Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383065373a3a2f34382d3438203d3e20313939363736.roa
File:                     326131323a646434373a383065373a3a2f34382d3438203d3e20313939363736.roa (raw, json)
Hash identifier:          T319xBGMXuSEvauOmOR31uDP9pKrETssWAeXLXZJyBE=
Subject key identifier:   25:FF:78:E0:EC:A3:35:58:39:94:C8:20:16:73:3C:80:0F:CA:D9:5A
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       4A44200253F7713E6C1A6BB332A086FA1EC87ED6
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383065373a3a2f34382d3438203d3e20313939363736.roa
Signing time:             Fri 11 Oct 2024 10:04:16 +0000
ROA not before:           Fri 11 Oct 2024 09:59:16 +0000
ROA not after:            Fri 10 Oct 2025 10:04:16 +0000
asID:                     199676
IP address blocks:        2a12:dd47:80e7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:44:20:02:53:f7:71:3e:6c:1a:6b:b3:32:a0:86:fa:1e:c8:7e:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:16 2024 GMT
            Not After : Oct 10 10:04:16 2025 GMT
        Subject: CN=25FF78E0ECA335583994C82016733C800FCAD95A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c8:cf:17:bb:59:a4:b9:70:45:45:2f:d3:ab:
                    e5:22:47:17:01:00:fe:b2:e1:77:6a:a0:c0:f4:31:
                    5c:a0:9d:d4:c7:91:0c:72:48:dd:61:dd:0a:eb:2b:
                    51:59:74:17:bc:d9:e7:5b:f3:5c:f6:db:28:f5:1b:
                    58:ea:6c:29:64:11:a8:d7:03:55:6b:51:48:9e:32:
                    b6:fa:9f:4e:36:89:69:a5:3a:0d:6e:f3:9a:0a:ec:
                    dd:6f:db:4a:c9:33:cc:f5:32:de:b4:59:0b:dc:ad:
                    be:14:8d:d5:ff:af:20:f7:59:80:8b:68:a2:a0:f7:
                    a7:ff:a1:65:0f:88:0e:36:71:6e:4b:8c:06:df:3c:
                    c4:14:c6:6c:7f:2b:3d:a1:ea:dc:66:76:c6:79:04:
                    be:c9:5c:2a:51:c3:d4:71:a4:ef:57:32:69:23:14:
                    bc:74:38:f0:4d:90:bd:a6:8d:54:2f:7c:8c:61:2b:
                    41:cf:dd:95:63:a2:7f:f1:22:5f:7f:e8:ee:d4:89:
                    c1:8f:37:8b:30:fb:e9:86:3e:df:a9:fe:18:63:1a:
                    02:00:b1:47:4f:69:7d:08:24:06:ea:1d:5d:22:31:
                    91:2a:56:31:88:12:ea:15:62:ba:ab:8f:04:5c:61:
                    10:fe:ba:df:5a:09:93:30:b8:12:3f:a5:38:99:a8:
                    4f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:FF:78:E0:EC:A3:35:58:39:94:C8:20:16:73:3C:80:0F:CA:D9:5A
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383065373a3a2f34382d3438203d3e20313939363736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:80e7::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:f1:8c:b1:26:70:2c:05:4d:ab:54:4f:c0:42:23:81:60:30:
         69:ae:57:67:e5:94:19:6d:f5:2a:5b:fd:08:ab:f5:24:16:1b:
         2c:7c:81:59:de:df:08:d4:bc:f4:33:a9:07:5a:65:f1:7f:ee:
         95:84:c6:90:5d:c0:84:75:6c:5e:17:2a:15:a7:f0:52:bb:45:
         dc:87:15:20:21:42:09:5e:1b:7f:dc:ba:a1:58:c1:61:e2:d6:
         d1:7b:12:08:fd:03:1b:7d:de:8a:45:8d:24:7d:0a:98:fd:0e:
         bc:2e:06:51:35:fc:98:4a:ff:95:3c:c3:24:d2:14:8a:d2:5c:
         d0:45:ad:f3:d0:17:4a:a2:ce:03:59:4f:d8:ba:3e:08:e5:b8:
         c3:11:af:98:9d:be:92:6e:c9:65:75:cf:c8:a5:da:fe:6e:9f:
         e6:db:30:07:95:ad:29:93:9b:2c:e9:7f:b2:1e:e4:f5:b4:10:
         a3:05:84:61:68:24:a8:67:c8:e3:0f:07:4c:39:66:f7:17:f5:
         8c:1e:45:5c:7d:b1:33:a0:c4:ad:41:29:ed:41:84:0b:49:46:
         66:02:9c:31:28:d5:25:db:91:ac:a9:55:55:a2:13:e2:19:60:
         c8:a2:95:ce:fc:36:6a:35:ef:8a:f9:5d:7a:c3:03:e3:9e:e2:
         6c:e0:fd:43
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUSkQgAlP3cT5sGmuzMqCG+h7IftYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTZaFw0yNTEwMTAxMDA0MTZaMDMxMTAvBgNV
BAMTKDI1RkY3OEUwRUNBMzM1NTgzOTk0QzgyMDE2NzMzQzgwMEZDQUQ5NUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqyM8Xu1mkuXBFRS/Tq+UiRxcB
AP6y4XdqoMD0MVygndTHkQxySN1h3QrrK1FZdBe82edb81z22yj1G1jqbClkEajX
A1VrUUieMrb6n042iWmlOg1u85oK7N1v20rJM8z1Mt60WQvcrb4UjdX/ryD3WYCL
aKKg96f/oWUPiA42cW5LjAbfPMQUxmx/Kz2h6txmdsZ5BL7JXCpRw9RxpO9XMmkj
FLx0OPBNkL2mjVQvfIxhK0HP3ZVjon/xIl9/6O7UicGPN4sw++mGPt+p/hhjGgIA
sUdPaX0IJAbqHV0iMZEqVjGIEuoVYrqrjwRcYRD+ut9aCZMwuBI/pTiZqE/vAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUJf944OyjNVg5lMggFnM8gA/K2VowHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMwNjUzNzNhM2EyZjM0MzgyZDM0
MzgyMDNkM2UyMDMxMzkzOTM2MzczNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoS3UeA5zANBgkqhkiG
9w0BAQsFAAOCAQEAVfGMsSZwLAVNq1RPwEIjgWAwaa5XZ+WUGW31Klv9CKv1JBYb
LHyBWd7fCNS89DOpB1pl8X/ulYTGkF3AhHVsXhcqFafwUrtF3IcVICFCCV4bf9y6
oVjBYeLW0XsSCP0DG33eikWNJH0KmP0OvC4GUTX8mEr/lTzDJNIUitJc0EWt89AX
SqLOA1lP2Lo+COW4wxGvmJ2+km7JZXXPyKXa/m6f5tswB5WtKZObLOl/sh7k9bQQ
owWEYWgkqGfI4w8HTDlm9xf1jB5FXH2xM6DErUEp7UGEC0lGZgKcMSjVJduRrKlV
VaIT4hlgyKKVzvw2ajXvivldesMD457ibOD9Qw==
-----END CERTIFICATE-----