Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a336130303a3a2f34302d3438203d3e20323037333134.roa
File:                     326131323a646434373a336130303a3a2f34302d3438203d3e20323037333134.roa (raw, json)
Hash identifier:          s79x20S/TeNjbwYVpwv+wihKre0Y8Ls5/dh87LWvbqM=
Subject key identifier:   98:28:9E:EA:C5:51:E1:43:AC:0F:8B:61:3C:95:44:DE:00:A3:02:32
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       69B6A6E0F7372391A449E2E62CC3E7BDED29C75B
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a336130303a3a2f34302d3438203d3e20323037333134.roa
Signing time:             Fri 11 Oct 2024 10:04:17 +0000
ROA not before:           Fri 11 Oct 2024 09:59:17 +0000
ROA not after:            Fri 10 Oct 2025 10:04:17 +0000
asID:                     207314
IP address blocks:        2a12:dd47:3a00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:b6:a6:e0:f7:37:23:91:a4:49:e2:e6:2c:c3:e7:bd:ed:29:c7:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:17 2024 GMT
            Not After : Oct 10 10:04:17 2025 GMT
        Subject: CN=98289EEAC551E143AC0F8B613C9544DE00A30232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:8c:72:0e:2f:79:bf:8f:8e:ac:71:04:cc:4c:
                    c8:9e:60:69:67:4b:83:ba:8a:e2:76:32:c2:9d:a0:
                    be:54:ec:8b:89:10:ff:ea:83:2a:46:07:66:e7:70:
                    20:88:93:a6:e7:06:36:1a:79:1b:7f:39:21:ab:10:
                    c6:34:f3:71:3b:7d:49:c7:4f:b6:ba:c2:80:ef:60:
                    94:cf:fc:1a:e0:0b:c4:f4:ba:25:57:ca:0a:6e:03:
                    7f:c5:77:c2:09:9d:f7:c9:95:46:4c:c8:f4:f3:a8:
                    57:1a:b1:d8:9f:c7:a4:77:ad:2a:20:02:33:0a:4b:
                    3a:02:39:68:69:92:ca:44:c7:af:7a:95:b7:20:53:
                    58:9d:d0:05:59:c0:06:af:c2:e3:1c:6a:6f:88:f6:
                    b8:ee:dc:08:f6:d6:98:8c:bb:19:c5:87:ef:77:ea:
                    b0:17:fb:65:58:e4:03:d3:a5:30:31:b1:0c:70:5f:
                    c9:fe:e6:97:b4:1b:ef:8c:2f:24:87:86:3d:38:c6:
                    c0:3f:bb:85:7a:9b:a7:b2:0a:56:cc:da:c6:e7:5d:
                    d1:9d:2d:49:ac:7f:78:1b:b3:86:0b:84:4b:ca:d4:
                    f2:5a:8c:36:73:94:76:7e:90:de:3a:fc:2c:0d:1a:
                    c1:0f:6a:b8:8d:f0:ee:01:75:43:06:93:dd:f4:3e:
                    1f:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:28:9E:EA:C5:51:E1:43:AC:0F:8B:61:3C:95:44:DE:00:A3:02:32
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a336130303a3a2f34302d3438203d3e20323037333134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:3a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         15:39:40:c0:d8:50:49:fc:ce:d0:9f:98:26:c6:7d:41:c7:37:
         6b:3d:5f:e7:2a:68:25:d7:bf:10:cd:61:1d:c1:f4:1f:be:bd:
         e2:55:00:ec:46:56:09:99:0f:ff:bd:43:79:1a:bd:cc:1f:f5:
         84:b6:8f:97:12:39:a8:d0:e0:fa:67:c4:bd:7c:a3:b2:f2:33:
         9c:53:87:73:18:7d:15:48:bc:59:cc:1d:d4:74:b9:8a:5c:e7:
         42:5e:4f:96:af:69:e2:e0:b4:68:4f:21:7b:77:9f:13:e4:98:
         f3:50:fa:05:d6:9a:9a:5a:f2:f6:ce:6a:1e:30:04:73:3b:d9:
         a2:83:5a:68:1b:fc:91:8c:bd:17:d6:b5:75:b9:20:89:88:22:
         c3:ba:86:50:6f:55:1d:78:0a:ed:6b:fb:84:00:99:f5:84:b3:
         10:3e:4c:1d:98:3c:42:11:bc:80:b9:d1:de:46:6a:d3:aa:57:
         84:da:b7:6b:a6:01:8a:80:5e:c4:d5:e6:7d:38:cc:7f:6f:58:
         91:a4:8b:52:99:01:6e:c8:a3:1d:e4:7a:78:37:74:50:f6:34:
         49:99:7b:2d:99:90:15:01:95:15:ab:07:7e:5c:5c:34:da:94:
         da:8e:3d:62:6c:14:92:03:26:76:e8:c1:b8:d5:c4:de:2b:e7:
         c0:4a:bf:f5
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUabam4Pc3I5GkSeLmLMPnve0px1swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTdaFw0yNTEwMTAxMDA0MTdaMDMxMTAvBgNV
BAMTKDk4Mjg5RUVBQzU1MUUxNDNBQzBGOEI2MTNDOTU0NERFMDBBMzAyMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXjHIOL3m/j46scQTMTMieYGln
S4O6iuJ2MsKdoL5U7IuJEP/qgypGB2bncCCIk6bnBjYaeRt/OSGrEMY083E7fUnH
T7a6woDvYJTP/BrgC8T0uiVXygpuA3/Fd8IJnffJlUZMyPTzqFcasdifx6R3rSog
AjMKSzoCOWhpkspEx696lbcgU1id0AVZwAavwuMcam+I9rju3Aj21piMuxnFh+93
6rAX+2VY5APTpTAxsQxwX8n+5pe0G++MLySHhj04xsA/u4V6m6eyClbM2sbnXdGd
LUmsf3gbs4YLhEvK1PJajDZzlHZ+kN46/CwNGsEPariN8O4BdUMGk930Ph9bAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUmCie6sVR4UOsD4thPJVE3gCjAjIwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzMzYxMzAzMDNhM2EyZjM0MzAyZDM0
MzgyMDNkM2UyMDMyMzAzNzMzMzEzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoS3Uc6MA0GCSqGSIb3
DQEBCwUAA4IBAQAVOUDA2FBJ/M7Qn5gmxn1BxzdrPV/nKmgl178QzWEdwfQfvr3i
VQDsRlYJmQ//vUN5Gr3MH/WEto+XEjmo0OD6Z8S9fKOy8jOcU4dzGH0VSLxZzB3U
dLmKXOdCXk+Wr2ni4LRoTyF7d58T5JjzUPoF1pqaWvL2zmoeMARzO9mig1poG/yR
jL0X1rV1uSCJiCLDuoZQb1UdeArta/uEAJn1hLMQPkwdmDxCEbyAudHeRmrTqleE
2rdrpgGKgF7E1eZ9OMx/b1iRpItSmQFuyKMd5Hp4N3RQ9jRJmXstmZAVAZUVqwd+
XFw02pTajj1ibBSSAyZ26MG41cTeK+fASr/1
-----END CERTIFICATE-----