Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383332303a3a2f34342d3438203d3e20323132353938.roa
File:                     326131323a646434373a383332303a3a2f34342d3438203d3e20323132353938.roa (raw, json)
Hash identifier:          muBZvdo9LjJ+eZX5oLtNHwT0xWgcZLkGVEiGrqwQrDw=
Subject key identifier:   00:12:19:F2:8E:48:D9:80:C8:4C:33:A9:8C:FD:F6:A8:53:EC:29:DA
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       3D01628D5720C2F897581B7172FAFCF255B42AC5
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383332303a3a2f34342d3438203d3e20323132353938.roa
Signing time:             Fri 11 Oct 2024 10:04:22 +0000
ROA not before:           Fri 11 Oct 2024 09:59:22 +0000
ROA not after:            Fri 10 Oct 2025 10:04:22 +0000
asID:                     212598
IP address blocks:        2a12:dd47:8320::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 05:14:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:01:62:8d:57:20:c2:f8:97:58:1b:71:72:fa:fc:f2:55:b4:2a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:22 2024 GMT
            Not After : Oct 10 10:04:22 2025 GMT
        Subject: CN=001219F28E48D980C84C33A98CFDF6A853EC29DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2b:21:00:b0:f1:2c:51:21:3c:5a:ab:cc:9a:
                    33:63:08:d5:3d:bc:28:96:c2:8a:cb:2d:60:a9:ae:
                    1e:67:9c:45:74:ee:ea:ad:ba:3a:20:ec:19:27:3d:
                    f8:e4:66:0d:04:75:ad:8b:fc:35:bb:96:09:3b:45:
                    62:61:f9:d2:9c:56:16:a6:19:26:43:c3:c3:79:d1:
                    49:c3:20:fb:bb:1b:30:e2:64:8c:63:aa:26:d6:f3:
                    be:38:22:e5:19:0a:97:25:2d:c8:30:04:bb:73:3f:
                    b1:82:ef:af:e7:30:b1:de:fb:61:0f:b6:77:4b:ff:
                    02:a0:52:1d:13:7e:10:22:4e:4f:85:f2:d9:78:1d:
                    66:e8:ae:a5:b4:a2:a2:ac:38:bd:6d:e5:27:0b:29:
                    09:34:5e:06:da:42:69:01:cd:bf:c5:db:87:2c:9d:
                    18:70:23:b8:23:2e:88:53:ef:d7:71:c5:dd:80:cb:
                    be:a4:bb:90:92:11:f6:7a:ff:34:07:7f:f5:11:a2:
                    54:89:5d:ee:29:2e:1d:b1:f5:03:b4:d4:ec:5a:46:
                    e7:a3:8c:8c:5e:f5:84:a2:5c:52:a0:0e:df:b1:97:
                    ae:f4:c7:c4:36:6d:94:23:c1:9f:c0:49:0d:4d:57:
                    a2:c2:b4:3b:c1:02:b1:88:dd:3a:c2:bc:ea:83:e1:
                    fc:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:12:19:F2:8E:48:D9:80:C8:4C:33:A9:8C:FD:F6:A8:53:EC:29:DA
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383332303a3a2f34342d3438203d3e20323132353938.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8320::/44

    Signature Algorithm: sha256WithRSAEncryption
         df:5b:dc:d7:a3:5f:6a:db:04:d8:55:e3:3b:c0:f0:93:2a:f8:
         c3:1a:cc:c4:b3:be:17:bc:48:5e:a7:e0:6c:9c:2c:a4:27:12:
         ca:ac:3f:fe:71:81:40:4c:6c:7d:19:26:5a:30:a7:a7:03:d9:
         f1:b6:44:c6:e1:44:62:21:b3:23:05:ca:a2:28:30:57:0b:4c:
         85:86:3c:bc:44:f3:6e:06:71:98:f1:b8:08:3e:ed:1e:4c:41:
         35:af:61:7a:3c:25:fd:f3:b6:4a:45:9e:ba:ff:1d:d3:b8:d4:
         93:69:57:22:46:ae:6a:fa:8b:45:21:b9:bc:8b:a6:88:56:30:
         f4:d7:54:db:db:7c:0d:c5:2e:e4:25:05:1b:87:41:27:52:6c:
         97:97:1a:6b:73:d1:20:8c:c1:dd:86:7f:d6:12:bb:1a:49:2f:
         f6:ce:68:2e:32:f0:c2:a7:7a:5c:17:e4:5d:cc:70:00:a1:11:
         84:7f:11:56:23:89:dc:57:c0:14:4f:65:d4:3d:3a:79:74:52:
         35:c1:83:dd:d3:74:37:22:96:df:11:b5:e3:05:fd:92:27:8a:
         05:4a:d3:e3:b1:2e:53:3f:f1:06:3d:7c:27:60:cb:e6:bd:80:
         9e:ab:8c:e9:61:d1:da:9d:d4:bf:c3:0a:36:ac:e3:03:f1:85:
         00:cc:96:f5
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUPQFijVcgwviXWBtxcvr88lW0KsUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MjJaFw0yNTEwMTAxMDA0MjJaMDMxMTAvBgNV
BAMTKDAwMTIxOUYyOEU0OEQ5ODBDODRDMzNBOThDRkRGNkE4NTNFQzI5REEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0KyEAsPEsUSE8WqvMmjNjCNU9
vCiWworLLWCprh5nnEV07uqtujog7BknPfjkZg0Eda2L/DW7lgk7RWJh+dKcVham
GSZDw8N50UnDIPu7GzDiZIxjqibW8744IuUZCpclLcgwBLtzP7GC76/nMLHe+2EP
tndL/wKgUh0TfhAiTk+F8tl4HWborqW0oqKsOL1t5ScLKQk0XgbaQmkBzb/F24cs
nRhwI7gjLohT79dxxd2Ay76ku5CSEfZ6/zQHf/URolSJXe4pLh2x9QO01OxaRuej
jIxe9YSiXFKgDt+xl670x8Q2bZQjwZ/ASQ1NV6LCtDvBArGI3TrCvOqD4fyDAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUABIZ8o5I2YDITDOpjP32qFPsKdowHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMzMzIzMDNhM2EyZjM0MzQyZDM0
MzgyMDNkM2UyMDMyMzEzMjM1MzkzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoS3UeDIDANBgkqhkiG
9w0BAQsFAAOCAQEA31vc16NfatsE2FXjO8Dwkyr4wxrMxLO+F7xIXqfgbJwspCcS
yqw//nGBQExsfRkmWjCnpwPZ8bZExuFEYiGzIwXKoigwVwtMhYY8vETzbgZxmPG4
CD7tHkxBNa9hejwl/fO2SkWeuv8d07jUk2lXIkauavqLRSG5vIumiFYw9NdU29t8
DcUu5CUFG4dBJ1Jsl5caa3PRIIzB3YZ/1hK7Gkkv9s5oLjLwwqd6XBfkXcxwAKER
hH8RViOJ3FfAFE9l1D06eXRSNcGD3dN0NyKW3xG14wX9kieKBUrT47EuUz/xBj18
J2DL5r2AnquM6WHR2p3Uv8MKNqzjA/GFAMyW9Q==
-----END CERTIFICATE-----