Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383363303a3a2f34342d3438203d3e20323039363532.roa
File:                     326131323a646434373a383363303a3a2f34342d3438203d3e20323039363532.roa (raw, json)
Hash identifier:          j4zEcFeBg1MjaCWDD0k3E/wnXXTczWzeR6v80UJaCh4=
Subject key identifier:   DD:F1:8F:EA:33:81:36:39:DE:58:BB:99:CA:EF:00:C8:DE:3D:DB:0B
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       3034192AA7596187D2657DDC4AB02A5F27BD8F54
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383363303a3a2f34342d3438203d3e20323039363532.roa
Signing time:             Fri 11 Oct 2024 10:04:15 +0000
ROA not before:           Fri 11 Oct 2024 09:59:15 +0000
ROA not after:            Fri 10 Oct 2025 10:04:15 +0000
asID:                     209652
IP address blocks:        2a12:dd47:83c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:34:19:2a:a7:59:61:87:d2:65:7d:dc:4a:b0:2a:5f:27:bd:8f:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:15 2024 GMT
            Not After : Oct 10 10:04:15 2025 GMT
        Subject: CN=DDF18FEA33813639DE58BB99CAEF00C8DE3DDB0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ba:78:3c:34:b8:92:77:6e:7a:22:a3:86:c0:
                    6e:cc:3b:00:e8:3e:69:75:07:fa:9c:c5:e1:41:6d:
                    48:7c:88:b5:c3:9a:e0:30:e0:b2:ce:34:b1:34:ee:
                    5b:20:d6:bc:16:91:c1:5c:c2:a2:17:57:db:0c:f9:
                    94:e1:c7:97:66:83:e4:ca:e6:c7:f7:92:64:18:7f:
                    f4:a5:cb:57:bd:7c:b9:9d:ef:0a:25:14:ad:b4:fc:
                    42:68:16:a5:d2:4a:a5:d7:dd:b2:36:ed:93:d0:ed:
                    32:e8:99:c8:a4:8d:70:9d:d9:fb:31:c0:32:29:60:
                    59:8c:98:23:ef:6a:13:56:04:ae:b5:bf:7a:60:fc:
                    f6:73:af:01:42:a7:2f:a7:f2:5b:5b:5c:0f:95:5d:
                    88:ff:57:03:0b:22:fd:1d:79:31:d6:af:39:0c:bb:
                    d5:92:85:e4:bd:63:41:2e:91:d5:78:17:28:a8:73:
                    3d:39:e8:b4:10:32:1e:75:46:c8:bd:d3:14:ea:7b:
                    4e:60:2c:56:5a:bd:b5:35:18:28:20:2c:7a:10:b0:
                    57:9f:5f:5f:9f:1d:48:56:39:5c:1d:92:77:19:9e:
                    81:b8:ce:ea:80:27:9f:27:5d:53:0c:84:a6:dd:c2:
                    d2:6e:1a:70:64:6a:72:8d:8f:e3:4c:85:dc:b9:e7:
                    30:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:F1:8F:EA:33:81:36:39:DE:58:BB:99:CA:EF:00:C8:DE:3D:DB:0B
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383363303a3a2f34342d3438203d3e20323039363532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:83c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         3c:5c:89:6c:ad:2e:41:05:23:26:25:e4:df:44:db:74:b8:8a:
         57:74:08:8f:b4:5e:71:fa:55:6b:5e:e9:2a:26:4c:68:18:37:
         3f:a9:d6:6f:25:19:9f:01:56:06:60:6b:95:0f:2f:d3:c9:dc:
         ed:6a:24:db:41:da:db:35:54:bd:9f:9f:43:c4:a5:9d:2b:f9:
         ac:e8:2d:9c:a3:55:49:65:26:88:b1:f6:c5:9c:cb:7f:01:45:
         36:21:7c:26:a0:94:8d:e5:3f:42:c8:43:cb:3a:37:0e:ea:01:
         28:e1:80:f7:40:5b:90:06:58:42:24:af:b9:d8:76:5f:b9:12:
         b7:6c:26:29:24:74:fb:ac:78:3a:24:7a:92:d7:93:19:2e:6d:
         b6:07:0b:b5:99:79:c3:06:d4:46:3e:68:60:11:90:cc:31:41:
         8d:84:be:d6:60:b4:53:e6:42:d3:07:4f:33:59:40:62:e2:ed:
         8d:81:f2:b2:1d:17:04:53:12:06:ae:a6:f4:d0:35:1f:23:6a:
         5c:7f:87:be:90:f9:35:39:2c:10:d3:26:9b:10:5f:e1:42:a2:
         03:8a:42:a4:8a:99:12:3c:ba:19:94:3b:68:db:14:1f:0b:b8:
         60:3f:1b:81:32:2f:d3:db:2d:fe:f2:8a:70:fb:d8:99:62:63:
         8b:60:14:02
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUMDQZKqdZYYfSZX3cSrAqXye9j1QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTVaFw0yNTEwMTAxMDA0MTVaMDMxMTAvBgNV
BAMTKERERjE4RkVBMzM4MTM2MzlERTU4QkI5OUNBRUYwMEM4REUzRERCMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKung8NLiSd256IqOGwG7MOwDo
Pml1B/qcxeFBbUh8iLXDmuAw4LLONLE07lsg1rwWkcFcwqIXV9sM+ZThx5dmg+TK
5sf3kmQYf/Sly1e9fLmd7wolFK20/EJoFqXSSqXX3bI27ZPQ7TLomcikjXCd2fsx
wDIpYFmMmCPvahNWBK61v3pg/PZzrwFCpy+n8ltbXA+VXYj/VwMLIv0deTHWrzkM
u9WSheS9Y0EukdV4Fyiocz056LQQMh51Rsi90xTqe05gLFZavbU1GCggLHoQsFef
X1+fHUhWOVwdkncZnoG4zuqAJ58nXVMMhKbdwtJuGnBkanKNj+NMhdy55zAPAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQU3fGP6jOBNjneWLuZyu8AyN492wswHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODMzNjMzMDNhM2EyZjM0MzQyZDM0
MzgyMDNkM2UyMDMyMzAzOTM2MzUzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoS3UeDwDANBgkqhkiG
9w0BAQsFAAOCAQEAPFyJbK0uQQUjJiXk30TbdLiKV3QIj7RecfpVa17pKiZMaBg3
P6nWbyUZnwFWBmBrlQ8v08nc7Wok20Ha2zVUvZ+fQ8SlnSv5rOgtnKNVSWUmiLH2
xZzLfwFFNiF8JqCUjeU/QshDyzo3DuoBKOGA90BbkAZYQiSvudh2X7kSt2wmKSR0
+6x4OiR6kteTGS5ttgcLtZl5wwbURj5oYBGQzDFBjYS+1mC0U+ZC0wdPM1lAYuLt
jYHysh0XBFMSBq6m9NA1HyNqXH+HvpD5NTksENMmmxBf4UKiA4pCpIqZEjy6GZQ7
aNsUHwu4YD8bgTIv09st/vKKcPvYmWJji2AUAg==
-----END CERTIFICATE-----