Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a383132303a3a2f34342d3438203d3e20323033313435.roa
File:                     326131323a646434373a383132303a3a2f34342d3438203d3e20323033313435.roa (raw, json)
Hash identifier:          kvuwdSRFIrW8g73ipTpG/SVKp9VlQuBxXMXQ45/6hho=
Subject key identifier:   F7:B7:E2:15:23:41:64:AC:34:77:B4:13:64:6B:32:AC:AD:88:DB:55
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       68F4C1DD4161473621DD35AB39D2A3413A8C1246
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a383132303a3a2f34342d3438203d3e20323033313435.roa
Signing time:             Tue 17 Oct 2023 16:13:30 +0000
ROA not before:           Tue 17 Oct 2023 16:08:30 +0000
ROA not after:            Tue 15 Oct 2024 16:13:30 +0000
asID:                     203145
IP address blocks:        2a12:dd47:8120::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:f4:c1:dd:41:61:47:36:21:dd:35:ab:39:d2:a3:41:3a:8c:12:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:30 2023 GMT
            Not After : Oct 15 16:13:30 2024 GMT
        Subject: CN=F7B7E215234164AC3477B413646B32ACAD88DB55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:2f:f9:91:f8:c4:ed:a8:2b:43:d9:31:64:a4:
                    b9:0a:31:dd:54:0a:3b:70:08:db:3b:17:90:fd:6a:
                    50:25:31:99:04:df:b5:82:86:3b:e5:8a:5e:64:39:
                    79:30:1f:ae:98:25:b6:fe:4e:9a:47:a6:b9:b7:36:
                    19:9c:e8:f6:06:7b:fb:1d:8d:4e:48:44:84:e2:f3:
                    e1:4c:2f:e4:19:cd:f3:30:07:00:81:2d:8e:36:20:
                    ef:65:6c:4f:09:dd:af:e1:b8:6b:ff:e6:27:25:1d:
                    c8:01:f3:43:32:f3:c5:19:cc:dd:ae:6b:e6:7a:a7:
                    f1:04:51:48:b2:91:ef:8a:b3:43:b4:3e:67:ae:e5:
                    72:39:9e:ab:f5:d0:7b:d5:d3:48:48:12:21:b7:28:
                    59:2b:14:75:91:33:48:41:47:97:34:fd:ec:e5:3c:
                    54:3b:72:2e:fb:09:e9:d2:08:ca:80:8d:c3:32:f0:
                    f5:ea:c8:43:2e:e9:53:95:a6:c2:69:de:c0:51:cb:
                    c8:bf:5b:09:a8:b6:26:99:f7:0a:11:15:47:9d:71:
                    4c:8d:99:ae:b1:23:3e:98:d0:e7:f9:e7:51:b7:59:
                    a5:61:33:ca:7a:5b:8a:bb:51:e8:ca:6c:0f:b1:55:
                    e8:64:39:b5:2b:3c:87:8b:b9:53:b4:4f:3b:fc:a2:
                    2e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B7:E2:15:23:41:64:AC:34:77:B4:13:64:6B:32:AC:AD:88:DB:55
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a383132303a3a2f34342d3438203d3e20323033313435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8120::/44

    Signature Algorithm: sha256WithRSAEncryption
         28:d7:53:46:b9:37:00:d5:28:e3:66:0d:de:e9:c5:fa:8e:12:
         5f:a8:8a:42:eb:2d:e0:ec:23:b9:f3:ca:c6:4a:85:3e:82:19:
         17:a6:f4:c5:06:88:0b:a0:35:21:ad:76:0f:92:31:68:f2:cf:
         b4:17:85:4b:70:64:1f:34:d0:53:6f:3e:27:67:05:c4:ac:29:
         4c:45:84:99:6c:50:ba:6a:74:0d:9e:05:ef:fc:43:ac:f2:fb:
         70:49:c3:60:a8:01:ee:1b:1c:1f:b8:55:75:13:0e:7f:dd:bb:
         7b:59:47:58:8e:8f:b5:d8:89:15:fa:d7:9a:67:80:55:61:d4:
         97:8f:47:9d:a7:f1:38:29:36:25:65:53:c0:1a:5b:7a:43:a8:
         f9:52:ac:f4:d0:35:27:85:28:5a:ff:6d:2f:c3:46:6b:94:9d:
         d8:5a:a1:8a:b0:04:7f:08:e6:15:5c:5b:de:37:28:d7:72:c7:
         84:68:a2:3c:34:14:ad:11:93:33:6c:f6:cc:78:47:bc:cc:73:
         a6:18:68:7a:0d:d3:ea:57:5a:00:f1:4f:96:63:d5:17:77:0b:
         f1:22:53:aa:9a:e1:4b:02:03:77:09:67:f4:f4:91:ac:2f:10:
         f1:a2:17:03:8f:76:1f:87:19:b5:a6:29:12:7b:f1:af:f9:1f:
         e4:90:b3:fb
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUaPTB3UFhRzYh3TWrOdKjQTqMEkYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzBaFw0yNDEwMTUxNjEzMzBaMDMxMTAvBgNV
BAMTKEY3QjdFMjE1MjM0MTY0QUMzNDc3QjQxMzY0NkIzMkFDQUQ4OERCNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXL/mR+MTtqCtD2TFkpLkKMd1U
CjtwCNs7F5D9alAlMZkE37WChjvlil5kOXkwH66YJbb+TppHprm3Nhmc6PYGe/sd
jU5IRITi8+FML+QZzfMwBwCBLY42IO9lbE8J3a/huGv/5iclHcgB80My88UZzN2u
a+Z6p/EEUUiyke+Ks0O0Pmeu5XI5nqv10HvV00hIEiG3KFkrFHWRM0hBR5c0/ezl
PFQ7ci77CenSCMqAjcMy8PXqyEMu6VOVpsJp3sBRy8i/WwmotiaZ9woRFUedcUyN
ma6xIz6Y0Of551G3WaVhM8p6W4q7UejKbA+xVehkObUrPIeLuVO0Tzv8oi7pAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQU97fiFSNBZKw0d7QTZGsyrK2I21UwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4MzEzMjMwM2EzYTJmMzQzNDJk
MzQzODIwM2QzZTIwMzIzMDMzMzEzNDM1LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhLdR4EgMA0GCSqG
SIb3DQEBCwUAA4IBAQAo11NGuTcA1SjjZg3e6cX6jhJfqIpC6y3g7CO588rGSoU+
ghkXpvTFBogLoDUhrXYPkjFo8s+0F4VLcGQfNNBTbz4nZwXErClMRYSZbFC6anQN
ngXv/EOs8vtwScNgqAHuGxwfuFV1Ew5/3bt7WUdYjo+12IkV+teaZ4BVYdSXj0ed
p/E4KTYlZVPAGlt6Q6j5Uqz00DUnhSha/20vw0ZrlJ3YWqGKsAR/COYVXFveNyjX
cseEaKI8NBStEZMzbPbMeEe8zHOmGGh6DdPqV1oA8U+WY9UXdwvxIlOqmuFLAgN3
CWf09JGsLxDxohcDj3Yfhxm1pikSe/Gv+R/kkLP7
-----END CERTIFICATE-----