Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a646230303a3a2f34302d3438203d3e203530353830.roa
File:                     326131323a646434373a646230303a3a2f34302d3438203d3e203530353830.roa (raw, json)
Hash identifier:          7JsDV5V8SvmRwwh4q9q5l+6u/5z89At6PLHODPttMf8=
Subject key identifier:   46:2B:D1:91:CF:D9:60:CF:5D:E5:F8:99:FD:01:21:9F:1E:40:F9:EA
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       62C15FE524348B3C48AD1788027CA8F89E80FB1B
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a646230303a3a2f34302d3438203d3e203530353830.roa
Signing time:             Tue 17 Oct 2023 16:13:36 +0000
ROA not before:           Tue 17 Oct 2023 16:08:36 +0000
ROA not after:            Tue 15 Oct 2024 16:13:36 +0000
asID:                     50580
IP address blocks:        2a12:dd47:db00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:c1:5f:e5:24:34:8b:3c:48:ad:17:88:02:7c:a8:f8:9e:80:fb:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:36 2023 GMT
            Not After : Oct 15 16:13:36 2024 GMT
        Subject: CN=462BD191CFD960CF5DE5F899FD01219F1E40F9EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2f:91:81:bf:10:b9:ba:61:86:fe:4f:9b:33:
                    1f:79:52:48:60:7d:00:4e:92:6f:6e:c1:df:3f:61:
                    8b:93:f4:8e:39:41:6a:94:21:a1:46:db:1b:e6:09:
                    c0:76:4a:90:e7:d9:bd:4e:6b:03:78:83:65:c5:c3:
                    18:9f:7e:ac:5f:6c:3a:be:ec:14:09:3e:c7:81:e9:
                    f2:de:39:f8:ba:e4:4c:1d:09:81:90:d9:bd:ed:fe:
                    df:6e:a0:28:43:99:13:5e:f3:9b:d0:65:d7:22:09:
                    9c:f3:4d:64:00:31:52:9f:6c:0d:e3:88:36:0f:b9:
                    50:31:cf:67:54:93:e8:15:c0:b0:d8:87:e7:a0:c2:
                    a6:72:a7:1e:39:70:67:8e:cb:94:42:66:eb:a7:65:
                    ad:64:2c:6b:69:dd:70:32:d4:ff:99:1d:3c:bc:70:
                    cb:dc:1f:2b:a9:12:17:c8:f1:9d:c8:1e:91:cd:bf:
                    39:f7:42:9e:a2:db:c5:2e:1d:87:8e:6a:09:b1:09:
                    c3:13:a5:b9:71:a7:ab:d1:36:e9:f6:98:82:a1:63:
                    c9:d8:a2:34:45:a9:d8:f9:de:d9:52:44:36:ae:f1:
                    32:1d:7f:6d:d0:a9:8b:57:75:4a:e9:2d:0c:72:6b:
                    76:76:c8:d2:9e:7b:c6:ba:9d:7a:58:07:79:68:9e:
                    4d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:2B:D1:91:CF:D9:60:CF:5D:E5:F8:99:FD:01:21:9F:1E:40:F9:EA
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a646230303a3a2f34302d3438203d3e203530353830.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:db00::/40

    Signature Algorithm: sha256WithRSAEncryption
         03:16:4e:56:1c:4a:79:e7:27:f9:84:b4:9f:08:fb:c1:5f:9a:
         34:12:ee:b5:f6:e9:10:6d:57:99:b1:97:de:3e:5e:5e:18:fe:
         47:7a:48:cf:14:1a:2b:83:7c:2b:28:d4:87:76:b8:10:ee:d1:
         c4:a0:71:eb:7e:f6:8d:e6:19:72:a8:fd:10:dd:30:79:18:02:
         8c:11:07:84:19:6b:1f:b6:ea:21:fa:a8:de:e4:3f:15:fd:d5:
         7a:b5:dc:6d:e3:c5:ae:28:3c:af:5f:bc:33:24:c4:38:85:69:
         1c:ff:f7:d8:ea:da:d5:00:65:3d:b1:77:55:fb:c9:aa:18:dc:
         73:97:57:1f:df:a2:5f:43:a5:3c:0b:7d:7d:2f:71:46:28:70:
         75:35:56:bb:7f:18:e9:80:79:63:96:ac:b8:ae:2f:c8:10:a4:
         93:92:92:42:16:ab:14:15:c2:35:59:6c:9b:cb:21:9d:48:3c:
         ba:3b:45:2f:6b:9e:e1:ab:cf:d6:25:08:5d:09:8e:a1:c9:60:
         c5:df:06:1e:ea:02:bf:c7:9b:f1:70:a2:4d:a8:5f:38:22:c3:
         c4:7f:f6:d4:e1:ae:30:89:24:f8:51:0e:54:d8:4b:fb:fb:76:
         c2:22:81:cd:93:2e:09:e2:3f:49:ed:bb:10:53:8c:c8:4a:5e:
         35:4e:00:a8
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUYsFf5SQ0izxIrReIAnyo+J6A+xswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzZaFw0yNDEwMTUxNjEzMzZaMDMxMTAvBgNV
BAMTKDQ2MkJEMTkxQ0ZEOTYwQ0Y1REU1Rjg5OUZEMDEyMTlGMUU0MEY5RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2L5GBvxC5umGG/k+bMx95Ukhg
fQBOkm9uwd8/YYuT9I45QWqUIaFG2xvmCcB2SpDn2b1OawN4g2XFwxiffqxfbDq+
7BQJPseB6fLeOfi65EwdCYGQ2b3t/t9uoChDmRNe85vQZdciCZzzTWQAMVKfbA3j
iDYPuVAxz2dUk+gVwLDYh+egwqZypx45cGeOy5RCZuunZa1kLGtp3XAy1P+ZHTy8
cMvcHyupEhfI8Z3IHpHNvzn3Qp6i28UuHYeOagmxCcMTpblxp6vRNun2mIKhY8nY
ojRFqdj53tlSRDau8TIdf23QqYtXdUrpLQxya3Z2yNKee8a6nXpYB3lonk2XAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQURivRkc/ZYM9d5fiZ/QEhnx5A+eowHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMHsG
CCsGAQUFBwELBG8wbTBrBggrBgEFBQcwC4ZfcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTY0NjIzMDMwM2EzYTJmMzQzMDJk
MzQzODIwM2QzZTIwMzUzMDM1MzgzMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoS3UfbMA0GCSqGSIb3
DQEBCwUAA4IBAQADFk5WHEp55yf5hLSfCPvBX5o0Eu619ukQbVeZsZfePl5eGP5H
ekjPFBorg3wrKNSHdrgQ7tHEoHHrfvaN5hlyqP0Q3TB5GAKMEQeEGWsftuoh+qje
5D8V/dV6tdxt48WuKDyvX7wzJMQ4hWkc//fY6trVAGU9sXdV+8mqGNxzl1cf36Jf
Q6U8C319L3FGKHB1NVa7fxjpgHljlqy4ri/IEKSTkpJCFqsUFcI1WWybyyGdSDy6
O0Uva57hq8/WJQhdCY6hyWDF3wYe6gK/x5vxcKJNqF84IsPEf/bU4a4wiST4UQ5U
2Ev7+3bCIoHNky4J4j9J7bsQU4zISl41TgCo
-----END CERTIFICATE-----