Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383364303a3a2f34342d3438203d3e20323031333836.roa
File:                     326131323a646434373a383364303a3a2f34342d3438203d3e20323031333836.roa (raw, json)
Hash identifier:          yepvMkMdMFGaG4+jvws3KeAYr8vSQuRDth29Kh4XQzE=
Subject key identifier:   AC:F8:26:CB:46:5D:F6:7E:56:13:F5:46:90:A0:4E:40:BB:E6:5B:9F
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       35582F68FB532308B96F0EF8EE033F6FCFE18A
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383364303a3a2f34342d3438203d3e20323031333836.roa
Signing time:             Fri 11 Oct 2024 10:04:20 +0000
ROA not before:           Fri 11 Oct 2024 09:59:20 +0000
ROA not after:            Fri 10 Oct 2025 10:04:20 +0000
asID:                     201386
IP address blocks:        2a12:dd47:83d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 03:48:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:58:2f:68:fb:53:23:08:b9:6f:0e:f8:ee:03:3f:6f:cf:e1:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:20 2024 GMT
            Not After : Oct 10 10:04:20 2025 GMT
        Subject: CN=ACF826CB465DF67E5613F54690A04E40BBE65B9F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:08:b9:82:87:12:96:6a:7c:ad:48:6e:ef:6b:
                    2f:70:98:43:20:ff:4b:21:47:ca:27:35:19:13:76:
                    63:2c:70:3a:7f:10:10:52:17:11:3b:e6:6a:c2:d0:
                    52:18:16:21:7a:09:2d:e8:94:f5:3e:d8:e4:55:d8:
                    80:25:ae:76:dd:b9:77:9b:d8:b0:8f:a3:d0:ce:bf:
                    43:98:a9:c9:de:ff:63:40:b5:23:97:b9:ca:4d:14:
                    42:09:f5:1e:25:48:47:e5:01:49:e1:3f:26:e3:cf:
                    86:3a:f4:aa:bf:42:df:5a:8c:9f:30:01:ad:7e:bb:
                    c0:ac:7f:20:bd:9d:4c:e0:63:c5:78:82:56:53:33:
                    53:f1:3e:95:82:2a:33:13:cf:e0:dd:5f:0b:c9:59:
                    f3:87:32:68:d6:1f:a8:8f:ef:e3:db:6a:19:6a:c0:
                    2e:df:40:bd:95:3a:a5:86:30:cb:22:21:e5:c2:6e:
                    d6:f6:80:dc:9f:99:7f:75:ae:9d:4a:1e:c8:5f:fd:
                    be:38:4d:d1:70:6f:97:fa:87:6d:f2:5b:d1:08:09:
                    0a:8d:27:ae:d8:20:27:cd:6d:21:4d:25:a7:db:fd:
                    ae:13:39:90:b7:6a:af:1f:a9:b1:e1:6d:3f:3c:af:
                    40:36:0c:67:26:73:7d:fc:06:bc:42:62:d7:d8:40:
                    ac:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:F8:26:CB:46:5D:F6:7E:56:13:F5:46:90:A0:4E:40:BB:E6:5B:9F
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383364303a3a2f34342d3438203d3e20323031333836.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:83d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         5e:d5:1d:3b:75:2f:47:5b:a6:6f:97:c1:17:0e:46:c8:27:db:
