Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a386533303a3a2f34342d3438203d3e20323131333538.roa
File:                     326131323a646434373a386533303a3a2f34342d3438203d3e20323131333538.roa (raw, json)
Hash identifier:          L2EXjDh5QoP8nkJgpMfhY3gt3loJml60XjQ56VhgIKs=
Subject key identifier:   E9:60:BD:77:7D:5D:FA:71:11:01:0D:55:C6:81:6F:56:43:EB:41:D2
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       7C27D61F9B90BBC76ABDF60723CECB5785FA8EF9
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a386533303a3a2f34342d3438203d3e20323131333538.roa
Signing time:             Tue 17 Oct 2023 16:13:32 +0000
ROA not before:           Tue 17 Oct 2023 16:08:32 +0000
ROA not after:            Tue 15 Oct 2024 16:13:32 +0000
asID:                     211358
IP address blocks:        2a12:dd47:8e30::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:27:d6:1f:9b:90:bb:c7:6a:bd:f6:07:23:ce:cb:57:85:fa:8e:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:32 2023 GMT
            Not After : Oct 15 16:13:32 2024 GMT
        Subject: CN=E960BD777D5DFA7111010D55C6816F5643EB41D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fa:86:49:59:34:20:fa:3b:3b:f0:a7:af:0c:
                    51:54:27:45:9b:b6:4b:aa:48:84:00:b1:fa:48:c3:
                    00:b6:83:6f:c1:5c:e8:3e:0b:c1:7e:4a:ec:54:d8:
                    44:bd:d1:46:b5:cb:69:10:14:4a:fe:85:bc:fa:70:
                    0a:ad:9e:20:32:fa:6f:31:c0:b9:ab:15:d4:89:e7:
                    5b:cd:cc:86:8e:d8:65:09:d4:21:a2:8d:ef:6f:78:
                    6e:82:c9:ac:4a:eb:99:e8:17:b4:aa:09:e3:9d:c2:
                    45:ad:20:6e:54:96:3f:3f:0f:00:d4:fe:14:56:ac:
                    fa:fa:2f:bd:e0:b0:be:2b:27:36:af:97:63:d4:ae:
                    e0:6e:af:af:28:8c:47:04:d8:52:07:57:0c:25:ce:
                    3b:ee:ad:26:66:1b:ae:7f:ba:fa:9b:63:9d:4d:dc:
                    6f:35:1c:a8:b1:77:d0:c6:02:50:0f:76:1f:a7:0b:
                    e8:58:bf:b9:f6:6b:41:37:63:5b:be:22:56:5a:13:
                    8a:dd:e0:8d:a9:0f:fa:12:8e:57:b5:af:03:a7:af:
                    b8:60:89:6b:77:cc:47:74:b2:cc:ee:1e:2c:2d:d2:
                    85:c8:61:80:54:b9:4d:be:9a:a7:bf:03:ee:11:2e:
                    82:02:65:f8:87:7e:20:6c:df:f1:e0:02:8b:26:5f:
                    fa:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:60:BD:77:7D:5D:FA:71:11:01:0D:55:C6:81:6F:56:43:EB:41:D2
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a386533303a3a2f34342d3438203d3e20323131333538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8e30::/44

    Signature Algorithm: sha256WithRSAEncryption
         ac:9a:10:34:d7:31:8f:8d:b4:50:d0:c1:17:7e:21:d2:1d:51:
         36:10:b8:ce:ca:08:c2:01:61:b0:c0:27:a9:8a:c8:64:70:8f:
         95:06:64:6a:9c:25:6f:63:a3:7f:3d:14:7a:37:12:55:05:14:
         53:66:8e:75:bc:d9:8a:18:bc:14:c8:26:90:11:98:6b:f0:72:
         7f:d8:24:34:f8:5c:a5:79:1e:24:75:a2:58:8e:1c:69:7f:de:
         5a:9c:5d:cd:48:d1:f1:d1:05:ee:0e:1f:24:45:41:e2:37:c2:
         d5:40:3d:d2:c3:52:61:62:8b:7c:48:a6:3d:55:45:ac:25:03:
         15:f2:72:aa:86:e5:da:9a:74:87:17:03:0c:15:43:23:28:2f:
         bb:f7:dc:5d:d3:0a:3d:93:20:47:37:3d:6c:a7:29:12:34:92:
         64:fd:3e:bb:2c:7b:ed:2d:86:0a:47:6c:27:1f:16:2a:e1:44:
         cd:17:56:5e:d1:33:be:c2:0a:3d:2f:92:42:e6:3e:6e:13:32:
         cb:37:44:a3:3c:e3:d0:3b:52:97:71:7a:94:eb:e2:22:0e:98:
         af:bd:b3:76:88:e3:bc:1e:70:66:e2:d1:42:43:26:7b:1f:f0:
         b0:be:48:59:d6:57:3c:85:9f:83:b2:eb:ef:4a:ff:87:82:24:
         bd:dc:64:3b
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUfCfWH5uQu8dqvfYHI87LV4X6jvkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzJaFw0yNDEwMTUxNjEzMzJaMDMxMTAvBgNV
BAMTKEU5NjBCRDc3N0Q1REZBNzExMTAxMEQ1NUM2ODE2RjU2NDNFQjQxRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8+oZJWTQg+js78KevDFFUJ0Wb
tkuqSIQAsfpIwwC2g2/BXOg+C8F+SuxU2ES90Ua1y2kQFEr+hbz6cAqtniAy+m8x
wLmrFdSJ51vNzIaO2GUJ1CGije9veG6CyaxK65noF7SqCeOdwkWtIG5Ulj8/DwDU
/hRWrPr6L73gsL4rJzavl2PUruBur68ojEcE2FIHVwwlzjvurSZmG65/uvqbY51N
3G81HKixd9DGAlAPdh+nC+hYv7n2a0E3Y1u+IlZaE4rd4I2pD/oSjle1rwOnr7hg
iWt3zEd0sszuHiwt0oXIYYBUuU2+mqe/A+4RLoICZfiHfiBs3/HgAosmX/o3AgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQU6WC9d31d+nERAQ1VxoFvVkPrQdIwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4NjUzMzMwM2EzYTJmMzQzNDJk
MzQzODIwM2QzZTIwMzIzMTMxMzMzNTM4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhLdR44wMA0GCSqG
SIb3DQEBCwUAA4IBAQCsmhA01zGPjbRQ0MEXfiHSHVE2ELjOygjCAWGwwCepishk
cI+VBmRqnCVvY6N/PRR6NxJVBRRTZo51vNmKGLwUyCaQEZhr8HJ/2CQ0+FyleR4k
daJYjhxpf95anF3NSNHx0QXuDh8kRUHiN8LVQD3Sw1JhYot8SKY9VUWsJQMV8nKq
huXamnSHFwMMFUMjKC+799xd0wo9kyBHNz1spykSNJJk/T67LHvtLYYKR2wnHxYq
4UTNF1Ze0TO+wgo9L5JC5j5uEzLLN0SjPOPQO1KXcXqU6+IiDpivvbN2iOO8HnBm
4tFCQyZ7H/CwvkhZ1lc8hZ+DsuvvSv+HgiS93GQ7
-----END CERTIFICATE-----