Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a646430303a3a2f34302d3438203d3e20313939393632.roa
File:                     326131323a646434373a646430303a3a2f34302d3438203d3e20313939393632.roa (raw, json)
Hash identifier:          7eDy2dYiuUxVvwPdk5E0WSCTb6p0tFqRy+r9q67+KUw=
Subject key identifier:   C9:78:AD:8D:A5:D3:D9:A9:17:44:1A:95:AD:15:2F:C5:1F:9A:0A:1F
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       4E76534740822B3EE63AC92A370476E5791B2693
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a646430303a3a2f34302d3438203d3e20313939393632.roa
Signing time:             Tue 17 Oct 2023 16:13:34 +0000
ROA not before:           Tue 17 Oct 2023 16:08:34 +0000
ROA not after:            Tue 15 Oct 2024 16:13:34 +0000
asID:                     199962
IP address blocks:        2a12:dd47:dd00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:76:53:47:40:82:2b:3e:e6:3a:c9:2a:37:04:76:e5:79:1b:26:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:34 2023 GMT
            Not After : Oct 15 16:13:34 2024 GMT
        Subject: CN=C978AD8DA5D3D9A917441A95AD152FC51F9A0A1F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a6:58:cf:2f:77:eb:48:d5:d8:21:73:54:cc:
                    56:2d:17:78:61:ed:f8:f6:5c:a0:84:ab:20:71:af:
                    09:d6:0a:60:61:c4:bd:e8:e5:fd:7a:6e:26:53:b7:
                    83:59:3e:f8:65:d0:cd:b7:55:e4:48:38:13:70:d8:
                    91:f0:c6:cb:d8:2c:22:bb:af:c9:fc:34:5f:78:1e:
                    2b:df:79:c4:03:19:f7:db:44:9d:fa:e3:c0:e2:4f:
                    29:3c:b6:b5:d4:bd:d4:a1:f7:df:19:e8:c4:86:88:
                    f8:60:cd:15:71:da:bc:d3:e5:ba:1b:0a:36:28:b1:
                    06:e1:8f:66:7f:dc:2e:9b:a4:f3:e0:eb:d4:37:78:
                    7e:38:53:c3:22:52:ad:44:cf:c1:ae:d2:26:ad:0e:
                    21:88:d9:8e:c7:b4:5e:1b:d0:b3:ff:f9:e2:cb:ce:
                    a9:55:52:ed:af:8f:cf:cc:5d:30:c0:43:36:0d:f9:
                    4f:4e:74:81:37:3d:22:3b:58:ba:ce:06:f3:25:09:
                    ae:e5:2b:43:67:a2:a1:cc:04:36:c8:0b:6a:5a:32:
                    a0:ef:fb:13:b8:44:bb:a5:e5:e1:18:06:94:ec:e0:
                    a5:b4:29:1b:02:25:63:f1:59:a3:e5:cc:7e:f1:e0:
                    bd:28:5b:a0:f5:85:47:7f:f1:08:6d:e6:d0:b9:c0:
                    f6:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:78:AD:8D:A5:D3:D9:A9:17:44:1A:95:AD:15:2F:C5:1F:9A:0A:1F
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a646430303a3a2f34302d3438203d3e20313939393632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:dd00::/40

    Signature Algorithm: sha256WithRSAEncryption
         40:83:b5:a6:e3:54:b0:a1:9a:7a:04:df:2c:bf:7f:a7:14:9d:
         26:76:86:9d:b2:2f:18:63:4b:a4:dd:ec:36:6a:a4:58:a5:43:
         5f:ef:a8:47:32:7a:c9:7e:23:45:3d:8b:6d:76:ae:d4:15:70:
         69:b1:36:76:9b:6d:c6:e5:be:c0:bd:f9:6b:f2:1f:db:0e:fa:
         64:bf:19:2c:48:eb:65:39:e3:3a:ab:2b:44:9e:19:7a:19:7b:
         0a:44:9b:5c:4b:6c:35:96:a1:af:27:32:a2:1d:21:aa:23:26:
         14:91:7a:ad:64:c0:6a:6a:06:d2:8e:1b:8b:b2:e4:c4:e9:3c:
         ff:21:f9:30:1b:5e:04:24:79:06:7b:57:ee:10:14:9b:70:38:
         11:df:86:59:c7:da:fd:1b:92:45:0b:7c:32:8d:c5:7d:ed:7a:
         4b:20:82:75:e3:6f:b5:cd:da:20:13:65:5f:02:07:9f:6b:37:
         1e:23:31:84:dc:a0:5c:f9:2d:11:1c:e0:c4:32:5c:4e:de:04:
         03:94:3b:c5:35:92:e1:e9:da:4a:78:5f:ca:e0:c6:96:6f:79:
         25:c7:db:80:9d:0c:52:6d:b3:c1:4d:03:9c:a3:12:dd:8b:b3:
         b4:94:13:05:3d:12:e5:22:78:86:97:ed:c1:84:9f:14:43:5e:
         66:bc:92:65
-----BEGIN CERTIFICATE-----
MIIEyTCCA7GgAwIBAgIUTnZTR0CCKz7mOskqNwR25XkbJpMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzRaFw0yNDEwMTUxNjEzMzRaMDMxMTAvBgNV
BAMTKEM5NzhBRDhEQTVEM0Q5QTkxNzQ0MUE5NUFEMTUyRkM1MUY5QTBBMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKpljPL3frSNXYIXNUzFYtF3hh
7fj2XKCEqyBxrwnWCmBhxL3o5f16biZTt4NZPvhl0M23VeRIOBNw2JHwxsvYLCK7
r8n8NF94HivfecQDGffbRJ3648DiTyk8trXUvdSh998Z6MSGiPhgzRVx2rzT5bob
CjYosQbhj2Z/3C6bpPPg69Q3eH44U8MiUq1Ez8Gu0iatDiGI2Y7HtF4b0LP/+eLL
zqlVUu2vj8/MXTDAQzYN+U9OdIE3PSI7WLrOBvMlCa7lK0NnoqHMBDbIC2paMqDv
+xO4RLul5eEYBpTs4KW0KRsCJWPxWaPlzH7x4L0oW6D1hUd/8Qht5tC5wPY1AgMB
AAGjggHTMIIBzzAdBgNVHQ4EFgQUyXitjaXT2akXRBqVrRUvxR+aCh8wHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTY0NjQzMDMwM2EzYTJmMzQzMDJk
MzQzODIwM2QzZTIwMzEzOTM5MzkzNjMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhLdR90wDQYJKoZI
hvcNAQELBQADggEBAECDtabjVLChmnoE3yy/f6cUnSZ2hp2yLxhjS6Td7DZqpFil
Q1/vqEcyesl+I0U9i212rtQVcGmxNnabbcblvsC9+WvyH9sO+mS/GSxI62U54zqr
K0SeGXoZewpEm1xLbDWWoa8nMqIdIaojJhSReq1kwGpqBtKOG4uy5MTpPP8h+TAb
XgQkeQZ7V+4QFJtwOBHfhlnH2v0bkkULfDKNxX3teksggnXjb7XN2iATZV8CB59r
Nx4jMYTcoFz5LREc4MQyXE7eBAOUO8U1kuHp2kp4X8rgxpZveSXH24CdDFJts8FN
A5yjEt2Ls7SUEwU9EuUieIaX7cGEnxRDXma8kmU=
-----END CERTIFICATE-----