Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a3430303a3a2f33392d3438203d3e20313939363831.roa
File:                     326131323a646434373a3430303a3a2f33392d3438203d3e20313939363831.roa (raw, json)
Hash identifier:          anYBphuYFYRF9V51bDy4HGQ/U6Bzat+RxVDelTRc4vI=
Subject key identifier:   EE:7E:D7:F3:80:02:01:A0:D9:41:8A:9E:AF:B3:D2:14:B8:0D:A1:58
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       27CB3B831131E9289A21AA81D3F48B4D33C9EF81
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a3430303a3a2f33392d3438203d3e20313939363831.roa
Signing time:             Tue 17 Oct 2023 16:13:35 +0000
ROA not before:           Tue 17 Oct 2023 16:08:35 +0000
ROA not after:            Tue 15 Oct 2024 16:13:35 +0000
asID:                     199681
IP address blocks:        2a12:dd47:400::/39 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:cb:3b:83:11:31:e9:28:9a:21:aa:81:d3:f4:8b:4d:33:c9:ef:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:35 2023 GMT
            Not After : Oct 15 16:13:35 2024 GMT
        Subject: CN=EE7ED7F3800201A0D9418A9EAFB3D214B80DA158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c4:02:4e:62:22:79:51:92:32:48:ef:59:d1:
                    b7:83:f3:0b:db:f2:92:b3:f5:25:13:b4:28:19:70:
                    dd:a1:0c:b6:a6:a8:81:fe:89:7f:27:5a:2f:c0:c2:
                    06:94:d5:4b:4e:38:8b:ac:73:0b:28:e1:8b:3a:ad:
                    4d:83:45:74:6e:63:2c:1b:d2:a6:04:ce:ac:c7:7c:
                    9e:2f:cd:0f:a7:7b:88:ef:2f:00:6b:c9:2b:50:bb:
                    cb:9b:0a:f1:c6:70:3f:ea:64:fe:6d:06:14:16:43:
                    38:e2:df:36:a3:41:4d:11:53:f9:9f:11:a7:6e:bb:
                    26:4e:0d:5e:f8:0f:72:65:7c:d3:20:7e:6c:dc:81:
                    3e:5c:51:ef:ac:d7:ca:fa:45:b8:0e:54:cd:61:04:
                    66:ce:39:7e:1d:13:ce:a2:21:6b:ba:a3:67:f5:6e:
                    94:6b:5e:2f:b0:15:9a:f1:d9:32:0b:2d:92:72:0b:
                    06:57:c1:c9:f5:c3:94:0d:5e:1b:65:13:6a:b7:6c:
                    92:38:0c:a2:78:83:42:ff:61:0b:78:6c:6c:57:80:
                    70:e4:eb:74:a0:44:3c:df:84:92:00:41:09:19:ad:
                    ad:2f:d3:8b:19:31:30:e6:9b:12:7c:36:fb:ea:16:
                    71:10:93:a5:e1:77:74:f6:ec:71:0e:e9:04:6d:c3:
                    a9:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:7E:D7:F3:80:02:01:A0:D9:41:8A:9E:AF:B3:D2:14:B8:0D:A1:58
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a3430303a3a2f33392d3438203d3e20313939363831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:400::/39

    Signature Algorithm: sha256WithRSAEncryption
         d2:39:93:6e:4a:2b:78:8b:57:47:50:d3:8a:67:5e:06:5e:35:
         8b:fc:81:0a:7d:c1:73:1b:31:fa:66:37:e4:2d:ef:f2:7a:20:
         b3:80:90:03:79:9f:e9:4c:49:3f:1b:05:ea:49:9e:75:dd:1c:
         30:83:49:67:c7:fe:ff:61:33:dd:58:b7:b0:84:cc:30:9b:c6:
         e6:5a:ff:0f:58:c8:32:fa:0e:d2:a5:30:9d:5c:48:6d:35:25:
         16:1f:a8:e8:9c:cf:0a:dd:47:4c:cb:8e:dd:7b:5f:90:54:61:
         cf:f9:2b:03:05:9f:2b:89:6e:28:1d:09:46:d8:c1:81:79:a5:
         4b:99:74:8c:94:97:06:25:10:4b:6e:eb:20:41:e7:d9:b8:ab:
         fc:4e:76:d7:d5:90:b1:9a:dd:ac:0e:78:f1:98:99:8b:e1:57:
         92:94:f8:f3:8b:3a:7b:9a:2c:37:ee:88:7b:b3:3c:b5:3d:60:
         2c:cd:f5:ce:06:83:b9:fa:f2:44:42:ca:85:17:43:fb:4e:ed:
         5a:bf:da:bf:5a:66:22:5c:0d:5b:38:b7:24:e9:fe:73:44:04:
         0f:cf:0f:f0:3d:8d:e3:7f:6d:77:54:f0:44:1e:b0:dc:8f:8f:
         67:47:31:f9:53:1a:a2:44:31:b6:e8:70:55:44:db:c8:75:77:
         eb:a2:61:50
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUJ8s7gxEx6SiaIaqB0/SLTTPJ74EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzVaFw0yNDEwMTUxNjEzMzVaMDMxMTAvBgNV
BAMTKEVFN0VEN0YzODAwMjAxQTBEOTQxOEE5RUFGQjNEMjE0QjgwREExNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClxAJOYiJ5UZIySO9Z0beD8wvb
8pKz9SUTtCgZcN2hDLamqIH+iX8nWi/AwgaU1UtOOIuscwso4Ys6rU2DRXRuYywb
0qYEzqzHfJ4vzQ+ne4jvLwBryStQu8ubCvHGcD/qZP5tBhQWQzji3zajQU0RU/mf
EaduuyZODV74D3JlfNMgfmzcgT5cUe+s18r6RbgOVM1hBGbOOX4dE86iIWu6o2f1
bpRrXi+wFZrx2TILLZJyCwZXwcn1w5QNXhtlE2q3bJI4DKJ4g0L/YQt4bGxXgHDk
63SgRDzfhJIAQQkZra0v04sZMTDmmxJ8NvvqFnEQk6Xhd3T27HEO6QRtw6mbAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQU7n7X84ACAaDZQYqer7PSFLgNoVgwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMHsG
CCsGAQUFBwELBG8wbTBrBggrBgEFBQcwC4ZfcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM0MzAzMDNhM2EyZjMzMzkyZDM0
MzgyMDNkM2UyMDMxMzkzOTM2MzgzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGASoS3UcEMA0GCSqGSIb3
DQEBCwUAA4IBAQDSOZNuSit4i1dHUNOKZ14GXjWL/IEKfcFzGzH6ZjfkLe/yeiCz
gJADeZ/pTEk/GwXqSZ513Rwwg0lnx/7/YTPdWLewhMwwm8bmWv8PWMgy+g7SpTCd
XEhtNSUWH6jonM8K3UdMy47de1+QVGHP+SsDBZ8riW4oHQlG2MGBeaVLmXSMlJcG
JRBLbusgQefZuKv8TnbX1ZCxmt2sDnjxmJmL4VeSlPjzizp7miw37oh7szy1PWAs
zfXOBoO5+vJEQsqFF0P7Tu1av9q/WmYiXA1bOLck6f5zRAQPzw/wPY3jf213VPBE
HrDcj49nRzH5UxqiRDG26HBVRNvIdXfromFQ
-----END CERTIFICATE-----