Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383334303a3a2f34342d3438203d3e20323030323430.roa
File:                     326131323a646434373a383334303a3a2f34342d3438203d3e20323030323430.roa (raw, json)
Hash identifier:          5+7qxcnFr6Ydd9VLV6gv3YTOaJsw0O2+Heh7j0YTJQ8=
Subject key identifier:   DB:00:3C:CA:10:17:88:66:55:77:F5:42:EA:74:8E:AB:DE:B4:52:42
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       0D09BDF16A3A344B1A9A379BDA6BA3878BB0C349
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383334303a3a2f34342d3438203d3e20323030323430.roa
Signing time:             Fri 11 Oct 2024 10:04:27 +0000
ROA not before:           Fri 11 Oct 2024 09:59:27 +0000
ROA not after:            Fri 10 Oct 2025 10:04:27 +0000
asID:                     200240
IP address blocks:        2a12:dd47:8340::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:09:bd:f1:6a:3a:34:4b:1a:9a:37:9b:da:6b:a3:87:8b:b0:c3:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:27 2024 GMT
            Not After : Oct 10 10:04:27 2025 GMT
        Subject: CN=DB003CCA101788665577F542EA748EABDEB45242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:26:bd:19:49:01:9e:bf:7d:21:4e:32:71:77:
                    38:0f:6d:c6:58:a0:ef:d9:d9:ba:c8:bf:b5:b3:2c:
                    c6:29:92:79:02:56:4c:31:6b:0d:08:46:df:bc:43:
                    ca:13:46:72:51:22:32:bc:0f:a6:18:72:7b:e6:9b:
                    d9:c8:46:1b:66:74:ec:c3:57:91:0e:17:bb:4c:2b:
                    1c:0e:a3:5f:5a:56:e2:ae:8e:a6:e6:8a:61:22:44:
                    95:ae:29:5d:76:8f:c8:d5:d7:6a:1b:55:32:e6:3f:
                    73:9a:3a:5e:ee:96:63:f3:42:9c:06:b8:5f:03:79:
                    93:1b:05:0a:36:7c:51:66:83:6a:b2:c0:99:79:07:
                    0d:f0:fe:ea:24:2a:d9:0a:f9:f7:80:73:fd:40:9b:
                    5a:e7:b0:2c:d2:d2:a0:25:8e:7a:e6:79:d8:58:e6:
                    0e:65:e8:51:c0:cf:53:cb:fe:93:91:98:10:c7:e3:
                    68:93:7b:8a:14:73:ec:07:e6:df:20:46:6d:8d:af:
                    1f:68:6e:84:52:4f:10:9f:98:3a:10:9c:8b:d7:5a:
                    f9:78:39:17:4d:84:90:ba:68:09:3e:00:ee:bc:bd:
                    ec:00:d8:30:9c:f4:cd:00:8d:fc:5f:c9:52:25:f7:
                    aa:23:2d:c7:f5:ed:0c:87:62:9c:4d:c8:f9:b6:20:
                    93:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:00:3C:CA:10:17:88:66:55:77:F5:42:EA:74:8E:AB:DE:B4:52:42
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383334303a3a2f34342d3438203d3e20323030323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8340::/44

    Signature Algorithm: sha256WithRSAEncryption
         11:ec:0c:57:18:6b:ad:09:ba:9c:0e:d6:db:d4:c0:61:66:f2:
         be:cc:43:a7:51:79:d4:83:79:42:9d:23:96:66:64:9f:92:bc:
         e8:89:a9:02:00:b8:ea:5f:e3:ae:45:8d:c9:99:93:f0:e9:b5:
         1a:8a:a9:24:41:32:47:31:7d:b0:4d:99:7d:fd:34:9e:fb:81:
         49:08:93:bf:8f:21:9f:c1:b0:e0:78:f3:a0:96:12:7c:75:5f:
         2c:e2:c4:54:f8:ca:c9:a6:7d:f5:1c:3c:e5:24:ff:b2:c8:59:
         b9:c2:2a:c7:df:c6:08:13:dd:44:22:eb:5e:58:17:58:f2:9b:
         e5:44:5d:87:65:28:ed:bd:13:c4:84:4e:3a:60:64:05:1b:9a:
         c6:26:cf:74:61:d2:08:2c:49:9d:42:76:a6:1f:19:6c:87:05:
         fe:16:f3:49:f4:bf:34:8c:79:25:09:5c:9f:cf:7e:75:7b:75:
         d1:d5:72:fb:f4:a0:4b:8e:47:9c:b3:11:c7:07:45:9e:e1:bc:
         91:49:d7:f5:cf:e6:96:d3:26:4c:cf:46:c1:a5:53:8d:af:f6:
         70:94:8a:67:63:24:df:72:75:7d:c1:27:22:49:b6:f8:60:8c:
         f5:c1:b0:4c:55:ca:f9:4f:e4:88:e4:84:63:0b:e8:2e:ad:0d:
         98:0c:ca:21
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUDQm98Wo6NEsamjeb2mujh4uww0kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MjdaFw0yNTEwMTAxMDA0MjdaMDMxMTAvBgNV
BAMTKERCMDAzQ0NBMTAxNzg4NjY1NTc3RjU0MkVBNzQ4RUFCREVCNDUyNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQJr0ZSQGev30hTjJxdzgPbcZY
oO/Z2brIv7WzLMYpknkCVkwxaw0IRt+8Q8oTRnJRIjK8D6YYcnvmm9nIRhtmdOzD
V5EOF7tMKxwOo19aVuKujqbmimEiRJWuKV12j8jV12obVTLmP3OaOl7ulmPzQpwG
uF8DeZMbBQo2fFFmg2qywJl5Bw3w/uokKtkK+feAc/1Am1rnsCzS0qAljnrmedhY
5g5l6FHAz1PL/pORmBDH42iTe4oUc+wH5t8gRm2Nrx9oboRSTxCfmDoQnIvXWvl4
ORdNhJC6aAk+AO68vewA2DCc9M0AjfxfyVIl96ojLcf17QyHYpxNyPm2IJPlAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQU2wA8yhAXiGZVd/VC6nSOq960UkIwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMzMzQzMDNhM2EyZjM0MzQyZDM0
MzgyMDNkM2UyMDMyMzAzMDMyMzQzMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoS3UeDQDANBgkqhkiG
9w0BAQsFAAOCAQEAEewMVxhrrQm6nA7W29TAYWbyvsxDp1F51IN5Qp0jlmZkn5K8
6ImpAgC46l/jrkWNyZmT8Om1GoqpJEEyRzF9sE2Zff00nvuBSQiTv48hn8Gw4Hjz
oJYSfHVfLOLEVPjKyaZ99Rw85ST/sshZucIqx9/GCBPdRCLrXlgXWPKb5URdh2Uo
7b0TxIROOmBkBRuaxibPdGHSCCxJnUJ2ph8ZbIcF/hbzSfS/NIx5JQlcn89+dXt1
0dVy+/SgS45HnLMRxwdFnuG8kUnX9c/mltMmTM9GwaVTja/2cJSKZ2Mk33J1fcEn
Ikm2+GCM9cGwTFXK+U/kiOSEYwvoLq0NmAzKIQ==
-----END CERTIFICATE-----