Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383132303a3a2f34342d3438203d3e20323033313435.roa
File:                     326131323a646434373a383132303a3a2f34342d3438203d3e20323033313435.roa (raw, json)
Hash identifier:          pFZIME6VBRCAYQFMGROw6FeyD28R1rWgtfNZjGW1MFU=
Subject key identifier:   A0:ED:F4:83:7B:EF:44:17:F7:44:77:96:BF:7E:C5:26:CF:5B:BE:35
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       1250CCC5AC6F08129DE498E7C379F8C2F94D3FAE
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383132303a3a2f34342d3438203d3e20323033313435.roa
Signing time:             Fri 11 Oct 2024 10:04:12 +0000
ROA not before:           Fri 11 Oct 2024 09:59:12 +0000
ROA not after:            Fri 10 Oct 2025 10:04:12 +0000
asID:                     203145
IP address blocks:        2a12:dd47:8120::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:50:cc:c5:ac:6f:08:12:9d:e4:98:e7:c3:79:f8:c2:f9:4d:3f:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:12 2024 GMT
            Not After : Oct 10 10:04:12 2025 GMT
        Subject: CN=A0EDF4837BEF4417F7447796BF7EC526CF5BBE35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:6d:99:3a:58:c0:ad:66:91:77:03:49:ee:34:
                    84:c6:b2:9d:6b:d1:b8:1e:7f:0b:cf:7c:b2:ea:4f:
                    78:2c:55:dd:c9:dc:58:db:bc:86:6b:ac:0c:57:bb:
                    93:7d:73:b0:03:98:2a:32:92:74:13:c8:1c:37:7d:
                    62:40:65:67:d3:dc:61:7b:31:04:d2:18:b1:7e:f3:
                    a4:14:09:4d:71:d1:40:f6:69:9b:51:26:a8:51:e9:
                    e5:97:d2:9a:10:6e:18:6f:29:8b:d6:be:2b:7e:15:
                    ba:5c:37:f8:b6:8d:0e:4e:58:0b:32:30:5d:20:a8:
                    82:32:47:69:dd:c1:8b:c4:e0:1f:18:84:93:5d:91:
                    90:e8:9f:69:af:59:5e:2c:c0:55:68:d5:48:d8:b6:
                    af:48:02:9f:62:c7:8e:32:a1:4b:9b:34:86:46:4a:
                    c1:e8:8c:a5:7c:b8:b7:32:c4:bf:25:2b:d6:d5:2f:
                    62:2a:66:b6:c3:11:39:27:3f:67:5b:77:42:2e:f1:
                    f3:69:32:87:20:bd:f7:08:64:e0:64:5e:c5:8e:9d:
                    e2:56:2d:6c:4f:ac:86:77:f7:70:83:ab:a6:c6:11:
                    52:33:a1:77:3f:90:03:63:ee:51:ad:17:bb:d1:d0:
                    84:d3:7a:f6:18:d6:61:d7:e1:74:52:a1:1b:16:22:
                    58:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:ED:F4:83:7B:EF:44:17:F7:44:77:96:BF:7E:C5:26:CF:5B:BE:35
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383132303a3a2f34342d3438203d3e20323033313435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8120::/44

    Signature Algorithm: sha256WithRSAEncryption
         a7:f8:b4:65:d5:b8:6f:53:17:b4:64:52:3c:c9:f6:18:3c:90:
         4c:5e:2a:da:1c:b8:11:dd:90:9b:c2:09:3e:a9:b1:0b:86:6a:
         81:a4:f1:89:68:63:f5:30:ab:dc:01:18:41:a7:52:64:41:e8:
         e8:70:e1:e8:d4:26:f0:04:ef:7a:c3:ab:b2:cb:fe:35:00:c8:
         0a:b4:11:47:10:f0:da:4b:d7:ad:db:65:fd:f2:93:c8:e3:e8:
         ab:fa:70:ce:e0:6f:03:65:27:bc:bd:cf:37:fe:ef:ba:4a:84:
         46:32:71:0b:f2:30:88:bf:52:77:96:28:d6:f8:89:17:e9:88:
         0a:7f:63:aa:96:e9:5b:e0:f6:1c:c0:c1:3b:66:09:b5:22:83:
         69:4c:0f:1c:36:d4:e1:7a:bf:2b:80:9c:19:c8:fe:32:f7:29:
         b4:86:67:8b:e9:fd:ee:19:89:56:b4:57:32:03:57:a5:28:38:
         28:2d:8e:84:cd:3e:84:53:79:e7:81:b9:68:d9:41:96:8d:83:
         42:73:7a:77:3e:89:7e:85:d8:79:fb:90:5e:91:67:92:8c:af:
         8b:61:71:c8:ab:ab:55:93:b4:81:95:37:d9:9c:fe:78:11:ca:
         45:ed:5d:a1:95:b6:1e:b3:80:a5:29:80:f0:71:ce:eb:39:0f:
         e2:f8:23:b0
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUElDMxaxvCBKd5Jjnw3n4wvlNP64wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTJaFw0yNTEwMTAxMDA0MTJaMDMxMTAvBgNV
BAMTKEEwRURGNDgzN0JFRjQ0MTdGNzQ0Nzc5NkJGN0VDNTI2Q0Y1QkJFMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRbZk6WMCtZpF3A0nuNITGsp1r
0bgefwvPfLLqT3gsVd3J3FjbvIZrrAxXu5N9c7ADmCoyknQTyBw3fWJAZWfT3GF7
MQTSGLF+86QUCU1x0UD2aZtRJqhR6eWX0poQbhhvKYvWvit+FbpcN/i2jQ5OWAsy
MF0gqIIyR2ndwYvE4B8YhJNdkZDon2mvWV4swFVo1UjYtq9IAp9ix44yoUubNIZG
SsHojKV8uLcyxL8lK9bVL2IqZrbDETknP2dbd0Iu8fNpMocgvfcIZOBkXsWOneJW
LWxPrIZ393CDq6bGEVIzoXc/kANj7lGtF7vR0ITTevYY1mHX4XRSoRsWIljzAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUoO30g3vvRBf3RHeWv37FJs9bvjUwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMxMzIzMDNhM2EyZjM0MzQyZDM0
MzgyMDNkM2UyMDMyMzAzMzMxMzQzNS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoS3UeBIDANBgkqhkiG
9w0BAQsFAAOCAQEAp/i0ZdW4b1MXtGRSPMn2GDyQTF4q2hy4Ed2Qm8IJPqmxC4Zq
gaTxiWhj9TCr3AEYQadSZEHo6HDh6NQm8ATvesOrssv+NQDICrQRRxDw2kvXrdtl
/fKTyOPoq/pwzuBvA2UnvL3PN/7vukqERjJxC/IwiL9Sd5Yo1viJF+mICn9jqpbp
W+D2HMDBO2YJtSKDaUwPHDbU4Xq/K4CcGcj+MvcptIZni+n97hmJVrRXMgNXpSg4
KC2OhM0+hFN554G5aNlBlo2DQnN6dz6JfoXYefuQXpFnkoyvi2FxyKurVZO0gZU3
2Zz+eBHKRe1doZW2HrOApSmA8HHO6zkP4vgjsA==
-----END CERTIFICATE-----