Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383032623a3a2f34382d3438203d3e20323032383230.roa
File:                     326131323a646434373a383032623a3a2f34382d3438203d3e20323032383230.roa (raw, json)
Hash identifier:          ppUxlMgeu9jvb/JwbFxtuKRG9dlRuq5HOBOap4JpmH0=
Subject key identifier:   65:94:5E:D8:54:1A:F5:DB:2F:2B:58:0F:39:32:9C:4B:66:98:D0:0C
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       29D70FF99124C718ACC6F9E213B20C88B1DC873B
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383032623a3a2f34382d3438203d3e20323032383230.roa
Signing time:             Fri 11 Oct 2024 10:04:14 +0000
ROA not before:           Fri 11 Oct 2024 09:59:14 +0000
ROA not after:            Fri 10 Oct 2025 10:04:14 +0000
asID:                     202820
IP address blocks:        2a12:dd47:802b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 03:48:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:d7:0f:f9:91:24:c7:18:ac:c6:f9:e2:13:b2:0c:88:b1:dc:87:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:14 2024 GMT
            Not After : Oct 10 10:04:14 2025 GMT
        Subject: CN=65945ED8541AF5DB2F2B580F39329C4B6698D00C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e5:dd:83:58:29:8c:23:42:c9:8c:5f:28:6a:
                    da:d8:f8:80:ce:9e:2c:85:fe:82:60:a8:d2:68:79:
                    ff:bc:e2:86:c3:71:c0:83:f2:42:75:d5:ae:37:bb:
                    0a:15:71:61:32:fc:6c:b3:42:c8:f5:c5:22:98:d8:
                    b1:13:82:f3:92:71:58:fc:87:cb:74:3c:62:5b:32:
                    68:1e:03:f9:1a:b3:da:c7:37:27:1f:e7:79:d9:23:
                    ec:53:dd:1c:18:f0:22:89:f6:05:fa:14:c2:c4:45:
                    99:56:80:4b:d0:9a:34:d8:1c:32:a5:29:c9:66:22:
                    d9:97:b4:98:de:01:5a:7f:44:c0:ed:c7:a2:0f:b2:
                    8d:32:d5:af:9a:2d:b6:c5:a2:c7:1f:f3:0d:4a:07:
                    2f:9d:bb:6a:51:1a:f7:0d:2f:74:27:61:a1:4f:82:
                    45:45:ce:01:54:e1:07:d8:66:c7:14:3d:a2:2e:24:
                    a9:1c:a4:33:ff:a0:2e:43:a8:be:69:9f:c7:d1:6f:
                    1f:17:5d:aa:f2:53:67:d4:8d:f5:c0:13:46:07:bc:
                    3a:bf:7c:87:23:66:08:0c:11:5a:56:aa:72:b4:c0:
                    b3:83:2b:ae:e9:35:b7:85:7d:05:ee:d1:81:f9:92:
                    5d:0e:51:ed:89:5d:74:9e:20:50:8b:9a:b2:04:1e:
                    9f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:94:5E:D8:54:1A:F5:DB:2F:2B:58:0F:39:32:9C:4B:66:98:D0:0C
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383032623a3a2f34382d3438203d3e20323032383230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:802b::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:87:db:bd:cf:d1:4d:0d:74:29:70:de:1f:fb:57:eb:fa:c3:
         28:10:24:11:ff:c4:e5:6c:47:45:b0:61:0b:b7:b7:48:d1:2c:
         7b:cb:47:c5:56:60:e7:45:8a:e9:40:57:f9:18:e6:27:7a:e4:
         32:40:37:91:12:04:b4:d5:fa:92:50:b0:c4:98:40:e5:ea:d9:
         43:ef:b0:2e:f0:1a:2f:2f:10:73:c4:3f:7d:8d:38:fa:fb:6e:
         46:65:6d:47:1b:71:7e:8a:0e:6d:a2:0f:76:c4:94:81:de:a5:
         14:19:b2:d7:3f:6f:ac:8d:46:0e:11:07:b8:ad:f4:8a:a3:38:
         ad:c5:67:a1:23:19:ac:83:2f:5b:c9:1c:2f:55:e1:56:51:72:
         81:52:89:70:6f:4e:e6:4e:16:fe:db:65:ac:a3:6f:94:a1:b6:
         ae:b8:4a:28:dd:e4:64:43:87:0c:84:71:5a:b2:cb:f7:1a:7c:
         fd:9c:58:ca:dc:31:20:85:3e:dc:f8:3a:be:ce:3c:9a:7d:00:
         7e:1a:56:e4:e8:50:f7:79:47:21:d4:13:08:0c:1a:c5:6d:80:
         7a:e5:14:3a:ff:b0:73:eb:7f:32:94:5c:01:5b:e8:95:dc:e8:
         d2:4a:71:89:26:25:52:58:41:30:04:d9:45:43:35:67:c5:68:
         31:3e:bf:e2
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUKdcP+ZEkxxisxvniE7IMiLHchzswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTRaFw0yNTEwMTAxMDA0MTRaMDMxMTAvBgNV
BAMTKDY1OTQ1RUQ4NTQxQUY1REIyRjJCNTgwRjM5MzI5QzRCNjY5OEQwMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC25d2DWCmMI0LJjF8oatrY+IDO
niyF/oJgqNJoef+84obDccCD8kJ11a43uwoVcWEy/GyzQsj1xSKY2LETgvOScVj8
h8t0PGJbMmgeA/kas9rHNycf53nZI+xT3RwY8CKJ9gX6FMLERZlWgEvQmjTYHDKl
KclmItmXtJjeAVp/RMDtx6IPso0y1a+aLbbFoscf8w1KBy+du2pRGvcNL3QnYaFP
gkVFzgFU4QfYZscUPaIuJKkcpDP/oC5DqL5pn8fRbx8XXaryU2fUjfXAE0YHvDq/
fIcjZggMEVpWqnK0wLODK67pNbeFfQXu0YH5kl0OUe2JXXSeIFCLmrIEHp+PAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUZZRe2FQa9dsvK1gPOTKcS2aY0AwwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMwMzI2MjNhM2EyZjM0MzgyZDM0
MzgyMDNkM2UyMDMyMzAzMjM4MzIzMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoS3UeAKzANBgkqhkiG
9w0BAQsFAAOCAQEAi4fbvc/RTQ10KXDeH/tX6/rDKBAkEf/E5WxHRbBhC7e3SNEs
e8tHxVZg50WK6UBX+RjmJ3rkMkA3kRIEtNX6klCwxJhA5erZQ++wLvAaLy8Qc8Q/
fY04+vtuRmVtRxtxfooObaIPdsSUgd6lFBmy1z9vrI1GDhEHuK30iqM4rcVnoSMZ
rIMvW8kcL1XhVlFygVKJcG9O5k4W/ttlrKNvlKG2rrhKKN3kZEOHDIRxWrLL9xp8
/ZxYytwxIIU+3Pg6vs48mn0AfhpW5OhQ93lHIdQTCAwaxW2AeuUUOv+wc+t/MpRc
AVvoldzo0kpxiSYlUlhBMATZRUM1Z8VoMT6/4g==
-----END CERTIFICATE-----