Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a383032623a3a2f34382d3438203d3e20323032383230.roa
File:                     326131323a646434373a383032623a3a2f34382d3438203d3e20323032383230.roa (raw, json)
Hash identifier:          qsDvYl81thpiMibV3ruidLRPZ74qUqkageeTVY6Bj4M=
Subject key identifier:   75:AA:DE:34:30:DB:16:B1:33:5C:72:18:39:53:BB:08:9D:0E:36:E3
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       2542A6CCC4060D96CE3F898BFF2E19603BD36408
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a383032623a3a2f34382d3438203d3e20323032383230.roa
Signing time:             Tue 17 Oct 2023 16:13:33 +0000
ROA not before:           Tue 17 Oct 2023 16:08:33 +0000
ROA not after:            Tue 15 Oct 2024 16:13:33 +0000
asID:                     202820
IP address blocks:        2a12:dd47:802b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:42:a6:cc:c4:06:0d:96:ce:3f:89:8b:ff:2e:19:60:3b:d3:64:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:33 2023 GMT
            Not After : Oct 15 16:13:33 2024 GMT
        Subject: CN=75AADE3430DB16B1335C72183953BB089D0E36E3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e0:44:2c:67:29:02:46:6b:00:e5:31:2b:13:
                    ab:b9:fc:ba:0d:fe:9b:37:d6:c7:ee:e6:dc:d0:3b:
                    33:0a:78:35:d7:9b:cf:d5:78:6a:d4:f2:54:1e:19:
                    10:c4:7a:31:3c:7a:a8:c8:e9:2d:93:69:71:87:6e:
                    49:e7:74:76:26:4d:54:2b:31:49:48:ba:7f:8a:56:
                    c8:b4:d8:99:55:25:13:cf:96:63:7c:85:df:00:38:
                    14:a9:7c:90:12:99:5a:31:3c:f4:1f:1c:23:a7:b0:
                    96:3a:68:1f:2f:0e:60:35:3b:86:26:20:4c:d7:b5:
                    79:1b:00:b6:c0:02:06:88:89:3b:19:8a:a6:12:18:
                    f4:b5:69:a6:31:e9:25:df:d0:12:2c:bf:9a:b3:b2:
                    9c:6c:4e:10:ef:80:b3:b2:42:6b:1c:2f:b3:d8:c7:
                    32:06:51:51:85:3a:01:c2:40:ea:cd:f7:fa:19:b3:
                    e7:cf:20:48:37:39:2c:9c:dd:8b:a9:5d:ba:69:d4:
                    bc:2b:8f:1a:9b:10:16:63:92:66:12:ca:af:7a:f3:
                    8e:a2:90:99:21:00:da:10:74:a2:95:da:ea:f5:ca:
                    1c:f0:f1:2f:32:79:a8:c7:32:b1:25:ab:9a:5e:9c:
                    a4:78:66:97:c0:03:3a:9c:ed:1e:90:fc:c3:9d:ca:
                    1f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:AA:DE:34:30:DB:16:B1:33:5C:72:18:39:53:BB:08:9D:0E:36:E3
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a383032623a3a2f34382d3438203d3e20323032383230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:802b::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:3f:61:29:28:35:33:1d:a8:3a:8a:2d:17:de:7d:66:dd:cb:
         cc:49:de:61:17:9b:94:b2:b2:29:92:f3:96:fb:85:02:3d:8c:
         22:1a:19:c0:3b:a9:cd:35:db:21:32:ca:aa:52:51:85:5f:ae:
         3d:5d:05:16:4c:16:dd:63:ba:6d:17:d5:96:7f:f4:24:d9:61:
         62:e5:ff:0b:1f:47:6b:f0:0b:4f:2a:a3:55:aa:34:38:f5:56:
         f7:f0:f3:62:ec:dc:5a:2f:0c:38:19:6d:20:f3:95:1d:6d:38:
         b9:ae:c9:ad:fc:55:f3:71:44:3a:3a:c1:d2:81:0f:b6:91:c4:
         24:77:5d:55:1f:fd:a2:6f:56:ec:67:cf:d5:e9:29:b9:3a:1f:
         ba:de:bb:36:2f:2b:fa:93:43:87:e9:56:7e:83:ea:85:97:ef:
         0e:3b:7f:e5:e9:68:88:7e:4f:a1:e6:3c:77:e2:17:66:1f:2e:
         b4:34:61:01:d0:93:bc:3d:7e:bb:58:53:ea:55:6b:6b:ac:1a:
         df:f2:71:06:a5:15:a1:8c:6e:8a:2c:05:52:28:23:37:fa:65:
         bb:f8:05:a5:22:63:4e:55:74:34:5c:2c:ad:51:5d:a9:13:36:
         46:7e:b9:f7:66:cf:f4:48:d2:b1:70:23:b2:26:ff:00:30:dc:
         78:dc:4c:fa
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUJUKmzMQGDZbOP4mL/y4ZYDvTZAgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzNaFw0yNDEwMTUxNjEzMzNaMDMxMTAvBgNV
BAMTKDc1QUFERTM0MzBEQjE2QjEzMzVDNzIxODM5NTNCQjA4OUQwRTM2RTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK4EQsZykCRmsA5TErE6u5/LoN
/ps31sfu5tzQOzMKeDXXm8/VeGrU8lQeGRDEejE8eqjI6S2TaXGHbknndHYmTVQr
MUlIun+KVsi02JlVJRPPlmN8hd8AOBSpfJASmVoxPPQfHCOnsJY6aB8vDmA1O4Ym
IEzXtXkbALbAAgaIiTsZiqYSGPS1aaYx6SXf0BIsv5qzspxsThDvgLOyQmscL7PY
xzIGUVGFOgHCQOrN9/oZs+fPIEg3OSyc3YupXbpp1LwrjxqbEBZjkmYSyq96846i
kJkhANoQdKKV2ur1yhzw8S8yeajHMrElq5penKR4ZpfAAzqc7R6Q/MOdyh9RAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUdareNDDbFrEzXHIYOVO7CJ0ONuMwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4MzAzMjYyM2EzYTJmMzQzODJk
MzQzODIwM2QzZTIwMzIzMDMyMzgzMjMwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhLdR4ArMA0GCSqG
SIb3DQEBCwUAA4IBAQBYP2EpKDUzHag6ii0X3n1m3cvMSd5hF5uUsrIpkvOW+4UC
PYwiGhnAO6nNNdshMsqqUlGFX649XQUWTBbdY7ptF9WWf/Qk2WFi5f8LH0dr8AtP
KqNVqjQ49Vb38PNi7NxaLww4GW0g85UdbTi5rsmt/FXzcUQ6OsHSgQ+2kcQkd11V
H/2ib1bsZ8/V6Sm5Oh+63rs2Lyv6k0OH6VZ+g+qFl+8OO3/l6WiIfk+h5jx34hdm
Hy60NGEB0JO8PX67WFPqVWtrrBrf8nEGpRWhjG6KLAVSKCM3+mW7+AWlImNOVXQ0
XCytUV2pEzZGfrn3Zs/0SNKxcCOyJv8AMNx43Ez6
-----END CERTIFICATE-----