Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a356532303a3a2f34342d3438203d3e20313938393534.roa
File:                     326131323a646434373a356532303a3a2f34342d3438203d3e20313938393534.roa (raw, json)
Hash identifier:          5SwRwaOZgh36U0Ej/O3D9Ftv0UGm04rY6aZyJxpi5Aw=
Subject key identifier:   CE:C4:32:10:48:D8:E8:96:E4:39:E8:67:FC:28:3E:4B:F5:03:1D:15
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       435F7CAC20A2EFAB1305B3C4C94395573CD51A35
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a356532303a3a2f34342d3438203d3e20313938393534.roa
Signing time:             Mon 29 Jan 2024 02:56:20 +0000
ROA not before:           Mon 29 Jan 2024 02:51:20 +0000
ROA not after:            Mon 27 Jan 2025 02:56:20 +0000
asID:                     198954
IP address blocks:        2a12:dd47:5e20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:5f:7c:ac:20:a2:ef:ab:13:05:b3:c4:c9:43:95:57:3c:d5:1a:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Jan 29 02:51:20 2024 GMT
            Not After : Jan 27 02:56:20 2025 GMT
        Subject: CN=CEC4321048D8E896E439E867FC283E4BF5031D15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:20:b8:70:7f:ab:b7:8c:4f:59:c6:24:b3:b6:
                    67:37:3c:cc:37:77:97:ac:1e:bb:e8:8f:e3:73:db:
                    91:44:f3:c6:b5:a1:dd:7a:c0:7a:43:67:f9:13:6c:
                    41:d4:a5:03:dc:bd:33:03:3a:d9:d9:16:6d:77:48:
                    8f:da:9a:6a:c8:7d:ce:2a:be:42:1c:2b:d7:da:9f:
                    bb:9d:13:6c:16:7e:19:48:a6:11:3b:1e:33:3d:18:
                    5c:57:01:f7:c8:b6:7e:d1:e4:5e:e4:1a:99:a0:62:
                    9d:3b:87:de:48:87:32:9f:ef:6d:79:81:53:0c:e9:
                    df:a2:82:74:00:3b:8b:48:00:4c:75:42:d1:b2:c5:
                    dc:ae:1b:39:a1:bf:d6:eb:20:0b:bb:a4:25:c7:66:
                    e3:96:3d:26:42:57:c8:fa:43:63:f7:9c:aa:e1:80:
                    f0:b8:03:75:67:b9:19:03:c2:b9:b2:b1:53:63:29:
                    54:95:a7:8c:6d:9f:49:b2:d6:57:c9:b1:ab:43:8e:
                    b8:a9:1c:f0:a2:30:ef:46:4a:7f:7c:9f:99:d8:cc:
                    c2:d3:43:3e:7a:bc:f4:bc:59:0a:3a:e6:e2:fa:dc:
                    0e:c6:8a:50:50:6d:df:84:ec:3d:b9:b2:bb:47:16:
                    2d:52:22:38:c0:ab:f7:b8:38:aa:69:1d:32:58:56:
                    ae:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:C4:32:10:48:D8:E8:96:E4:39:E8:67:FC:28:3E:4B:F5:03:1D:15
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a356532303a3a2f34342d3438203d3e20313938393534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:5e20::/44

    Signature Algorithm: sha256WithRSAEncryption
         b2:e3:7e:77:23:75:b4:23:70:25:c9:17:23:2d:e7:47:e2:ea:
         93:f7:34:a3:9a:28:56:6b:b2:a7:a9:55:90:41:f5:7b:39:a9:
         ef:9a:43:fb:52:29:b0:b2:cf:9c:a5:16:df:f4:92:11:a9:32:
         fb:e1:50:17:3b:45:79:74:93:ec:e4:17:32:d2:2f:1c:3c:1d:
         31:e8:5d:f4:5e:37:32:6b:1a:c6:f8:d0:24:7f:0f:8c:b4:f1:
         d2:45:75:53:6f:63:8c:9d:93:81:f3:7d:32:ee:ce:7b:42:cc:
         04:bf:db:92:0f:2a:86:4b:65:77:ff:62:15:0b:2e:58:b8:ec:
         e1:a4:0d:ee:4b:e2:ee:b0:b9:b3:91:72:2a:20:c4:57:27:ef:
         5f:03:2f:f4:ad:62:69:36:ec:cb:85:81:ff:88:bd:35:44:b3:
         11:14:f0:37:d3:b7:9e:64:ef:0e:33:d3:61:56:69:d0:fc:18:
         0f:a9:2e:e7:53:72:b5:cc:1a:f0:02:d4:d4:10:6d:b2:e1:ef:
         45:5d:10:a2:ea:b9:f7:ec:e2:09:3e:2b:f4:40:55:71:3f:ab:
         d6:08:92:0f:b7:dd:d2:b5:76:b7:49:25:7b:1f:3b:95:ce:bf:
         29:1c:3e:ee:f5:6e:87:c4:1c:a9:c1:72:be:c1:5a:69:cd:ac:
         fb:e8:db:69
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUQ198rCCi76sTBbPEyUOVVzzVGjUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yNDAxMjkwMjUxMjBaFw0yNTAxMjcwMjU2MjBaMDMxMTAvBgNV
BAMTKENFQzQzMjEwNDhEOEU4OTZFNDM5RTg2N0ZDMjgzRTRCRjUwMzFEMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhILhwf6u3jE9ZxiSztmc3PMw3
d5esHrvoj+Nz25FE88a1od16wHpDZ/kTbEHUpQPcvTMDOtnZFm13SI/ammrIfc4q
vkIcK9fan7udE2wWfhlIphE7HjM9GFxXAffItn7R5F7kGpmgYp07h95IhzKf7215
gVMM6d+ignQAO4tIAEx1QtGyxdyuGzmhv9brIAu7pCXHZuOWPSZCV8j6Q2P3nKrh
gPC4A3VnuRkDwrmysVNjKVSVp4xtn0my1lfJsatDjripHPCiMO9GSn98n5nYzMLT
Qz56vPS8WQo65uL63A7GilBQbd+E7D25srtHFi1SIjjAq/e4OKppHTJYVq4BAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUzsQyEEjY6JbkOehn/Cg+S/UDHRUwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM1NjUzMjMwM2EzYTJmMzQzNDJk
MzQzODIwM2QzZTIwMzEzOTM4MzkzNTM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhLdR14gMA0GCSqG
SIb3DQEBCwUAA4IBAQCy4353I3W0I3AlyRcjLedH4uqT9zSjmihWa7KnqVWQQfV7
OanvmkP7Uimwss+cpRbf9JIRqTL74VAXO0V5dJPs5Bcy0i8cPB0x6F30XjcyaxrG
+NAkfw+MtPHSRXVTb2OMnZOB830y7s57QswEv9uSDyqGS2V3/2IVCy5YuOzhpA3u
S+LusLmzkXIqIMRXJ+9fAy/0rWJpNuzLhYH/iL01RLMRFPA307eeZO8OM9NhVmnQ
/BgPqS7nU3K1zBrwAtTUEG2y4e9FXRCi6rn37OIJPiv0QFVxP6vWCJIPt93StXa3
SSV7HzuVzr8pHD7u9W6HxBypwXK+wVppzaz76Ntp
-----END CERTIFICATE-----