Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a663030303a3a2f34302d3438203d3e20323031323137.roa
File:                     326131323a646434373a663030303a3a2f34302d3438203d3e20323031323137.roa (raw, json)
Hash identifier:          RNSyfjY3jEbC0ppvVGiLhJgR3ZHlxX+GXh+weqAyjic=
Subject key identifier:   26:8F:34:FE:42:68:8B:57:C4:CE:FD:D2:49:73:9E:C8:9A:C9:AF:76
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       087A215579D6038745CBE0689F83103B530381BD
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a663030303a3a2f34302d3438203d3e20323031323137.roa
Signing time:             Fri 11 Oct 2024 10:04:12 +0000
ROA not before:           Fri 11 Oct 2024 09:59:12 +0000
ROA not after:            Fri 10 Oct 2025 10:04:12 +0000
asID:                     201217
IP address blocks:        2a12:dd47:f000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 03:48:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:7a:21:55:79:d6:03:87:45:cb:e0:68:9f:83:10:3b:53:03:81:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:12 2024 GMT
            Not After : Oct 10 10:04:12 2025 GMT
        Subject: CN=268F34FE42688B57C4CEFDD249739EC89AC9AF76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:64:0a:b1:0d:d3:3f:54:dd:fb:29:1d:0c:94:
                    9a:b4:6d:b4:db:d4:d5:ea:52:91:e9:2d:07:fb:cb:
                    25:cd:66:de:40:af:14:87:0e:90:3d:cf:36:4c:eb:
                    1f:5f:f3:f1:c8:c4:bf:28:17:2f:76:fd:ce:8a:c4:
                    22:89:ad:94:e2:86:b4:0c:d7:f0:1a:0b:b4:d2:5f:
                    af:17:3d:cf:a2:37:a1:48:f6:2e:05:a8:08:1d:17:
                    8a:08:60:a2:4c:7a:03:e2:e3:55:d6:02:c3:9e:b2:
                    3b:34:40:1f:d3:21:21:be:74:4c:5c:40:80:20:a7:
                    9a:bd:20:5e:3a:bb:02:21:c9:2d:4d:c8:2c:38:1f:
                    df:b0:b6:6a:75:2a:2d:a6:96:f3:c5:2d:56:c1:b5:
                    30:27:e1:ce:3d:ea:cc:02:09:ed:cc:f8:e9:02:35:
                    f6:82:71:dc:20:ab:10:3d:e9:f9:60:06:4a:99:e9:
                    e0:89:eb:d2:be:90:7f:0e:6d:c2:d6:5d:67:28:09:
                    5d:06:bc:71:0f:86:3c:d4:d6:94:34:d5:02:90:fe:
                    a7:dc:ad:32:a0:43:4a:79:86:ed:4d:28:b3:b0:28:
                    64:bb:ad:9d:c8:85:0a:e5:72:f0:5f:ef:b1:c2:8d:
                    fc:23:35:13:61:34:f2:0f:f0:f6:dd:7e:5d:fc:16:
                    a0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:8F:34:FE:42:68:8B:57:C4:CE:FD:D2:49:73:9E:C8:9A:C9:AF:76
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a663030303a3a2f34302d3438203d3e20323031323137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         75:1b:f8:85:b9:b8:1e:7a:bf:ef:3d:bd:27:6f:cd:d0:f7:a9:
