Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a646530303a3a2f34302d3430203d3e20323133323637.roa
File:                     326131323a646434373a646530303a3a2f34302d3430203d3e20323133323637.roa (raw, json)
Hash identifier:          ZDRd3UeoC3E9Ei9hhb1nwM59ZbTo8HIcaqFgdVfn71o=
Subject key identifier:   F0:8D:7F:F6:EE:8D:9C:26:08:54:38:B2:02:72:D8:EC:29:B4:6A:68
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       72F3E2B4EC96CDBB0085098C45897A4473C800AE
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a646530303a3a2f34302d3430203d3e20323133323637.roa
Signing time:             Fri 11 Oct 2024 10:04:16 +0000
ROA not before:           Fri 11 Oct 2024 09:59:16 +0000
ROA not after:            Fri 10 Oct 2025 10:04:16 +0000
asID:                     213267
IP address blocks:        2a12:dd47:de00::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:f3:e2:b4:ec:96:cd:bb:00:85:09:8c:45:89:7a:44:73:c8:00:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:16 2024 GMT
            Not After : Oct 10 10:04:16 2025 GMT
        Subject: CN=F08D7FF6EE8D9C26085438B20272D8EC29B46A68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:9c:ae:98:59:54:74:e5:55:2a:c2:3a:b2:0e:
                    b9:4d:0d:82:66:69:73:7b:29:94:76:b0:74:23:01:
                    21:28:96:75:28:9f:9f:d7:5b:e1:64:93:05:0d:bc:
                    8e:64:b2:a4:7d:d0:cb:72:c9:af:22:cf:98:6d:59:
                    96:94:c2:5a:91:33:b3:78:71:5a:b9:1d:b3:2e:63:
                    bc:81:27:3c:98:58:17:77:2a:97:06:5c:35:db:2b:
                    cb:2f:6b:40:ac:e6:43:a3:90:fd:7a:73:c8:8d:2e:
                    a2:9d:1e:f5:76:00:bf:ce:aa:bb:4c:6c:18:99:8a:
                    16:14:23:8f:32:32:d8:03:46:99:fb:2e:7b:ae:e3:
                    ea:27:de:25:f3:6b:83:42:e5:2b:bc:f2:77:96:47:
                    ab:82:9f:47:1b:8c:d8:c0:01:1a:6d:72:39:a0:9f:
                    30:29:ba:8f:2d:f6:79:36:38:dd:36:41:18:65:f8:
                    cf:78:b8:e6:6c:7e:08:43:aa:66:9a:c0:33:c9:a3:
                    f4:76:06:c6:56:c0:f2:c3:41:2a:f7:ec:d8:6c:cc:
                    f1:13:cc:fc:e6:d9:4f:c2:76:a2:83:ae:d7:aa:a8:
                    0c:59:4d:ca:12:4d:20:65:73:7e:29:a0:43:c5:31:
                    24:b9:5e:d9:6a:6a:42:65:00:29:af:47:5a:b5:45:
                    6b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:8D:7F:F6:EE:8D:9C:26:08:54:38:B2:02:72:D8:EC:29:B4:6A:68
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a646530303a3a2f34302d3430203d3e20323133323637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:de00::/40

    Signature Algorithm: sha256WithRSAEncryption
         e3:dd:44:47:12:3e:2c:ac:5c:d5:90:05:d0:56:42:d8:63:70:
         31:74:ab:27:17:12:7e:75:53:64:9b:51:ef:ee:b8:7b:a4:d2:
         cc:89:ec:81:e1:8f:9d:73:ea:26:dc:30:a6:a2:cf:20:a5:3c:
         5f:c8:3a:74:dd:66:23:a3:9c:6b:24:2a:09:5f:28:66:31:5f:
         f4:0c:63:bd:ed:2a:f6:4e:ce:4f:14:01:36:37:51:0d:45:b8:
         9e:db:9c:25:1b:55:63:0e:01:df:8a:1e:0c:7c:d5:1e:bd:50:
         81:63:8a:ef:46:b1:16:18:97:36:95:89:3b:a0:88:31:96:c3:
         48:72:36:b7:74:65:d8:7d:7c:d7:17:a7:40:e6:e8:4d:dd:e8:
         7b:a3:b0:5e:8a:8c:fe:d6:4b:54:f1:ed:2e:0d:82:ad:1a:aa:
         d3:17:14:27:d7:02:e0:f1:5d:df:0e:c7:f0:de:6a:85:fa:7c:
         c7:59:97:0f:e4:48:4a:29:58:d0:55:2b:d9:61:56:7f:3a:43:
         7a:6b:9f:63:a9:00:6e:aa:f4:f2:24:1c:ae:87:01:97:72:c4:
         f3:96:16:9a:f2:cc:b6:35:f0:9d:d1:3c:63:aa:83:05:ef:bc:
         56:11:ce:05:b2:eb:ee:b3:df:1c:ae:a7:fe:2f:5a:df:ed:05:
         ed:93:3d:42
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUcvPitOyWzbsAhQmMRYl6RHPIAK4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTZaFw0yNTEwMTAxMDA0MTZaMDMxMTAvBgNV
BAMTKEYwOEQ3RkY2RUU4RDlDMjYwODU0MzhCMjAyNzJEOEVDMjlCNDZBNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSnK6YWVR05VUqwjqyDrlNDYJm
aXN7KZR2sHQjASEolnUon5/XW+FkkwUNvI5ksqR90Mtyya8iz5htWZaUwlqRM7N4
cVq5HbMuY7yBJzyYWBd3KpcGXDXbK8sva0Cs5kOjkP16c8iNLqKdHvV2AL/OqrtM
bBiZihYUI48yMtgDRpn7Lnuu4+on3iXza4NC5Su88neWR6uCn0cbjNjAARptcjmg
nzApuo8t9nk2ON02QRhl+M94uOZsfghDqmaawDPJo/R2BsZWwPLDQSr37NhszPET
zPzm2U/CdqKDrteqqAxZTcoSTSBlc34poEPFMSS5XtlqakJlACmvR1q1RWs3AgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQU8I1/9u6NnCYIVDiyAnLY7Cm0amgwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2E2NDY1MzAzMDNhM2EyZjM0MzAyZDM0
MzAyMDNkM2UyMDMyMzEzMzMyMzYzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoS3UfeMA0GCSqGSIb3
DQEBCwUAA4IBAQDj3URHEj4srFzVkAXQVkLYY3AxdKsnFxJ+dVNkm1Hv7rh7pNLM
ieyB4Y+dc+om3DCmos8gpTxfyDp03WYjo5xrJCoJXyhmMV/0DGO97Sr2Ts5PFAE2
N1ENRbie25wlG1VjDgHfih4MfNUevVCBY4rvRrEWGJc2lYk7oIgxlsNIcja3dGXY
fXzXF6dA5uhN3eh7o7Beioz+1ktU8e0uDYKtGqrTFxQn1wLg8V3fDsfw3mqF+nzH
WZcP5EhKKVjQVSvZYVZ/OkN6a59jqQBuqvTyJByuhwGXcsTzlhaa8sy2NfCd0Txj
qoMF77xWEc4Fsuvus98crqf+L1rf7QXtkz1C
-----END CERTIFICATE-----