Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383165303a3a2f34342d3438203d3e20323033353737.roa
File:                     326131323a646434373a383165303a3a2f34342d3438203d3e20323033353737.roa (raw, json)
Hash identifier:          IWzwY6yZvMR9oiO280Y6gLSrucqCCeKN2KueVOfs5n0=
Subject key identifier:   AF:AE:C3:48:54:D9:68:54:F8:FD:D1:A3:E8:8E:EE:DC:9D:23:D9:E4
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       5720A9001CDB09BBC84AF8B590A0552AEBA4B85A
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383165303a3a2f34342d3438203d3e20323033353737.roa
Signing time:             Fri 11 Oct 2024 10:04:22 +0000
ROA not before:           Fri 11 Oct 2024 09:59:22 +0000
ROA not after:            Fri 10 Oct 2025 10:04:22 +0000
asID:                     203577
IP address blocks:        2a12:dd47:81e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:20:a9:00:1c:db:09:bb:c8:4a:f8:b5:90:a0:55:2a:eb:a4:b8:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:22 2024 GMT
            Not After : Oct 10 10:04:22 2025 GMT
        Subject: CN=AFAEC34854D96854F8FDD1A3E88EEEDC9D23D9E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:23:39:97:bf:34:5c:4f:90:6a:f9:6c:0f:6d:
                    3e:b0:13:b0:9f:4c:50:34:aa:7c:4c:34:a3:24:fe:
                    ba:5d:9d:00:e7:ce:92:cf:9d:51:16:4d:20:57:0f:
                    5e:0f:2a:2b:37:6c:e9:06:b0:64:c5:0e:1e:c9:0e:
                    42:d9:17:1b:54:5e:88:d3:bb:f4:92:f4:d0:1d:4d:
                    d2:db:a2:e1:a3:01:16:23:cd:77:f6:d8:ae:f0:dd:
                    65:00:b7:b7:d2:ff:0b:ed:db:09:78:a8:ee:32:6d:
                    cd:1e:e4:71:ec:8a:14:14:7e:9c:56:1e:8f:18:1c:
                    b4:07:e3:19:80:0f:ce:ae:dd:11:93:69:4f:ec:33:
                    cd:6a:f7:0c:64:c8:95:11:01:c9:23:81:d7:87:f8:
                    d5:cc:23:df:55:e5:87:f4:53:8b:d3:dd:2b:e5:49:
                    22:f4:39:81:5c:62:1f:71:dd:5f:00:19:db:2d:f5:
                    22:31:bc:0f:e3:6a:77:3d:e3:f8:15:93:da:d0:24:
                    5f:82:4f:bd:4e:a2:f3:88:9a:5f:2e:cf:a4:70:f9:
                    0c:be:16:29:b9:eb:e9:2e:dc:b3:27:79:90:0a:28:
                    8f:ac:90:78:ca:5a:51:16:4d:c4:b7:47:2d:5f:1c:
                    14:6d:dc:42:b0:42:f2:0b:13:65:11:d9:1d:8f:10:
                    26:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:AE:C3:48:54:D9:68:54:F8:FD:D1:A3:E8:8E:EE:DC:9D:23:D9:E4
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383165303a3a2f34342d3438203d3e20323033353737.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:81e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         af:db:72:a5:12:8f:19:37:ea:cd:b6:60:93:d7:4d:3c:e9:52:
         d8:9c:29:54:b1:98:14:27:63:3a:45:12:fb:1c:87:77:f3:b0:
         fd:54:a9:b4:da:48:a3:37:dd:f2:02:3d:c4:ea:ac:28:8e:85:
         47:ba:4c:b2:51:73:ec:68:be:7b:b0:6f:10:b5:50:5f:6f:0e:
         04:c6:64:a9:0e:f8:d5:9b:dc:36:b8:3c:99:6a:ec:86:fe:f5:
         66:cb:6e:1d:19:6f:4a:0d:8f:f9:09:08:16:9d:f7:34:8d:2e:
         4a:14:af:66:c9:8b:ae:62:d8:a2:02:d1:94:18:dd:2e:e0:b8:
         44:cb:af:3f:66:e5:49:72:56:a4:22:d9:5e:12:8c:5f:c2:a9:
         a7:b2:64:e5:dc:30:bd:d9:f2:19:8f:23:79:e6:83:d8:cb:e2:
         8f:c3:fd:b4:9f:86:87:6b:44:c9:3f:71:74:05:b7:25:e4:11:
         00:9a:d8:59:0e:9a:4f:bb:21:9f:62:18:5a:f2:7b:ad:1a:84:
         c5:69:e5:4f:8d:83:f7:7a:01:23:54:05:7c:65:d7:8c:de:67:
         e9:22:b2:6a:55:2a:09:ee:c3:56:bf:17:48:f6:8a:43:cc:cf:
         e3:4c:8f:e9:2f:c4:c9:0c:1d:f5:9d:86:ca:e7:fa:75:68:3b:
         c3:01:d1:67
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUVyCpABzbCbvISvi1kKBVKuukuFowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MjJaFw0yNTEwMTAxMDA0MjJaMDMxMTAvBgNV
BAMTKEFGQUVDMzQ4NTREOTY4NTRGOEZERDFBM0U4OEVFRURDOUQyM0Q5RTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgIzmXvzRcT5Bq+WwPbT6wE7Cf
TFA0qnxMNKMk/rpdnQDnzpLPnVEWTSBXD14PKis3bOkGsGTFDh7JDkLZFxtUXojT
u/SS9NAdTdLbouGjARYjzXf22K7w3WUAt7fS/wvt2wl4qO4ybc0e5HHsihQUfpxW
Ho8YHLQH4xmAD86u3RGTaU/sM81q9wxkyJURAckjgdeH+NXMI99V5Yf0U4vT3Svl
SSL0OYFcYh9x3V8AGdst9SIxvA/janc94/gVk9rQJF+CT71OovOIml8uz6Rw+Qy+
Fim56+ku3LMneZAKKI+skHjKWlEWTcS3Ry1fHBRt3EKwQvILE2UR2R2PECbXAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUr67DSFTZaFT4/dGj6I7u3J0j2eQwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMxNjUzMDNhM2EyZjM0MzQyZDM0
MzgyMDNkM2UyMDMyMzAzMzM1MzczNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoS3UeB4DANBgkqhkiG
9w0BAQsFAAOCAQEAr9typRKPGTfqzbZgk9dNPOlS2JwpVLGYFCdjOkUS+xyHd/Ow
/VSptNpIozfd8gI9xOqsKI6FR7pMslFz7Gi+e7BvELVQX28OBMZkqQ741ZvcNrg8
mWrshv71ZstuHRlvSg2P+QkIFp33NI0uShSvZsmLrmLYogLRlBjdLuC4RMuvP2bl
SXJWpCLZXhKMX8Kpp7Jk5dwwvdnyGY8jeeaD2Mvij8P9tJ+Gh2tEyT9xdAW3JeQR
AJrYWQ6aT7shn2IYWvJ7rRqExWnlT42D93oBI1QFfGXXjN5n6SKyalUqCe7DVr8X
SPaKQ8zP40yP6S/EyQwd9Z2Gyuf6dWg7wwHRZw==
-----END CERTIFICATE-----