Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a356330303a3a2f34302d3438203d3e20323030303231.roa
File:                     326131323a646434373a356330303a3a2f34302d3438203d3e20323030303231.roa (raw, json)
Hash identifier:          h/VvobJXvF8uo9DHL6T+HBTKKhTnLpjx2Q10DRTo5rY=
Subject key identifier:   48:69:85:60:68:8F:58:7E:D9:E9:90:79:BD:7C:D5:5C:63:DA:B6:0C
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       3CCB5288CD3D88DB98974F13AB0193DACED67F5E
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a356330303a3a2f34302d3438203d3e20323030303231.roa
Signing time:             Fri 11 Oct 2024 10:04:26 +0000
ROA not before:           Fri 11 Oct 2024 09:59:26 +0000
ROA not after:            Fri 10 Oct 2025 10:04:26 +0000
asID:                     200021
IP address blocks:        2a12:dd47:5c00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:cb:52:88:cd:3d:88:db:98:97:4f:13:ab:01:93:da:ce:d6:7f:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:26 2024 GMT
            Not After : Oct 10 10:04:26 2025 GMT
        Subject: CN=48698560688F587ED9E99079BD7CD55C63DAB60C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:7e:c3:10:1a:71:ba:23:65:d3:ff:f4:39:d3:
                    5a:25:5b:ba:44:b7:1a:0d:1b:3a:83:ca:ff:f8:f0:
                    39:e8:28:d1:aa:a8:0b:28:df:19:fe:f7:26:18:f1:
                    55:0b:23:9c:e5:42:28:cb:76:50:3b:50:1e:3d:96:
                    51:1e:8b:7d:d5:95:f4:15:ec:39:16:12:68:a1:2a:
                    a9:7e:48:88:93:24:d0:f4:ec:63:b2:01:4b:00:7e:
                    a3:83:1f:0c:19:6d:14:e3:03:a9:8d:c9:fe:cd:ca:
                    02:18:77:b8:2b:2e:fc:02:07:86:38:8c:b2:71:b3:
                    d1:57:1e:46:cf:ff:cb:60:63:76:56:e5:ac:37:dc:
                    20:8f:bd:44:c1:84:7f:ed:82:b3:12:b5:ad:eb:98:
                    85:16:09:c6:35:83:ca:a2:ff:be:4e:86:11:b3:c1:
                    5d:ec:b9:5c:fe:78:4c:f8:8d:c0:f6:57:29:2e:22:
                    27:de:7f:2b:4e:5d:22:fc:8c:c7:ca:00:45:5f:16:
                    42:15:0d:4b:f6:19:d9:54:66:bb:6e:82:7b:d4:b3:
                    c7:c1:94:d1:4f:c1:fe:c6:b0:49:14:e7:10:da:b6:
                    95:bc:f5:98:96:ae:27:ab:3e:f2:4b:3c:06:ee:b9:
                    4e:13:3d:9a:db:67:ee:0d:07:18:83:27:e7:41:e1:
                    48:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:69:85:60:68:8F:58:7E:D9:E9:90:79:BD:7C:D5:5C:63:DA:B6:0C
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a356330303a3a2f34302d3438203d3e20323030303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:5c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         51:1f:08:18:c6:1f:b6:bd:65:b7:8a:86:7b:2b:14:21:94:2c:
         8c:ce:07:2b:1d:5d:09:53:d6:76:19:e7:09:d0:55:f7:1a:42:
         9f:62:8b:da:71:97:61:c5:10:d6:26:c6:03:7b:4b:48:83:fb:
         58:78:3a:3c:61:ce:4d:a4:f9:95:1f:6e:53:f8:0a:dd:20:41:
         e4:a7:96:9b:84:20:0e:05:87:4c:81:eb:59:fe:55:8c:0c:8b:
         2c:4e:46:f2:74:4c:4f:60:52:97:75:94:1a:8d:96:95:8d:b2:
         8d:ec:a7:44:2c:f9:94:87:64:7f:2c:32:a9:42:54:ce:6c:b5:
         2e:6b:4b:dd:f7:fb:e0:64:cd:b2:50:88:4f:da:49:d9:fc:1b:
         14:60:a8:5b:6a:1c:fa:7e:15:9d:ce:74:4a:bb:ce:2a:1e:4e:
         eb:d8:34:f3:96:a0:11:c4:48:e1:25:9e:3d:4a:85:75:ae:17:
         0d:a1:07:6f:a7:ce:59:1c:66:e9:84:89:b8:44:47:ce:26:50:
         7d:a5:0e:97:21:50:87:db:48:20:68:9d:49:52:62:94:97:5e:
         c1:b1:24:93:db:66:5f:10:d6:21:43:bd:ce:b9:cf:70:37:00:
         c2:81:32:87:8b:08:2c:89:62:96:bb:bc:fb:40:4f:57:68:81:
         e8:bc:1f:0e
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUPMtSiM09iNuYl08TqwGT2s7Wf14wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MjZaFw0yNTEwMTAxMDA0MjZaMDMxMTAvBgNV
BAMTKDQ4Njk4NTYwNjg4RjU4N0VEOUU5OTA3OUJEN0NENTVDNjNEQUI2MEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0fsMQGnG6I2XT//Q501olW7pE
txoNGzqDyv/48DnoKNGqqAso3xn+9yYY8VULI5zlQijLdlA7UB49llEei33VlfQV
7DkWEmihKql+SIiTJND07GOyAUsAfqODHwwZbRTjA6mNyf7NygIYd7grLvwCB4Y4
jLJxs9FXHkbP/8tgY3ZW5aw33CCPvUTBhH/tgrMSta3rmIUWCcY1g8qi/75OhhGz
wV3suVz+eEz4jcD2VykuIifefytOXSL8jMfKAEVfFkIVDUv2GdlUZrtugnvUs8fB
lNFPwf7GsEkU5xDatpW89ZiWrierPvJLPAbuuU4TPZrbZ+4NBxiDJ+dB4UizAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUSGmFYGiPWH7Z6ZB5vXzVXGPatgwwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzNTYzMzAzMDNhM2EyZjM0MzAyZDM0
MzgyMDNkM2UyMDMyMzAzMDMwMzIzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoS3UdcMA0GCSqGSIb3
DQEBCwUAA4IBAQBRHwgYxh+2vWW3ioZ7KxQhlCyMzgcrHV0JU9Z2GecJ0FX3GkKf
YovacZdhxRDWJsYDe0tIg/tYeDo8Yc5NpPmVH25T+ArdIEHkp5abhCAOBYdMgetZ
/lWMDIssTkbydExPYFKXdZQajZaVjbKN7KdELPmUh2R/LDKpQlTObLUua0vd9/vg
ZM2yUIhP2knZ/BsUYKhbahz6fhWdznRKu84qHk7r2DTzlqARxEjhJZ49SoV1rhcN
oQdvp85ZHGbphIm4REfOJlB9pQ6XIVCH20ggaJ1JUmKUl17BsSST22ZfENYhQ73O
uc9wNwDCgTKHiwgsiWKWu7z7QE9XaIHovB8O
-----END CERTIFICATE-----