Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a383065373a3a2f34382d3438203d3e20313939363736.roa
File:                     326131323a646434373a383065373a3a2f34382d3438203d3e20313939363736.roa (raw, json)
Hash identifier:          BtJKaGKMvpbZGCPnYf3/esi0kOR0MF2WKN0Em7co2js=
Subject key identifier:   63:D5:90:D1:6B:EE:9B:D0:D0:61:51:9C:E5:E8:0F:33:A8:E3:B8:5A
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       58245D5918DF6C0213746E19BCA75D952EB387CA
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a383065373a3a2f34382d3438203d3e20313939363736.roa
Signing time:             Tue 17 Oct 2023 16:13:30 +0000
ROA not before:           Tue 17 Oct 2023 16:08:30 +0000
ROA not after:            Tue 15 Oct 2024 16:13:30 +0000
asID:                     199676
IP address blocks:        2a12:dd47:80e7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:24:5d:59:18:df:6c:02:13:74:6e:19:bc:a7:5d:95:2e:b3:87:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:30 2023 GMT
            Not After : Oct 15 16:13:30 2024 GMT
        Subject: CN=63D590D16BEE9BD0D061519CE5E80F33A8E3B85A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:47:84:b9:58:d0:f6:c7:94:d2:2a:ef:83:68:
                    f4:50:ba:80:ea:20:99:50:90:79:cd:54:c1:8d:72:
                    19:a6:e6:e1:6a:30:2a:91:8f:91:25:6f:00:0d:15:
                    b1:b8:1c:98:7f:6b:c3:ed:bc:14:a4:f0:8d:ca:6c:
                    45:c8:3c:64:65:6d:fc:33:d4:21:ba:65:ed:b3:5a:
                    85:83:22:8f:a9:df:a9:76:b6:77:ea:14:4b:41:a6:
                    a8:49:de:65:96:62:ec:8b:77:92:e3:df:9c:ba:d4:
                    5c:8f:52:b8:b9:29:6f:27:84:dd:3f:99:22:e8:63:
                    4d:8c:38:fb:ec:4c:ee:da:11:b2:d8:3f:23:72:4d:
                    74:a0:b0:f2:d1:96:25:fd:9a:f2:05:fa:e2:c6:8b:
                    e9:c6:b0:8b:83:59:be:89:fd:0e:6f:e2:9a:5e:eb:
                    8e:c1:58:e3:5b:08:79:3f:6d:9a:d4:1a:25:09:45:
                    4e:dc:d7:d6:e3:8d:1b:cd:68:69:9a:a9:4f:74:4b:
                    a9:f1:ca:2a:a6:0d:74:db:4e:cf:97:01:97:a0:12:
                    ba:5c:db:17:95:6a:5c:43:d9:55:bd:74:2a:4b:88:
                    1c:13:c0:4c:66:40:88:01:fb:e0:f3:3a:d5:a8:27:
                    b3:f6:8b:35:d6:c5:50:4b:9f:d1:f7:5a:f0:39:45:
                    53:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D5:90:D1:6B:EE:9B:D0:D0:61:51:9C:E5:E8:0F:33:A8:E3:B8:5A
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a383065373a3a2f34382d3438203d3e20313939363736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:80e7::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:35:f7:12:0e:93:42:f8:15:97:6b:3b:8e:68:f2:81:df:a5:
         66:28:de:b3:77:97:1c:38:c8:06:90:74:de:24:87:d7:88:fb:
         a6:22:66:b1:35:65:21:22:a5:85:68:6e:f7:db:38:dd:5d:20:
         5d:0e:a6:b1:13:81:28:19:2c:cc:0b:f4:61:18:94:4d:d5:72:
         ec:da:70:0c:ea:82:32:ab:5e:84:8f:94:6e:ca:dd:b0:f7:f1:
         29:03:4b:68:4e:1b:fe:b0:e6:08:2f:97:91:35:a5:61:56:86:
         18:cd:0f:61:28:c3:65:24:bb:e2:a7:14:0f:c1:05:e9:ad:f6:
         4c:90:0f:ac:9e:4a:42:60:b4:3b:cf:9d:4a:f7:ad:67:39:3d:
         a5:ae:28:67:18:30:ad:75:95:18:1d:c6:59:df:70:15:16:c3:
         81:3e:ff:92:0c:aa:86:da:84:97:37:0b:ae:42:db:80:27:19:
         1f:34:fc:25:10:76:24:2b:2b:2e:24:15:20:9d:52:7b:e2:b3:
         b1:d5:42:d0:fb:cf:2c:c7:31:af:84:b4:e5:ec:e4:7e:c3:a7:
         7c:a6:3b:41:83:af:9d:37:de:ca:59:12:fd:b3:37:fa:9b:61:
         cf:69:43:4d:b6:4d:5a:92:c0:a3:7b:a8:59:e2:6b:78:13:fe:
         7a:fa:41:37
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUWCRdWRjfbAITdG4ZvKddlS6zh8owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzBaFw0yNDEwMTUxNjEzMzBaMDMxMTAvBgNV
BAMTKDYzRDU5MEQxNkJFRTlCRDBEMDYxNTE5Q0U1RTgwRjMzQThFM0I4NUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdR4S5WND2x5TSKu+DaPRQuoDq
IJlQkHnNVMGNchmm5uFqMCqRj5ElbwANFbG4HJh/a8PtvBSk8I3KbEXIPGRlbfwz
1CG6Ze2zWoWDIo+p36l2tnfqFEtBpqhJ3mWWYuyLd5Lj35y61FyPUri5KW8nhN0/
mSLoY02MOPvsTO7aEbLYPyNyTXSgsPLRliX9mvIF+uLGi+nGsIuDWb6J/Q5v4ppe
647BWONbCHk/bZrUGiUJRU7c19bjjRvNaGmaqU90S6nxyiqmDXTbTs+XAZegErpc
2xeValxD2VW9dCpLiBwTwExmQIgB++DzOtWoJ7P2izXWxVBLn9H3WvA5RVPBAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUY9WQ0Wvum9DQYVGc5egPM6jjuFowHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4MzA2NTM3M2EzYTJmMzQzODJk
MzQzODIwM2QzZTIwMzEzOTM5MzYzNzM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhLdR4DnMA0GCSqG
SIb3DQEBCwUAA4IBAQBmNfcSDpNC+BWXazuOaPKB36VmKN6zd5ccOMgGkHTeJIfX
iPumImaxNWUhIqWFaG732zjdXSBdDqaxE4EoGSzMC/RhGJRN1XLs2nAM6oIyq16E
j5Ruyt2w9/EpA0toThv+sOYIL5eRNaVhVoYYzQ9hKMNlJLvipxQPwQXprfZMkA+s
nkpCYLQ7z51K961nOT2lrihnGDCtdZUYHcZZ33AVFsOBPv+SDKqG2oSXNwuuQtuA
JxkfNPwlEHYkKysuJBUgnVJ74rOx1ULQ+88sxzGvhLTl7OR+w6d8pjtBg6+dN97K
WRL9szf6m2HPaUNNtk1aksCje6hZ4mt4E/56+kE3
-----END CERTIFICATE-----