Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a383136313a3a2f34382d3438203d3e20323032343132.roa
File:                     326131323a646434373a383136313a3a2f34382d3438203d3e20323032343132.roa (raw, json)
Hash identifier:          KOdwm6vmP62Dt/X9rA07npbcDo5+Sp6/nsxfWMEXtmY=
Subject key identifier:   50:D0:9F:9A:59:B1:28:AE:65:23:8B:14:83:4F:08:5C:3D:A2:FC:AF
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       681DB0B4BF76F0990F60024E177A2976F473D164
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a383136313a3a2f34382d3438203d3e20323032343132.roa
Signing time:             Tue 17 Oct 2023 16:13:34 +0000
ROA not before:           Tue 17 Oct 2023 16:08:34 +0000
ROA not after:            Tue 15 Oct 2024 16:13:34 +0000
asID:                     202412
IP address blocks:        2a12:dd47:8161::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:1d:b0:b4:bf:76:f0:99:0f:60:02:4e:17:7a:29:76:f4:73:d1:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:34 2023 GMT
            Not After : Oct 15 16:13:34 2024 GMT
        Subject: CN=50D09F9A59B128AE65238B14834F085C3DA2FCAF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:78:9f:87:46:bc:33:0f:5a:ad:3a:52:ec:32:
                    1c:51:11:c0:d0:39:f9:f0:06:ad:07:df:0f:d6:b0:
                    10:11:63:91:ec:53:4f:db:2d:69:30:bc:78:2c:65:
                    39:40:ae:b6:32:73:58:5a:7e:1f:b8:6b:6b:be:83:
                    33:0d:80:d9:47:60:c8:d8:5b:03:f1:f9:48:05:f6:
                    e7:75:0a:8d:81:ea:19:2e:30:29:a5:4e:ff:d9:c5:
                    22:e0:49:1b:be:9d:54:5c:c3:ed:fb:71:83:08:2d:
                    26:da:34:93:9e:66:b5:fc:bf:2f:8a:a1:a3:ab:30:
                    38:50:91:a5:c9:0f:f3:a7:5a:43:7b:85:a8:63:c8:
                    89:e6:97:da:1d:56:1d:2c:66:94:71:20:54:4a:39:
                    08:ce:de:06:e2:37:a9:ca:f0:73:c7:04:55:75:f8:
                    66:49:4b:92:ad:14:52:c7:0e:d8:8c:3f:f9:a4:3a:
                    65:a4:25:9a:c2:db:82:c6:87:3e:76:40:90:61:d8:
                    78:6a:52:22:e6:19:e3:11:0f:e7:3f:51:da:1a:85:
                    77:10:44:29:85:58:41:a4:6b:13:43:1b:dd:b5:c9:
                    5e:04:80:72:a4:ca:b2:3a:8f:84:a6:a9:22:69:48:
                    49:c1:ff:c2:57:f9:f6:44:ef:a3:24:b6:f1:9d:5c:
                    71:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:D0:9F:9A:59:B1:28:AE:65:23:8B:14:83:4F:08:5C:3D:A2:FC:AF
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a383136313a3a2f34382d3438203d3e20323032343132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8161::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:8b:dd:1a:dd:ec:1d:ec:7a:2d:90:2c:89:b1:1b:c3:cd:f1:
         13:e1:22:4d:4d:93:f0:4c:da:b6:21:23:89:51:3c:99:ae:af:
         89:cf:b3:e0:fc:b9:0a:fe:db:da:6d:95:69:5b:80:1e:d2:71:
         fa:6d:44:9c:30:85:c0:97:34:dd:e0:40:6d:35:43:35:55:51:
         83:33:34:df:74:5f:64:18:f6:fb:3e:c6:80:91:3c:ba:e0:ed:
         56:83:f9:fc:2c:c3:c0:25:11:ec:f2:20:a3:01:c9:fa:06:ae:
         41:15:5d:8e:8d:34:62:12:a2:2e:e0:ac:0a:d4:8e:62:e9:86:
         2a:1f:2e:3d:9f:7f:b0:b6:20:cf:cd:ed:24:8d:fa:5f:ba:7c:
         40:97:5d:54:4c:b5:c9:99:47:05:a3:33:07:3b:e0:70:41:bd:
         c3:fc:89:c0:86:c1:8d:42:6f:4d:ab:e6:7d:ed:22:de:43:a4:
         2e:01:25:3b:0d:2d:a4:59:0a:2d:19:7d:ea:f9:e6:ae:3e:1c:
         26:74:02:91:13:32:0c:1a:1e:b1:8a:4d:c7:e4:36:82:c8:fd:
         95:ca:55:73:71:23:39:37:68:20:40:bc:2c:b2:56:4e:7b:28:
         90:a0:51:a7:c0:34:9e:f9:ec:6e:01:eb:84:04:b1:30:4c:21:
         8e:cf:06:97
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUaB2wtL928JkPYAJOF3opdvRz0WQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzRaFw0yNDEwMTUxNjEzMzRaMDMxMTAvBgNV
BAMTKDUwRDA5RjlBNTlCMTI4QUU2NTIzOEIxNDgzNEYwODVDM0RBMkZDQUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCweJ+HRrwzD1qtOlLsMhxREcDQ
OfnwBq0H3w/WsBARY5HsU0/bLWkwvHgsZTlArrYyc1hafh+4a2u+gzMNgNlHYMjY
WwPx+UgF9ud1Co2B6hkuMCmlTv/ZxSLgSRu+nVRcw+37cYMILSbaNJOeZrX8vy+K
oaOrMDhQkaXJD/OnWkN7hahjyInml9odVh0sZpRxIFRKOQjO3gbiN6nK8HPHBFV1
+GZJS5KtFFLHDtiMP/mkOmWkJZrC24LGhz52QJBh2HhqUiLmGeMRD+c/UdoahXcQ
RCmFWEGkaxNDG921yV4EgHKkyrI6j4SmqSJpSEnB/8JX+fZE76MktvGdXHGJAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUUNCfmlmxKK5lI4sUg08IXD2i/K8wHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4MzEzNjMxM2EzYTJmMzQzODJk
MzQzODIwM2QzZTIwMzIzMDMyMzQzMTMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhLdR4FhMA0GCSqG
SIb3DQEBCwUAA4IBAQAzi90a3ewd7HotkCyJsRvDzfET4SJNTZPwTNq2ISOJUTyZ
rq+Jz7Pg/LkK/tvabZVpW4Ae0nH6bUScMIXAlzTd4EBtNUM1VVGDMzTfdF9kGPb7
PsaAkTy64O1Wg/n8LMPAJRHs8iCjAcn6Bq5BFV2OjTRiEqIu4KwK1I5i6YYqHy49
n3+wtiDPze0kjfpfunxAl11UTLXJmUcFozMHO+BwQb3D/InAhsGNQm9Nq+Z97SLe
Q6QuASU7DS2kWQotGX3q+eauPhwmdAKREzIMGh6xik3H5DaCyP2VylVzcSM5N2gg
QLwsslZOeyiQoFGnwDSe+exuAeuEBLEwTCGOzwaX
-----END CERTIFICATE-----