Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a336330303a3a2f34302d3438203d3e203136353039.roa
File:                     326131323a646434373a336330303a3a2f34302d3438203d3e203136353039.roa (raw, json)
Hash identifier:          wQMPQtdBg8SEluMCgkVpJ0AJ0zFSifBfZjJgubs6D10=
Subject key identifier:   CD:79:D6:95:4C:AC:68:8F:67:1D:73:79:57:6F:8B:29:D1:B5:DE:0B
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       3ECF18545F69D3B2326A994A61E44EE1D700ADCA
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a336330303a3a2f34302d3438203d3e203136353039.roa
Signing time:             Fri 11 Oct 2024 10:04:21 +0000
ROA not before:           Fri 11 Oct 2024 09:59:21 +0000
ROA not after:            Fri 10 Oct 2025 10:04:21 +0000
asID:                     16509
IP address blocks:        2a12:dd47:3c00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:cf:18:54:5f:69:d3:b2:32:6a:99:4a:61:e4:4e:e1:d7:00:ad:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:21 2024 GMT
            Not After : Oct 10 10:04:21 2025 GMT
        Subject: CN=CD79D6954CAC688F671D7379576F8B29D1B5DE0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:05:c2:c7:11:a0:40:d5:61:4f:b1:c1:9c:93:
                    5c:94:36:5e:20:81:4f:02:42:60:a6:f4:1b:93:16:
                    a2:cf:1c:b7:66:e3:33:da:6c:c9:54:dd:9e:16:18:
                    d7:ac:a5:7f:24:db:68:f9:e5:f2:12:0f:95:78:ea:
                    fd:f3:19:2d:af:bc:40:d5:1a:cc:b3:9b:b2:06:7d:
                    d6:1b:f2:a4:48:93:e5:59:e8:07:89:8c:2a:3d:1d:
                    7d:d2:cf:50:e8:b1:1e:74:d7:c7:ab:88:59:a8:de:
                    7c:c4:cc:99:f4:c7:43:17:20:62:dd:eb:9f:a9:56:
                    ca:86:74:41:4a:e4:77:42:75:29:5e:ff:66:0b:dc:
                    94:a5:e5:01:c0:14:1a:c0:72:01:56:80:0a:a5:47:
                    65:4f:2d:b0:3c:ed:2c:5b:ea:8b:a2:e0:eb:4c:36:
                    0a:aa:6e:2d:30:6f:17:7d:b5:ac:85:33:5d:45:07:
                    42:05:53:08:1c:c6:1a:3d:93:70:71:fc:b1:ae:4e:
                    3d:fc:c8:b2:57:85:15:57:7b:da:3c:85:c9:57:d0:
                    e0:dc:a4:49:81:70:a2:a6:b7:7d:cf:bf:29:bc:02:
                    d5:95:6d:9b:49:24:20:ed:c2:65:81:11:b5:43:00:
                    fd:ae:59:5b:ee:4d:30:bc:f8:a8:cd:65:9c:16:e1:
                    d3:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:79:D6:95:4C:AC:68:8F:67:1D:73:79:57:6F:8B:29:D1:B5:DE:0B
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a336330303a3a2f34302d3438203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:3c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         26:82:81:ad:ab:fc:d7:45:04:54:5a:66:22:d6:ca:fc:e5:3b:
         1d:f8:c8:0c:1e:62:57:d7:16:40:00:6a:f2:c8:9a:1a:4c:0a:
         28:7f:7f:63:b8:fe:4e:5e:30:ea:f2:74:3b:e9:1a:44:f8:dc:
         2f:32:32:37:47:aa:90:2c:76:03:ba:a0:7f:62:78:db:3f:40:
         5c:89:70:28:86:80:84:b9:e0:ab:92:94:56:b5:9b:2a:3a:a6:
         9b:f7:be:8b:32:35:04:3e:1f:63:aa:16:a9:03:da:e4:a0:fb:
         dc:9b:7d:e8:2c:7b:c6:64:9b:9c:40:76:49:6b:f2:66:85:b6:
         b0:14:73:f6:95:57:00:38:ab:ec:23:b5:3c:87:a6:ae:a5:5c:
         3d:01:29:db:6f:dc:48:75:60:30:dd:80:3a:4b:d2:cf:78:3b:
         6b:a4:74:35:3c:57:d4:27:d8:56:56:96:15:cf:e1:1f:b7:7f:
         7f:c9:03:36:4c:46:73:c8:75:b5:e3:b3:0c:91:b9:60:39:7a:
         94:f8:4f:f7:56:98:39:0c:b2:6a:bb:8b:3f:8c:8a:ed:46:13:
         28:bb:4d:20:06:b1:4b:9c:a2:c0:72:23:79:91:e3:e4:ff:58:
         89:3f:de:7f:3e:f5:ca:57:95:15:3a:f7:74:97:57:6a:dc:69:
         3f:82:16:e1
-----BEGIN CERTIFICATE-----
MIIExTCCA62gAwIBAgIUPs8YVF9p07IyaplKYeRO4dcArcowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MjFaFw0yNTEwMTAxMDA0MjFaMDMxMTAvBgNV
BAMTKENENzlENjk1NENBQzY4OEY2NzFENzM3OTU3NkY4QjI5RDFCNURFMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbBcLHEaBA1WFPscGck1yUNl4g
gU8CQmCm9BuTFqLPHLdm4zPabMlU3Z4WGNespX8k22j55fISD5V46v3zGS2vvEDV
Gsyzm7IGfdYb8qRIk+VZ6AeJjCo9HX3Sz1DosR5018eriFmo3nzEzJn0x0MXIGLd
65+pVsqGdEFK5HdCdSle/2YL3JSl5QHAFBrAcgFWgAqlR2VPLbA87Sxb6oui4OtM
Ngqqbi0wbxd9tayFM11FB0IFUwgcxho9k3Bx/LGuTj38yLJXhRVXe9o8hclX0ODc
pEmBcKKmt33Pvym8AtWVbZtJJCDtwmWBEbVDAP2uWVvuTTC8+KjNZZwW4dNfAgMB
AAGjggHPMIIByzAdBgNVHQ4EFgQUzXnWlUysaI9nHXN5V2+LKdG13gswHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwegYI
KwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzMzYzMzAzMDNhM2EyZjM0MzAyZDM0
MzgyMDNkM2UyMDMxMzYzNTMwMzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqEt1HPDANBgkqhkiG9w0B
AQsFAAOCAQEAJoKBrav810UEVFpmItbK/OU7HfjIDB5iV9cWQABq8siaGkwKKH9/
Y7j+Tl4w6vJ0O+kaRPjcLzIyN0eqkCx2A7qgf2J42z9AXIlwKIaAhLngq5KUVrWb
Kjqmm/e+izI1BD4fY6oWqQPa5KD73Jt96Cx7xmSbnEB2SWvyZoW2sBRz9pVXADir
7CO1PIemrqVcPQEp22/cSHVgMN2AOkvSz3g7a6R0NTxX1CfYVlaWFc/hH7d/f8kD
NkxGc8h1teOzDJG5YDl6lPhP91aYOQyyaruLP4yK7UYTKLtNIAaxS5yiwHIjeZHj
5P9YiT/efz71yleVFTr3dJdXatxpP4IW4Q==
-----END CERTIFICATE-----