Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a383065323a3a2f34382d3438203d3e20323031323537.roa
File:                     326131323a646434373a383065323a3a2f34382d3438203d3e20323031323537.roa (raw, json)
Hash identifier:          uICUysPICOrGdwZGecnHtehuI0gIZt4UeryQ42qptRQ=
Subject key identifier:   09:C8:72:EE:A6:58:69:FB:A2:31:10:B0:11:89:DA:F3:FC:9F:5C:E1
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       4F4CC2807B344C6655F835B07F292BE61465F89B
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a383065323a3a2f34382d3438203d3e20323031323537.roa
Signing time:             Tue 17 Oct 2023 16:13:27 +0000
ROA not before:           Tue 17 Oct 2023 16:08:27 +0000
ROA not after:            Tue 15 Oct 2024 16:13:27 +0000
asID:                     201257
IP address blocks:        2a12:dd47:80e2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:4c:c2:80:7b:34:4c:66:55:f8:35:b0:7f:29:2b:e6:14:65:f8:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:27 2023 GMT
            Not After : Oct 15 16:13:27 2024 GMT
        Subject: CN=09C872EEA65869FBA23110B01189DAF3FC9F5CE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:74:fa:f1:be:ab:4d:02:18:4f:99:f0:c3:96:
                    d7:6a:95:44:0b:d4:83:a2:05:12:a2:2f:fe:a6:a0:
                    77:db:bf:6f:cc:6b:b0:bc:f0:57:6f:ae:29:04:48:
                    50:3c:eb:24:e6:1a:a3:12:5f:f8:f3:92:f5:1a:ef:
                    89:fb:05:3c:bc:be:54:c7:1a:0c:74:e5:0e:47:b0:
                    fc:6b:17:6c:80:c6:b8:1c:8b:f7:00:ba:df:51:5a:
                    44:20:96:e5:09:bb:08:9e:99:51:a4:97:4e:07:ba:
                    7a:a2:de:75:97:6a:53:18:9a:96:b8:23:f7:bd:78:
                    e4:34:c6:3d:79:e2:f8:5d:e3:81:3c:32:97:48:b7:
                    50:b2:e3:1c:1f:a4:ca:2b:85:14:68:87:b0:d6:59:
                    22:85:1d:7a:bd:4e:ca:fe:64:55:f8:d6:c9:f2:37:
                    9f:83:36:64:03:9a:86:d5:10:3c:23:d5:d3:24:a7:
                    66:85:3c:da:a8:8c:23:d4:32:21:3b:d2:74:b4:e0:
                    2c:50:c2:c8:d7:77:7e:63:5d:fc:cb:57:60:b6:eb:
                    e4:dc:7f:db:b3:01:cc:e0:02:7c:33:8f:5d:4c:12:
                    46:84:83:7e:e8:e1:d6:3e:8c:c7:29:0b:c1:66:ef:
                    ee:b5:2d:86:df:c1:70:5e:6f:75:09:6f:ad:20:5a:
                    6f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C8:72:EE:A6:58:69:FB:A2:31:10:B0:11:89:DA:F3:FC:9F:5C:E1
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a383065323a3a2f34382d3438203d3e20323031323537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:80e2::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:72:42:dc:48:da:4c:a7:f8:e8:5b:cc:df:ef:4c:f8:b8:6a:
         52:66:67:b2:75:b8:9f:c9:5b:42:6a:34:3c:6b:56:ec:b0:fa:
         15:90:c6:13:ea:10:ad:51:64:36:9d:4f:73:0c:f3:9a:d6:da:
         89:82:f3:4e:b4:fd:bb:a8:71:09:15:f6:f7:3f:d8:af:d7:6c:
         0f:cc:03:d2:e7:73:7d:cf:e2:3d:ee:a5:e7:08:06:42:28:7e:
         da:a1:30:8d:94:56:32:3e:64:d8:42:14:1e:b8:6c:4b:c7:55:
         04:f6:e4:ca:f8:b5:d1:f8:b5:b6:99:81:5b:fd:1f:16:7c:fa:
         37:66:ce:77:0a:cb:77:d8:5f:bd:af:a7:bc:a4:57:b2:fc:06:
         3c:c3:6f:bc:ab:42:a5:87:af:2a:b8:1a:d2:20:96:e7:51:cd:
         d1:c3:7c:e0:9f:98:80:95:15:82:f1:9e:d2:41:66:d3:3a:52:
         36:dc:f1:8d:e6:1e:6f:0c:54:3a:d5:fb:01:7d:7d:3f:d0:a8:
         ec:2e:9a:73:44:25:d3:d3:aa:13:a0:22:0b:72:88:0b:4f:9a:
         35:fc:46:17:b4:66:43:03:74:65:96:c7:8d:73:6e:ef:1f:be:
         91:8d:ea:d1:33:69:cc:ea:12:48:f2:18:14:f1:36:0b:18:c9:
         d7:29:d4:81
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUT0zCgHs0TGZV+DWwfykr5hRl+JswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MjdaFw0yNDEwMTUxNjEzMjdaMDMxMTAvBgNV
BAMTKDA5Qzg3MkVFQTY1ODY5RkJBMjMxMTBCMDExODlEQUYzRkM5RjVDRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJdPrxvqtNAhhPmfDDltdqlUQL
1IOiBRKiL/6moHfbv2/Ma7C88FdvrikESFA86yTmGqMSX/jzkvUa74n7BTy8vlTH
Ggx05Q5HsPxrF2yAxrgci/cAut9RWkQgluUJuwiemVGkl04Hunqi3nWXalMYmpa4
I/e9eOQ0xj154vhd44E8MpdIt1Cy4xwfpMorhRRoh7DWWSKFHXq9Tsr+ZFX41sny
N5+DNmQDmobVEDwj1dMkp2aFPNqojCPUMiE70nS04CxQwsjXd35jXfzLV2C26+Tc
f9uzAczgAnwzj11MEkaEg37o4dY+jMcpC8Fm7+61LYbfwXBeb3UJb60gWm83AgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUCchy7qZYafuiMRCwEYna8/yfXOEwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4MzA2NTMyM2EzYTJmMzQzODJk
MzQzODIwM2QzZTIwMzIzMDMxMzIzNTM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhLdR4DiMA0GCSqG
SIb3DQEBCwUAA4IBAQCYckLcSNpMp/joW8zf70z4uGpSZmeydbifyVtCajQ8a1bs
sPoVkMYT6hCtUWQ2nU9zDPOa1tqJgvNOtP27qHEJFfb3P9iv12wPzAPS53N9z+I9
7qXnCAZCKH7aoTCNlFYyPmTYQhQeuGxLx1UE9uTK+LXR+LW2mYFb/R8WfPo3Zs53
Cst32F+9r6e8pFey/AY8w2+8q0Klh68quBrSIJbnUc3Rw3zgn5iAlRWC8Z7SQWbT
OlI23PGN5h5vDFQ61fsBfX0/0KjsLppzRCXT06oToCILcogLT5o1/EYXtGZDA3Rl
lseNc27vH76RjerRM2nM6hJI8hgU8TYLGMnXKdSB
-----END CERTIFICATE-----