Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383062303a3a2f34342d3438203d3e20323132343833.roa
File:                     326131323a646434373a383062303a3a2f34342d3438203d3e20323132343833.roa (raw, json)
Hash identifier:          XphAlyv/uiP4l4ttsX50bGERCwD1ShWs4m3AYdTtHyM=
Subject key identifier:   DC:AB:13:DC:CD:CF:E7:37:6D:0E:DF:9B:D5:33:70:93:56:A2:97:06
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       584611232BF7734F52CF1046AA54E4A4FC3F4712
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383062303a3a2f34342d3438203d3e20323132343833.roa
Signing time:             Fri 11 Oct 2024 10:04:24 +0000
ROA not before:           Fri 11 Oct 2024 09:59:24 +0000
ROA not after:            Fri 10 Oct 2025 10:04:24 +0000
asID:                     212483
IP address blocks:        2a12:dd47:80b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:46:11:23:2b:f7:73:4f:52:cf:10:46:aa:54:e4:a4:fc:3f:47:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:24 2024 GMT
            Not After : Oct 10 10:04:24 2025 GMT
        Subject: CN=DCAB13DCCDCFE7376D0EDF9BD533709356A29706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c2:8e:04:28:9e:7e:de:7c:f1:ce:93:f8:e0:
                    33:14:4d:db:9e:6e:8a:54:30:86:61:bd:d2:b6:cd:
                    4d:ed:82:72:3c:70:76:aa:51:cc:b0:92:75:a9:76:
                    9e:82:02:97:33:33:bf:41:51:75:d0:e7:f6:d3:08:
                    35:f9:97:85:f6:0c:7e:b9:75:90:23:44:9b:9e:ac:
                    df:7b:19:42:60:36:ff:ec:c1:8c:80:86:fa:fa:72:
                    8a:1a:cf:5a:66:1a:b3:55:b6:c6:32:a8:17:48:70:
                    ee:d8:4f:67:55:bb:38:77:ce:ee:6d:13:ad:0d:8f:
                    6e:48:b7:0f:c0:ff:48:40:1e:75:b2:53:c8:18:41:
                    fe:83:09:ad:ae:84:53:5b:c4:20:67:4f:bd:68:76:
                    b4:28:87:5b:26:37:33:15:6e:44:9c:ac:ed:66:12:
                    78:64:b0:9d:63:6e:8c:dc:57:d5:5a:86:0a:d8:b5:
                    fc:b7:f8:13:2d:3d:b6:73:cb:5f:2c:71:5a:5e:05:
                    2a:7b:e6:c3:25:0e:64:b5:6a:20:6d:bb:b3:48:09:
                    7c:2c:28:f5:3f:8e:82:48:72:57:3e:e7:50:a5:d5:
                    9d:a8:41:c9:5a:b9:27:82:0c:15:2e:0e:cc:26:c6:
                    da:8d:22:90:f4:01:b2:0e:03:8d:81:a2:d2:9b:f6:
                    27:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:AB:13:DC:CD:CF:E7:37:6D:0E:DF:9B:D5:33:70:93:56:A2:97:06
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383062303a3a2f34342d3438203d3e20323132343833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:80b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         b0:63:dd:09:77:d1:7b:24:4e:f9:10:72:f7:2d:be:a2:2c:90:
         b6:18:13:51:8f:27:03:55:11:fd:0d:70:2f:c5:a4:ff:83:5a:
         da:ae:5b:df:50:cf:06:7b:11:e3:e1:6d:6a:19:ce:72:6b:29:
         15:fd:e1:ac:55:16:d0:d9:02:11:5a:ae:84:9e:d3:97:a5:9d:
         e0:57:8f:d2:5e:d7:95:66:98:be:94:25:7e:ce:0d:82:c2:a1:
         6f:0d:8c:35:75:9d:73:4b:51:d5:f3:61:1f:eb:c6:c8:d1:ce:
         f0:e4:ad:35:8f:bc:57:25:82:0b:49:11:a9:20:fa:50:aa:4e:
         95:aa:d9:65:d3:45:82:dd:37:c4:d6:55:1f:ed:f4:c7:1e:f8:
         fa:56:bd:b1:13:ba:ae:ee:da:d2:19:f6:a6:6c:d6:ce:40:5c:
         58:e0:85:50:fa:e8:4b:99:3d:26:47:fa:f4:bd:3a:b2:2c:b7:
         ce:13:db:c8:ca:23:f1:fa:64:8d:86:e4:59:5b:6b:a7:0b:4f:
         e2:23:ea:f9:b3:b8:14:44:5a:dc:1d:74:c3:50:30:cf:35:af:
         6b:07:52:46:ad:95:91:ba:ca:69:a9:1e:61:3d:0e:1f:6f:fb:
         df:f9:86:42:bb:2a:56:d8:89:9a:2a:a8:19:dd:14:c0:fc:7b:
         b6:53:3f:73
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUWEYRIyv3c09SzxBGqlTkpPw/RxIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MjRaFw0yNTEwMTAxMDA0MjRaMDMxMTAvBgNV
BAMTKERDQUIxM0RDQ0RDRkU3Mzc2RDBFREY5QkQ1MzM3MDkzNTZBMjk3MDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnwo4EKJ5+3nzxzpP44DMUTdue
bopUMIZhvdK2zU3tgnI8cHaqUcywknWpdp6CApczM79BUXXQ5/bTCDX5l4X2DH65
dZAjRJuerN97GUJgNv/swYyAhvr6cooaz1pmGrNVtsYyqBdIcO7YT2dVuzh3zu5t
E60Nj25Itw/A/0hAHnWyU8gYQf6DCa2uhFNbxCBnT71odrQoh1smNzMVbkScrO1m
EnhksJ1jbozcV9VahgrYtfy3+BMtPbZzy18scVpeBSp75sMlDmS1aiBtu7NICXws
KPU/joJIclc+51Cl1Z2oQclauSeCDBUuDswmxtqNIpD0AbIOA42BotKb9ic3AgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQU3KsT3M3P5zdtDt+b1TNwk1ailwYwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMwNjIzMDNhM2EyZjM0MzQyZDM0
MzgyMDNkM2UyMDMyMzEzMjM0MzgzMy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoS3UeAsDANBgkqhkiG
9w0BAQsFAAOCAQEAsGPdCXfReyRO+RBy9y2+oiyQthgTUY8nA1UR/Q1wL8Wk/4Na
2q5b31DPBnsR4+FtahnOcmspFf3hrFUW0NkCEVquhJ7Tl6Wd4FeP0l7XlWaYvpQl
fs4NgsKhbw2MNXWdc0tR1fNhH+vGyNHO8OStNY+8VyWCC0kRqSD6UKpOlarZZdNF
gt03xNZVH+30xx74+la9sRO6ru7a0hn2pmzWzkBcWOCFUProS5k9Jkf69L06siy3
zhPbyMoj8fpkjYbkWVtrpwtP4iPq+bO4FERa3B10w1AwzzWvawdSRq2VkbrKaake
YT0OH2/73/mGQrsqVtiJmiqoGd0UwPx7tlM/cw==
-----END CERTIFICATE-----