Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383236303a3a2f34342d3438203d3e203537343036.roa
File:                     326131323a646434373a383236303a3a2f34342d3438203d3e203537343036.roa (raw, json)
Hash identifier:          DSSlVnNBVTrWfZLNW0pUyWjYyINqPAjQNzxDcVhoack=
Subject key identifier:   A8:72:8B:35:0A:12:7E:C5:E8:2C:5D:69:E5:28:D8:42:DD:B1:AF:85
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       3353D60D21A908781D10768CED1AC37B0163CB3D
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383236303a3a2f34342d3438203d3e203537343036.roa
Signing time:             Fri 11 Oct 2024 10:04:14 +0000
ROA not before:           Fri 11 Oct 2024 09:59:14 +0000
ROA not after:            Fri 10 Oct 2025 10:04:14 +0000
asID:                     57406
IP address blocks:        2a12:dd47:8260::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 03:48:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:53:d6:0d:21:a9:08:78:1d:10:76:8c:ed:1a:c3:7b:01:63:cb:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:14 2024 GMT
            Not After : Oct 10 10:04:14 2025 GMT
        Subject: CN=A8728B350A127EC5E82C5D69E528D842DDB1AF85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:52:fd:33:35:a1:f4:2f:62:39:f2:76:7a:e5:
                    5c:9f:94:2a:dd:49:3d:0d:1a:8d:45:3d:bf:50:aa:
                    86:29:ae:eb:4e:c2:88:55:6c:37:1b:cd:6b:23:0f:
                    68:18:f2:72:ee:02:ec:39:6f:67:ea:86:1c:31:4f:
                    e5:44:dc:90:bc:87:f7:24:ec:dd:c5:02:72:21:c7:
                    80:02:59:d9:0d:8c:5e:da:23:0f:bb:f0:f8:a8:13:
                    47:cd:51:1b:1c:2c:5d:12:e1:1f:79:15:72:5e:b8:
                    cb:25:bc:5d:a4:b1:d8:20:40:76:6d:79:69:3c:4d:
                    3e:71:9d:fe:80:ba:ec:20:a6:9b:d0:af:15:74:1d:
                    72:0e:30:8b:a1:0c:a3:20:c2:0c:b3:df:5a:43:15:
                    f3:0e:6c:2c:3f:d7:67:06:45:88:79:ca:10:a0:da:
                    63:c9:d7:0d:9c:f1:a6:1e:7c:78:ad:9d:92:c2:12:
                    39:35:96:8d:85:7e:90:75:24:b5:b0:eb:65:03:34:
                    26:cd:b8:ba:f7:f6:b9:12:7a:ba:a1:22:ae:b7:11:
                    4a:93:c1:31:dc:99:89:65:8e:85:c0:23:25:7a:bb:
                    dc:78:6f:da:87:46:75:3d:fa:b2:af:b8:97:c7:74:
                    0e:4c:a7:32:7c:19:bd:e7:dd:5c:ae:24:4d:45:7b:
                    c5:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:72:8B:35:0A:12:7E:C5:E8:2C:5D:69:E5:28:D8:42:DD:B1:AF:85
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383236303a3a2f34342d3438203d3e203537343036.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8260::/44

    Signature Algorithm: sha256WithRSAEncryption
         c7:0b:e1:6c:fd:ca:4a:11:82:e5:eb:8c:0b:f6:4e:a0:fe:0d:
         42:92:1d:0f:f4:d2:29:86:f3:e4:0e:69:63:58:fe:97:c4:c0:
         0e:bd:04:b6:fb:d4:61:9d:7b:d6:dd:ab:6a:ba:e7:1f:89:f2:
         18:5e:83:6c:cc:30:32:f1:0a:27:b8:76:0e:8b:e2:e8:3c:38:
         33:77:b7:3b:3e:e7:96:bf:f6:b7:d2:21:2c:f0:86:70:40:f0:
         93:f4:4a:f7:1e:44:56:8f:0d:84:6b:13:96:2c:0c:99:c1:c2:
         cf:1b:df:ca:df:ea:7a:65:32:c4:09:66:23:19:7e:89:81:5b:
         10:ab:af:da:9e:66:30:12:c1:9b:76:bf:c6:e5:66:cd:9d:55:
         4b:1a:21:c6:58:8b:e3:39:88:83:e9:76:7e:c2:22:fc:cc:c4:
         8f:29:df:61:59:34:c5:a7:a5:37:9b:d8:dc:6b:2f:b9:ad:71:
         57:30:6f:8d:22:5c:e5:d0:65:88:5c:e4:ad:28:93:d8:83:bc:
         7c:74:9c:a7:77:6f:fc:46:14:02:6c:94:94:c1:64:cf:66:d3:
         e4:42:06:43:9a:7d:cd:f6:48:0c:d8:e6:86:cb:33:8c:e6:fa:
         e7:05:16:bc:4e:74:e6:82:03:d7:33:af:30:f1:3b:3e:4a:25:
         45:e4:f0:a2
-----BEGIN CERTIFICATE-----
MIIExjCCA66gAwIBAgIUM1PWDSGpCHgdEHaM7RrDewFjyz0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTRaFw0yNTEwMTAxMDA0MTRaMDMxMTAvBgNV
BAMTKEE4NzI4QjM1MEExMjdFQzVFODJDNUQ2OUU1MjhEODQyRERCMUFGODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMUv0zNaH0L2I58nZ65VyflCrd
ST0NGo1FPb9QqoYprutOwohVbDcbzWsjD2gY8nLuAuw5b2fqhhwxT+VE3JC8h/ck
7N3FAnIhx4ACWdkNjF7aIw+78PioE0fNURscLF0S4R95FXJeuMslvF2ksdggQHZt
eWk8TT5xnf6AuuwgppvQrxV0HXIOMIuhDKMgwgyz31pDFfMObCw/12cGRYh5yhCg
2mPJ1w2c8aYefHitnZLCEjk1lo2FfpB1JLWw62UDNCbNuLr39rkSerqhIq63EUqT
wTHcmYlljoXAIyV6u9x4b9qHRnU9+rKvuJfHdA5MpzJ8Gb3n3VyuJE1Fe8WDAgMB
AAGjggHQMIIBzDAdBgNVHQ4EFgQUqHKLNQoSfsXoLF1p5SjYQt2xr4UwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwegYI
KwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMyMzYzMDNhM2EyZjM0MzQyZDM0
MzgyMDNkM2UyMDM1MzczNDMwMzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQqEt1HgmAwDQYJKoZIhvcN
AQELBQADggEBAMcL4Wz9ykoRguXrjAv2TqD+DUKSHQ/00imG8+QOaWNY/pfEwA69
BLb71GGde9bdq2q65x+J8hheg2zMMDLxCie4dg6L4ug8ODN3tzs+55a/9rfSISzw
hnBA8JP0SvceRFaPDYRrE5YsDJnBws8b38rf6nplMsQJZiMZfomBWxCrr9qeZjAS
wZt2v8blZs2dVUsaIcZYi+M5iIPpdn7CIvzMxI8p32FZNMWnpTeb2NxrL7mtcVcw
b40iXOXQZYhc5K0ok9iDvHx0nKd3b/xGFAJslJTBZM9m0+RCBkOafc32SAzY5obL
M4zm+ucFFrxOdOaCA9czrzDxOz5KJUXk8KI=
-----END CERTIFICATE-----
Generated at Thu Nov 21 13:37:44 2024 by rpki-client on console-ams.rpki-client.org