Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a383333333a3a2f34382d3438203d3e20313939363832.roa
File:                     326131323a646434373a383333333a3a2f34382d3438203d3e20313939363832.roa (raw, json)
Hash identifier:          ttVGWhmW0OLhqMeTBUy0u9Znk9jlyzDjuOrwk4nObeY=
Subject key identifier:   7C:97:51:85:B3:E1:15:76:F1:8A:88:E3:F4:D6:5A:62:D0:F6:62:01
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       2CEEC064A57BFEAD977340AAA16C68064E93BB91
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a383333333a3a2f34382d3438203d3e20313939363832.roa
Signing time:             Tue 17 Oct 2023 16:13:25 +0000
ROA not before:           Tue 17 Oct 2023 16:08:25 +0000
ROA not after:            Tue 15 Oct 2024 16:13:25 +0000
asID:                     199682
IP address blocks:        2a12:dd47:8333::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:ee:c0:64:a5:7b:fe:ad:97:73:40:aa:a1:6c:68:06:4e:93:bb:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:25 2023 GMT
            Not After : Oct 15 16:13:25 2024 GMT
        Subject: CN=7C975185B3E11576F18A88E3F4D65A62D0F66201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:e8:ad:9a:98:a1:ee:8e:30:57:17:71:03:dc:
                    57:c7:09:86:32:fd:69:7b:00:32:80:e6:11:b4:5f:
                    51:99:ca:74:25:b6:c9:f2:29:75:2b:c4:39:db:65:
                    bc:52:80:fe:43:56:93:6c:5f:ca:9e:89:f3:08:bf:
                    60:a9:c2:8a:f3:87:9e:36:94:a3:cb:8d:a7:33:b1:
                    34:35:05:47:a9:b8:73:9d:66:48:a0:7a:bf:41:ea:
                    5c:69:6e:79:4e:7a:26:52:9a:9e:fe:a9:49:d9:05:
                    58:3c:ed:40:bc:1b:ab:dd:9b:45:68:d5:78:b7:75:
                    2d:71:31:c9:8c:7f:f8:d6:01:b4:fa:f4:0b:91:60:
                    8f:13:d4:bc:63:0c:d6:1f:5a:81:77:0f:73:3b:09:
                    e2:39:eb:55:ef:df:bf:76:40:33:85:db:18:61:88:
                    fc:d9:91:1f:1a:13:83:d5:a9:f1:c4:13:6e:d4:93:
                    95:05:d9:30:e8:c7:5b:a6:b8:5a:b3:f7:f8:81:60:
                    6e:7b:77:0c:8d:62:a8:1d:9f:a1:d1:85:2f:f2:82:
                    ee:50:ed:45:d5:c6:f3:56:c8:22:f8:ad:eb:75:1e:
                    2e:11:e0:e4:2a:a4:86:07:f9:01:9c:aa:71:e9:76:
                    5a:68:b6:1b:1a:a2:c2:32:55:79:ec:d5:43:82:03:
                    41:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:97:51:85:B3:E1:15:76:F1:8A:88:E3:F4:D6:5A:62:D0:F6:62:01
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a383333333a3a2f34382d3438203d3e20313939363832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8333::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:d9:2d:51:c5:38:59:df:43:3f:3e:7d:03:98:5b:8e:f2:23:
         80:f2:25:16:db:54:d3:69:96:db:79:fa:08:9f:c2:db:b3:11:
         9e:9a:e4:40:65:17:81:ca:78:b2:a7:22:7c:9e:2d:4d:4d:54:
         e5:b6:5a:59:3a:a7:ae:87:ed:88:aa:70:73:6a:b6:55:8d:34:
         e3:77:4f:ff:6c:fe:f1:02:13:9b:04:fa:42:01:3d:88:86:2e:
         a4:a2:7e:c3:a2:be:46:11:7a:93:89:35:5f:2a:31:ae:e5:d0:
         2c:b4:42:df:1f:e8:3a:59:4f:b3:c7:64:da:13:5e:39:bf:f9:
         6d:22:c8:2a:6d:15:57:e9:cb:8a:82:2a:8c:a5:7f:b6:f0:25:
         05:52:85:24:8c:21:14:c3:55:6a:ce:2e:2f:48:82:bf:11:89:
         f5:a1:b7:dc:91:dc:67:b3:78:75:4f:6b:4b:f7:0b:5c:eb:ee:
         af:77:86:17:9d:a6:41:36:bf:49:04:06:03:fb:3b:02:89:83:
         db:13:02:51:3d:68:8c:42:d5:e4:23:17:58:8e:59:5a:d7:df:
         99:01:c1:a7:11:c8:03:9e:0d:91:1a:0a:e3:36:f1:2a:a7:73:
         41:d4:b1:e0:80:e3:ea:d1:c9:81:70:a6:71:b4:32:ac:2f:97:
         29:ce:61:2e
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIULO7AZKV7/q2Xc0CqoWxoBk6Tu5EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MjVaFw0yNDEwMTUxNjEzMjVaMDMxMTAvBgNV
BAMTKDdDOTc1MTg1QjNFMTE1NzZGMThBODhFM0Y0RDY1QTYyRDBGNjYyMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDu6K2amKHujjBXF3ED3FfHCYYy
/Wl7ADKA5hG0X1GZynQltsnyKXUrxDnbZbxSgP5DVpNsX8qeifMIv2Cpworzh542
lKPLjaczsTQ1BUepuHOdZkiger9B6lxpbnlOeiZSmp7+qUnZBVg87UC8G6vdm0Vo
1Xi3dS1xMcmMf/jWAbT69AuRYI8T1LxjDNYfWoF3D3M7CeI561Xv3792QDOF2xhh
iPzZkR8aE4PVqfHEE27Uk5UF2TDox1umuFqz9/iBYG57dwyNYqgdn6HRhS/ygu5Q
7UXVxvNWyCL4ret1Hi4R4OQqpIYH+QGcqnHpdlpothsaosIyVXns1UOCA0HVAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUfJdRhbPhFXbxiojj9NZaYtD2YgEwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4MzMzMzMzM2EzYTJmMzQzODJk
MzQzODIwM2QzZTIwMzEzOTM5MzYzODMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhLdR4MzMA0GCSqG
SIb3DQEBCwUAA4IBAQCy2S1RxThZ30M/Pn0DmFuO8iOA8iUW21TTaZbbefoIn8Lb
sxGemuRAZReByniypyJ8ni1NTVTltlpZOqeuh+2IqnBzarZVjTTjd0//bP7xAhOb
BPpCAT2Ihi6kon7Dor5GEXqTiTVfKjGu5dAstELfH+g6WU+zx2TaE145v/ltIsgq
bRVX6cuKgiqMpX+28CUFUoUkjCEUw1Vqzi4vSIK/EYn1obfckdxns3h1T2tL9wtc
6+6vd4YXnaZBNr9JBAYD+zsCiYPbEwJRPWiMQtXkIxdYjlla19+ZAcGnEcgDng2R
GgrjNvEqp3NB1LHggOPq0cmBcKZxtDKsL5cpzmEu
-----END CERTIFICATE-----