Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a663930303a3a2f34302d3438203d3e20323030383237.roa
File:                     326131323a646434373a663930303a3a2f34302d3438203d3e20323030383237.roa (raw, json)
Hash identifier:          99WfNLLvtZT/uW2dML7Qtm7XCTj+7t/4k6Z1Fm+DSxk=
Subject key identifier:   F6:72:D4:23:CD:44:B7:5B:FF:AD:AC:81:75:39:DB:15:3F:63:CD:7F
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       30F7AF1ECA2B11DCF2DA10964F07A23541600D59
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a663930303a3a2f34302d3438203d3e20323030383237.roa
Signing time:             Tue 17 Oct 2023 16:13:28 +0000
ROA not before:           Tue 17 Oct 2023 16:08:28 +0000
ROA not after:            Tue 15 Oct 2024 16:13:28 +0000
asID:                     200827
IP address blocks:        2a12:dd47:f900::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:f7:af:1e:ca:2b:11:dc:f2:da:10:96:4f:07:a2:35:41:60:0d:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:28 2023 GMT
            Not After : Oct 15 16:13:28 2024 GMT
        Subject: CN=F672D423CD44B75BFFADAC817539DB153F63CD7F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ac:c9:61:b8:7b:5d:a7:87:2c:7e:20:5d:0f:
                    6a:3f:fe:0b:34:ec:79:dd:00:14:84:a3:99:cc:86:
                    43:8a:fd:c8:94:a0:13:68:e6:fd:e0:3d:94:c6:c6:
                    b3:73:24:86:98:d8:f7:3f:23:d8:72:fb:49:be:3b:
                    07:1d:4b:03:73:ab:30:9b:0e:4b:1a:00:40:53:a1:
                    5c:cc:e6:4b:db:16:a9:3a:17:df:86:03:0b:d2:97:
                    29:04:46:8e:d4:17:ae:59:1b:23:5c:8b:b2:c1:c2:
                    fd:93:e9:e8:cf:1f:e3:78:8c:8b:7b:65:fd:38:c9:
                    fe:09:de:15:3f:cb:c8:34:18:a9:12:09:52:2a:5b:
                    e3:68:c2:5d:64:b2:ec:8d:a6:b0:46:af:9d:8e:c5:
                    36:18:e6:fc:31:e1:f6:8a:f7:9f:87:c4:74:18:4d:
                    23:5e:5c:09:3f:8a:b0:53:2a:71:99:25:f8:4b:1f:
                    0c:e2:90:5f:c4:ca:2b:88:68:37:fd:e7:a6:b7:ae:
                    dc:75:3e:e2:b8:bd:e0:68:f2:34:be:17:48:d9:ee:
                    8e:59:4d:a5:b3:56:9e:66:14:2d:ed:c5:4d:04:07:
                    fe:6e:41:86:8e:65:01:9c:27:3c:4e:87:4c:4b:29:
                    47:3c:ba:54:8a:00:b6:3d:24:bd:ee:3f:bd:2c:9e:
                    22:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:72:D4:23:CD:44:B7:5B:FF:AD:AC:81:75:39:DB:15:3F:63:CD:7F
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a663930303a3a2f34302d3438203d3e20323030383237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:f900::/40

    Signature Algorithm: sha256WithRSAEncryption
         c8:23:de:3b:a8:2e:02:05:30:8e:bd:43:88:62:7c:b5:cc:1c:
         68:4a:51:08:bd:e4:08:14:c7:b5:55:b5:9e:e9:82:ee:0e:cc:
         b3:ed:24:86:70:75:ea:15:c5:41:b6:67:0b:22:11:45:77:55:
         de:f2:09:b3:aa:68:37:a6:df:92:e7:f1:14:73:f9:44:e9:e3:
         45:22:9a:c1:b7:8e:25:c3:ce:c8:e7:1d:80:5e:a1:88:2c:f2:
         9b:be:37:3b:b2:f8:58:e2:29:cd:31:cf:17:8d:5a:c0:22:78:
         29:f2:8c:71:81:67:97:e5:96:33:1b:3f:6a:cb:ea:43:62:27:
         35:78:a4:1e:c7:df:ce:05:70:7b:cf:13:d7:f9:c3:4e:7b:0d:
         66:8d:82:60:f6:6d:d9:e8:44:b2:2c:c5:01:7a:e6:89:a1:c0:
         ac:06:36:56:9e:54:0d:ab:04:91:86:78:ab:47:63:19:84:3d:
         45:10:c7:1f:62:89:d0:04:67:31:39:f7:ae:02:84:46:83:f8:
         87:cb:d2:77:c0:70:8e:2e:b1:af:8a:0c:d3:f6:b6:97:0c:7a:
         31:88:8c:48:0a:f6:24:36:13:6c:4e:d3:88:99:61:b9:d8:14:
         02:62:20:2b:cd:ed:1e:32:68:7f:13:54:98:d6:22:0d:0d:0c:
         38:eb:9e:a5
-----BEGIN CERTIFICATE-----
MIIEyTCCA7GgAwIBAgIUMPevHsorEdzy2hCWTweiNUFgDVkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MjhaFw0yNDEwMTUxNjEzMjhaMDMxMTAvBgNV
BAMTKEY2NzJENDIzQ0Q0NEI3NUJGRkFEQUM4MTc1MzlEQjE1M0Y2M0NEN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7rMlhuHtdp4csfiBdD2o//gs0
7HndABSEo5nMhkOK/ciUoBNo5v3gPZTGxrNzJIaY2Pc/I9hy+0m+OwcdSwNzqzCb
DksaAEBToVzM5kvbFqk6F9+GAwvSlykERo7UF65ZGyNci7LBwv2T6ejPH+N4jIt7
Zf04yf4J3hU/y8g0GKkSCVIqW+Nowl1ksuyNprBGr52OxTYY5vwx4faK95+HxHQY
TSNeXAk/irBTKnGZJfhLHwzikF/EyiuIaDf956a3rtx1PuK4veBo8jS+F0jZ7o5Z
TaWzVp5mFC3txU0EB/5uQYaOZQGcJzxOh0xLKUc8ulSKALY9JL3uP70sniIVAgMB
AAGjggHTMIIBzzAdBgNVHQ4EFgQU9nLUI81Et1v/rayBdTnbFT9jzX8wHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTY2MzkzMDMwM2EzYTJmMzQzMDJk
MzQzODIwM2QzZTIwMzIzMDMwMzgzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhLdR/kwDQYJKoZI
hvcNAQELBQADggEBAMgj3juoLgIFMI69Q4hifLXMHGhKUQi95AgUx7VVtZ7pgu4O
zLPtJIZwdeoVxUG2ZwsiEUV3Vd7yCbOqaDem35Ln8RRz+UTp40UimsG3jiXDzsjn
HYBeoYgs8pu+Nzuy+FjiKc0xzxeNWsAieCnyjHGBZ5flljMbP2rL6kNiJzV4pB7H
384FcHvPE9f5w057DWaNgmD2bdnoRLIsxQF65omhwKwGNlaeVA2rBJGGeKtHYxmE
PUUQxx9iidAEZzE5964ChEaD+IfL0nfAcI4usa+KDNP2tpcMejGIjEgK9iQ2E2xO
04iZYbnYFAJiICvN7R4yaH8TVJjWIg0NDDjrnqU=
-----END CERTIFICATE-----