Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/323030313a3637633a6139303a3a2f34382d3438203d3e20393435.roa
File:                     323030313a3637633a6139303a3a2f34382d3438203d3e20393435.roa (raw, json)
Hash identifier:          jnCkPGVeFq7VnFWrEGaUUFdMRYQqsBwX1rsMpD1tGkY=
Subject key identifier:   89:E4:A6:0A:0E:E8:0A:9A:5A:9A:1A:64:60:61:93:18:2C:4D:82:64
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       774BF22D85FC30A63E566E41EA7181626B222E22
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/323030313a3637633a6139303a3a2f34382d3438203d3e20393435.roa
Signing time:             Tue 17 Oct 2023 16:13:26 +0000
ROA not before:           Tue 17 Oct 2023 16:08:26 +0000
ROA not after:            Tue 15 Oct 2024 16:13:26 +0000
asID:                     945
IP address blocks:        2001:67c:a90::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:4b:f2:2d:85:fc:30:a6:3e:56:6e:41:ea:71:81:62:6b:22:2e:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:26 2023 GMT
            Not After : Oct 15 16:13:26 2024 GMT
        Subject: CN=89E4A60A0EE80A9A5A9A1A64606193182C4D8264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:8c:23:f0:9f:b2:7d:f2:bd:ec:ba:94:39:2f:
                    56:b2:fd:af:2c:75:d2:21:d2:0a:3d:ff:92:29:64:
                    97:fc:f8:b5:1c:4c:8b:10:12:89:ad:ea:49:52:78:
                    02:a3:66:29:84:4c:f9:d4:c8:7e:2f:67:93:6b:d0:
                    6e:71:7f:8e:07:f5:bb:53:c7:bb:11:69:04:86:a0:
                    37:10:d1:1a:5b:03:9e:b9:a8:7f:3e:89:9b:0d:da:
                    19:94:03:0d:02:4e:c4:e0:28:62:5a:63:71:a5:5c:
                    e6:8a:02:87:70:e8:1c:f5:52:30:86:af:79:8d:b2:
                    f8:6b:81:f1:5c:79:db:31:10:bf:f7:79:d9:d2:03:
                    4d:2c:e5:fc:99:cc:24:21:63:0e:e3:53:84:1a:e8:
                    98:ce:2f:ad:62:bf:80:73:1a:4f:ba:d2:3a:14:4a:
                    72:0e:9c:06:eb:8e:91:ba:a4:2c:1e:3b:27:b6:6d:
                    d4:f9:2e:65:a0:9c:13:9e:dd:8c:43:2f:8f:65:a4:
                    a3:e5:e0:19:8f:27:b6:6e:d4:72:1e:ac:bc:fd:0a:
                    1b:d9:e7:e3:89:36:52:22:81:02:26:08:f8:00:e0:
                    fa:67:ca:a3:0d:91:7c:0e:3c:ba:54:a7:c9:e8:14:
                    12:b2:b3:65:9b:9d:24:d5:c4:a5:30:2f:dc:f1:36:
                    40:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:E4:A6:0A:0E:E8:0A:9A:5A:9A:1A:64:60:61:93:18:2C:4D:82:64
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/323030313a3637633a6139303a3a2f34382d3438203d3e20393435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a90::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:13:be:b1:4e:ec:ab:ac:c2:e4:7e:21:24:13:3a:f8:e2:8c:
         eb:f6:74:58:4b:e2:79:81:b0:fb:4a:d6:3b:ff:e9:e6:35:03:
         d4:b4:64:1b:c2:4d:2a:fa:d8:84:dc:8b:10:a6:7b:e0:21:19:
         4f:57:93:3e:51:96:92:e6:25:b5:bb:f2:54:82:d9:d0:c6:42:
         08:61:51:c6:4f:6c:94:99:98:09:de:af:f0:a9:3a:46:ec:34:
         b9:b6:f2:60:cc:46:5a:46:d0:82:c6:b0:b0:ad:37:92:07:f4:
         c4:7e:fb:2c:22:df:27:75:4f:ce:57:27:1c:00:c7:ac:d7:47:
         ad:7d:9f:f2:13:d3:c1:03:88:4c:54:9e:2d:85:a8:88:46:d3:
         8f:14:83:da:85:d3:75:ca:a7:e1:b4:04:07:04:0b:cf:69:06:
         04:d8:83:7e:5a:18:64:15:b1:f2:63:50:d9:90:b5:9b:f0:6f:
         0b:cc:1b:30:8f:46:d4:5a:73:41:54:b7:21:fa:15:bf:e4:a9:
         08:ca:7e:6f:a8:dd:b4:93:b4:3a:9c:ae:02:15:fd:75:32:cd:
         14:47:cd:99:cf:82:fe:b1:d0:ad:e9:e2:30:fd:78:a2:81:67:
         3c:63:7f:59:c8:ec:b5:40:69:32:6d:c7:e7:e4:f8:3f:69:3a:
         e7:08:a2:e0
-----BEGIN CERTIFICATE-----
MIIEwDCCA6igAwIBAgIUd0vyLYX8MKY+Vm5B6nGBYmsiLiIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MjZaFw0yNDEwMTUxNjEzMjZaMDMxMTAvBgNV
BAMTKDg5RTRBNjBBMEVFODBBOUE1QTlBMUE2NDYwNjE5MzE4MkM0RDgyNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDajCPwn7J98r3supQ5L1ay/a8s
ddIh0go9/5IpZJf8+LUcTIsQEomt6klSeAKjZimETPnUyH4vZ5Nr0G5xf44H9btT
x7sRaQSGoDcQ0RpbA565qH8+iZsN2hmUAw0CTsTgKGJaY3GlXOaKAodw6Bz1UjCG
r3mNsvhrgfFcedsxEL/3ednSA00s5fyZzCQhYw7jU4Qa6JjOL61iv4BzGk+60joU
SnIOnAbrjpG6pCweOye2bdT5LmWgnBOe3YxDL49lpKPl4BmPJ7Zu1HIerLz9ChvZ
5+OJNlIigQImCPgA4PpnyqMNkXwOPLpUp8noFBKys2WbnSTVxKUwL9zxNkBfAgMB
AAGjggHKMIIBxjAdBgNVHQ4EFgQUieSmCg7oCppamhpkYGGTGCxNgmQwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMHMG
CCsGAQUFBwELBGcwZTBjBggrBgEFBQcwC4ZXcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjMwMzAzMTNhMzYzNzYzM2E2MTM5MzAzYTNhMmYzNDM4MmQzNDM4
MjAzZDNlMjAzOTM0MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYI
KwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ8CpAwDQYJKoZIhvcNAQELBQAD
ggEBAEcTvrFO7KuswuR+ISQTOvjijOv2dFhL4nmBsPtK1jv/6eY1A9S0ZBvCTSr6
2ITcixCme+AhGU9Xkz5RlpLmJbW78lSC2dDGQghhUcZPbJSZmAner/CpOkbsNLm2
8mDMRlpG0ILGsLCtN5IH9MR++ywi3yd1T85XJxwAx6zXR619n/IT08EDiExUni2F
qIhG048Ug9qF03XKp+G0BAcEC89pBgTYg35aGGQVsfJjUNmQtZvwbwvMGzCPRtRa
c0FUtyH6Fb/kqQjKfm+o3bSTtDqcrgIV/XUyzRRHzZnPgv6x0K3p4jD9eKKBZzxj
f1nI7LVAaTJtx+fk+D9pOucIouA=
-----END CERTIFICATE-----