Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/323030313a3637633a6161303a3a2f34382d3438203d3e20393435.roa
File:                     323030313a3637633a6161303a3a2f34382d3438203d3e20393435.roa (raw, json)
Hash identifier:          n2GOzLvVCeewtOVp/MXbLQSZt4DeV5AxIp9B16ieELA=
Subject key identifier:   6E:D2:EF:C7:CA:14:5F:A6:47:C8:B6:86:C8:2A:23:A9:15:7A:16:43
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       25D0B41A61087B77696C2CF16E14E4A977C71E96
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/323030313a3637633a6161303a3a2f34382d3438203d3e20393435.roa
Signing time:             Tue 17 Oct 2023 16:13:24 +0000
ROA not before:           Tue 17 Oct 2023 16:08:24 +0000
ROA not after:            Tue 15 Oct 2024 16:13:24 +0000
asID:                     945
IP address blocks:        2001:67c:aa0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:d0:b4:1a:61:08:7b:77:69:6c:2c:f1:6e:14:e4:a9:77:c7:1e:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:24 2023 GMT
            Not After : Oct 15 16:13:24 2024 GMT
        Subject: CN=6ED2EFC7CA145FA647C8B686C82A23A9157A1643
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d5:37:96:36:57:c1:ef:d6:1c:71:0f:8c:3f:
                    c3:70:19:b5:aa:f8:39:58:bb:14:37:4e:b2:4b:4c:
                    2c:5c:7e:2d:8c:e4:9c:ae:7e:ac:13:27:af:db:c7:
                    79:b1:af:d8:f0:13:a7:f7:b3:3d:7e:36:7a:3e:aa:
                    22:f9:05:c4:11:bf:e4:7f:19:e4:94:4e:fc:7c:08:
                    ab:7b:52:0d:74:33:cb:44:67:25:44:ad:cd:3e:4b:
                    42:1c:52:13:38:7d:b7:76:6d:fe:f4:f6:d5:6f:9a:
                    d8:9a:68:d8:65:66:99:d9:b3:e9:ac:f0:4b:59:79:
                    14:25:5a:c4:1f:e8:7d:7b:eb:ac:5a:33:f5:22:6e:
                    a8:0f:bc:ce:99:9e:b9:14:e8:77:e2:5f:b4:a5:53:
                    dc:fd:2e:2c:4f:5d:51:41:74:8d:a8:50:b8:36:1f:
                    44:26:31:e5:48:ff:5e:5c:8d:41:6e:b1:2c:06:67:
                    1e:22:e6:cc:e2:5f:c9:0d:0e:91:96:8f:a0:3b:eb:
                    07:3b:20:01:c9:f9:6a:7f:ca:d6:e9:05:72:30:c6:
                    fc:70:8d:49:87:d3:09:7d:01:85:bd:a9:01:59:29:
                    70:a2:6c:15:76:a2:45:70:e3:4e:f5:d9:71:7b:ee:
                    c0:cf:c6:9d:f0:3a:53:9f:8f:1c:71:e6:41:5e:d9:
                    a2:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:D2:EF:C7:CA:14:5F:A6:47:C8:B6:86:C8:2A:23:A9:15:7A:16:43
