Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a383030303a3a2f34382d3438203d3e20323131343331.roa
File:                     326131323a646434373a383030303a3a2f34382d3438203d3e20323131343331.roa (raw, json)
Hash identifier:          HiL5FqVmHq+ZsDQdi2szZ9W9pnP2vVEyO0aXPR9MMfk=
Subject key identifier:   06:7F:AB:A4:76:64:14:24:C4:26:BC:15:41:A5:AA:FA:55:51:65:04
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       70B10855D98ECEEB9E7C53DA1052CB1478444F4F
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a383030303a3a2f34382d3438203d3e20323131343331.roa
Signing time:             Tue 17 Oct 2023 16:13:28 +0000
ROA not before:           Tue 17 Oct 2023 16:08:28 +0000
ROA not after:            Tue 15 Oct 2024 16:13:28 +0000
asID:                     211431
IP address blocks:        2a12:dd47:8000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:b1:08:55:d9:8e:ce:eb:9e:7c:53:da:10:52:cb:14:78:44:4f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:28 2023 GMT
            Not After : Oct 15 16:13:28 2024 GMT
        Subject: CN=067FABA476641424C426BC1541A5AAFA55516504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d3:bf:8a:fc:5b:2a:41:46:ba:7f:db:20:61:
                    7c:de:a8:19:97:36:93:15:c8:8e:d5:b9:9c:e3:57:
                    55:85:02:b8:e2:a1:e1:44:bd:4a:3a:3a:7f:96:f6:
                    18:af:60:de:ed:7e:45:f2:c1:d3:93:5c:79:e1:b5:
                    d2:07:d2:93:85:5a:20:94:22:93:74:ef:d9:14:a0:
                    bd:ee:02:29:a5:2f:26:17:b0:c3:ad:40:96:39:69:
                    e4:21:49:7a:d6:ba:c1:7c:72:5b:6c:47:02:9a:a6:
                    0c:35:72:f8:cb:0a:d2:c8:79:a5:8c:8e:a3:04:c3:
                    b8:d2:07:15:3b:20:1d:15:5f:66:b8:65:1c:d7:f8:
                    17:0e:b0:58:cb:89:44:b6:8d:fb:09:b1:73:5c:aa:
                    87:03:77:c4:38:05:67:ea:34:24:ae:8a:39:d8:be:
                    ee:e9:07:8b:8d:d4:34:88:62:6e:47:8b:f2:82:43:
                    61:63:58:ee:30:96:2b:b7:bf:35:4b:dd:eb:e3:fd:
                    59:4f:97:15:6d:5b:aa:67:2b:c8:9b:1e:76:7a:18:
                    a0:32:e9:d8:ad:6d:dc:4c:99:29:13:6c:b8:fa:71:
                    3e:48:e8:3a:ef:95:7f:2b:0d:c9:26:7f:b7:0b:d5:
                    4d:bd:07:0f:96:3a:4e:7d:d7:07:50:48:48:8a:f0:
                    1b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:7F:AB:A4:76:64:14:24:C4:26:BC:15:41:A5:AA:FA:55:51:65:04
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a383030303a3a2f34382d3438203d3e20323131343331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8000::/48

    Signature Algorithm: sha256WithRSAEncryption
         da:94:a2:22:d1:f7:56:08:38:5b:d1:6a:a8:41:e7:6c:9b:0f:
         21:48:f8:b9:a1:53:7b:90:1e:14:3d:22:60:a9:29:db:2a:3b:
         2a:3e:f3:92:62:ab:52:0f:78:0f:ef:55:26:13:ed:4e:ba:ad:
         f7:01:d9:b5:e4:56:7d:bd:b8:43:80:fd:d1:2e:8e:40:03:bd:
         ab:1b:46:6a:85:b2:3e:fa:83:e9:57:a0:bc:1b:f2:2e:f3:65:
         6d:c5:b2:f7:b6:4f:cd:93:2f:d1:f3:ac:e8:08:b5:82:2f:5e:
         c6:ca:e5:d4:f2:e0:d4:51:ba:7e:79:ae:e9:55:a3:95:3c:fe:
         40:e8:68:5b:a6:fa:ef:ae:f6:b8:53:04:aa:d8:8a:21:83:b7:
         84:dd:c5:e3:97:b6:b5:3d:fe:12:20:32:ec:8a:d7:7b:88:31:
         3b:0d:3a:14:c8:ca:36:b7:33:7a:a6:19:87:cc:ae:5b:a4:d2:
         24:be:c6:9d:a3:cf:a2:d6:13:a6:81:59:b0:0c:db:87:54:44:
         91:df:07:05:f7:f6:cf:35:9e:8e:1c:9d:16:f8:55:7a:ed:27:
         1e:54:2a:84:09:34:e6:f6:1b:59:c3:c4:2a:b9:91:35:fa:8a:
         28:c7:23:2a:56:d6:60:c7:16:93:48:67:37:fc:75:16:67:0d:
         85:a6:f5:e4
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUcLEIVdmOzuuefFPaEFLLFHhET08wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MjhaFw0yNDEwMTUxNjEzMjhaMDMxMTAvBgNV
BAMTKDA2N0ZBQkE0NzY2NDE0MjRDNDI2QkMxNTQxQTVBQUZBNTU1MTY1MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC907+K/FsqQUa6f9sgYXzeqBmX
NpMVyI7VuZzjV1WFArjioeFEvUo6On+W9hivYN7tfkXywdOTXHnhtdIH0pOFWiCU
IpN079kUoL3uAimlLyYXsMOtQJY5aeQhSXrWusF8cltsRwKapgw1cvjLCtLIeaWM
jqMEw7jSBxU7IB0VX2a4ZRzX+BcOsFjLiUS2jfsJsXNcqocDd8Q4BWfqNCSuijnY
vu7pB4uN1DSIYm5Hi/KCQ2FjWO4wliu3vzVL3evj/VlPlxVtW6pnK8ibHnZ6GKAy
6ditbdxMmSkTbLj6cT5I6DrvlX8rDckmf7cL1U29Bw+WOk591wdQSEiK8BtNAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUBn+rpHZkFCTEJrwVQaWq+lVRZQQwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4MzAzMDMwM2EzYTJmMzQzODJk
MzQzODIwM2QzZTIwMzIzMTMxMzQzMzMxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhLdR4AAMA0GCSqG
SIb3DQEBCwUAA4IBAQDalKIi0fdWCDhb0WqoQedsmw8hSPi5oVN7kB4UPSJgqSnb
KjsqPvOSYqtSD3gP71UmE+1Ouq33Adm15FZ9vbhDgP3RLo5AA72rG0ZqhbI++oPp
V6C8G/Iu82VtxbL3tk/Nky/R86zoCLWCL17GyuXU8uDUUbp+ea7pVaOVPP5A6Ghb
pvrvrva4UwSq2Iohg7eE3cXjl7a1Pf4SIDLsitd7iDE7DToUyMo2tzN6phmHzK5b
pNIkvsado8+i1hOmgVmwDNuHVESR3wcF9/bPNZ6OHJ0W+FV67SceVCqECTTm9htZ
w8QquZE1+oooxyMqVtZgxxaTSGc3/HUWZw2FpvXk
-----END CERTIFICATE-----