Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a383530303a3a2f34302d3430203d3e203531333936.roa
File:                     326131323a646434373a383530303a3a2f34302d3430203d3e203531333936.roa (raw, json)
Hash identifier:          ykLk+3sLuKNbISMTG35k9C3KSFoOZ8/GFhs/b/Qt8a8=
Subject key identifier:   66:5D:B9:01:C4:39:F8:BD:D4:D2:D5:4A:A7:44:65:DD:4D:C0:9D:CE
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       0450A4322EE7690179A1E4578C27C8260C4F15D9
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a383530303a3a2f34302d3430203d3e203531333936.roa
Signing time:             Fri 11 Oct 2024 10:04:23 +0000
ROA not before:           Fri 11 Oct 2024 09:59:23 +0000
ROA not after:            Fri 10 Oct 2025 10:04:23 +0000
asID:                     51396
IP address blocks:        2a12:dd47:8500::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:50:a4:32:2e:e7:69:01:79:a1:e4:57:8c:27:c8:26:0c:4f:15:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:23 2024 GMT
            Not After : Oct 10 10:04:23 2025 GMT
        Subject: CN=665DB901C439F8BDD4D2D54AA74465DD4DC09DCE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:84:c5:20:76:37:20:f4:c1:09:3a:88:c8:6c:
                    11:0e:b4:55:38:0a:8d:d9:45:04:a1:86:c8:8b:e9:
                    33:db:c3:9d:c4:19:d3:1e:07:31:e0:31:92:8f:a8:
                    c1:9e:35:3a:94:42:96:3c:23:c2:9f:16:5a:f9:fa:
                    d3:90:6d:be:7f:98:15:14:ce:b4:f1:00:22:6d:76:
                    18:3e:26:d8:52:76:e5:f4:70:a1:56:86:1c:e2:70:
                    00:ac:49:d8:d7:92:1c:0a:bf:fc:e5:c6:a8:c7:f9:
                    c9:a0:56:41:99:f3:e8:38:f3:e5:f5:bc:e4:4a:b8:
                    40:50:77:33:f4:f0:40:3c:2f:f1:56:ee:df:38:00:
                    a1:77:62:07:81:68:b8:78:1a:3a:24:f2:ad:6b:c5:
                    de:cd:67:a0:8d:3e:48:2d:62:1e:5b:2b:01:dd:fb:
                    d7:15:30:5f:a1:21:35:a4:f3:42:d0:1b:cd:2c:08:
                    7a:a9:39:c0:c1:2a:c7:bc:11:41:d8:7b:10:f1:6e:
                    45:2e:c2:6b:5b:48:9d:33:5c:d9:cb:2e:c1:87:3d:
                    23:b5:7d:a6:b9:f7:9f:77:a1:ab:e3:89:fb:a4:c2:
                    0a:84:4e:30:92:ed:57:7e:6a:59:fb:c8:db:7b:35:
                    3c:23:cf:9f:9b:77:d0:d0:bf:59:c4:1a:92:fd:55:
                    83:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:5D:B9:01:C4:39:F8:BD:D4:D2:D5:4A:A7:44:65:DD:4D:C0:9D:CE
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a383530303a3a2f34302d3430203d3e203531333936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8500::/40

    Signature Algorithm: sha256WithRSAEncryption
         47:23:75:c0:f2:26:92:53:ef:56:01:74:d6:8f:49:9c:38:28:
         75:3a:31:3a:e4:37:9a:12:ff:d8:41:91:1f:b9:92:8a:d6:6e:
         97:d8:67:09:7b:4b:56:73:0a:15:45:53:af:ff:20:33:5c:b2:
         23:75:fd:9f:55:cd:0f:22:8a:5e:53:ce:33:34:55:f3:50:c1:
         26:ec:17:e7:0e:ac:0f:fc:e4:92:40:a9:20:da:19:a2:cb:a2:
         92:f8:e6:68:b3:a2:83:72:29:21:bb:56:3b:4f:02:bd:bb:7f:
         d3:40:46:8a:6d:33:9a:e6:d8:91:cd:ce:e2:6b:4a:2a:eb:58:
         5a:86:46:ab:55:d9:f0:88:43:06:49:dd:3c:f0:8a:b4:67:5d:
         b1:ef:59:b7:ab:aa:54:9f:62:da:2a:ab:41:b9:ea:cc:45:0f:
         18:34:43:5f:8c:ef:8d:2f:36:82:0d:65:aa:0e:ea:01:5c:44:
         ae:b9:27:5f:e2:db:0d:52:2f:dc:bc:ac:49:20:cf:d3:d3:d3:
         4a:d8:c5:81:ad:ab:4b:f3:1a:9f:d7:2a:b5:24:83:39:10:1f:
         46:a8:10:8f:79:c2:83:75:a7:28:f4:63:a7:4e:df:b5:49:6a:
         b5:e6:ad:aa:0b:fa:62:fe:c3:04:10:3e:ce:17:73:d1:9b:59:
         c3:dc:67:a7
-----BEGIN CERTIFICATE-----
MIIExTCCA62gAwIBAgIUBFCkMi7naQF5oeRXjCfIJgxPFdkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MjNaFw0yNTEwMTAxMDA0MjNaMDMxMTAvBgNV
BAMTKDY2NURCOTAxQzQzOUY4QkRENEQyRDU0QUE3NDQ2NURENERDMDlEQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHhMUgdjcg9MEJOojIbBEOtFU4
Co3ZRQShhsiL6TPbw53EGdMeBzHgMZKPqMGeNTqUQpY8I8KfFlr5+tOQbb5/mBUU
zrTxACJtdhg+JthSduX0cKFWhhzicACsSdjXkhwKv/zlxqjH+cmgVkGZ8+g48+X1
vORKuEBQdzP08EA8L/FW7t84AKF3YgeBaLh4Gjok8q1rxd7NZ6CNPkgtYh5bKwHd
+9cVMF+hITWk80LQG80sCHqpOcDBKse8EUHYexDxbkUuwmtbSJ0zXNnLLsGHPSO1
faa59593oavjifukwgqETjCS7Vd+aln7yNt7NTwjz5+bd9DQv1nEGpL9VYNVAgMB
AAGjggHPMIIByzAdBgNVHQ4EFgQUZl25AcQ5+L3U0tVKp0Rl3U3Anc4wHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwegYI
KwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODM1MzAzMDNhM2EyZjM0MzAyZDM0
MzAyMDNkM2UyMDM1MzEzMzM5MzYucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUH
DgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqEt1HhTANBgkqhkiG9w0B
AQsFAAOCAQEARyN1wPImklPvVgF01o9JnDgodToxOuQ3mhL/2EGRH7mSitZul9hn
CXtLVnMKFUVTr/8gM1yyI3X9n1XNDyKKXlPOMzRV81DBJuwX5w6sD/zkkkCpINoZ
osuikvjmaLOig3IpIbtWO08Cvbt/00BGim0zmubYkc3O4mtKKutYWoZGq1XZ8IhD
BkndPPCKtGddse9Zt6uqVJ9i2iqrQbnqzEUPGDRDX4zvjS82gg1lqg7qAVxErrkn
X+LbDVIv3LysSSDP09PTStjFga2rS/Man9cqtSSDORAfRqgQj3nCg3WnKPRjp07f
tUlqteatqgv6Yv7DBBA+zhdz0ZtZw9xnpw==
-----END CERTIFICATE-----