Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a386630303a3a2f34302d3438203d3e20323132343833.roa
File:                     326131323a646434373a386630303a3a2f34302d3438203d3e20323132343833.roa (raw, json)
Hash identifier:          jZjsGYONAwZxuxZAqS5KFT5cB7vGTY5gyfEAI4THpyU=
Subject key identifier:   9E:ED:3F:21:6A:0B:88:96:E7:9F:73:78:89:EF:F9:5B:4D:41:37:C8
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       6FD3DD7FCC757CD47C45E311A86A222A7A0AEFEA
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a386630303a3a2f34302d3438203d3e20323132343833.roa
Signing time:             Fri 11 Oct 2024 10:04:15 +0000
ROA not before:           Fri 11 Oct 2024 09:59:15 +0000
ROA not after:            Fri 10 Oct 2025 10:04:15 +0000
asID:                     212483
IP address blocks:        2a12:dd47:8f00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 03:48:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:d3:dd:7f:cc:75:7c:d4:7c:45:e3:11:a8:6a:22:2a:7a:0a:ef:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:15 2024 GMT
            Not After : Oct 10 10:04:15 2025 GMT
        Subject: CN=9EED3F216A0B8896E79F737889EFF95B4D4137C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:cc:f7:ac:d4:52:f2:44:00:d7:01:40:41:8c:
                    37:83:27:ad:7a:0e:1f:b5:0f:b9:f3:b3:87:04:6c:
                    64:b3:9d:ee:0c:d3:ed:8f:25:8f:a9:83:07:a6:e3:
                    71:f3:76:9e:bd:e5:8a:a8:dc:1e:d1:5d:72:b7:fe:
                    b7:12:ff:2c:11:74:53:5a:c5:9b:9f:87:df:25:6e:
                    45:fa:01:61:60:f2:6c:bc:79:9a:cd:80:cd:64:dc:
                    8a:98:31:24:df:d5:48:6f:b3:47:85:56:67:c5:cc:
                    6e:77:2d:bd:fe:84:da:b6:01:6f:e9:41:11:d1:a6:
                    56:39:75:a7:a4:0a:7e:63:d4:fb:52:4b:8c:26:66:
                    ae:5b:48:df:8b:d6:e6:71:07:bb:75:94:73:57:a6:
                    c5:ab:ee:48:96:6f:d8:19:f8:4b:93:a1:b1:0a:db:
                    56:fe:99:08:a2:14:26:21:ce:45:6d:f9:cc:86:b8:
                    5e:7f:d8:17:61:4d:50:61:31:b4:fc:29:ef:ea:49:
                    8a:37:91:00:7e:c4:ba:6e:51:db:86:8a:72:80:93:
                    8d:62:7a:d8:0c:cb:26:21:51:0a:05:2f:bd:a9:f2:
                    03:e8:c8:35:ae:2a:8f:fe:f2:23:0e:0f:f6:5b:0f:
                    e5:cd:77:ee:1a:60:bc:be:07:67:3e:91:53:5e:5f:
                    91:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:ED:3F:21:6A:0B:88:96:E7:9F:73:78:89:EF:F9:5B:4D:41:37:C8
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a386630303a3a2f34302d3438203d3e20323132343833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:8f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         9d:18:ab:0b:27:9f:85:78:1a:55:22:93:70:26:9c:98:20:f7:
         9e:54:d8:ee:5b:cf:78:a8:a4:ec:89:c1:f8:e6:2f:c2:cb:16:
         1b:6a:03:e8:e7:60:6f:1e:80:60:ad:ac:33:90:ee:f9:4e:46:
         ea:39:29:20:c8:e4:de:9d:aa:97:0f:e2:21:b3:6b:91:0d:bc:
         6c:63:a6:7f:7c:d5:44:8b:79:b3:e8:74:5a:41:dd:bb:47:a5:
         88:db:a0:8e:70:d3:9c:81:15:fd:39:22:c3:21:57:94:1b:1f:
         88:9f:a3:aa:db:8b:b7:98:c9:d6:91:83:73:06:f2:e0:15:5d:
         23:45:a6:16:04:cd:bb:10:bf:95:06:61:1a:ac:71:92:d9:cb:
         90:c8:2e:43:54:60:42:b8:2a:85:fc:45:4f:6f:26:c7:61:67:
         0f:49:ea:d8:d8:07:c4:e1:d8:85:0d:4f:fa:3e:72:36:aa:03:
         71:c4:49:38:fb:00:4e:2f:7a:5f:63:7e:61:52:48:cf:84:5e:
         3c:08:4e:8b:d7:4e:ce:5e:0f:ea:46:f5:86:b0:d5:c0:48:a3:
         2b:1a:d6:91:d9:d3:90:21:ec:b0:58:60:b3:6e:53:68:31:1c:
         03:43:55:21:e9:f8:b9:4a:c1:6e:3b:ea:ab:25:d5:f4:ac:cf:
         23:e6:e7:73
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUb9Pdf8x1fNR8ReMRqGoiKnoK7+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTVaFw0yNTEwMTAxMDA0MTVaMDMxMTAvBgNV
BAMTKDlFRUQzRjIxNkEwQjg4OTZFNzlGNzM3ODg5RUZGOTVCNEQ0MTM3QzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7zPes1FLyRADXAUBBjDeDJ616
Dh+1D7nzs4cEbGSzne4M0+2PJY+pgwem43Hzdp695Yqo3B7RXXK3/rcS/ywRdFNa
xZufh98lbkX6AWFg8my8eZrNgM1k3IqYMSTf1Uhvs0eFVmfFzG53Lb3+hNq2AW/p
QRHRplY5daekCn5j1PtSS4wmZq5bSN+L1uZxB7t1lHNXpsWr7kiWb9gZ+EuTobEK
21b+mQiiFCYhzkVt+cyGuF5/2BdhTVBhMbT8Ke/qSYo3kQB+xLpuUduGinKAk41i
etgMyyYhUQoFL72p8gPoyDWuKo/+8iMOD/ZbD+XNd+4aYLy+B2c+kVNeX5GdAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUnu0/IWoLiJbnn3N4ie/5W01BN8gwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2EzODY2MzAzMDNhM2EyZjM0MzAyZDM0
MzgyMDNkM2UyMDMyMzEzMjM0MzgzMy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoS3UePMA0GCSqGSIb3
DQEBCwUAA4IBAQCdGKsLJ5+FeBpVIpNwJpyYIPeeVNjuW894qKTsicH45i/CyxYb
agPo52BvHoBgrawzkO75TkbqOSkgyOTenaqXD+Ihs2uRDbxsY6Z/fNVEi3mz6HRa
Qd27R6WI26COcNOcgRX9OSLDIVeUGx+In6Oq24u3mMnWkYNzBvLgFV0jRaYWBM27
EL+VBmEarHGS2cuQyC5DVGBCuCqF/EVPbybHYWcPSerY2AfE4diFDU/6PnI2qgNx
xEk4+wBOL3pfY35hUkjPhF48CE6L107OXg/qRvWGsNXASKMrGtaR2dOQIeywWGCz
blNoMRwDQ1Uh6fi5SsFuO+qrJdX0rM8j5udz
-----END CERTIFICATE-----