Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a356530303a3a2f34342d3438203d3e20323030323236.roa
File:                     326131323a646434373a356530303a3a2f34342d3438203d3e20323030323236.roa (raw, json)
Hash identifier:          cYFry+sLl1IFrHiOP0ST7TPn8VCyO0p6ZvrkNWdOznY=
Subject key identifier:   39:3E:E4:0E:FC:3A:B4:0E:FF:94:34:09:50:49:21:AC:CA:1F:9A:89
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       64E260DB716B95A499CAEC658525F0545A851CBA
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a356530303a3a2f34342d3438203d3e20323030323236.roa
Signing time:             Tue 17 Oct 2023 16:13:32 +0000
ROA not before:           Tue 17 Oct 2023 16:08:32 +0000
ROA not after:            Tue 15 Oct 2024 16:13:32 +0000
asID:                     200226
IP address blocks:        2a12:dd47:5e00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:e2:60:db:71:6b:95:a4:99:ca:ec:65:85:25:f0:54:5a:85:1c:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:32 2023 GMT
            Not After : Oct 15 16:13:32 2024 GMT
        Subject: CN=393EE40EFC3AB40EFF943409504921ACCA1F9A89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d2:74:4f:0f:fc:92:0e:a8:ed:5b:af:6b:44:
                    c9:a7:22:70:70:5d:95:4f:12:c5:ee:a3:be:2e:47:
                    4d:83:43:08:14:8a:d1:f0:9a:70:80:71:b6:09:73:
                    52:eb:1a:dc:e9:76:27:1d:6c:b2:a0:cb:7f:76:7a:
                    c6:87:a9:dd:d3:2d:b6:4b:07:3e:77:cd:2d:17:c4:
                    d2:da:8b:c5:4a:38:a6:ef:97:60:56:47:c8:c1:ca:
                    76:1b:50:6b:33:0e:da:c0:bd:b4:68:36:d3:c9:19:
                    29:30:5b:ae:ab:6d:49:01:f7:b6:5d:51:a5:db:4e:
                    f3:15:47:ef:15:62:3d:0c:b3:9c:14:c6:bf:4a:ac:
                    b1:16:da:4d:3f:bb:fe:93:57:56:fd:fe:34:5b:c0:
                    79:95:24:5d:60:52:27:76:b4:3d:e1:e5:5e:cf:38:
                    80:9f:f2:42:32:2a:ec:37:58:de:da:7d:0a:96:48:
                    6e:98:e3:c0:be:4a:30:4d:fc:41:da:a5:e2:ec:15:
                    d7:b1:84:41:aa:fe:17:9e:73:7c:da:2c:04:9f:36:
                    ef:b0:49:f7:27:15:b0:f3:aa:74:33:79:7b:e5:8b:
                    a5:de:b3:bf:1b:e6:b6:6f:de:d8:5b:f6:fe:3f:12:
                    0c:47:99:f6:14:fa:4c:ea:9b:6a:ec:2d:14:0a:ea:
                    dd:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:3E:E4:0E:FC:3A:B4:0E:FF:94:34:09:50:49:21:AC:CA:1F:9A:89
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a356530303a3a2f34342d3438203d3e20323030323236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:5e00::/44

    Signature Algorithm: sha256WithRSAEncryption
         d9:6b:10:ee:98:45:bf:e3:0c:6e:24:46:b5:4c:25:3a:73:4d:
         33:f1:da:9a:e1:60:ad:4e:f7:b2:59:9a:18:ba:56:9d:3f:3e:
         92:13:2b:42:d0:07:0a:ec:de:f6:01:11:a7:e3:46:7b:bd:b4:
         0e:6f:f1:a0:90:71:0e:68:35:1b:b2:40:59:4a:f4:28:d0:db:
         6a:74:52:59:3f:49:86:7f:2a:05:24:12:b7:fd:94:99:22:d3:
         21:b2:4d:d9:80:bf:07:b5:5c:7e:f2:83:fb:a1:fe:2f:b0:74:
         03:7f:65:ad:bb:76:fc:b8:ce:23:b3:93:76:b5:98:0d:00:69:
         3c:12:89:50:a7:8b:52:48:50:50:9a:6f:72:8c:7a:b3:84:29:
         f0:d0:89:7c:49:b9:bb:36:16:ef:bf:d9:fd:c2:13:01:1c:fa:
         ea:0b:43:9c:61:9e:e7:7d:bd:20:db:ba:08:c9:d5:df:88:ee:
         42:4d:66:08:70:6a:71:f5:e9:00:4a:43:e4:e3:01:13:9c:db:
         46:4a:39:78:14:ba:bf:f6:5e:41:ce:8c:59:99:04:3e:5f:7f:
         de:e7:5a:2e:14:27:74:18:e9:13:50:1e:a4:6c:23:23:0d:07:
         03:db:23:5b:e5:29:dd:62:86:04:70:99:d9:c5:c7:b2:60:dd:
         0c:2e:79:de
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUZOJg23FrlaSZyuxlhSXwVFqFHLowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzJaFw0yNDEwMTUxNjEzMzJaMDMxMTAvBgNV
BAMTKDM5M0VFNDBFRkMzQUI0MEVGRjk0MzQwOTUwNDkyMUFDQ0ExRjlBODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu0nRPD/ySDqjtW69rRMmnInBw
XZVPEsXuo74uR02DQwgUitHwmnCAcbYJc1LrGtzpdicdbLKgy392esaHqd3TLbZL
Bz53zS0XxNLai8VKOKbvl2BWR8jBynYbUGszDtrAvbRoNtPJGSkwW66rbUkB97Zd
UaXbTvMVR+8VYj0Ms5wUxr9KrLEW2k0/u/6TV1b9/jRbwHmVJF1gUid2tD3h5V7P
OICf8kIyKuw3WN7afQqWSG6Y48C+SjBN/EHapeLsFdexhEGq/heec3zaLASfNu+w
SfcnFbDzqnQzeXvli6Xes78b5rZv3thb9v4/EgxHmfYU+kzqm2rsLRQK6t2nAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUOT7kDvw6tA7/lDQJUEkhrMofmokwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM1NjUzMDMwM2EzYTJmMzQzNDJk
MzQzODIwM2QzZTIwMzIzMDMwMzIzMjM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhLdR14AMA0GCSqG
SIb3DQEBCwUAA4IBAQDZaxDumEW/4wxuJEa1TCU6c00z8dqa4WCtTveyWZoYulad
Pz6SEytC0AcK7N72ARGn40Z7vbQOb/GgkHEOaDUbskBZSvQo0NtqdFJZP0mGfyoF
JBK3/ZSZItMhsk3ZgL8HtVx+8oP7of4vsHQDf2Wtu3b8uM4js5N2tZgNAGk8EolQ
p4tSSFBQmm9yjHqzhCnw0Il8Sbm7Nhbvv9n9whMBHPrqC0OcYZ7nfb0g27oIydXf
iO5CTWYIcGpx9ekASkPk4wETnNtGSjl4FLq/9l5BzoxZmQQ+X3/e51ouFCd0GOkT
UB6kbCMjDQcD2yNb5SndYoYEcJnZxceyYN0MLnne
-----END CERTIFICATE-----