Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383231303a3a2f34342d3438203d3e20323032393131.roa
File:                     326131323a646434373a383231303a3a2f34342d3438203d3e20323032393131.roa (raw, json)
Hash identifier:          yr2JeOLNp/8Ohcr7RA/yk2xepSo585K5+rKSu3qSFA0=
Subject key identifier:   FD:3E:61:BD:C8:FC:3E:27:00:0D:B7:61:BE:5D:A4:FC:F3:C6:91:53
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       700DA30C8C2CC10C7F0D4CEBD6225439B2589F29
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383231303a3a2f34342d3438203d3e20323032393131.roa
Signing time:             Fri 11 Oct 2024 10:04:18 +0000
ROA not before:           Fri 11 Oct 2024 09:59:18 +0000
ROA not after:            Fri 10 Oct 2025 10:04:18 +0000
asID:                     202911
IP address blocks:        2a12:dd47:8210::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:0d:a3:0c:8c:2c:c1:0c:7f:0d:4c:eb:d6:22:54:39:b2:58:9f:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:18 2024 GMT
            Not After : Oct 10 10:04:18 2025 GMT
        Subject: CN=FD3E61BDC8FC3E27000DB761BE5DA4FCF3C69153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d0:5b:cf:d5:60:0b:98:3b:86:c6:88:14:d6:
                    57:27:8f:c2:fc:0b:aa:69:1d:bb:dc:1a:3f:1c:8d:
                    3f:f4:1d:97:49:1d:95:39:e6:14:d0:b1:37:ea:bb:
                    fd:8c:ee:db:43:a7:f2:40:bd:68:54:f3:55:58:35:
                    4b:94:50:ba:cd:38:f3:a0:cd:1f:a5:29:9c:d0:08:
                    3c:0d:ec:5f:3a:0f:54:23:ca:d0:9a:50:dd:08:94:
                    bf:b1:c0:ed:eb:22:90:b3:ee:2f:00:4c:aa:06:34:
                    74:c9:a0:4a:40:87:2b:1b:fd:22:31:9e:82:79:3b:
                    5c:b1:ee:a7:61:f4:c4:14:82:21:8b:51:72:a4:c5:
                    b1:21:3c:cb:0e:f3:81:75:a0:b0:a4:5b:4b:07:6f:
                    d0:cf:7e:4a:e0:ba:df:05:b7:3f:eb:92:70:4b:c5:
                    a0:b2:07:f3:82:26:e6:74:00:62:d6:2c:18:5f:27:
                    e7:2d:88:83:6b:20:75:03:7e:61:2c:0e:79:22:ba:
                    bb:13:2b:e4:56:be:df:f7:a9:67:17:1e:61:72:a7:
                    8c:3a:aa:1f:f0:96:56:72:65:d1:3c:66:7a:e0:4a:
                    1a:61:4e:b3:b2:cf:da:72:c6:ab:91:d7:2a:35:f4:
                    24:24:95:06:8f:fa:f9:69:b6:1f:f0:3d:65:70:01:
                    df:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:3E:61:BD:C8:FC:3E:27:00:0D:B7:61:BE:5D:A4:FC:F3:C6:91:53
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383231303a3a2f34342d3438203d3e20323032393131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8210::/44

    Signature Algorithm: sha256WithRSAEncryption
         b2:83:88:21:1b:f4:d5:c8:92:96:c3:15:25:2f:c3:38:7e:68:
         b8:82:50:17:6c:b1:2a:27:43:0b:35:32:3e:d3:23:de:4a:51:
         68:14:52:43:33:63:50:d2:47:29:29:4d:8f:0a:a7:25:61:66:
         7d:06:99:3f:d5:e5:85:e2:3c:f0:1d:17:87:42:8e:0f:b9:67:
         6a:15:1f:a6:85:c9:ae:ff:aa:f4:89:6b:9c:3e:12:13:44:5b:
         86:64:13:ca:41:1e:22:27:80:f6:4c:e0:27:2e:44:5b:13:5c:
         77:62:85:35:8f:ca:5c:ae:1c:78:47:87:1b:9d:05:ce:87:5d:
         07:cb:3c:c6:7c:c4:40:08:c3:32:fb:d5:72:30:4b:24:5b:66:
         1e:4f:df:39:ae:34:5f:51:cc:ae:4c:97:26:7e:32:13:37:1f:
         0d:b2:09:43:44:66:a7:ee:3d:3e:68:32:71:ba:27:bd:ee:b0:
         e9:78:1b:a0:9f:5e:1c:b3:eb:f4:53:97:9a:88:87:3c:2e:c4:
         c4:13:1d:b4:36:9f:c7:58:23:28:63:6d:b9:cb:0b:d0:8b:6c:
         35:c6:f0:19:1a:95:b8:32:33:93:98:2b:26:38:97:17:79:ce:
         67:dd:f5:bc:6f:25:1e:be:cd:8b:42:0a:8d:66:fd:22:bb:ea:
         5f:52:97:db
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUcA2jDIwswQx/DUzr1iJUObJYnykwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MThaFw0yNTEwMTAxMDA0MThaMDMxMTAvBgNV
BAMTKEZEM0U2MUJEQzhGQzNFMjcwMDBEQjc2MUJFNURBNEZDRjNDNjkxNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk0FvP1WALmDuGxogU1lcnj8L8
C6ppHbvcGj8cjT/0HZdJHZU55hTQsTfqu/2M7ttDp/JAvWhU81VYNUuUULrNOPOg
zR+lKZzQCDwN7F86D1QjytCaUN0IlL+xwO3rIpCz7i8ATKoGNHTJoEpAhysb/SIx
noJ5O1yx7qdh9MQUgiGLUXKkxbEhPMsO84F1oLCkW0sHb9DPfkrgut8Ftz/rknBL
xaCyB/OCJuZ0AGLWLBhfJ+ctiINrIHUDfmEsDnkiursTK+RWvt/3qWcXHmFyp4w6
qh/wllZyZdE8ZnrgShphTrOyz9pyxquR1yo19CQklQaP+vlpth/wPWVwAd8vAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQU/T5hvcj8PicADbdhvl2k/PPGkVMwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMyMzEzMDNhM2EyZjM0MzQyZDM0
MzgyMDNkM2UyMDMyMzAzMjM5MzEzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoS3UeCEDANBgkqhkiG
9w0BAQsFAAOCAQEAsoOIIRv01ciSlsMVJS/DOH5ouIJQF2yxKidDCzUyPtMj3kpR
aBRSQzNjUNJHKSlNjwqnJWFmfQaZP9XlheI88B0Xh0KOD7lnahUfpoXJrv+q9Ilr
nD4SE0RbhmQTykEeIieA9kzgJy5EWxNcd2KFNY/KXK4ceEeHG50FzoddB8s8xnzE
QAjDMvvVcjBLJFtmHk/fOa40X1HMrkyXJn4yEzcfDbIJQ0Rmp+49Pmgycbonve6w
6XgboJ9eHLPr9FOXmoiHPC7ExBMdtDafx1gjKGNtucsL0ItsNcbwGRqVuDIzk5gr
JjiXF3nOZ931vG8lHr7Ni0IKjWb9IrvqX1KX2w==
-----END CERTIFICATE-----