1:a1:
                    55:35:b8:46:25:16:c4:80:29:98:d5:85:9f:c7:03:
                    37:77:d2:38:1f:27:77:3a:e8:4d:ce:f5:43:90:ca:
                    04:ba:96:24:c6:a5:26:83:12:f2:b0:4e:ea:2c:7b:
                    08:51:94:59:ab:17:b2:24:54:18:c7:05:d1:d2:da:
                    fb:71:c5:06:55:24:a5:2a:6a:99:5f:c3:64:c9:5a:
                    15:96:38:69:10:9f:c6:2e:dc:13:44:45:ed:b5:6b:
                    39:55:46:40:31:a5:61:26:7f:ed:34:55:64:70:05:
                    22:ea:27:d5:59:7d:8d:9a:ef:f3:21:90:34:5a:fe:
                    2b:a5:60:18:a0:8c:6f:34:48:57:04:de:39:53:0a:
                    61:3b:5e:b7:69:de:3f:9a:0c:77:ce:b1:1a:4a:5e:
                    a8:70:61:90:59:62:02:73:0b:89:4f:df:37:26:fb:
                    7b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:A3:D7:F4:CE:82:8D:47:BE:18:EC:D8:BA:2E:35:F2:5A:D9:F0:98
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/323030313a3637633a6138633a3a2f34382d3438203d3e20393435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:7b:27:e3:43:43:57:c8:71:18:44:ee:38:f5:38:62:8d:72:
         d6:fa:61:6d:2a:4a:57:28:66:c1:11:cb:1d:83:eb:71:b5:91:
         e5:63:2c:e8:e3:8c:78:61:ae:6a:9e:ef:c2:80:90:33:0b:70:
         31:0f:fa:f5:47:f0:00:da:c8:05:19:41:c1:c6:15:65:01:c2:
         80:c3:d1:c0:39:2f:aa:4d:7b:fb:87:99:73:73:a3:ed:dd:f9:
         fe:08:52:5b:c1:d0:52:0a:88:c7:6f:f8:98:df:59:73:97:6a:
         1f:5b:d9:ba:e7:7a:4d:b9:c6:ac:67:09:f1:09:51:8a:bf:d9:
         19:0c:de:78:0e:de:35:e0:12:ba:f6:88:4f:3a:fa:9a:90:1a:
         dc:2c:9e:05:f9:1a:66:01:79:ab:cb:51:d0:af:27:18:5a:fc:
         e0:77:fe:51:b3:b5:df:0d:fa:e4:7f:e1:16:63:d6:0a:39:31:
         42:88:18:9e:88:27:55:b3:8c:71:8b:43:2e:67:65:47:9d:0a:
         b6:83:61:c1:d8:97:02:18:d3:35:43:2b:9e:f3:53:81:d4:70:
         2b:a7:a0:64:a1:bc:b1:b5:d6:77:48:f4:30:ba:39:bc:0c:85:
         7a:28:e3:06:df:8e:92:7d:95:e6:da:f8:8b:4c:7e:7f:ae:7a:
         88:44:71:84
-----BEGIN CERTIFICATE-----
MIIEwDCCA6igAwIBAgIUJaqq4IbHw3vrPU6GnIJLNySWN7owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MjlaFw0yNDEwMTUxNjEzMjlaMDMxMTAvBgNV
BAMTKDcwQTNEN0Y0Q0U4MjhENDdCRTE4RUNEOEJBMkUzNUYyNUFEOUYwOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3wV5M+ETBThwY28vSvUbyn/Gk
ccdrU7YDR2DMcVhDHw76Znyn7swNqEJ2ah/RdmY1Sm5qDU8xqgevKP65pe4DMQy4
lC2ht7D2e3eDC3umYzjmze85UXLRoVU1uEYlFsSAKZjVhZ/HAzd30jgfJ3c66E3O
9UOQygS6liTGpSaDEvKwTuosewhRlFmrF7IkVBjHBdHS2vtxxQZVJKUqaplfw2TJ
WhWWOGkQn8Yu3BNERe21azlVRkAxpWEmf+00VWRwBSLqJ9VZfY2a7/MhkDRa/iul
YBigjG80SFcE3jlTCmE7Xrdp3j+aDHfOsRpKXqhwYZBZYgJzC4lP3zcm+3stAgMB
AAGjggHKMIIBxjAdBgNVHQ4EFgQUcKPX9M6CjUe+GOzYui418lrZ8JgwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMHMG
CCsGAQUFBwELBGcwZTBjBggrBgEFBQcwC4ZXcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjMwMzAzMTNhMzYzNzYzM2E2MTM4NjMzYTNhMmYzNDM4MmQzNDM4
MjAzZDNlMjAzOTM0MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYI
KwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ8CowwDQYJKoZIhvcNAQELBQAD
ggEBAJJ7J+NDQ1fIcRhE7jj1OGKNctb6YW0qSlcoZsERyx2D63G1keVjLOjjjHhh
rmqe78KAkDMLcDEP+vVH8ADayAUZQcHGFWUBwoDD0cA5L6pNe/uHmXNzo+3d+f4I
UlvB0FIKiMdv+JjfWXOXah9b2brnek25xqxnCfEJUYq/2RkM3ngO3jXgErr2iE86
+pqQGtwsngX5GmYBeavLUdCvJxha/OB3/lGztd8N+uR/4RZj1go5MUKIGJ6IJ1Wz
jHGLQy5nZUedCraDYcHYlwIY0zVDK57zU4HUcCunoGShvLG11ndI9DC6ObwMhXoo
4wbfjpJ9leba+ItMfn+ueohEcYQ=
-----END CERTIFICATE-----