Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383063303a3a2f34342d3438203d3e20323035393830.roa
File:                     326131323a646434373a383063303a3a2f34342d3438203d3e20323035393830.roa (raw, json)
Hash identifier:          BsQhvNwLpJjTl8HGAxj1TMWbmCrhGbzexsAh0k7A490=
Subject key identifier:   F8:42:BC:B7:46:EA:25:0F:87:38:AB:54:33:DF:7A:5B:4D:2A:7E:13
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       27F75F07A05D1C25131F7D827E8CDC1762D9537D
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383063303a3a2f34342d3438203d3e20323035393830.roa
Signing time:             Fri 11 Oct 2024 10:04:24 +0000
ROA not before:           Fri 11 Oct 2024 09:59:24 +0000
ROA not after:            Fri 10 Oct 2025 10:04:24 +0000
asID:                     205980
IP address blocks:        2a12:dd47:80c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:f7:5f:07:a0:5d:1c:25:13:1f:7d:82:7e:8c:dc:17:62:d9:53:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:24 2024 GMT
            Not After : Oct 10 10:04:24 2025 GMT
        Subject: CN=F842BCB746EA250F8738AB5433DF7A5B4D2A7E13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:cf:59:25:6e:d2:e6:06:c5:82:71:a0:b6:dd:
                    8c:e4:2a:3e:65:9f:dc:99:fb:86:dc:67:76:32:65:
                    d5:f5:32:13:4f:f9:64:5d:6a:94:0e:d9:c7:c7:7e:
                    2a:5a:c3:00:d0:a5:3a:11:c3:93:3b:79:3b:32:d7:
                    60:fd:69:83:ff:fb:0d:04:c3:d6:a5:aa:63:46:1f:
                    af:fa:7f:d6:7a:de:76:d9:5b:45:16:88:4b:f1:50:
                    77:cf:40:7e:dd:17:b4:9c:fe:79:f3:de:94:49:01:
                    a2:51:4c:af:86:f7:7c:12:e9:0c:84:5e:5b:2b:6f:
                    4e:7a:ea:dd:c1:08:6b:cd:59:c1:75:81:1e:2a:2f:
                    cc:8d:ce:69:30:8d:43:6c:5f:fb:90:99:08:32:c1:
                    62:38:c8:1a:48:c8:9f:ed:b3:92:76:25:cc:fd:d4:
                    60:c3:d8:c8:7d:05:69:a3:1d:03:07:d7:7c:78:1c:
                    28:d8:c9:65:d1:a7:ac:cf:75:21:56:77:fa:34:00:
                    c2:45:08:7f:1c:1e:99:6e:78:4c:8b:be:df:4a:df:
                    64:d8:55:33:fb:40:ea:46:ab:48:6a:52:e1:20:5c:
                    1c:69:be:cb:57:9c:fd:12:6d:e2:6e:e3:84:39:33:
                    e2:a4:fa:e7:75:d8:ce:2a:f0:64:58:14:e0:a9:9e:
                    de:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:42:BC:B7:46:EA:25:0F:87:38:AB:54:33:DF:7A:5B:4D:2A:7E:13
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383063303a3a2f34342d3438203d3e20323035393830.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:80c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         93:e3:db:cc:cc:96:6f:e4:d0:ed:49:f0:d3:a1:65:e4:ac:1c:
         a9:17:e8:4f:9b:d1:12:26:b8:55:99:e7:69:1f:22:bc:75:b2:
         c1:f1:f0:42:e6:4e:0d:3f:6a:1c:2c:5a:42:c6:e9:75:0b:05:
         81:4a:62:8b:77:5b:31:e1:22:79:15:e2:89:42:90:01:c5:08:
         d5:c2:e4:f7:9c:aa:22:cf:e7:97:53:c8:e2:c1:94:af:d9:5a:
         12:2e:d8:3f:57:02:bf:a9:51:69:7f:7f:9f:a6:61:a6:f1:ab:
         e0:9b:bd:c5:de:d6:0e:60:0c:25:1f:55:7f:56:a0:e4:f9:bc:
         15:b0:c7:d2:8c:b3:06:eb:5f:34:ad:86:17:47:9d:1a:28:23:
         91:82:a7:47:cb:ff:e2:a4:23:30:e2:2a:57:0c:ba:fd:b5:2b:
         df:9a:f8:f1:fa:86:29:45:1d:17:2f:a3:ba:6c:b9:eb:c2:32:
         23:1a:7a:00:3a:43:46:c1:7d:e5:66:26:aa:3f:1b:3f:54:72:
         af:86:ea:c8:22:65:bc:1c:e6:60:a8:78:e7:76:b8:f0:4f:c4:
         dd:4b:2f:39:1e:09:91:2b:d2:1b:cf:4a:16:dc:09:9e:fc:9f:
         2e:58:43:57:2b:c3:dc:57:07:74:a9:b9:44:c2:c2:bc:91:4c:
         7c:26:15:66
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUJ/dfB6BdHCUTH32CfozcF2LZU30wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MjRaFw0yNTEwMTAxMDA0MjRaMDMxMTAvBgNV
BAMTKEY4NDJCQ0I3NDZFQTI1MEY4NzM4QUI1NDMzREY3QTVCNEQyQTdFMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRz1klbtLmBsWCcaC23YzkKj5l
n9yZ+4bcZ3YyZdX1MhNP+WRdapQO2cfHfipawwDQpToRw5M7eTsy12D9aYP/+w0E
w9alqmNGH6/6f9Z63nbZW0UWiEvxUHfPQH7dF7Sc/nnz3pRJAaJRTK+G93wS6QyE
Xlsrb0566t3BCGvNWcF1gR4qL8yNzmkwjUNsX/uQmQgywWI4yBpIyJ/ts5J2Jcz9
1GDD2Mh9BWmjHQMH13x4HCjYyWXRp6zPdSFWd/o0AMJFCH8cHplueEyLvt9K32TY
VTP7QOpGq0hqUuEgXBxpvstXnP0SbeJu44Q5M+Kk+ud12M4q8GRYFOCpnt6fAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQU+EK8t0bqJQ+HOKtUM996W00qfhMwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMwNjMzMDNhM2EyZjM0MzQyZDM0
MzgyMDNkM2UyMDMyMzAzNTM5MzgzMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoS3UeAwDANBgkqhkiG
9w0BAQsFAAOCAQEAk+PbzMyWb+TQ7Unw06Fl5KwcqRfoT5vREia4VZnnaR8ivHWy
wfHwQuZODT9qHCxaQsbpdQsFgUpii3dbMeEieRXiiUKQAcUI1cLk95yqIs/nl1PI
4sGUr9laEi7YP1cCv6lRaX9/n6ZhpvGr4Ju9xd7WDmAMJR9Vf1ag5Pm8FbDH0oyz
ButfNK2GF0edGigjkYKnR8v/4qQjMOIqVwy6/bUr35r48fqGKUUdFy+jumy568Iy
Ixp6ADpDRsF95WYmqj8bP1Ryr4bqyCJlvBzmYKh453a48E/E3UsvOR4JkSvSG89K
FtwJnvyfLlhDVyvD3FcHdKm5RMLCvJFMfCYVZg==
-----END CERTIFICATE-----