         12:27:21:f3:da:00:9a:fd:68:8c:e0:8d:2f:63:ca:1f:02:26:
         df:01:5c:84:c4:7c:a2:10:de:b1:6e:b1:cc:0f:18:5b:ab:44:
         ae:9a:f9:e6:9a:88:d6:74:cd:22:c5:2e:c4:57:2f:c6:31:35:
         33:1e:af:12:de:31:8b:1e:5b:57:df:ed:bf:fd:8d:62:10:04:
         a6:9c:ba:1d:39:61:18:f9:4d:52:1d:3a:c7:38:e8:35:7a:7c:
         5c:fa:b1:ff:82:4a:66:0e:99:33:f5:37:4b:67:b4:e2:53:b7:
         5d:b3:77:e3:11:c1:58:00:d3:31:c3:e6:56:38:bb:a5:0e:a0:
         b0:f4:78:de:ad:c1:4e:32:9e:3a:b4:ec:dc:cc:e6:e8:9a:5c:
         94:62:52:3c:38:dc:f9:42:05:d3:9d:dd:5e:81:31:ac:f1:5c:
         24:79:de:e3:e4:1e:55:1b:62:c0:95:28:25:12:4d:31:e1:b7:
         31:a7:f4:81:3e:cb:52:89:36:97:a0:e7:72:00:6d:e4:66:e2:
         6b:b9:dd:16:f5:18:e1:45:da:b8:bf:58:dd:68:8c:b0:a3:26:
         13:41:c1:06:3a:7a:bf:62:13:62:00:92:f9:cf:2b:26:72:91:
         6d:03:70:9d
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgITNVgvaPtTIwi5bw747gM/b8/hijANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEygxMjk2MjAyOEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThB
NjkzMTFFMB4XDTI0MTAxMTA5NTkyMFoXDTI1MTAxMDEwMDQyMFowMzExMC8GA1UE
AxMoQUNGODI2Q0I0NjVERjY3RTU2MTNGNTQ2OTBBMDRFNDBCQkU2NUI5RjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN8IuYKHEpZqfK1Ibu9rL3CYQyD/
SyFHyic1GRN2YyxwOn8QEFIXETvmasLQUhgWIXoJLeiU9T7Y5FXYgCWudt25d5vY
sI+j0M6/Q5ipyd7/Y0C1I5e5yk0UQgn1HiVIR+UBSeE/JuPPhjr0qr9C31qMnzAB
rX67wKx/IL2dTOBjxXiCVlMzU/E+lYIqMxPP4N1fC8lZ84cyaNYfqI/v49tqGWrA
Lt9AvZU6pYYwyyIh5cJu1vaA3J+Zf3WunUoeyF/9vjhN0XBvl/qHbfJb0QgJCo0n
rtggJ81tIU0lp9v9rhM5kLdqrx+pseFtPzyvQDYMZyZzffwGvEJi19hArN0CAwEA
AaOCAdIwggHOMB0GA1UdDgQWBBSs+CbLRl32flYT9UaQoE5Au+ZbnzAfBgNVHSME
GDAWgBQSliAooYHnWLiZCmyk8EqZimkxHjAOBgNVHQ8BAf8EBAMCB4AwWQYDVR0f
BFIwUDBOoEygSoZIcnN5bmM6Ly9kZXYudHcvcnBraS9BUzk0NS8xLzEyOTYyMDI4
QTE4MUU3NThCODk5MEE2Q0E0RjA0QTk5OEE2OTMxMUUuY3JsMGUGCCsGAQUFBwEB
BFkwVzBVBggrBgEFBQcwAoZJcnN5bmM6Ly9kZXYudHcvcnBraS9BdWd1c3QvNS8x
Mjk2MjAyOEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNlcjB8Bggr
BgEFBQcBCwRwMG4wbAYIKwYBBQUHMAuGYHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5
NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM4MzM2NDMwM2EzYTJmMzQzNDJkMzQz
ODIwM2QzZTIwMzIzMDMxMzMzODM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhLdR4PQMA0GCSqGSIb3
DQEBCwUAA4IBAQBe1R07dS9HW6Zvl8EXDkbIJ9sSJyHz2gCa/WiM4I0vY8ofAibf
AVyExHyiEN6xbrHMDxhbq0SumvnmmojWdM0ixS7EVy/GMTUzHq8S3jGLHltX3+2/
/Y1iEASmnLodOWEY+U1SHTrHOOg1enxc+rH/gkpmDpkz9TdLZ7TiU7dds3fjEcFY
ANMxw+ZWOLulDqCw9HjercFOMp46tOzczObomlyUYlI8ONz5QgXTnd1egTGs8Vwk
ed7j5B5VG2LAlSglEk0x4bcxp/SBPstSiTaXoOdyAG3kZuJrud0W9RjhRdq4v1jd
aIywoyYTQcEGOnq/YhNiAJL5zysmcpFtA3Cd
-----END CERTIFICATE-----