Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a383332303a3a2f34342d3438203d3e20323132353938.roa
File:                     326131323a646434373a383332303a3a2f34342d3438203d3e20323132353938.roa (raw, json)
Hash identifier:          6sMtgaHNeQaj1sazPsGAKSYAwTHitJajRiWqqZ//w5I=
Subject key identifier:   EE:35:8F:54:7D:3E:BB:A6:34:0C:05:F1:43:82:D9:C5:5B:8C:77:AD
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       19D79A4CBDAD3EC5235E54E9CCCC0751309F244D
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a383332303a3a2f34342d3438203d3e20323132353938.roa
Signing time:             Tue 17 Oct 2023 16:13:28 +0000
ROA not before:           Tue 17 Oct 2023 16:08:28 +0000
ROA not after:            Tue 15 Oct 2024 16:13:28 +0000
asID:                     212598
IP address blocks:        2a12:dd47:8320::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:d7:9a:4c:bd:ad:3e:c5:23:5e:54:e9:cc:cc:07:51:30:9f:24:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:28 2023 GMT
            Not After : Oct 15 16:13:28 2024 GMT
        Subject: CN=EE358F547D3EBBA6340C05F14382D9C55B8C77AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e6:a4:84:6b:93:5a:df:99:f2:54:28:43:ac:
                    86:1c:ff:37:9c:07:b5:ef:20:0b:b1:09:ae:f2:9a:
                    95:27:08:bd:5d:7a:a0:34:3f:dd:91:68:5e:22:fa:
                    30:7d:3b:82:70:9f:a9:a5:77:21:d9:79:2c:5f:14:
                    4a:e0:7c:82:33:9f:3a:0e:4e:49:20:99:a3:9d:c6:
                    73:3e:32:c4:82:5b:99:8f:2d:3b:2a:69:5c:f3:25:
                    bc:5b:f0:99:06:18:c5:7d:5a:4b:d6:61:fd:ca:c5:
                    52:88:ab:8b:8a:c5:4e:d8:b2:b3:90:e5:40:b8:72:
                    04:0f:8b:af:78:f0:6d:f5:82:10:6b:23:32:4d:ea:
                    44:1d:48:97:e9:de:42:f1:98:ac:d6:f2:70:26:fa:
                    96:1b:89:53:6b:9e:8e:cc:74:ee:56:0c:24:c1:0f:
                    b7:f3:85:3e:e8:28:fe:80:9e:7a:99:a6:d9:92:0e:
                    c9:2d:52:be:9f:d2:72:f0:88:6a:a3:dd:e5:6e:e9:
                    2a:28:bf:50:6d:1f:7f:1f:88:a4:dc:5c:96:ac:c2:
                    47:7a:e7:c1:30:37:ae:4c:e0:7b:4f:bf:a5:a0:e4:
                    de:14:a5:1c:6c:d8:18:3a:1e:c3:f8:e9:f7:70:74:
                    9b:24:b4:cc:75:64:9d:11:c5:44:09:1a:99:8c:cd:
                    53:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:35:8F:54:7D:3E:BB:A6:34:0C:05:F1:43:82:D9:C5:5B:8C:77:AD
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a383332303a3a2f34342d3438203d3e20323132353938.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8320::/44

    Signature Algorithm: sha256WithRSAEncryption
         92:e2:f5:e5:71:fe:0e:d2:50:ce:81:c7:54:8e:49:79:06:ed:
         23:ed:32:02:0c:93:c7:ec:37:87:2b:fe:73:c7:05:16:2e:44:
         0f:8e:3c:07:1d:37:34:09:5b:95:d7:65:61:12:d1:27:ae:5a:
         4c:57:5f:a1:79:98:8f:5e:53:93:a7:f6:ac:27:bc:37:d4:88:
         0d:91:05:3b:29:87:72:7b:f9:5b:a7:86:7f:32:6b:84:09:8f:
         7f:23:48:75:aa:74:63:85:25:78:46:33:e8:eb:7a:fa:f2:84:
         e9:0e:2f:76:41:a9:00:b7:ca:e1:72:53:9f:10:98:67:b7:5b:
         bc:e7:d2:d0:0d:50:37:91:79:62:58:28:ef:c9:6a:62:37:73:
         d9:73:40:b4:a6:d6:30:8c:3f:e7:02:d4:12:a9:ee:7b:9d:7d:
         82:f7:10:13:ef:36:61:a7:e1:79:70:fd:53:93:da:85:d9:29:
         56:8a:a5:92:2c:9a:a1:93:eb:d1:32:97:7b:61:10:7f:c1:78:
         9a:6c:26:e1:eb:ed:9d:5e:db:2f:75:17:bc:31:1e:dd:0f:e8:
         e5:ce:be:62:bf:4e:fb:78:68:1b:b9:e8:ba:71:44:c8:9e:ec:
         18:88:53:cb:fc:b8:ce:b9:ae:5e:df:47:fe:c0:b4:03:62:c4:
         7c:4c:26:a1
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUGdeaTL2tPsUjXlTpzMwHUTCfJE0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MjhaFw0yNDEwMTUxNjEzMjhaMDMxMTAvBgNV
BAMTKEVFMzU4RjU0N0QzRUJCQTYzNDBDMDVGMTQzODJEOUM1NUI4Qzc3QUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb5qSEa5Na35nyVChDrIYc/zec
B7XvIAuxCa7ympUnCL1deqA0P92RaF4i+jB9O4Jwn6mldyHZeSxfFErgfIIznzoO
TkkgmaOdxnM+MsSCW5mPLTsqaVzzJbxb8JkGGMV9WkvWYf3KxVKIq4uKxU7YsrOQ
5UC4cgQPi6948G31ghBrIzJN6kQdSJfp3kLxmKzW8nAm+pYbiVNrno7MdO5WDCTB
D7fzhT7oKP6AnnqZptmSDsktUr6f0nLwiGqj3eVu6Soov1BtH38fiKTcXJaswkd6
58EwN65M4HtPv6Wg5N4UpRxs2Bg6HsP46fdwdJsktMx1ZJ0RxUQJGpmMzVOJAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQU7jWPVH0+u6Y0DAXxQ4LZxVuMd60wHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4MzMzMjMwM2EzYTJmMzQzNDJk
MzQzODIwM2QzZTIwMzIzMTMyMzUzOTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhLdR4MgMA0GCSqG
SIb3DQEBCwUAA4IBAQCS4vXlcf4O0lDOgcdUjkl5Bu0j7TICDJPH7DeHK/5zxwUW
LkQPjjwHHTc0CVuV12VhEtEnrlpMV1+heZiPXlOTp/asJ7w31IgNkQU7KYdye/lb
p4Z/MmuECY9/I0h1qnRjhSV4RjPo63r68oTpDi92QakAt8rhclOfEJhnt1u859LQ
DVA3kXliWCjvyWpiN3PZc0C0ptYwjD/nAtQSqe57nX2C9xAT7zZhp+F5cP1Tk9qF
2SlWiqWSLJqhk+vRMpd7YRB/wXiabCbh6+2dXtsvdRe8MR7dD+jlzr5iv077eGgb
uei6cUTInuwYiFPL/LjOua5e30f+wLQDYsR8TCah
-----END CERTIFICATE-----