Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a386537303a3a2f34342d3438203d3e20323031323137.roa
File:                     326131323a646434373a386537303a3a2f34342d3438203d3e20323031323137.roa (raw, json)
Hash identifier:          HFooETd3yaReRqGN/nka/HJXTNsAjZqLGr2LB++oALs=
Subject key identifier:   2A:C0:B5:56:33:4D:BA:D6:AE:E3:9A:FB:E9:3B:6B:F3:C5:00:33:3D
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       04B32B4C2AFD243DC34157FE9EC2B5E48F90B1F4
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a386537303a3a2f34342d3438203d3e20323031323137.roa
Signing time:             Tue 17 Oct 2023 16:13:37 +0000
ROA not before:           Tue 17 Oct 2023 16:08:37 +0000
ROA not after:            Tue 15 Oct 2024 16:13:37 +0000
asID:                     201217
IP address blocks:        2a12:dd47:8e70::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:b3:2b:4c:2a:fd:24:3d:c3:41:57:fe:9e:c2:b5:e4:8f:90:b1:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:37 2023 GMT
            Not After : Oct 15 16:13:37 2024 GMT
        Subject: CN=2AC0B556334DBAD6AEE39AFBE93B6BF3C500333D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:65:cd:57:0e:c7:99:68:85:b9:d7:70:68:15:
                    b3:e0:f0:21:35:2c:2c:d2:5f:3f:69:1b:d0:60:ce:
                    07:b9:15:da:cc:ab:e0:56:2b:10:36:1d:a8:b9:6a:
                    7f:76:ba:9d:db:43:f8:01:8d:d1:e9:61:72:ff:33:
                    0d:c7:a0:50:d4:b2:89:f2:23:24:6f:fe:fa:14:7d:
                    84:d0:d9:37:8c:cb:5b:b4:8e:ab:e4:82:c1:ab:31:
                    83:47:27:cb:e8:6d:d7:ef:37:e7:3d:14:1e:3b:ab:
                    48:38:db:a5:1c:6b:79:c3:73:68:12:55:d7:b5:52:
                    ce:fe:44:9a:96:b1:51:44:bf:fb:23:c8:a0:d3:ec:
                    41:4a:28:16:a1:b6:8a:e1:67:43:0a:85:14:70:00:
                    9e:f3:01:ff:7a:79:a0:51:be:fe:e4:d8:6e:62:cb:
                    6d:d1:82:a9:10:33:10:96:0c:7a:23:87:a9:e1:26:
                    0a:a9:8b:de:79:a9:21:8c:4e:2b:ba:df:3c:b2:a8:
                    c9:08:96:99:f3:57:f4:cc:5c:ac:2d:8e:d2:44:e7:
                    9a:14:b2:de:ea:98:e3:4a:fe:30:1a:a4:93:8c:85:
                    31:6b:e0:f3:3e:70:b7:17:5a:ca:53:d3:88:ee:7a:
                    eb:d7:30:ad:f1:c1:56:69:e4:40:de:3f:b8:31:5c:
                    36:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:C0:B5:56:33:4D:BA:D6:AE:E3:9A:FB:E9:3B:6B:F3:C5:00:33:3D
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a386537303a3a2f34342d3438203d3e20323031323137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8e70::/44

    Signature Algorithm: sha256WithRSAEncryption
         36:bd:63:f4:8b:7e:16:0c:85:55:c2:12:e3:00:6b:7b:55:e4:
         2f:a5:99:7f:7a:b4:48:03:10:f4:29:80:60:92:d9:42:31:43:
         e3:f6:7e:98:26:87:ba:fd:51:cd:a1:c9:7c:a7:22:0d:d7:68:
         5e:c7:14:e3:2d:93:73:fa:38:47:c8:1c:43:a9:9f:7d:cd:12:
         28:7e:a2:b8:f9:7f:d7:3e:36:81:32:6c:cd:35:20:9d:b5:f5:
         79:df:54:20:86:98:85:cb:e2:80:68:f7:6a:70:53:e6:98:05:
         04:64:2c:23:28:ad:e5:83:d1:81:09:55:a9:5e:73:9a:af:16:
         de:56:f1:8c:40:9e:cc:8d:2f:d7:58:01:c8:34:58:f6:c4:05:
         36:a6:dd:c0:67:c7:95:bc:2b:69:95:96:9c:70:2d:f1:35:bb:
         15:cd:00:b5:51:9c:dc:4d:16:f2:74:0c:29:f1:c9:4e:e9:92:
         61:3c:35:b2:d3:b7:d7:05:ca:68:78:07:ee:30:f5:9a:de:03:
         50:93:5b:77:c4:bc:36:e9:7f:85:d5:78:9e:25:3d:a5:fd:a1:
         a7:0d:bf:5d:37:c6:96:c5:e6:3b:77:66:d9:d8:8a:62:c6:8d:
         a8:e1:78:4b:8b:8f:e1:aa:1c:90:7c:21:b7:1a:fb:98:cb:72:
         9a:91:1f:75
-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIUBLMrTCr9JD3DQVf+nsK15I+QsfQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzdaFw0yNDEwMTUxNjEzMzdaMDMxMTAvBgNV
BAMTKDJBQzBCNTU2MzM0REJBRDZBRUUzOUFGQkU5M0I2QkYzQzUwMDMzM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMZc1XDseZaIW513BoFbPg8CE1
LCzSXz9pG9Bgzge5FdrMq+BWKxA2Hai5an92up3bQ/gBjdHpYXL/Mw3HoFDUsony
IyRv/voUfYTQ2TeMy1u0jqvkgsGrMYNHJ8vobdfvN+c9FB47q0g426Uca3nDc2gS
Vde1Us7+RJqWsVFEv/sjyKDT7EFKKBahtorhZ0MKhRRwAJ7zAf96eaBRvv7k2G5i
y23RgqkQMxCWDHojh6nhJgqpi955qSGMTiu63zyyqMkIlpnzV/TMXKwtjtJE55oU
st7qmONK/jAapJOMhTFr4PM+cLcXWspT04jueuvXMK3xwVZp5EDeP7gxXDZXAgMB
AAGjggHUMIIB0DAdBgNVHQ4EFgQUKsC1VjNNutau45r76Ttr88UAMz0wHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4NjUzNzMwM2EzYTJmMzQzNDJk
MzQzODIwM2QzZTIwMzIzMDMxMzIzMTM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhLdR45wMA0GCSqG
SIb3DQEBCwUAA4IBAQA2vWP0i34WDIVVwhLjAGt7VeQvpZl/erRIAxD0KYBgktlC
MUPj9n6YJoe6/VHNocl8pyIN12hexxTjLZNz+jhHyBxDqZ99zRIofqK4+X/XPjaB
MmzNNSCdtfV531QghpiFy+KAaPdqcFPmmAUEZCwjKK3lg9GBCVWpXnOarxbeVvGM
QJ7MjS/XWAHINFj2xAU2pt3AZ8eVvCtplZaccC3xNbsVzQC1UZzcTRbydAwp8clO
6ZJhPDWy07fXBcpoeAfuMPWa3gNQk1t3xLw26X+F1XieJT2l/aGnDb9dN8aWxeY7
d2bZ2Ipixo2o4XhLi4/hqhyQfCG3GvuYy3KakR91
-----END CERTIFICATE-----