Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a333230303a3a2f34302d3430203d3e20323030383237.roa
File:                     326131323a646434373a333230303a3a2f34302d3430203d3e20323030383237.roa (raw, json)
Hash identifier:          cBRQ+iO6QwhfYlZbajxg5386AzsfC5tBZjVcUI9iMM8=
Subject key identifier:   B1:89:29:4A:65:EA:A1:67:18:CD:68:86:05:98:C4:7A:FF:30:81:A5
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       4A5B6B610D8972F02F34C26F0D55730005C9918F
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a333230303a3a2f34302d3430203d3e20323030383237.roa
Signing time:             Tue 17 Oct 2023 16:13:36 +0000
ROA not before:           Tue 17 Oct 2023 16:08:36 +0000
ROA not after:            Tue 15 Oct 2024 16:13:36 +0000
asID:                     200827
IP address blocks:        2a12:dd47:3200::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:5b:6b:61:0d:89:72:f0:2f:34:c2:6f:0d:55:73:00:05:c9:91:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:36 2023 GMT
            Not After : Oct 15 16:13:36 2024 GMT
        Subject: CN=B189294A65EAA16718CD68860598C47AFF3081A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:04:21:87:b6:99:3c:fa:ca:1a:c1:3a:eb:ed:
                    21:6c:9e:14:d6:ca:6a:0b:28:0b:d6:4c:ee:0e:a5:
                    bb:39:76:04:da:f6:5c:36:5a:2f:3d:ef:70:7b:b1:
                    35:06:5c:5c:2a:57:63:34:16:ef:13:41:f0:c0:0f:
                    b5:1a:8a:66:76:8a:dd:05:22:11:3a:6e:96:15:90:
                    dd:38:d8:d3:d5:5d:3f:df:1e:22:36:53:09:4b:6e:
                    e5:f3:58:57:f2:4a:70:88:4f:70:43:97:47:77:3b:
                    c3:65:5a:9b:77:7c:20:ec:42:c8:55:01:f1:48:86:
                    9f:a9:7f:a3:e0:15:0f:8d:97:27:3a:a5:50:c5:e7:
                    f3:dd:a4:6e:3f:66:8f:0d:d2:e2:a2:b2:ce:d5:d2:
                    5a:c7:81:ec:c8:1d:19:f5:fb:b7:25:9c:6f:ce:aa:
                    70:c9:13:c5:91:c3:fd:00:20:fd:4f:c2:0b:f6:76:
                    b6:6a:63:84:11:fa:57:5a:c4:a5:7c:fe:bc:ae:77:
                    d6:4a:27:9c:d5:6d:ea:81:3d:3d:b5:62:e4:43:46:
                    5d:fa:03:3a:b7:bf:e3:42:fb:02:c4:52:e5:6a:34:
                    10:32:c9:98:06:8f:be:56:4a:9d:63:be:33:a8:03:
                    dc:cc:b6:50:e1:bc:30:86:fb:64:9a:94:28:89:89:
                    80:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:89:29:4A:65:EA:A1:67:18:CD:68:86:05:98:C4:7A:FF:30:81:A5
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a333230303a3a2f34302d3430203d3e20323030383237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:3200::/40

    Signature Algorithm: sha256WithRSAEncryption
         72:25:ee:8a:7b:b2:c6:cf:4e:a1:e1:e3:a8:4f:1a:c0:39:43:
         c9:23:4d:18:2c:85:bf:08:a2:47:b8:a9:1a:35:d0:a3:a6:ca:
         d0:7b:85:6e:f9:71:f2:4c:85:42:8c:bb:29:f1:34:49:e2:26:
         a4:1a:e7:0a:a6:29:a8:f5:0f:66:4e:35:e4:1e:07:36:f2:4b:
         ab:c5:8d:b6:8c:1c:81:3e:1d:af:37:8b:ac:e9:3b:2d:ce:f1:
         62:11:1b:d0:45:27:8f:c9:e2:bb:66:78:b0:cb:79:5e:ca:9d:
         cb:00:92:6c:1f:ca:cb:e3:b8:71:20:af:4b:e8:2f:26:f5:c1:
         02:1c:8a:a2:10:64:4f:01:70:e0:f0:94:20:93:10:e2:d7:71:
         38:6d:cc:9c:38:7c:bc:a1:13:0e:48:df:9a:42:86:d5:d4:12:
         33:80:97:b0:4e:35:ae:5c:13:44:dd:88:96:98:94:cf:30:c8:
         af:5f:54:f3:04:d5:5e:b5:56:41:4d:47:bf:98:ac:2d:fa:dd:
         d6:ad:42:f8:81:24:90:74:d2:19:7e:d0:de:59:ba:79:41:0b:
         6a:8b:06:76:e1:12:eb:70:9b:4a:55:8f:fa:52:0b:3c:5c:e3:
         c9:a8:75:bd:a1:e3:35:a5:27:e3:a6:05:f0:9d:b5:ec:2e:cf:
         8d:67:ac:32
-----BEGIN CERTIFICATE-----
MIIEyTCCA7GgAwIBAgIUSltrYQ2JcvAvNMJvDVVzAAXJkY8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzZaFw0yNDEwMTUxNjEzMzZaMDMxMTAvBgNV
BAMTKEIxODkyOTRBNjVFQUExNjcxOENENjg4NjA1OThDNDdBRkYzMDgxQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBBCGHtpk8+soawTrr7SFsnhTW
ymoLKAvWTO4Opbs5dgTa9lw2Wi8973B7sTUGXFwqV2M0Fu8TQfDAD7UaimZ2it0F
IhE6bpYVkN042NPVXT/fHiI2UwlLbuXzWFfySnCIT3BDl0d3O8NlWpt3fCDsQshV
AfFIhp+pf6PgFQ+Nlyc6pVDF5/PdpG4/Zo8N0uKiss7V0lrHgezIHRn1+7clnG/O
qnDJE8WRw/0AIP1Pwgv2drZqY4QR+ldaxKV8/ryud9ZKJ5zVbeqBPT21YuRDRl36
Azq3v+NC+wLEUuVqNBAyyZgGj75WSp1jvjOoA9zMtlDhvDCG+2SalCiJiYDHAgMB
AAGjggHTMIIBzzAdBgNVHQ4EFgQUsYkpSmXqoWcYzWiGBZjEev8wgaUwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTMzMzIzMDMwM2EzYTJmMzQzMDJk
MzQzMDIwM2QzZTIwMzIzMDMwMzgzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhLdRzIwDQYJKoZI
hvcNAQELBQADggEBAHIl7op7ssbPTqHh46hPGsA5Q8kjTRgshb8Ioke4qRo10KOm
ytB7hW75cfJMhUKMuynxNEniJqQa5wqmKaj1D2ZONeQeBzbyS6vFjbaMHIE+Ha83
i6zpOy3O8WIRG9BFJ4/J4rtmeLDLeV7KncsAkmwfysvjuHEgr0voLyb1wQIciqIQ
ZE8BcODwlCCTEOLXcThtzJw4fLyhEw5I35pChtXUEjOAl7BONa5cE0TdiJaYlM8w
yK9fVPME1V61VkFNR7+YrC363datQviBJJB00hl+0N5ZunlBC2qLBnbhEutwm0pV
j/pSCzxc48modb2h4zWlJ+OmBfCdtewuz41nrDI=
-----END CERTIFICATE-----