Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a383030313a3a2f34382d3438203d3e203537343031.roa
File:                     326131323a646434373a383030313a3a2f34382d3438203d3e203537343031.roa (raw, json)
Hash identifier:          c0k+HxZWLa825CeAFm9GXmvsgaqt9NZ8WWM78T3R/60=
Subject key identifier:   6C:50:7A:C6:37:77:0B:B0:2B:A5:F9:F9:F6:9C:56:F2:4D:8E:FB:A8
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       2A829F1FC7CEA8D8CE259C3A93A59F41788DE4A2
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a383030313a3a2f34382d3438203d3e203537343031.roa
Signing time:             Tue 17 Oct 2023 16:13:29 +0000
ROA not before:           Tue 17 Oct 2023 16:08:29 +0000
ROA not after:            Tue 15 Oct 2024 16:13:29 +0000
asID:                     57401
IP address blocks:        2a12:dd47:8001::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:82:9f:1f:c7:ce:a8:d8:ce:25:9c:3a:93:a5:9f:41:78:8d:e4:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:29 2023 GMT
            Not After : Oct 15 16:13:29 2024 GMT
        Subject: CN=6C507AC637770BB02BA5F9F9F69C56F24D8EFBA8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:bf:7b:43:4d:68:2d:f3:95:2c:69:7e:ec:d5:
                    4e:18:9d:9f:de:e2:a1:53:d1:dc:57:2c:15:92:c9:
                    68:8b:34:82:d7:d5:5f:50:eb:46:27:55:70:be:d9:
                    38:97:f2:78:43:6f:3b:eb:94:bc:c5:03:50:53:d8:
                    aa:41:c0:84:a8:a1:3d:c9:a4:f3:c0:40:e1:80:89:
                    40:de:8d:50:31:46:54:f7:9e:5f:c2:3c:0d:86:68:
                    0b:14:3b:5c:e7:1f:d4:48:f6:34:19:b4:65:07:8d:
                    42:a5:74:d8:0c:ea:a1:fa:1c:b0:05:1c:5b:a4:01:
                    b1:9d:46:df:47:25:29:3d:d2:01:8b:84:1f:d6:0a:
                    2b:22:0e:0c:3c:96:42:f0:71:7b:a9:e6:53:0a:3b:
                    0c:18:b8:c1:3b:03:bb:7b:1d:1d:92:ae:1a:2c:8d:
                    45:26:03:b5:5d:85:1f:fc:f3:98:d6:0c:25:70:65:
                    b4:f9:d1:be:bf:03:97:ec:81:f1:4f:55:d0:37:97:
                    b5:53:d3:ce:86:5c:5e:45:7c:ff:79:31:fa:0a:6a:
                    8d:28:58:96:29:9e:d6:61:dd:fc:f2:00:3e:c6:dd:
                    24:da:3b:c4:a3:be:ca:83:aa:b0:cd:8d:6a:b2:1e:
                    70:c9:aa:35:19:ca:57:12:9e:b4:d6:cc:8c:8c:5c:
                    ec:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:50:7A:C6:37:77:0B:B0:2B:A5:F9:F9:F6:9C:56:F2:4D:8E:FB:A8
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a383030313a3a2f34382d3438203d3e203537343031.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8001::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:b3:64:96:34:a6:06:26:8f:73:3e:e8:61:f9:1a:92:00:13:
         f8:be:2d:21:bc:d5:42:58:dd:9b:68:7f:09:32:c0:e5:15:70:
         0e:17:e1:29:a4:a5:d3:33:02:f5:cb:bd:08:7d:a2:b4:1f:30:
         34:1d:71:3b:ae:3e:80:7a:c7:8b:cd:f4:d2:0c:55:54:e5:08:
         46:0a:59:e0:b6:71:3f:04:6c:76:e2:4c:83:53:00:e9:37:bd:
         4f:5c:26:3f:a8:d6:0e:aa:a3:cc:2a:20:27:23:fb:22:90:89:
         f6:e3:dc:53:f4:a3:6d:bc:73:ca:34:3c:5a:48:5d:3e:3c:2c:
         99:2b:d3:96:cb:63:4d:a8:70:75:48:5a:3c:d9:0a:4c:a8:91:
         b6:74:f1:0f:c6:e2:db:e7:59:52:f5:02:1b:61:63:44:e2:5f:
         85:7a:ab:0d:b1:9d:11:4c:5c:15:91:b1:07:e7:16:2a:8c:fa:
         8c:52:e6:9b:9e:0c:0d:87:28:1b:a5:fa:1e:2a:02:6e:6c:95:
         bf:42:f7:f2:4d:25:af:ac:d4:55:d5:bc:ac:c7:fa:f1:f4:92:
         43:af:17:35:81:30:cc:57:8d:cc:71:0b:ae:87:ed:70:52:9b:
         3b:28:f6:b8:46:af:2d:52:52:2d:35:58:2a:73:6f:81:6c:4f:
         48:c9:8c:19
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUKoKfH8fOqNjOJZw6k6WfQXiN5KIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MjlaFw0yNDEwMTUxNjEzMjlaMDMxMTAvBgNV
BAMTKDZDNTA3QUM2Mzc3NzBCQjAyQkE1RjlGOUY2OUM1NkYyNEQ4RUZCQTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDav3tDTWgt85UsaX7s1U4YnZ/e
4qFT0dxXLBWSyWiLNILX1V9Q60YnVXC+2TiX8nhDbzvrlLzFA1BT2KpBwISooT3J
pPPAQOGAiUDejVAxRlT3nl/CPA2GaAsUO1znH9RI9jQZtGUHjUKldNgM6qH6HLAF
HFukAbGdRt9HJSk90gGLhB/WCisiDgw8lkLwcXup5lMKOwwYuME7A7t7HR2Srhos
jUUmA7VdhR/885jWDCVwZbT50b6/A5fsgfFPVdA3l7VT086GXF5FfP95MfoKao0o
WJYpntZh3fzyAD7G3STaO8SjvsqDqrDNjWqyHnDJqjUZylcSnrTWzIyMXOyHAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUbFB6xjd3C7Arpfn59pxW8k2O+6gwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMHsG
CCsGAQUFBwELBG8wbTBrBggrBgEFBQcwC4ZfcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4MzAzMDMxM2EzYTJmMzQzODJk
MzQzODIwM2QzZTIwMzUzNzM0MzAzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoS3UeAATANBgkqhkiG
9w0BAQsFAAOCAQEAcrNkljSmBiaPcz7oYfkakgAT+L4tIbzVQljdm2h/CTLA5RVw
DhfhKaSl0zMC9cu9CH2itB8wNB1xO64+gHrHi8300gxVVOUIRgpZ4LZxPwRsduJM
g1MA6Te9T1wmP6jWDqqjzCogJyP7IpCJ9uPcU/SjbbxzyjQ8WkhdPjwsmSvTlstj
TahwdUhaPNkKTKiRtnTxD8bi2+dZUvUCG2FjROJfhXqrDbGdEUxcFZGxB+cWKoz6
jFLmm54MDYcoG6X6HioCbmyVv0L38k0lr6zUVdW8rMf68fSSQ68XNYEwzFeNzHEL
roftcFKbOyj2uEavLVJSLTVYKnNvgWxPSMmMGQ==
-----END CERTIFICATE-----