         a8:23:45:45:87:11:d5:a1:ef:2a:fd:f9:64:59:66:3a:f0:89:
         77:7b:ef:0d:76:f3:4e:ca:e0:8c:74:70:b9:36:8c:2f:4a:1c:
         9f:a6:08:af:b7:3e:cf:f3:17:78:94:f0:47:8d:67:98:0d:1f:
         fb:17:2d:fb:2c:4c:04:84:96:5c:43:b4:4c:c9:25:38:8a:4f:
         bd:34:7b:1f:14:cb:5e:c1:64:20:5c:47:ae:9c:22:11:df:ff:
         04:2f:8d:57:68:d4:e0:ea:42:26:58:13:96:48:77:7f:ed:4e:
         a1:b1:44:22:57:75:8a:39:04:19:84:75:94:c4:e3:80:fb:62:
         0f:41:42:d4:c6:01:56:2f:22:96:ed:b5:cf:e1:2f:8a:9b:10:
         57:cd:78:9d:81:c8:55:df:54:49:64:49:d4:ba:01:d4:9c:4d:
         31:1e:ff:ec:dd:f4:f5:33:17:03:db:d1:f9:09:ef:23:c9:ca:
         9a:d2:f1:42:e6:8d:8f:69:81:30:f2:7f:a2:3e:e3:80:61:3b:
         60:8c:4b:a2:f7:a6:44:a3:a7:e8:7b:f9:48:bf:85:20:3f:ff:
         3c:19:82:22:aa:60:75:03:5a:2f:fd:6a:77:fc:b1:59:bd:7f:
         04:bd:ea:6f
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIUCHohVXnWA4dFy+Bon4MQO1MDgb0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4
QTY5MzExRTAeFw0yNDEwMTEwOTU5MTJaFw0yNTEwMTAxMDA0MTJaMDMxMTAvBgNV
BAMTKDI2OEYzNEZFNDI2ODhCNTdDNENFRkREMjQ5NzM5RUM4OUFDOUFGNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkZAqxDdM/VN37KR0MlJq0bbTb
1NXqUpHpLQf7yyXNZt5ArxSHDpA9zzZM6x9f8/HIxL8oFy92/c6KxCKJrZTihrQM
1/AaC7TSX68XPc+iN6FI9i4FqAgdF4oIYKJMegPi41XWAsOesjs0QB/TISG+dExc
QIAgp5q9IF46uwIhyS1NyCw4H9+wtmp1Ki2mlvPFLVbBtTAn4c496swCCe3M+OkC
NfaCcdwgqxA96flgBkqZ6eCJ69K+kH8ObcLWXWcoCV0GvHEPhjzU1pQ01QKQ/qfc
rTKgQ0p5hu1NKLOwKGS7rZ3IhQrlcvBf77HCjfwjNRNhNPIP8Pbdfl38FqBvAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUJo80/kJoi1fEzv3SSXOeyJrJr3YwHwYDVR0j
BBgwFoAUEpYgKKGB51i4mQpspPBKmYppMR4wDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvMS8xMjk2MjAy
OEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzUv
MTI5NjIwMjhBMTgxRTc1OEI4OTkwQTZDQTRGMDRBOTk4QTY5MzExRS5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzEvMzI2MTMxMzIzYTY0NjQzNDM3M2E2NjMwMzAzMDNhM2EyZjM0MzAyZDM0
MzgyMDNkM2UyMDMyMzAzMTMyMzEzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoS3UfwMA0GCSqGSIb3
DQEBCwUAA4IBAQB1G/iFubgeer/vPb0nb83Q96moI0VFhxHVoe8q/flkWWY68Il3
e+8NdvNOyuCMdHC5NowvShyfpgivtz7P8xd4lPBHjWeYDR/7Fy37LEwEhJZcQ7RM
ySU4ik+9NHsfFMtewWQgXEeunCIR3/8EL41XaNTg6kImWBOWSHd/7U6hsUQiV3WK
OQQZhHWUxOOA+2IPQULUxgFWLyKW7bXP4S+KmxBXzXidgchV31RJZEnUugHUnE0x
Hv/s3fT1MxcD29H5Ce8jycqa0vFC5o2PaYEw8n+iPuOAYTtgjEui96ZEo6foe/lI
v4UgP/88GYIiqmB1A1ov/Wp3/LFZvX8Evepv
-----END CERTIFICATE-----
Generated at Thu Nov 21 15:01:34 2024 by rpki-client on console-fra.rpki-client.org