Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a333430303a3a2f33382d3338203d3e20323030383237.roa
File:                     326131323a646434373a333430303a3a2f33382d3338203d3e20323030383237.roa (raw, json)
Hash identifier:          /F7NF7jPv69YGXKShluqs+pCdEYz4DbvAFPSja8FO1Q=
Subject key identifier:   69:23:3F:9D:34:C9:A3:71:D5:0E:39:BB:AC:05:02:A5:66:99:84:59
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       2D11D2F239D663220B2DB67598B9B6A409F02226
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a333430303a3a2f33382d3338203d3e20323030383237.roa
Signing time:             Fri 11 Oct 2024 10:04:20 +0000
ROA not before:           Fri 11 Oct 2024 09:59:20 +0000
ROA not after:            Fri 10 Oct 2025 10:04:20 +0000
asID:                     200827
IP address blocks:        2a12:dd47:3400::/38 maxlen: 38

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:11:d2:f2:39:d6:63:22:0b:2d:b6:75:98:b9:b6:a4:09:f0:22:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:20 2024 GMT
            Not After : Oct 10 10:04:20 2025 GMT
        Subject: CN=69233F9D34C9A371D50E39BBAC0502A566998459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:51:de:da:dc:af:c4:d5:9e:4a:03:8d:d3:a9:
                    fa:ba:51:d0:2b:49:48:a5:0f:de:89:31:e0:3d:a0:
                    90:d8:e0:27:eb:55:d8:1f:f4:58:a6:25:9c:f6:98:
                    79:a1:02:51:ae:53:3a:c3:9c:a7:85:94:9b:61:90:
                    5b:f2:5d:3f:f0:f5:a3:50:95:57:48:d3:1e:fc:0e:
                    42:4d:d5:f0:cb:e0:34:fa:72:dd:28:f8:64:35:14:
                    7d:0b:07:7a:f9:fb:27:63:d4:14:04:05:c8:e1:90:
                    7b:7e:55:6a:b0:30:d7:90:10:5d:f0:c9:5e:c1:e9:
                    06:03:56:4e:dd:8e:74:bc:62:58:d5:3e:9d:65:81:
                    60:4f:ac:b3:85:d9:c0:10:31:5f:97:96:2d:a3:05:
                    19:27:55:43:f7:98:11:be:70:a9:4e:a9:bb:50:f5:
                    10:c8:d4:bb:28:48:79:a9:5e:9c:90:96:82:aa:24:
                    ca:0b:35:15:d0:a4:d6:12:ed:63:2e:9e:74:de:b0:
                    00:6e:0c:79:96:20:a8:e4:5e:d8:fe:03:8b:49:f1:
                    fd:a0:17:4c:fb:4b:36:41:c2:cf:fc:f1:38:9a:53:
                    91:77:d8:fc:a5:b3:70:95:d5:c1:82:9e:8e:ee:ca:
                    ed:28:65:34:89:06:f0:e5:1c:70:97:73:be:d9:4d:
                    84:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:23:3F:9D:34:C9:A3:71:D5:0E:39:BB:AC:05:02:A5:66:99:84:59
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a333430303a3a2f33382d3338203d3e20323030383237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:3400::/38

    Signature Algorithm: sha256WithRSAEncryption
         8d:cd:67:48:59:ff:02:6b:33:ea:c3:8d:cf:e4:29:ad:09:76:
         0c:7e:ca:39:9f:44:cb:15:e9:e1:54:d0:92:50:2f:de:2a:52:
         f4:76:21:14:97:f0:bf:d3:07:35:26:f0:7b:57:f4:b5:b7:0a:
         f7:f6:26:dd:05:bb:d5:d9:f1:58:bb:46:98:3f:27:12:cd:bd:
         06:29:51:64:99:2e:e3:32:5d:cc:f7:aa:c7:cd:32:dd:53:3d:
         2c:55:ad:7c:14:88:93:ab:1d:a7:2a:4e:1a:5b:4b:10:58:9a:
         31:df:8b:a4:a0:d9:c8:52:80:53:b6:fd:dd:3d:0f:d2:e6:1d:
         f1:c4:62:82:5b:51:c5:a9:45:3d:62:34:85:1b:44:a8:37:97:
         93:96:67:9e:69:93:3b:9d:9e:62:34:86:bc:ad:21:9e:a2:8c:
         e9:e1:ce:64:e7:c0:62:d9:36:00:54:27:29:e3:bf:ff:55:dd:
         85:61:19:96:e3:ce:d8:be:af:fe:cd:8e:29:4e:df:50:82:39:
         80:0c:3d:f4:2e:76:68:65:ed:92:99:b3:3f:c4:01:eb:ed:8d:
         ea:5d:e5:19:9a:72:cd:e3:02:08:22:73:52:fb:39:f3:ab:6e:
         d8:73:e8:e9:be:8f:ce:f3:3b:dc:ec:77:41:c3:ac:60:b4:d4:
         e4:62:db:ac
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIULRHS8jnWYyILLbZ1mLm2pAnwIiYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MjBaFw0yNTEwMTAxMDA0MjBaMDMxMTAvBgNV
BAMTKDY5MjMzRjlEMzRDOUEzNzFENTBFMzlCQkFDMDUwMkE1NjY5OTg0NTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCUd7a3K/E1Z5KA43Tqfq6UdAr
SUilD96JMeA9oJDY4CfrVdgf9FimJZz2mHmhAlGuUzrDnKeFlJthkFvyXT/w9aNQ
lVdI0x78DkJN1fDL4DT6ct0o+GQ1FH0LB3r5+ydj1BQEBcjhkHt+VWqwMNeQEF3w
yV7B6QYDVk7djnS8YljVPp1lgWBPrLOF2cAQMV+Xli2jBRknVUP3mBG+cKlOqbtQ
9RDI1LsoSHmpXpyQloKqJMoLNRXQpNYS7WMunnTesABuDHmWIKjkXtj+A4tJ8f2g
F0z7SzZBws/88TiaU5F32Pyls3CV1cGCno7uyu0oZTSJBvDlHHCXc77ZTYSZAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUaSM/nTTJo3HVDjm7rAUCpWaZhFkwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzMzM0MzAzMDNhM2EyZjMzMzgyZDMz
MzgyMDNkM2UyMDMyMzAzMDM4MzIzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioS3Uc0MA0GCSqGSIb3
DQEBCwUAA4IBAQCNzWdIWf8CazPqw43P5CmtCXYMfso5n0TLFenhVNCSUC/eKlL0
diEUl/C/0wc1JvB7V/S1twr39ibdBbvV2fFYu0aYPycSzb0GKVFkmS7jMl3M96rH
zTLdUz0sVa18FIiTqx2nKk4aW0sQWJox34ukoNnIUoBTtv3dPQ/S5h3xxGKCW1HF
qUU9YjSFG0SoN5eTlmeeaZM7nZ5iNIa8rSGeoozp4c5k58Bi2TYAVCcp47//Vd2F
YRmW487Yvq/+zY4pTt9QgjmADD30LnZoZe2SmbM/xAHr7Y3qXeUZmnLN4wIIInNS
+znzq27Yc+jpvo/O8zvc7HdBw6xgtNTkYtus
-----END CERTIFICATE-----