Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a383236303a3a2f34342d3438203d3e203537343036.roa
File:                     326131323a646434373a383236303a3a2f34342d3438203d3e203537343036.roa (raw, json)
Hash identifier:          z4v/C9Z3HzWelG7w4eeUE3j7Ww0WFSpUbS4M25GCdx0=
Subject key identifier:   46:BB:A6:C9:21:BB:D8:C8:55:59:40:61:AB:61:B2:7E:30:94:84:45
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       738691FF862519D645904777E5DF2B65C7913348
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a383236303a3a2f34342d3438203d3e203537343036.roa
Signing time:             Tue 17 Oct 2023 16:13:32 +0000
ROA not before:           Tue 17 Oct 2023 16:08:32 +0000
ROA not after:            Tue 15 Oct 2024 16:13:32 +0000
asID:                     57406
IP address blocks:        2a12:dd47:8260::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:86:91:ff:86:25:19:d6:45:90:47:77:e5:df:2b:65:c7:91:33:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:32 2023 GMT
            Not After : Oct 15 16:13:32 2024 GMT
        Subject: CN=46BBA6C921BBD8C855594061AB61B27E30948445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:99:d8:40:aa:3e:2e:ec:37:c3:e4:1d:58:00:
                    de:56:17:4b:f2:ec:e9:7b:ed:63:13:0f:db:ce:84:
                    78:8c:00:8b:3c:47:ed:71:e2:ee:1a:bc:a2:ad:13:
                    7a:01:7a:9a:e9:50:09:55:15:43:f7:c2:bf:76:a3:
                    82:63:59:dc:2e:65:c0:6a:8a:01:eb:24:1c:c4:b1:
                    3c:f0:e0:32:07:60:c5:e9:5d:0c:62:84:b2:f2:4e:
                    da:0f:40:cc:5c:7a:6e:47:8c:a7:d2:f6:82:5c:70:
                    12:96:a1:4d:bd:b5:fe:da:d7:22:68:95:5c:df:3d:
                    08:f9:94:e5:ce:8c:ef:65:1d:07:bb:6f:e0:c3:95:
                    57:7d:86:93:b3:8b:23:3d:37:8d:c8:ec:e4:2c:c8:
                    4f:71:6d:de:dd:62:13:f2:e3:4a:2c:bf:7e:15:93:
                    3e:29:1b:55:64:b6:e9:90:05:e2:b3:52:5f:64:ee:
                    f1:1b:70:0e:e1:fe:14:7c:98:e1:ff:34:e8:89:05:
                    0a:d3:44:df:a8:19:8b:7e:ef:1d:a2:1f:9d:62:ce:
                    af:5b:3c:15:58:9a:83:08:39:14:2b:04:96:95:b3:
                    fd:47:5f:39:bb:f7:dd:f2:ee:a0:ec:18:7d:ca:84:
                    e5:ad:0d:d8:55:6f:ca:71:3f:c7:c2:5a:09:63:eb:
                    12:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:BB:A6:C9:21:BB:D8:C8:55:59:40:61:AB:61:B2:7E:30:94:84:45
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a383236303a3a2f34342d3438203d3e203537343036.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8260::/44

    Signature Algorithm: sha256WithRSAEncryption
         33:ca:2a:64:76:a9:e1:f8:78:86:c3:f0:1b:dc:68:39:e0:11:
         c9:6b:66:94:41:28:b2:dc:0b:4b:f4:2b:f5:f5:09:90:40:45:
         2c:44:8c:9c:59:cc:87:b1:41:43:71:5f:0a:c7:13:48:ff:a6:
         14:ea:91:f9:b8:f8:db:ac:5a:3c:a7:cf:b4:b6:67:4c:40:9f:
         c5:02:3f:9b:12:3c:64:18:c5:11:d4:5c:c5:6d:e0:c0:ed:8c:
         25:08:b7:b2:03:0b:c7:af:6c:ad:ca:d3:3d:bc:65:8f:ef:3c:
         07:7f:ec:7d:1c:f4:18:2e:56:8a:6d:55:c4:dc:37:48:14:4d:
         7e:39:67:63:c9:a5:5c:3f:7c:ff:0c:28:91:ee:04:d7:f7:f0:
         44:89:a3:f9:c9:85:40:f8:08:8c:5d:ee:3d:45:2d:9f:b4:05:
         ad:b3:f1:ab:9f:65:b5:e8:4e:2f:ea:0c:93:e6:7f:c8:c7:e6:
         79:32:80:23:8a:54:8f:63:4a:c7:e3:f8:2b:5e:61:a3:fe:57:
         ee:36:c6:84:2c:94:cd:a9:7d:a8:41:0b:f4:a1:d6:a1:52:b8:
         f0:66:5a:e5:da:37:15:27:35:3f:0f:c7:91:bf:4a:8e:34:cf:
         d0:3b:7c:25:82:84:fa:46:9b:2d:e5:23:75:39:9b:e9:d3:7e:
         84:81:fd:25
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUc4aR/4YlGdZFkEd35d8rZceRM0gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzJaFw0yNDEwMTUxNjEzMzJaMDMxMTAvBgNV
BAMTKDQ2QkJBNkM5MjFCQkQ4Qzg1NTU5NDA2MUFCNjFCMjdFMzA5NDg0NDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDemdhAqj4u7DfD5B1YAN5WF0vy
7Ol77WMTD9vOhHiMAIs8R+1x4u4avKKtE3oBeprpUAlVFUP3wr92o4JjWdwuZcBq
igHrJBzEsTzw4DIHYMXpXQxihLLyTtoPQMxcem5HjKfS9oJccBKWoU29tf7a1yJo
lVzfPQj5lOXOjO9lHQe7b+DDlVd9hpOziyM9N43I7OQsyE9xbd7dYhPy40osv34V
kz4pG1VktumQBeKzUl9k7vEbcA7h/hR8mOH/NOiJBQrTRN+oGYt+7x2iH51izq9b
PBVYmoMIORQrBJaVs/1HXzm7993y7qDsGH3KhOWtDdhVb8pxP8fCWglj6xJjAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQURrumySG72MhVWUBhq2GyfjCUhEUwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMHsG
CCsGAQUFBwELBG8wbTBrBggrBgEFBQcwC4ZfcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4MzIzNjMwM2EzYTJmMzQzNDJk
MzQzODIwM2QzZTIwMzUzNzM0MzAzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoS3UeCYDANBgkqhkiG
9w0BAQsFAAOCAQEAM8oqZHap4fh4hsPwG9xoOeARyWtmlEEostwLS/Qr9fUJkEBF
LESMnFnMh7FBQ3FfCscTSP+mFOqR+bj426xaPKfPtLZnTECfxQI/mxI8ZBjFEdRc
xW3gwO2MJQi3sgMLx69srcrTPbxlj+88B3/sfRz0GC5Wim1VxNw3SBRNfjlnY8ml
XD98/wwoke4E1/fwRImj+cmFQPgIjF3uPUUtn7QFrbPxq59ltehOL+oMk+Z/yMfm
eTKAI4pUj2NKx+P4K15ho/5X7jbGhCyUzal9qEEL9KHWoVK48GZa5do3FSc1Pw/H
kb9KjjTP0Dt8JYKE+kabLeUjdTmb6dN+hIH9JQ==
-----END CERTIFICATE-----