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/323030313a3637633a6161303a3a2f34382d3438203d3e20393435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:aa0::/48

    Signature Algorithm: sha256WithRSAEncryption
         bd:d5:3b:e2:eb:63:50:0c:1e:7b:87:bb:79:40:70:ba:2f:d3:
         2a:86:50:77:db:eb:55:18:92:6e:c2:27:e8:fb:20:a6:43:ed:
         32:0b:ee:d0:e1:cd:d6:ff:49:3b:44:78:cb:ee:bc:5a:89:a6:
         b2:9b:59:30:9d:8c:f8:61:1a:c6:67:58:26:cb:30:70:e4:a2:
         52:38:af:df:f6:f8:17:73:80:0a:6b:b7:27:d2:b8:5d:e0:8e:
         1b:11:88:9b:1b:27:e0:06:de:78:b4:23:85:a8:50:94:c5:24:
         93:11:d9:3a:7c:2e:16:0c:76:17:a0:46:fa:af:66:d4:f5:e6:
         3f:fc:84:14:4a:81:b0:99:2f:bb:9d:bf:16:a6:b1:9a:e5:17:
         75:6e:e6:1c:69:a5:ea:37:b0:ad:e2:42:a9:90:ab:2a:c8:24:
         cb:a3:66:1b:c7:9a:50:b8:3c:cb:0a:8d:26:99:a4:66:ac:8e:
         7d:27:b1:e5:1c:6a:7a:46:0f:e2:80:37:9a:55:c4:14:47:c1:
         10:a7:92:c5:e1:94:65:21:85:87:67:bf:a1:02:14:f6:b7:be:
         9c:23:16:5c:12:78:d8:78:23:de:a0:ec:6b:02:0a:ee:17:04:
         a7:2c:c6:83:f6:a8:d0:60:97:fe:78:8f:a5:6b:97:1e:8b:d8:
         ff:5e:9d:86
-----BEGIN CERTIFICATE-----
MIIEwDCCA6igAwIBAgIUJdC0GmEIe3dpbCzxbhTkqXfHHpYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MjRaFw0yNDEwMTUxNjEzMjRaMDMxMTAvBgNV
BAMTKDZFRDJFRkM3Q0ExNDVGQTY0N0M4QjY4NkM4MkEyM0E5MTU3QTE2NDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH1TeWNlfB79YccQ+MP8NwGbWq
+DlYuxQ3TrJLTCxcfi2M5JyufqwTJ6/bx3mxr9jwE6f3sz1+Nno+qiL5BcQRv+R/
GeSUTvx8CKt7Ug10M8tEZyVErc0+S0IcUhM4fbd2bf709tVvmtiaaNhlZpnZs+ms
8EtZeRQlWsQf6H1766xaM/UibqgPvM6ZnrkU6HfiX7SlU9z9LixPXVFBdI2oULg2
H0QmMeVI/15cjUFusSwGZx4i5sziX8kNDpGWj6A76wc7IAHJ+Wp/ytbpBXIwxvxw
jUmH0wl9AYW9qQFZKXCibBV2okVw40712XF77sDPxp3wOlOfjxxx5kFe2aKzAgMB
AAGjggHKMIIBxjAdBgNVHQ4EFgQUbtLvx8oUX6ZHyLaGyCojqRV6FkMwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMHMG
CCsGAQUFBwELBGcwZTBjBggrBgEFBQcwC4ZXcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjMwMzAzMTNhMzYzNzYzM2E2MTYxMzAzYTNhMmYzNDM4MmQzNDM4
MjAzZDNlMjAzOTM0MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYI
KwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAgAQZ8CqAwDQYJKoZIhvcNAQELBQAD
ggEBAL3VO+LrY1AMHnuHu3lAcLov0yqGUHfb61UYkm7CJ+j7IKZD7TIL7tDhzdb/
STtEeMvuvFqJprKbWTCdjPhhGsZnWCbLMHDkolI4r9/2+BdzgAprtyfSuF3gjhsR
iJsbJ+AG3ni0I4WoUJTFJJMR2Tp8LhYMdhegRvqvZtT15j/8hBRKgbCZL7udvxam
sZrlF3Vu5hxppeo3sK3iQqmQqyrIJMujZhvHmlC4PMsKjSaZpGasjn0nseUcanpG
D+KAN5pVxBRHwRCnksXhlGUhhYdnv6ECFPa3vpwjFlwSeNh4I96g7GsCCu4XBKcs
xoP2qNBgl/54j6Vrlx6L2P9enYY=
-----END CERTIFICATE-----