Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383136363a3a2f34382d3438203d3e20323032323232.roa
File:                     326131323a646434373a383136363a3a2f34382d3438203d3e20323032323232.roa (raw, json)
Hash identifier:          jX+5IWouGHNxC3DdysOKKFzYLj7jR2z7mo1IPW41YPY=
Subject key identifier:   DB:F0:C3:FE:F5:D5:ED:97:69:10:E5:8E:40:A6:01:84:8D:88:69:9B
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       7D59B060D75B647F0A30D4E27BAEF9C2901DF188
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383136363a3a2f34382d3438203d3e20323032323232.roa
Signing time:             Fri 11 Oct 2024 10:04:26 +0000
ROA not before:           Fri 11 Oct 2024 09:59:26 +0000
ROA not after:            Fri 10 Oct 2025 10:04:26 +0000
asID:                     202222
IP address blocks:        2a12:dd47:8166::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 03:48:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:59:b0:60:d7:5b:64:7f:0a:30:d4:e2:7b:ae:f9:c2:90:1d:f1:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:26 2024 GMT
            Not After : Oct 10 10:04:26 2025 GMT
        Subject: CN=DBF0C3FEF5D5ED976910E58E40A601848D88699B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:83:20:46:8c:76:5c:c2:73:5e:40:ea:45:53:
                    e0:dd:4c:46:aa:dd:96:95:8c:17:91:52:0d:30:20:
                    4e:45:82:bd:75:18:22:3b:d4:0d:92:a4:54:d9:ee:
                    a1:59:15:9c:e6:17:c9:5a:75:d7:3c:81:bf:57:13:
                    93:88:3b:15:0b:ac:59:26:39:b9:ec:67:3d:bc:2b:
                    7a:8d:89:69:67:25:38:65:5c:71:e3:50:dd:bc:85:
                    1c:8b:f1:26:49:34:20:fd:2c:6c:7f:8e:a4:8f:44:
                    63:d7:22:a3:0f:f2:7b:c6:01:60:2e:66:33:96:e5:
                    35:dc:bd:a3:c2:20:52:45:c3:95:8a:18:fd:61:79:
                    0e:d1:5a:77:44:9b:ad:9e:01:7b:54:3e:ae:d4:1d:
                    09:84:f6:cb:89:d7:33:24:84:f8:a8:ba:a6:da:85:
                    f1:d6:39:12:17:52:88:39:8a:77:2b:e8:13:4e:8c:
                    67:cd:4c:65:7c:4b:27:9e:c1:cd:9c:e7:73:19:cc:
                    a9:0f:79:ab:be:d0:81:d6:2b:8f:21:fe:e1:07:4f:
                    9a:d5:72:40:94:c8:cc:39:6e:0a:5e:7b:20:0f:76:
                    8d:07:25:12:89:33:3f:34:f7:f5:93:5d:ce:89:05:
                    20:9a:e1:e8:10:1f:55:dd:6d:3d:ff:79:fe:fe:6e:
                    c9:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F0:C3:FE:F5:D5:ED:97:69:10:E5:8E:40:A6:01:84:8D:88:69:9B
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383136363a3a2f34382d3438203d3e20323032323232.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8166::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:c1:8d:15:34:e8:4d:b5:a5:3e:3c:fd:e6:e9:04:79:e2:fa:
         46:0e:2c:17:2a:2b:42:5a:5d:37:39:02:36:9b:37:92:30:df:
         0b:b2:44:79:7b:65:83:c9:fa:85:29:0b:3c:6c:51:53:d8:34:
         00:c3:ca:36:61:2d:56:2f:44:e1:92:27:e9:58:c8:42:cd:a3:
         3d:69:eb:d9:55:e6:c4:c7:49:3e:d7:15:e4:01:9a:fe:c2:75:
         dc:4b:8d:90:70:5d:7d:32:bd:5c:ec:fd:02:cc:e5:fb:c6:2d:
         72:25:fb:4e:d5:86:93:75:36:37:54:f1:e6:66:b2:83:16:0a:
         9e:de:1b:28:fd:4e:c5:05:27:03:d9:1b:c6:09:50:9b:11:e7:
         2c:3e:b7:0c:b2:b0:d2:58:9b:34:d6:81:54:b5:62:1a:13:62:
         0c:2d:1a:10:a6:7a:ec:23:f0:6a:34:10:60:ae:aa:d1:7f:d0:
         c2:04:53:d0:5f:de:f0:12:c6:52:68:56:e9:81:ee:3f:2e:1b:
         60:fd:dd:21:38:8c:f2:9f:2f:94:02:01:ae:8f:3c:46:ce:3d:
         77:e6:8a:c8:cc:ac:e9:64:8e:29:d7:92:1a:53:92:f3:13:5c:
         8e:82:61:4d:85:11:cc:a4:02:2b:24:6d:a4:65:5e:8e:95:12:
         30:63:b5:49
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUfVmwYNdbZH8KMNTie675wpAd8YgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MjZaFw0yNTEwMTAxMDA0MjZaMDMxMTAvBgNV
BAMTKERCRjBDM0ZFRjVENUVEOTc2OTEwRTU4RTQwQTYwMTg0OEQ4ODY5OUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfgyBGjHZcwnNeQOpFU+DdTEaq
3ZaVjBeRUg0wIE5Fgr11GCI71A2SpFTZ7qFZFZzmF8laddc8gb9XE5OIOxULrFkm
ObnsZz28K3qNiWlnJThlXHHjUN28hRyL8SZJNCD9LGx/jqSPRGPXIqMP8nvGAWAu
ZjOW5TXcvaPCIFJFw5WKGP1heQ7RWndEm62eAXtUPq7UHQmE9suJ1zMkhPiouqba
hfHWORIXUog5incr6BNOjGfNTGV8Syeewc2c53MZzKkPeau+0IHWK48h/uEHT5rV
ckCUyMw5bgpeeyAPdo0HJRKJMz809/WTXc6JBSCa4egQH1XdbT3/ef7+bsnjAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQU2/DD/vXV7ZdpEOWOQKYBhI2IaZswHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMxMzYzNjNhM2EyZjM0MzgyZDM0
MzgyMDNkM2UyMDMyMzAzMjMyMzIzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoS3UeBZjANBgkqhkiG
9w0BAQsFAAOCAQEApcGNFTToTbWlPjz95ukEeeL6Rg4sFyorQlpdNzkCNps3kjDf
C7JEeXtlg8n6hSkLPGxRU9g0AMPKNmEtVi9E4ZIn6VjIQs2jPWnr2VXmxMdJPtcV
5AGa/sJ13EuNkHBdfTK9XOz9Aszl+8YtciX7TtWGk3U2N1Tx5maygxYKnt4bKP1O
xQUnA9kbxglQmxHnLD63DLKw0libNNaBVLViGhNiDC0aEKZ67CPwajQQYK6q0X/Q
wgRT0F/e8BLGUmhW6YHuPy4bYP3dITiM8p8vlAIBro88Rs49d+aKyMys6WSOKdeS
GlOS8xNcjoJhTYURzKQCKyRtpGVejpUSMGO1SQ==
-----END CERTIFICATE-----