Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a336230303a3a2f34302d3438203d3e20313939313737.roa
File:                     326131323a646434373a336230303a3a2f34302d3438203d3e20313939313737.roa (raw, json)
Hash identifier:          1OitYdJtjtnneer96oEnVFDT68LXr9M+V1/h5cthV2A=
Subject key identifier:   53:7B:80:E4:75:6F:FB:EC:3A:F6:90:88:7E:84:8B:C2:E1:B1:22:0A
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       53F43099E72A9951BFEFC645BBEBA8BFCA91C74A
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a336230303a3a2f34302d3438203d3e20313939313737.roa
Signing time:             Fri 11 Oct 2024 10:04:13 +0000
ROA not before:           Fri 11 Oct 2024 09:59:13 +0000
ROA not after:            Fri 10 Oct 2025 10:04:13 +0000
asID:                     199177
IP address blocks:        2a12:dd47:3b00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 03:48:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:f4:30:99:e7:2a:99:51:bf:ef:c6:45:bb:eb:a8:bf:ca:91:c7:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:13 2024 GMT
            Not After : Oct 10 10:04:13 2025 GMT
        Subject: CN=537B80E4756FFBEC3AF690887E848BC2E1B1220A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:a5:ed:b4:3d:18:16:1e:66:42:5e:bc:e0:20:
                    f0:6c:0c:cd:be:45:ec:54:ab:e1:59:b7:2d:36:ae:
                    be:e7:85:9b:8b:12:66:4c:9b:7a:82:ed:38:ec:a9:
                    2a:7e:0d:d2:25:0b:00:61:d3:2a:cd:ac:1d:e5:03:
                    68:f4:a8:36:98:10:c4:f5:3e:86:68:e2:63:42:87:
                    c7:fe:c6:e8:a0:3b:97:84:bd:38:85:ff:01:31:c7:
                    61:c6:22:9c:e3:38:72:64:37:4f:ea:84:ec:0d:8f:
                    e2:2b:ae:01:8a:f6:d2:0b:32:8a:b3:12:10:f3:a1:
                    83:49:3e:31:7e:c4:ac:4e:72:29:d0:e1:96:f5:e8:
                    c1:e5:61:65:21:36:28:74:aa:48:b4:e9:76:f5:9b:
                    a1:28:44:85:91:32:48:20:6b:5a:36:49:b4:ba:6f:
                    aa:98:bb:bf:aa:e4:2c:04:23:4c:bd:f7:71:e7:8a:
                    58:04:e5:c9:9b:67:c0:71:ba:99:e1:c5:31:ce:c0:
                    7e:64:db:04:5a:b7:f8:8a:59:0a:0a:13:dd:4e:29:
                    af:3e:8f:31:82:55:ae:65:d4:be:fc:49:4c:22:89:
                    79:10:a5:30:c8:6d:44:0a:91:82:2d:6b:12:b7:b1:
                    38:7e:81:99:09:c4:04:3e:59:77:0b:21:fe:b1:6d:
                    a7:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:7B:80:E4:75:6F:FB:EC:3A:F6:90:88:7E:84:8B:C2:E1:B1:22:0A
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a336230303a3a2f34302d3438203d3e20313939313737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:3b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         2c:d2:50:f5:75:de:71:3f:e0:5f:d7:f9:a0:e2:04:c5:40:08:
         a4:85:75:bc:cc:a0:d7:7b:2a:df:04:b6:09:42:66:08:75:4f:
         39:30:94:a8:32:fc:b7:0f:d8:ac:d0:71:af:ae:69:38:40:87:
         82:2c:93:60:b7:32:1b:ce:71:2a:d3:ae:9d:d3:c4:28:3f:a0:
         d9:2b:87:1a:eb:a8:f4:91:e3:f8:cf:27:61:56:46:5e:46:f6:
         24:81:60:4c:d5:ff:83:69:f1:cd:4c:4c:81:ab:90:2c:cb:4a:
         c9:40:93:bb:bc:46:91:8a:d0:f8:8b:4b:c8:26:e7:ce:62:5b:
         40:d2:68:05:04:a7:02:ef:15:55:d6:b7:40:68:d6:18:22:1a:
         be:b3:79:f4:ad:77:53:35:de:75:1a:f9:5c:b2:4a:5b:dc:b1:
         e3:37:37:fa:7a:49:2e:0b:bc:3f:c9:60:f7:bf:f6:27:de:bf:
         46:fc:1e:26:6b:d0:97:54:ee:34:9a:90:17:21:69:9b:64:47:
         7e:12:24:04:ca:ea:8c:2a:a4:a3:36:66:7d:ab:60:76:3f:87:
         93:f7:fc:d5:45:2c:8f:70:4d:c6:d7:4c:1a:85:f1:0a:c2:d8:
         1a:82:72:97:bb:cc:54:42:00:cd:07:e4:4e:67:d6:e4:c9:49:
         6d:f9:f8:8e
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUU/QwmecqmVG/78ZFu+uov8qRx0owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTNaFw0yNTEwMTAxMDA0MTNaMDMxMTAvBgNV
BAMTKDUzN0I4MEU0NzU2RkZCRUMzQUY2OTA4ODdFODQ4QkMyRTFCMTIyMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzpe20PRgWHmZCXrzgIPBsDM2+
RexUq+FZty02rr7nhZuLEmZMm3qC7TjsqSp+DdIlCwBh0yrNrB3lA2j0qDaYEMT1
PoZo4mNCh8f+xuigO5eEvTiF/wExx2HGIpzjOHJkN0/qhOwNj+IrrgGK9tILMoqz
EhDzoYNJPjF+xKxOcinQ4Zb16MHlYWUhNih0qki06Xb1m6EoRIWRMkgga1o2SbS6
b6qYu7+q5CwEI0y993HnilgE5cmbZ8BxupnhxTHOwH5k2wRat/iKWQoKE91OKa8+
jzGCVa5l1L78SUwiiXkQpTDIbUQKkYItaxK3sTh+gZkJxAQ+WXcLIf6xbaebAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUU3uA5HVv++w69pCIfoSLwuGxIgowHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzMzYyMzAzMDNhM2EyZjM0MzAyZDM0
MzgyMDNkM2UyMDMxMzkzOTMxMzczNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoS3Uc7MA0GCSqGSIb3
DQEBCwUAA4IBAQAs0lD1dd5xP+Bf1/mg4gTFQAikhXW8zKDXeyrfBLYJQmYIdU85
MJSoMvy3D9is0HGvrmk4QIeCLJNgtzIbznEq066d08QoP6DZK4ca66j0keP4zydh
VkZeRvYkgWBM1f+DafHNTEyBq5Asy0rJQJO7vEaRitD4i0vIJufOYltA0mgFBKcC
7xVV1rdAaNYYIhq+s3n0rXdTNd51Gvlcskpb3LHjNzf6ekkuC7w/yWD3v/Yn3r9G
/B4ma9CXVO40mpAXIWmbZEd+EiQEyuqMKqSjNmZ9q2B2P4eT9/zVRSyPcE3G10wa
hfEKwtgagnKXu8xUQgDNB+ROZ9bkyUlt+fiO
-----END CERTIFICATE-----