Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a383062303a3a2f34342d3438203d3e20323132343833.roa
File:                     326131323a646434373a383062303a3a2f34342d3438203d3e20323132343833.roa (raw, json)
Hash identifier:          V11twzXejDgap57GB13laq2QvCwfCg3RX3bPKenOoPs=
Subject key identifier:   6A:9D:88:63:7E:48:08:57:A2:AC:71:61:9A:F3:3C:2F:F1:CD:B3:EA
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       2533C1BFFF04EC6E036B691671DEAAC8E66342E9
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a383062303a3a2f34342d3438203d3e20323132343833.roa
Signing time:             Tue 17 Oct 2023 16:13:27 +0000
ROA not before:           Tue 17 Oct 2023 16:08:27 +0000
ROA not after:            Tue 15 Oct 2024 16:13:27 +0000
asID:                     212483
IP address blocks:        2a12:dd47:80b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:33:c1:bf:ff:04:ec:6e:03:6b:69:16:71:de:aa:c8:e6:63:42:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:27 2023 GMT
            Not After : Oct 15 16:13:27 2024 GMT
        Subject: CN=6A9D88637E480857A2AC71619AF33C2FF1CDB3EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:20:3d:46:12:68:c5:67:db:eb:52:8c:7c:ab:
                    a6:0f:1e:9f:68:bf:c6:04:b6:ea:d2:60:1f:46:a5:
                    04:15:83:09:9d:e4:8f:81:74:8f:5d:24:38:40:4a:
                    8e:30:7f:e0:6c:4e:4a:fa:86:24:9b:c5:ef:e8:bb:
                    01:07:02:1e:fe:4f:81:fd:91:3a:1f:6f:d0:e3:9e:
                    75:b8:13:98:8a:5c:bc:83:a8:90:57:f2:26:39:e1:
                    e0:23:c6:4a:a1:e8:2b:dc:a6:4b:5d:03:b5:1b:3a:
                    89:14:bb:b8:0e:b3:da:e0:61:a1:c5:06:7c:c1:7a:
                    1b:6c:ff:63:31:83:28:b5:0b:1b:34:3b:23:92:af:
                    cf:d7:71:52:db:39:50:82:e3:3b:97:d2:e7:42:a0:
                    c2:84:91:13:7f:b0:b5:8d:3e:6a:59:44:03:6b:96:
                    09:00:7d:ec:ac:ca:05:47:2a:6e:72:0f:75:20:2e:
                    c3:e4:2c:53:55:8e:c0:cf:6f:ed:ff:f2:f7:54:d4:
                    ff:4f:41:b0:f4:3f:b0:65:01:84:d0:c6:f1:31:10:
                    9b:f2:9a:70:17:32:dd:75:35:02:fe:49:50:9e:65:
                    a5:a6:7a:1c:10:66:7b:59:47:27:2a:05:b0:68:2e:
                    03:e9:98:52:b1:9e:52:78:17:d1:b2:f8:d6:9c:cf:
                    a2:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:9D:88:63:7E:48:08:57:A2:AC:71:61:9A:F3:3C:2F:F1:CD:B3:EA
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a383062303a3a2f34342d3438203d3e20323132343833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:80b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9f:02:09:b8:aa:b1:99:d8:6c:d3:b3:21:a2:69:e4:3e:5c:bf:
         a6:6e:6f:fc:af:61:10:9d:8f:05:07:c3:6c:b7:a7:0d:27:e6:
         d1:db:8f:63:11:7a:c2:0c:73:64:dd:a5:e3:dc:8f:6f:94:c9:
         7a:93:7d:6b:8c:3c:05:7d:3e:3c:b9:58:ce:fd:46:73:42:54:
         78:7e:26:f8:23:b8:ed:e9:f8:6a:f7:85:22:90:a4:b3:13:3a:
         b7:73:1f:80:70:ff:a5:39:7e:60:54:f5:cf:18:b5:1f:01:27:
         a5:56:8f:22:2c:4f:4d:81:f2:14:25:ea:cb:37:79:28:cb:c9:
         28:b7:cf:0c:4d:4f:4e:22:1f:f7:c9:f6:2d:e3:98:88:a7:ec:
         48:1e:50:de:ca:94:a9:9d:8b:ff:bb:72:02:2b:95:8a:79:0c:
         4e:24:24:fb:89:21:3e:32:d8:ca:2c:00:cf:14:ea:21:0f:3a:
         bf:4b:c6:86:b3:66:c8:47:e8:93:e2:c7:12:13:c2:62:89:7e:
         b7:de:ce:2d:d0:8c:ec:91:be:36:91:24:d6:c2:62:df:88:b6:
         f2:0f:72:b4:a3:f2:50:42:9c:3d:be:33:23:b3:31:25:a6:bf:
         ec:40:61:43:92:83:98:d1:fa:bd:63:f5:3e:99:a0:db:f6:f9:
         3c:76:53:0d
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUJTPBv/8E7G4Da2kWcd6qyOZjQukwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MjdaFw0yNDEwMTUxNjEzMjdaMDMxMTAvBgNV
BAMTKDZBOUQ4ODYzN0U0ODA4NTdBMkFDNzE2MTlBRjMzQzJGRjFDREIzRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsID1GEmjFZ9vrUox8q6YPHp9o
v8YEturSYB9GpQQVgwmd5I+BdI9dJDhASo4wf+BsTkr6hiSbxe/ouwEHAh7+T4H9
kTofb9DjnnW4E5iKXLyDqJBX8iY54eAjxkqh6CvcpktdA7UbOokUu7gOs9rgYaHF
BnzBehts/2Mxgyi1Cxs0OyOSr8/XcVLbOVCC4zuX0udCoMKEkRN/sLWNPmpZRANr
lgkAfeysygVHKm5yD3UgLsPkLFNVjsDPb+3/8vdU1P9PQbD0P7BlAYTQxvExEJvy
mnAXMt11NQL+SVCeZaWmehwQZntZRycqBbBoLgPpmFKxnlJ4F9Gy+Nacz6KJAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUap2IY35ICFeirHFhmvM8L/HNs+owHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4MzA2MjMwM2EzYTJmMzQzNDJk
MzQzODIwM2QzZTIwMzIzMTMyMzQzODMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhLdR4CwMA0GCSqG
SIb3DQEBCwUAA4IBAQCfAgm4qrGZ2GzTsyGiaeQ+XL+mbm/8r2EQnY8FB8Nst6cN
J+bR249jEXrCDHNk3aXj3I9vlMl6k31rjDwFfT48uVjO/UZzQlR4fib4I7jt6fhq
94UikKSzEzq3cx+AcP+lOX5gVPXPGLUfASelVo8iLE9NgfIUJerLN3koy8kot88M
TU9OIh/3yfYt45iIp+xIHlDeypSpnYv/u3ICK5WKeQxOJCT7iSE+MtjKLADPFOoh
Dzq/S8aGs2bIR+iT4scSE8JiiX633s4t0Izskb42kSTWwmLfiLbyD3K0o/JQQpw9
vjMjszElpr/sQGFDkoOY0fq9Y/U+maDb9vk8dlMN
-----END CERTIFICATE-----