Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a386330303a3a2f33392d3438203d3e203536333238.roa
File:                     326131323a646434373a386330303a3a2f33392d3438203d3e203536333238.roa (raw, json)
Hash identifier:          Ia47iv4LT3x8+mRaHDQs+QJIu5xLX5t4IiGADw7MH08=
Subject key identifier:   92:5B:BC:54:2D:3F:A0:5F:36:28:B8:53:46:B0:1F:96:B5:6C:5D:1D
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       51911AAB7E810827A69509004509AD52A91F1B76
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a386330303a3a2f33392d3438203d3e203536333238.roa
Signing time:             Tue 17 Oct 2023 16:13:34 +0000
ROA not before:           Tue 17 Oct 2023 16:08:34 +0000
ROA not after:            Tue 15 Oct 2024 16:13:34 +0000
asID:                     56328
IP address blocks:        2a12:dd47:8c00::/39 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:91:1a:ab:7e:81:08:27:a6:95:09:00:45:09:ad:52:a9:1f:1b:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:34 2023 GMT
            Not After : Oct 15 16:13:34 2024 GMT
        Subject: CN=925BBC542D3FA05F3628B85346B01F96B56C5D1D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3a:fd:c2:b6:cb:a0:8c:9f:07:f0:c4:f7:ae:
                    6f:21:ae:f1:c7:cb:b1:b7:00:8c:88:59:fc:d8:87:
                    f9:17:2e:dd:a4:6d:80:81:6b:8a:46:ac:24:e9:c8:
                    56:c5:8e:80:8e:97:20:92:87:30:60:52:e0:61:44:
                    3b:4d:7a:26:43:07:d1:05:09:4e:32:ca:ae:1f:bd:
                    67:6e:b0:53:58:42:ae:f6:64:fc:d1:18:33:76:9c:
                    cb:5e:dc:cb:e2:f6:b4:7c:dd:97:c5:e9:2d:7f:0c:
                    03:84:e6:79:12:3e:2c:fc:ab:cc:b3:c2:f2:22:67:
                    19:27:f0:13:68:28:dc:3d:ee:0e:1f:4b:5e:8e:c3:
                    63:a2:54:88:2f:dc:1b:52:25:52:68:df:53:e0:b8:
                    24:29:62:ca:31:fa:90:3b:08:6d:8b:5d:47:30:ef:
                    a7:71:dd:8b:eb:27:06:2b:9c:ef:56:02:81:8a:4c:
                    75:a9:8c:36:3d:f5:ce:8c:16:a8:5f:9f:0e:13:78:
                    77:c3:c0:e8:f9:80:e9:8b:cc:ef:3b:fb:cb:b9:66:
                    30:ae:9b:08:40:63:04:52:f9:9c:13:de:a9:16:f4:
                    91:81:17:b2:36:4a:d3:7e:b1:03:79:a0:89:09:5b:
                    d9:88:93:25:11:4e:3c:36:64:4b:1c:c5:4b:b5:4d:
                    31:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:5B:BC:54:2D:3F:A0:5F:36:28:B8:53:46:B0:1F:96:B5:6C:5D:1D
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a386330303a3a2f33392d3438203d3e203536333238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8c00::/39

    Signature Algorithm: sha256WithRSAEncryption
         a7:b0:41:2c:f1:76:e1:1e:e6:ae:c3:b1:6c:e9:b8:1f:5f:f2:
         f9:c9:7d:fb:7d:d1:23:6a:49:e2:05:e6:94:a3:27:6b:1f:a7:
         9f:6c:51:cd:99:7c:74:0a:85:ca:e2:8a:f8:83:1f:d3:f3:c7:
         3f:f7:ae:d2:14:72:e4:f9:b3:a4:02:23:84:28:f0:4c:26:f9:
         44:89:92:eb:38:fe:2e:fa:8b:fe:ff:5b:5f:e3:98:cc:36:bb:
         54:79:d6:a6:f6:db:07:64:b1:57:de:a7:44:72:3c:1c:a3:ef:
         4f:a0:8d:5c:4f:27:46:ba:1e:97:63:6e:31:62:8b:28:2f:e9:
         8b:4c:e9:6a:c1:6e:e4:1f:99:90:fb:c9:0d:6e:46:74:0b:c5:
         82:fe:4c:ef:ee:a8:a5:ca:68:aa:f3:3a:fc:85:86:52:35:e2:
         9c:e2:78:91:5e:33:94:81:5a:63:6a:37:ab:ce:55:2e:fd:5e:
         b3:1f:6e:d0:b9:62:1c:92:8d:26:a3:12:d6:6c:1b:a7:65:5b:
         87:a0:a9:85:20:20:42:d0:49:ac:4a:74:6f:57:c5:90:6c:a1:
         0c:b6:d5:b9:0f:a6:94:d8:1a:3f:f8:fa:24:93:f6:0f:c0:d5:
         41:69:79:83:18:69:a0:37:1f:a8:de:2e:0d:b6:f7:42:be:c7:
         af:5b:bb:5a
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUUZEaq36BCCemlQkARQmtUqkfG3YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzRaFw0yNDEwMTUxNjEzMzRaMDMxMTAvBgNV
BAMTKDkyNUJCQzU0MkQzRkEwNUYzNjI4Qjg1MzQ2QjAxRjk2QjU2QzVEMUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiOv3CtsugjJ8H8MT3rm8hrvHH
y7G3AIyIWfzYh/kXLt2kbYCBa4pGrCTpyFbFjoCOlyCShzBgUuBhRDtNeiZDB9EF
CU4yyq4fvWdusFNYQq72ZPzRGDN2nMte3Mvi9rR83ZfF6S1/DAOE5nkSPiz8q8yz
wvIiZxkn8BNoKNw97g4fS16Ow2OiVIgv3BtSJVJo31PguCQpYsox+pA7CG2LXUcw
76dx3YvrJwYrnO9WAoGKTHWpjDY99c6MFqhfnw4TeHfDwOj5gOmLzO87+8u5ZjCu
mwhAYwRS+ZwT3qkW9JGBF7I2StN+sQN5oIkJW9mIkyURTjw2ZEscxUu1TTEpAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUklu8VC0/oF82KLhTRrAflrVsXR0wHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMHsG
CCsGAQUFBwELBG8wbTBrBggrBgEFBQcwC4ZfcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4NjMzMDMwM2EzYTJmMzMzOTJk
MzQzODIwM2QzZTIwMzUzNjMzMzIzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGASoS3UeMMA0GCSqGSIb3
DQEBCwUAA4IBAQCnsEEs8XbhHuauw7Fs6bgfX/L5yX37fdEjakniBeaUoydrH6ef
bFHNmXx0CoXK4or4gx/T88c/967SFHLk+bOkAiOEKPBMJvlEiZLrOP4u+ov+/1tf
45jMNrtUedam9tsHZLFX3qdEcjwco+9PoI1cTydGuh6XY24xYosoL+mLTOlqwW7k
H5mQ+8kNbkZ0C8WC/kzv7qilymiq8zr8hYZSNeKc4niRXjOUgVpjajerzlUu/V6z
H27QuWIcko0moxLWbBunZVuHoKmFICBC0EmsSnRvV8WQbKEMttW5D6aU2Bo/+Pok
k/YPwNVBaXmDGGmgNx+o3i4NtvdCvsevW7ta
-----END CERTIFICATE-----