Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a386533303a3a2f34342d3438203d3e20323131333538.roa
File:                     326131323a646434373a386533303a3a2f34342d3438203d3e20323131333538.roa (raw, json)
Hash identifier:          E3DyTNreF8A2yQ/yuibDSrgy5Ilybzgk5szjs/8Rk+Y=
Subject key identifier:   93:72:04:47:F5:2F:88:B1:0C:C1:68:13:9E:2A:BE:14:2B:B0:A4:46
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       176A04B7A1F56C7AA061BF32DA739C31F80ABE7B
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a386533303a3a2f34342d3438203d3e20323131333538.roa
Signing time:             Fri 11 Oct 2024 10:04:23 +0000
ROA not before:           Fri 11 Oct 2024 09:59:23 +0000
ROA not after:            Fri 10 Oct 2025 10:04:23 +0000
asID:                     211358
IP address blocks:        2a12:dd47:8e30::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:6a:04:b7:a1:f5:6c:7a:a0:61:bf:32:da:73:9c:31:f8:0a:be:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:23 2024 GMT
            Not After : Oct 10 10:04:23 2025 GMT
        Subject: CN=93720447F52F88B10CC168139E2ABE142BB0A446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:9f:79:77:96:f4:9d:22:ab:b6:00:2a:bb:37:
                    dc:63:8e:5e:43:7c:98:1e:19:e1:23:16:f1:08:50:
                    68:21:67:92:87:0f:b7:5d:2b:d9:7e:e9:80:52:4d:
                    c5:d0:b1:06:1c:7f:82:89:a3:bb:1c:f8:39:54:70:
                    50:35:31:ec:94:43:c8:bd:f1:22:d2:ae:24:94:f9:
                    63:75:b3:d8:dd:55:d2:ed:3d:8d:88:1a:3d:2c:87:
                    8f:5d:8b:68:15:4c:05:6d:12:e9:09:01:f8:45:6f:
                    4a:a0:b9:bd:da:82:2e:20:1c:00:90:b6:ae:1c:44:
                    a0:ba:bf:b9:36:ce:97:17:dc:e6:f8:c4:ba:45:68:
                    4f:d1:0f:fe:4d:46:7d:9f:84:10:d2:2a:3b:00:7c:
                    c0:4e:08:73:9c:00:ca:32:25:64:94:73:6c:91:cb:
                    56:88:09:68:46:71:1f:bc:71:d1:e7:3d:91:b8:46:
                    3c:d6:33:e4:47:d9:b4:b7:32:84:ca:3c:a7:df:74:
                    82:0d:8d:d0:9b:61:77:06:22:67:9f:e5:85:6f:43:
                    c7:be:4e:2c:c3:c3:a4:cb:6a:76:d4:20:5e:31:ce:
                    d0:6d:a9:f0:05:ef:41:bf:06:14:79:41:82:f0:62:
                    df:29:56:12:fc:25:ab:c0:f9:e6:83:dd:6d:64:76:
                    e0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:72:04:47:F5:2F:88:B1:0C:C1:68:13:9E:2A:BE:14:2B:B0:A4:46
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a386533303a3a2f34342d3438203d3e20323131333538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8e30::/44

    Signature Algorithm: sha256WithRSAEncryption
         12:c8:24:34:c9:f7:31:53:ce:da:59:7d:eb:79:a7:9a:21:b2:
         df:f4:4d:f5:8a:3a:c3:55:eb:f4:f5:4b:5f:37:c7:ee:5c:03:
         de:fa:34:9d:4c:7d:3d:ff:13:12:14:23:6b:7d:86:50:54:05:
         80:6d:eb:a2:2a:d2:38:20:bc:fb:9f:63:28:3b:11:bf:0c:9d:
         6f:e4:44:5b:bc:75:38:b7:34:eb:d5:e1:fc:c4:a5:9b:db:b3:
         32:29:e1:19:c6:cd:d1:a8:21:1d:17:02:71:bf:fd:03:2d:f9:
         f3:62:e7:d2:21:8f:84:6a:f5:a4:0a:b7:83:2b:bc:18:76:48:
         22:4e:16:d6:f7:de:d3:bb:f7:a5:8c:64:23:4e:0b:ab:7a:ac:
         be:7b:02:53:1e:04:c1:1c:59:42:36:a3:f7:77:1e:09:fb:c6:
         75:45:09:aa:9e:2a:d6:cf:00:2f:5c:85:cc:cf:c3:a3:59:bc:
         bd:d7:e5:fa:02:d1:b0:bc:68:88:59:9f:95:cd:00:ec:04:cc:
         8e:12:76:69:54:a1:ec:16:80:5b:33:5f:54:aa:58:0e:85:f8:
         a3:f8:f6:49:52:36:08:25:a5:7b:f3:8d:61:0f:c4:34:a1:4e:
         86:50:13:a8:35:a7:8e:5c:c6:d6:2f:54:4d:66:ab:97:32:15:
         40:86:7d:a8
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUF2oEt6H1bHqgYb8y2nOcMfgKvnswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MjNaFw0yNTEwMTAxMDA0MjNaMDMxMTAvBgNV
BAMTKDkzNzIwNDQ3RjUyRjg4QjEwQ0MxNjgxMzlFMkFCRTE0MkJCMEE0NDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9n3l3lvSdIqu2ACq7N9xjjl5D
fJgeGeEjFvEIUGghZ5KHD7ddK9l+6YBSTcXQsQYcf4KJo7sc+DlUcFA1MeyUQ8i9
8SLSriSU+WN1s9jdVdLtPY2IGj0sh49di2gVTAVtEukJAfhFb0qgub3agi4gHACQ
tq4cRKC6v7k2zpcX3Ob4xLpFaE/RD/5NRn2fhBDSKjsAfMBOCHOcAMoyJWSUc2yR
y1aICWhGcR+8cdHnPZG4RjzWM+RH2bS3MoTKPKffdIINjdCbYXcGImef5YVvQ8e+
TizDw6TLanbUIF4xztBtqfAF70G/BhR5QYLwYt8pVhL8JavA+eaD3W1kduBBAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUk3IER/UviLEMwWgTniq+FCuwpEYwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODY1MzMzMDNhM2EyZjM0MzQyZDM0
MzgyMDNkM2UyMDMyMzEzMTMzMzUzOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoS3UeOMDANBgkqhkiG
9w0BAQsFAAOCAQEAEsgkNMn3MVPO2ll963mnmiGy3/RN9Yo6w1Xr9PVLXzfH7lwD
3vo0nUx9Pf8TEhQja32GUFQFgG3roirSOCC8+59jKDsRvwydb+REW7x1OLc069Xh
/MSlm9uzMinhGcbN0aghHRcCcb/9Ay3582Ln0iGPhGr1pAq3gyu8GHZIIk4W1vfe
07v3pYxkI04Lq3qsvnsCUx4EwRxZQjaj93ceCfvGdUUJqp4q1s8AL1yFzM/Do1m8
vdfl+gLRsLxoiFmflc0A7ATMjhJ2aVSh7BaAWzNfVKpYDoX4o/j2SVI2CCWle/ON
YQ/ENKFOhlATqDWnjlzG1i9UTWarlzIVQIZ9qA==
-----END CERTIFICATE-----