Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a3430303a3a2f33392d3438203d3e20313939363739.roa
File:                     326131323a646434373a3430303a3a2f33392d3438203d3e20313939363739.roa (raw, json)
Hash identifier:          ck28BhHfAxapjyW5N1u+agcjd5YK955vqJiLBFKiuxU=
Subject key identifier:   B3:98:D1:A2:D8:83:B8:C1:E9:D7:7B:64:7B:8D:7F:B6:33:CA:D0:FB
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       3AE506958597E4D1B269C8D9DDC47FD934DB1116
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a3430303a3a2f33392d3438203d3e20313939363739.roa
Signing time:             Fri 11 Oct 2024 10:04:19 +0000
ROA not before:           Fri 11 Oct 2024 09:59:19 +0000
ROA not after:            Fri 10 Oct 2025 10:04:19 +0000
asID:                     199679
IP address blocks:        2a12:dd47:400::/39 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:e5:06:95:85:97:e4:d1:b2:69:c8:d9:dd:c4:7f:d9:34:db:11:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:19 2024 GMT
            Not After : Oct 10 10:04:19 2025 GMT
        Subject: CN=B398D1A2D883B8C1E9D77B647B8D7FB633CAD0FB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:1c:ca:74:8a:df:4c:37:8d:6e:83:6f:bd:1d:
                    80:bd:4a:a6:a9:28:57:55:9d:29:18:d7:f9:c6:4f:
                    c8:f8:61:d5:52:c7:12:4a:4b:e9:8c:1d:35:16:0d:
                    0a:9f:a8:e7:3b:6b:2e:d1:cd:61:a2:8d:4d:66:18:
                    ae:7a:39:8e:c5:09:da:cb:6d:a0:ed:30:7a:54:0b:
                    10:56:f1:44:77:c9:d8:ed:c9:b0:e7:38:9d:97:c6:
                    bc:5a:93:3a:45:b4:db:27:22:b3:4c:c9:6c:8e:39:
                    e5:40:bd:57:00:cd:7a:bf:f5:97:7f:74:c4:41:6b:
                    68:4a:3f:6a:27:73:e5:ea:58:09:e7:22:c8:89:17:
                    7b:de:68:d5:12:95:81:9f:33:63:07:bf:a2:84:cf:
                    95:13:a4:19:51:01:53:3c:80:05:53:f9:95:c4:a0:
                    c4:76:2b:2d:44:f9:fa:2b:8d:f3:37:db:ee:d3:58:
                    4f:e3:3a:78:e1:e0:11:19:d0:95:b5:a6:34:7b:27:
                    26:07:91:cf:3b:1a:bf:ec:82:ba:e0:74:16:85:30:
                    7f:9c:e7:80:48:96:b8:b5:e9:61:6c:b0:3f:2d:58:
                    09:5e:8a:51:a4:df:c7:60:e1:2b:b8:9f:98:1c:55:
                    fe:e7:24:55:f5:21:5d:c6:1a:9c:4b:4d:b8:0c:eb:
                    a1:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:98:D1:A2:D8:83:B8:C1:E9:D7:7B:64:7B:8D:7F:B6:33:CA:D0:FB
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a3430303a3a2f33392d3438203d3e20313939363739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:400::/39

    Signature Algorithm: sha256WithRSAEncryption
         32:7e:ae:2d:87:8d:3a:15:5c:60:4f:06:0d:25:c3:c3:b3:0a:
         85:07:47:c0:80:0d:f6:89:72:cc:3a:01:60:f0:1c:92:ba:d3:
         77:21:a6:28:ce:05:5f:fe:ff:01:65:40:06:29:85:48:c2:37:
         15:b8:81:0a:b0:31:80:29:a9:bc:21:c7:dc:06:8b:29:fb:77:
         00:a0:27:97:30:63:4d:1f:55:fc:51:ee:80:88:37:57:b8:f8:
         c9:47:e0:8b:31:3c:65:df:7e:ea:6e:f6:4e:02:ce:4e:a3:f3:
         89:53:ca:1d:42:c5:83:ee:f9:26:c8:cd:18:81:31:76:e8:4e:
         7d:d8:34:61:17:2c:eb:4c:99:84:e1:3f:98:0d:7c:16:70:51:
         51:0d:41:b0:c7:c2:77:a7:63:4c:e0:c8:cf:e8:2c:d3:e1:db:
         02:6c:19:82:84:2a:ff:c4:fb:b3:7b:b5:8f:a2:49:9d:3d:83:
         01:17:79:43:f5:34:83:0e:33:1c:d5:87:c2:d4:de:d0:99:b8:
         b6:ad:ff:13:6c:fc:0d:3c:c8:20:27:59:fc:7b:7e:c3:97:5a:
         2b:f5:44:29:9b:b2:5c:b0:fd:43:1d:36:97:02:4e:5a:4d:92:
         8a:de:e4:77:25:bb:e0:73:12:b0:83:c8:90:d5:e0:38:91:55:
         60:f8:71:c8
-----BEGIN CERTIFICATE-----
MIIExTCCA62gAwIBAgIUOuUGlYWX5NGyacjZ3cR/2TTbERYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTlaFw0yNTEwMTAxMDA0MTlaMDMxMTAvBgNV
BAMTKEIzOThEMUEyRDg4M0I4QzFFOUQ3N0I2NDdCOEQ3RkI2MzNDQUQwRkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJHMp0it9MN41ug2+9HYC9Sqap
KFdVnSkY1/nGT8j4YdVSxxJKS+mMHTUWDQqfqOc7ay7RzWGijU1mGK56OY7FCdrL
baDtMHpUCxBW8UR3ydjtybDnOJ2XxrxakzpFtNsnIrNMyWyOOeVAvVcAzXq/9Zd/
dMRBa2hKP2onc+XqWAnnIsiJF3veaNUSlYGfM2MHv6KEz5UTpBlRAVM8gAVT+ZXE
oMR2Ky1E+forjfM32+7TWE/jOnjh4BEZ0JW1pjR7JyYHkc87Gr/sgrrgdBaFMH+c
54BIlri16WFssD8tWAleilGk38dg4Su4n5gcVf7nJFX1IV3GGpxLTbgM66GnAgMB
AAGjggHPMIIByzAdBgNVHQ4EFgQUs5jRotiDuMHp13tke41/tjPK0PswHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwegYI
KwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzNDMwMzAzYTNhMmYzMzM5MmQzNDM4
MjAzZDNlMjAzMTM5MzkzNjM3Mzkucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgEqEt1HBDANBgkqhkiG9w0B
AQsFAAOCAQEAMn6uLYeNOhVcYE8GDSXDw7MKhQdHwIAN9olyzDoBYPAckrrTdyGm
KM4FX/7/AWVABimFSMI3FbiBCrAxgCmpvCHH3AaLKft3AKAnlzBjTR9V/FHugIg3
V7j4yUfgizE8Zd9+6m72TgLOTqPziVPKHULFg+75JsjNGIExduhOfdg0YRcs60yZ
hOE/mA18FnBRUQ1BsMfCd6djTODIz+gs0+HbAmwZgoQq/8T7s3u1j6JJnT2DARd5
Q/U0gw4zHNWHwtTe0Jm4tq3/E2z8DTzIICdZ/Ht+w5daK/VEKZuyXLD9Qx02lwJO
Wk2Sit7kdyW74HMSsIPIkNXgOJFVYPhxyA==
-----END CERTIFICATE-----