Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383162303a3a2f34342d3438203d3e20323033373337.roa
File:                     326131323a646434373a383162303a3a2f34342d3438203d3e20323033373337.roa (raw, json)
Hash identifier:          UBXPqR7hRcjIbN3+2a4dV1Fw1V2mDM5GdegDpLA7/q0=
Subject key identifier:   86:91:AF:82:6D:84:55:C2:E6:F2:92:B7:82:A2:4A:E3:91:45:A6:5B
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       0868E310CD8E3C1DA2A61D6F4757606B853D27FA
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383162303a3a2f34342d3438203d3e20323033373337.roa
Signing time:             Fri 11 Oct 2024 10:04:19 +0000
ROA not before:           Fri 11 Oct 2024 09:59:19 +0000
ROA not after:            Fri 10 Oct 2025 10:04:19 +0000
asID:                     203737
IP address blocks:        2a12:dd47:81b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:68:e3:10:cd:8e:3c:1d:a2:a6:1d:6f:47:57:60:6b:85:3d:27:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:19 2024 GMT
            Not After : Oct 10 10:04:19 2025 GMT
        Subject: CN=8691AF826D8455C2E6F292B782A24AE39145A65B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:0f:10:06:05:bf:bb:c5:93:e2:34:9d:1b:0e:
                    8f:49:a2:09:c7:7c:4e:cc:8f:e3:55:88:69:61:6c:
                    f3:63:b4:84:24:20:cc:10:c5:89:ae:27:b6:ba:89:
                    18:17:d6:54:34:78:56:a8:3b:ed:15:1f:ed:60:f4:
                    c9:ac:d7:76:f7:75:9c:38:96:05:a8:8c:3b:b9:e4:
                    1b:d6:c8:4b:84:4d:35:67:a6:88:71:0a:ac:a0:d9:
                    11:7d:6f:3f:89:ac:67:1f:98:75:ce:40:60:17:78:
                    bc:24:57:3e:ef:11:99:2c:8e:37:d5:6f:62:8e:09:
                    50:1f:0c:97:f5:32:6d:86:52:ff:1b:b3:42:9d:21:
                    25:45:28:2a:33:2d:da:ea:42:0a:94:89:d2:c7:df:
                    6f:a1:2b:15:83:61:2e:16:b7:28:fd:97:03:e6:9a:
                    98:0e:eb:87:00:82:2c:4e:a8:24:99:7f:57:27:57:
                    cc:db:9a:aa:5f:ce:46:8d:a6:0c:6a:51:15:a1:17:
                    ea:61:67:cc:e3:3d:5a:1d:12:b4:67:a8:e2:e4:ce:
                    bb:00:ca:04:ef:0d:da:9f:d1:75:e9:53:77:8a:a6:
                    90:ba:f5:6a:38:15:c2:29:03:cb:09:4b:e9:8a:ed:
                    53:2c:7b:0a:6c:f5:12:6b:c3:3c:b4:2b:5b:aa:cd:
                    a5:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:91:AF:82:6D:84:55:C2:E6:F2:92:B7:82:A2:4A:E3:91:45:A6:5B
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383162303a3a2f34342d3438203d3e20323033373337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:81b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         31:e0:6e:3e:12:47:9b:cb:02:25:8e:7e:f5:5c:2d:3b:6f:76:
         34:a7:fd:6c:ea:91:04:ba:fa:af:af:95:13:2c:5b:72:45:0c:
         3a:d5:6f:a6:0b:4c:d5:a4:99:d8:f7:69:bd:c8:ce:0a:27:65:
         63:4f:55:b4:75:5b:cf:72:90:74:ec:fd:0f:be:04:c6:87:0c:
         f3:08:34:5b:96:25:06:39:bd:bb:46:05:88:f2:96:c7:11:c3:
         24:44:e0:2a:b1:13:5c:36:85:c1:6b:fa:ae:35:38:b1:b5:f9:
         a4:8d:f8:f7:cd:e2:fe:32:fc:19:e9:4b:91:08:90:00:b9:dd:
         72:fc:8e:3e:ae:85:1a:d7:d9:c8:08:2f:5f:e7:2d:06:50:37:
         a1:2a:89:07:17:df:a3:9f:82:5b:9b:aa:be:e8:8c:5c:39:6c:
         98:3e:40:95:eb:b6:5f:60:19:6f:cf:9b:d8:80:02:c1:93:4d:
         53:55:1e:83:8d:5f:ba:3b:36:3c:82:6c:e2:cd:51:ce:94:55:
         04:1c:99:d8:f5:ce:f9:ca:e3:3c:db:b7:79:a6:a9:de:1d:ff:
         ce:34:b8:87:d6:c3:2c:18:81:e7:d2:cf:2c:10:62:59:3b:84:
         a8:a7:24:6c:37:ff:18:b5:ca:0b:c1:14:19:46:57:63:ea:00:
         55:51:26:11
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUCGjjEM2OPB2iph1vR1dga4U9J/owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTlaFw0yNTEwMTAxMDA0MTlaMDMxMTAvBgNV
BAMTKDg2OTFBRjgyNkQ4NDU1QzJFNkYyOTJCNzgyQTI0QUUzOTE0NUE2NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWDxAGBb+7xZPiNJ0bDo9JognH
fE7Mj+NViGlhbPNjtIQkIMwQxYmuJ7a6iRgX1lQ0eFaoO+0VH+1g9Mms13b3dZw4
lgWojDu55BvWyEuETTVnpohxCqyg2RF9bz+JrGcfmHXOQGAXeLwkVz7vEZksjjfV
b2KOCVAfDJf1Mm2GUv8bs0KdISVFKCozLdrqQgqUidLH32+hKxWDYS4Wtyj9lwPm
mpgO64cAgixOqCSZf1cnV8zbmqpfzkaNpgxqURWhF+phZ8zjPVodErRnqOLkzrsA
ygTvDdqf0XXpU3eKppC69Wo4FcIpA8sJS+mK7VMsewps9RJrwzy0K1uqzaV5AgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUhpGvgm2EVcLm8pK3gqJK45FFplswHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMxNjIzMDNhM2EyZjM0MzQyZDM0
MzgyMDNkM2UyMDMyMzAzMzM3MzMzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoS3UeBsDANBgkqhkiG
9w0BAQsFAAOCAQEAMeBuPhJHm8sCJY5+9VwtO292NKf9bOqRBLr6r6+VEyxbckUM
OtVvpgtM1aSZ2PdpvcjOCidlY09VtHVbz3KQdOz9D74ExocM8wg0W5YlBjm9u0YF
iPKWxxHDJETgKrETXDaFwWv6rjU4sbX5pI34983i/jL8GelLkQiQALndcvyOPq6F
GtfZyAgvX+ctBlA3oSqJBxffo5+CW5uqvuiMXDlsmD5Aleu2X2AZb8+b2IACwZNN
U1Ueg41fujs2PIJs4s1RzpRVBByZ2PXO+crjPNu3eaap3h3/zjS4h9bDLBiB59LP
LBBiWTuEqKckbDf/GLXKC8EUGUZXY+oAVVEmEQ==
-----END CERTIFICATE-----