Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a643230303a3a2f34302d3438203d3e20323131393436.roa
File:                     326131323a646434373a643230303a3a2f34302d3438203d3e20323131393436.roa (raw, json)
Hash identifier:          f/rmrRAXvJjNYYEkOMOzeFjLyGkbQF8EG+mC0KiypxA=
Subject key identifier:   F5:FC:3E:8B:67:46:28:06:B6:97:51:7A:8A:AF:5B:C1:97:42:7D:29
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       61B1A4E54AF90078DC456239CA261ED05758A989
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a643230303a3a2f34302d3438203d3e20323131393436.roa
Signing time:             Fri 11 Oct 2024 10:04:21 +0000
ROA not before:           Fri 11 Oct 2024 09:59:21 +0000
ROA not after:            Fri 10 Oct 2025 10:04:21 +0000
asID:                     211946
IP address blocks:        2a12:dd47:d200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:b1:a4:e5:4a:f9:00:78:dc:45:62:39:ca:26:1e:d0:57:58:a9:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:21 2024 GMT
            Not After : Oct 10 10:04:21 2025 GMT
        Subject: CN=F5FC3E8B67462806B697517A8AAF5BC197427D29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:db:e6:0a:6f:48:ca:b8:17:df:ba:82:42:8f:
                    a2:af:5e:eb:61:74:97:6b:a8:59:cf:d2:53:2f:c9:
                    d8:d8:c3:9f:f4:be:4e:4a:f6:23:84:ae:0b:4f:f8:
                    00:64:74:ba:83:0f:6a:ab:fc:57:99:8a:12:c7:36:
                    f7:3f:70:d2:67:4e:d2:a7:c9:79:8f:e1:78:66:b7:
                    23:7f:3b:83:09:0a:df:e7:85:7a:3b:9b:85:41:e5:
                    6e:76:4f:20:19:27:e5:72:36:a8:c7:fe:a0:1e:04:
                    11:7d:19:94:11:1f:8b:f0:c4:fe:49:92:70:c0:22:
                    78:64:89:1b:c1:74:49:66:77:3e:d3:6e:25:69:e9:
                    af:26:93:5c:dd:f5:a3:ac:33:e6:cb:e1:21:eb:16:
                    8e:4d:a1:44:7c:06:8e:c3:7e:f7:76:5e:cb:08:bf:
                    a9:2a:fa:45:e4:75:29:60:dc:a7:65:0b:76:6d:cd:
                    ed:5d:61:fa:46:c5:19:73:6b:94:b4:98:3e:9c:67:
                    56:71:d9:be:4d:58:59:6a:14:ce:48:3c:dc:26:c7:
                    11:54:67:43:d1:3d:1a:5f:49:82:59:96:95:19:0f:
                    16:46:24:58:f3:d1:20:ce:40:22:76:ac:4e:bb:5d:
                    02:92:98:af:3f:f8:9a:5f:ca:4f:0b:8e:90:ee:f2:
                    0c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:FC:3E:8B:67:46:28:06:B6:97:51:7A:8A:AF:5B:C1:97:42:7D:29
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a643230303a3a2f34302d3438203d3e20323131393436.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:d200::/40

    Signature Algorithm: sha256WithRSAEncryption
         82:1f:53:b6:80:08:c7:e8:69:88:bb:66:b2:61:e3:c1:c4:fa:
         3c:4b:aa:21:cf:3c:c2:c9:f9:47:47:a0:ef:3d:58:e0:ee:f5:
         02:8d:92:17:c0:9e:6e:68:94:f6:8b:e3:53:7d:15:8b:15:03:
         19:41:96:b8:46:46:62:7a:8f:6e:a2:f7:0d:38:f4:41:13:e3:
         e2:56:72:90:7f:c8:92:da:87:e9:a5:1a:87:9f:b8:95:6a:3a:
         96:2e:a5:d4:a6:a9:0c:c7:dc:7c:b0:bd:c8:94:5c:6d:d7:cb:
         73:ea:11:c1:53:bb:ff:6c:24:88:58:36:9a:81:15:06:6d:13:
         8e:c8:0b:11:64:9f:c9:5f:98:73:a7:19:fe:fc:d8:8d:15:e9:
         a0:d7:ff:9b:5b:b9:a4:1a:34:a0:a2:67:42:dd:5a:51:99:d2:
         c9:3d:e9:c9:b8:40:10:86:6d:3b:a1:9c:ea:93:9d:b0:f6:3e:
         62:ab:95:9b:8f:b9:1c:d8:13:b1:ee:bd:50:13:18:f0:1b:1b:
         a3:3b:13:10:88:60:37:d7:bd:d4:df:06:9a:5f:6f:72:76:03:
         80:5d:54:d3:08:ed:4e:74:c1:a0:92:63:18:60:c6:0f:cd:79:
         a1:fe:38:e1:c9:16:2f:49:23:bb:78:2d:56:de:2f:fc:79:af:
         10:8c:d4:94
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUYbGk5Ur5AHjcRWI5yiYe0FdYqYkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MjFaFw0yNTEwMTAxMDA0MjFaMDMxMTAvBgNV
BAMTKEY1RkMzRThCNjc0NjI4MDZCNjk3NTE3QThBQUY1QkMxOTc0MjdEMjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv2+YKb0jKuBffuoJCj6KvXuth
dJdrqFnP0lMvydjYw5/0vk5K9iOErgtP+ABkdLqDD2qr/FeZihLHNvc/cNJnTtKn
yXmP4XhmtyN/O4MJCt/nhXo7m4VB5W52TyAZJ+VyNqjH/qAeBBF9GZQRH4vwxP5J
knDAInhkiRvBdElmdz7TbiVp6a8mk1zd9aOsM+bL4SHrFo5NoUR8Bo7Dfvd2XssI
v6kq+kXkdSlg3KdlC3Ztze1dYfpGxRlza5S0mD6cZ1Zx2b5NWFlqFM5IPNwmxxFU
Z0PRPRpfSYJZlpUZDxZGJFjz0SDOQCJ2rE67XQKSmK8/+Jpfyk8LjpDu8gxxAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQU9fw+i2dGKAa2l1F6iq9bwZdCfSkwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2E2NDMyMzAzMDNhM2EyZjM0MzAyZDM0
MzgyMDNkM2UyMDMyMzEzMTM5MzQzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoS3UfSMA0GCSqGSIb3
DQEBCwUAA4IBAQCCH1O2gAjH6GmIu2ayYePBxPo8S6ohzzzCyflHR6DvPVjg7vUC
jZIXwJ5uaJT2i+NTfRWLFQMZQZa4RkZieo9uovcNOPRBE+PiVnKQf8iS2ofppRqH
n7iVajqWLqXUpqkMx9x8sL3IlFxt18tz6hHBU7v/bCSIWDaagRUGbROOyAsRZJ/J
X5hzpxn+/NiNFemg1/+bW7mkGjSgomdC3VpRmdLJPenJuEAQhm07oZzqk52w9j5i
q5Wbj7kc2BOx7r1QExjwGxujOxMQiGA3173U3waaX29ydgOAXVTTCO1OdMGgkmMY
YMYPzXmh/jjhyRYvSSO7eC1W3i/8ea8QjNSU
-----END CERTIFICATE-----