Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a3130303a3a2f34302d3438203d3e20313937363039.roa
File:                     326131323a646434373a3130303a3a2f34302d3438203d3e20313937363039.roa (raw, json)
Hash identifier:          aeRUHJgf2J40AJGpGWpSvkcxRBDSa30IOIKIPrp0tRM=
Subject key identifier:   B5:CA:B4:06:20:DB:1D:06:E6:6F:DE:CE:E7:32:56:99:99:47:2E:5B
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       5E14CBDE9E20328774DAB4A7164A6BD97612C9B6
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a3130303a3a2f34302d3438203d3e20313937363039.roa
Signing time:             Fri 11 Oct 2024 10:04:14 +0000
ROA not before:           Fri 11 Oct 2024 09:59:14 +0000
ROA not after:            Fri 10 Oct 2025 10:04:14 +0000
asID:                     197609
IP address blocks:        2a12:dd47:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 03:48:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:14:cb:de:9e:20:32:87:74:da:b4:a7:16:4a:6b:d9:76:12:c9:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:14 2024 GMT
            Not After : Oct 10 10:04:14 2025 GMT
        Subject: CN=B5CAB40620DB1D06E66FDECEE732569999472E5B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:75:59:c2:4b:d4:13:97:2f:1c:8e:94:1d:39:
                    d2:05:9f:4e:0a:44:d9:ad:02:99:24:d9:1a:97:bb:
                    5e:7d:fc:91:a4:f8:4d:73:08:93:b3:e9:ba:6e:9c:
                    85:40:d0:8d:98:68:78:9a:7f:19:85:c8:b3:39:b8:
                    81:41:c6:54:cd:d6:af:f7:e8:93:9f:d4:82:a0:62:
                    9f:4a:b0:f2:3f:db:cd:9f:fe:46:25:a3:ea:05:52:
                    3b:e7:7e:93:d5:c8:58:e9:a6:3f:85:13:a0:70:22:
                    9d:3d:3c:46:a1:34:88:0b:d3:13:dc:d3:cd:80:0d:
                    40:f7:17:78:30:3b:98:6d:9d:39:c3:60:60:56:42:
                    fc:b5:9e:77:6b:e0:94:80:b6:ba:08:53:2a:11:47:
                    94:12:e4:d2:94:62:49:2c:23:6e:72:64:63:31:0e:
                    91:96:e8:c1:9b:a8:99:a9:5d:df:f2:92:5d:1d:72:
                    52:42:4a:91:6f:06:11:11:c5:44:eb:f7:6a:1a:20:
                    93:b2:9d:4f:08:e7:24:0e:91:02:41:9e:31:81:c3:
                    24:e8:7f:e6:79:ba:1c:c7:0d:65:e7:fd:bc:67:79:
                    6c:0a:9c:cf:39:6f:c7:55:fb:df:98:5a:24:c5:2b:
                    42:42:de:8b:7c:1a:82:18:7c:12:41:ff:27:93:a0:
                    73:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:CA:B4:06:20:DB:1D:06:E6:6F:DE:CE:E7:32:56:99:99:47:2E:5B
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a3130303a3a2f34302d3438203d3e20313937363039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         91:f3:86:45:6d:94:c8:43:14:14:25:29:17:b8:ed:4e:a7:73:
         b4:b0:8a:6e:0b:86:2f:2d:30:30:60:6f:9f:4d:2d:57:eb:05:
         27:07:c1:99:c2:6f:37:ba:9a:6b:df:f1:e6:85:49:03:dd:bb:
         76:a7:30:e3:b9:61:f3:26:f5:95:66:96:39:94:a1:a6:46:d6:
         ae:1a:1a:45:1c:9e:34:08:5e:cc:db:3c:44:fb:c3:95:58:9b:
         62:10:ac:ff:85:bb:18:3e:58:c1:f4:74:33:20:3b:3a:2d:2c:
         17:0b:83:5b:a8:03:73:d2:ea:ae:41:2b:41:8a:0f:75:e3:13:
         45:42:73:b1:31:56:a4:53:a8:bf:d7:91:85:c8:d8:36:45:7e:
         3e:82:71:6d:59:f6:20:fa:68:76:69:9b:c7:7a:c2:3b:7b:f1:
         e9:ee:6a:ce:90:1f:ae:8f:79:92:69:da:5e:73:e8:2c:a2:d2:
         ba:3b:18:9e:a3:6e:03:cf:3b:bf:dd:4a:5b:be:8e:9f:89:61:
         fa:6f:81:9a:3c:59:d5:8d:02:74:f9:09:0c:2f:62:c1:d6:ab:
         41:77:aa:f5:d0:70:f7:3a:5a:04:87:05:83:96:19:72:da:9a:
         fb:a8:72:6f:44:03:5a:74:ae:0a:8c:ec:9f:73:30:96:4f:44:
         60:1c:06:ae
-----BEGIN CERTIFICATE-----
MIIExTCCA62gAwIBAgIUXhTL3p4gMod02rSnFkpr2XYSybYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTRaFw0yNTEwMTAxMDA0MTRaMDMxMTAvBgNV
BAMTKEI1Q0FCNDA2MjBEQjFEMDZFNjZGREVDRUU3MzI1Njk5OTk0NzJFNUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCodVnCS9QTly8cjpQdOdIFn04K
RNmtApkk2RqXu159/JGk+E1zCJOz6bpunIVA0I2YaHiafxmFyLM5uIFBxlTN1q/3
6JOf1IKgYp9KsPI/282f/kYlo+oFUjvnfpPVyFjppj+FE6BwIp09PEahNIgL0xPc
082ADUD3F3gwO5htnTnDYGBWQvy1nndr4JSAtroIUyoRR5QS5NKUYkksI25yZGMx
DpGW6MGbqJmpXd/ykl0dclJCSpFvBhERxUTr92oaIJOynU8I5yQOkQJBnjGBwyTo
f+Z5uhzHDWXn/bxneWwKnM85b8dV+9+YWiTFK0JC3ot8GoIYfBJB/yeToHPvAgMB
AAGjggHPMIIByzAdBgNVHQ4EFgQUtcq0BiDbHQbmb97O5zJWmZlHLlswHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwegYI
KwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzMTMwMzAzYTNhMmYzNDMwMmQzNDM4
MjAzZDNlMjAzMTM5MzczNjMwMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqEt1HATANBgkqhkiG9w0B
AQsFAAOCAQEAkfOGRW2UyEMUFCUpF7jtTqdztLCKbguGLy0wMGBvn00tV+sFJwfB
mcJvN7qaa9/x5oVJA927dqcw47lh8yb1lWaWOZShpkbWrhoaRRyeNAhezNs8RPvD
lVibYhCs/4W7GD5YwfR0MyA7Oi0sFwuDW6gDc9LqrkErQYoPdeMTRUJzsTFWpFOo
v9eRhcjYNkV+PoJxbVn2IPpodmmbx3rCO3vx6e5qzpAfro95kmnaXnPoLKLSujsY
nqNuA887v91KW76On4lh+m+BmjxZ1Y0CdPkJDC9iwdarQXeq9dBw9zpaBIcFg5YZ
ctqa+6hyb0QDWnSuCozsn3Mwlk9EYBwGrg==
-----END CERTIFICATE-----