Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/1/326131323a646434373a663930303a3a2f34302d3438203d3e20323030383237.roa
File:                     326131323a646434373a663930303a3a2f34302d3438203d3e20323030383237.roa (raw, json)
Hash identifier:          5q2Vw/ybnr8E5qpPiGitnrQzmw7B11YTs19JcwgeiOY=
Subject key identifier:   CA:36:35:C1:3C:70:D3:D1:B2:C5:D4:2A:FC:24:3E:67:5B:F4:0C:C9
Certificate issuer:       /CN=12962028A181E758B8990A6CA4F04A998A69311E
Certificate serial:       07F7229C3BCA4FC497579C4890A07BB664EB65
Authority key identifier: 12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E
Authority info access:    rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
Subject info access:      rsync://dev.tw/rpki/AS945/1/326131323a646434373a663930303a3a2f34302d3438203d3e20323030383237.roa
Signing time:             Fri 11 Oct 2024 10:04:14 +0000
ROA not before:           Fri 11 Oct 2024 09:59:14 +0000
ROA not after:            Fri 10 Oct 2025 10:04:14 +0000
asID:                     200827
IP address blocks:        2a12:dd47:f900::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl
                          rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.mft
                          rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:f7:22:9c:3b:ca:4f:c4:97:57:9c:48:90:a0:7b:b6:64:eb:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12962028A181E758B8990A6CA4F04A998A69311E
        Validity
            Not Before: Oct 11 09:59:14 2024 GMT
            Not After : Oct 10 10:04:14 2025 GMT
        Subject: CN=CA3635C13C70D3D1B2C5D42AFC243E675BF40CC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:92:ef:fb:22:47:58:19:7f:22:c2:42:13:b3:
                    08:d1:59:9b:8c:9e:d3:e4:c9:2d:3f:fe:a8:0a:67:
                    5f:95:07:83:43:a6:0c:d6:7a:b4:4a:32:c3:67:42:
                    db:01:3b:48:e1:b6:6b:c4:a3:60:a0:be:0f:f9:ac:
                    0a:9c:61:4b:f9:1e:bb:09:fb:47:a8:48:2d:fe:d5:
                    be:a4:74:15:49:7e:0a:8b:c1:f1:8b:3a:f0:be:e2:
                    55:c5:ad:f0:0e:e0:a5:29:d0:8e:29:fc:69:77:b6:
                    c5:3c:58:66:5c:eb:40:25:6c:5f:bc:67:5d:a1:f5:
                    cc:75:76:22:90:8d:4d:71:9e:8f:1f:70:b2:dc:7d:
                    7f:80:51:b4:48:3a:8f:e8:ae:f6:35:01:50:32:ff:
                    b6:07:a1:36:70:92:a2:c7:15:fa:9a:ca:43:1e:6a:
                    83:11:19:9f:5f:e6:08:d3:7d:dd:ac:11:58:fe:f5:
                    cd:9a:49:9f:97:7d:f1:81:e3:3e:2a:ae:14:e6:c4:
                    5e:59:ee:7b:f9:23:a8:de:b0:d8:6c:89:88:b5:4c:
                    54:61:96:77:9f:73:82:17:1f:89:e4:14:b7:3a:d1:
                    9d:c4:9a:74:23:0c:12:51:c2:bf:e0:3d:28:92:07:
                    04:09:69:fc:9a:59:c2:2a:96:a4:32:74:a8:25:b5:
                    c2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:36:35:C1:3C:70:D3:D1:B2:C5:D4:2A:FC:24:3E:67:5B:F4:0C:C9
            X509v3 Authority Key Identifier:
                keyid:12:96:20:28:A1:81:E7:58:B8:99:0A:6C:A4:F0:4A:99:8A:69:31:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/1/12962028A181E758B8990A6CA4F04A998A69311E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/12962028A181E758B8990A6CA4F04A998A69311E.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/1/326131323a646434373a663930303a3a2f34302d3438203d3e20323030383237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:f900::/40

    Signature Algorithm: sha256WithRSAEncryption
         c3:79:7c:bc:ea:4a:78:e2:d6:55:b6:1d:78:21:66:13:89:f2:
         22:a2:25:c8:ee:9b:d4:b6:89:ac:47:04:9a:e0:9c:eb:98:bf:
         68:d2:cb:8c:57:da:82:b1:ae:cf:11:94:56:eb:43:f1:98:5f:
         e3:26:6b:8c:21:b5:30:02:22:6d:7d:fc:c8:20:2f:38:f8:36:
         6e:26:67:f4:cf:40:7a:b9:44:81:9d:d1:b6:e1:a2:ca:47:6e:
         bc:6e:50:4b:03:74:03:09:88:0a:28:e7:42:03:9d:6a:0b:f0:
         0c:8e:fa:81:d5:77:9a:ea:b4:34:63:c3:f3:83:fb:f4:3b:07:
         56:a3:71:d2:05:7b:96:1b:35:c4:d1:ef:10:30:b9:26:6e:3b:
         40:4c:dd:d7:e7:ec:37:3f:e2:31:64:e5:ee:81:6f:9f:2e:5f:
         44:3c:f9:67:c6:df:bb:d2:e1:86:ef:f8:4a:5f:4e:af:3e:08:
         55:08:6d:cb:92:6b:d1:34:70:f0:da:21:a4:ac:9e:9f:38:fe:
         80:bd:ac:5a:b1:8d:67:78:9f:ef:a0:97:a1:b4:10:a1:37:8b:
         5a:8c:74:e9:f7:4b:e1:a9:0a:8c:39:9a:87:f2:e7:69:bd:28:
         c1:49:94:85:6b:c8:b0:34:de:d6:7e:32:d6:2e:e4:b6:6d:2b:
         86:f9:2c:34
-----BEGIN CERTIFICATE-----
MIIExjCCA66gAwIBAgITB/cinDvKT8SXV5xIkKB7tmTrZTANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEygxMjk2MjAyOEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThB
NjkzMTFFMB4XDTI0MTAxMTA5NTkxNFoXDTI1MTAxMDEwMDQxNFowMzExMC8GA1UE
AxMoQ0EzNjM1QzEzQzcwRDNEMUIyQzVENDJBRkMyNDNFNjc1QkY0MENDOTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2S7/siR1gZfyLCQhOzCNFZm4ye
0+TJLT/+qApnX5UHg0OmDNZ6tEoyw2dC2wE7SOG2a8SjYKC+D/msCpxhS/keuwn7
R6hILf7VvqR0FUl+CovB8Ys68L7iVcWt8A7gpSnQjin8aXe2xTxYZlzrQCVsX7xn
XaH1zHV2IpCNTXGejx9wstx9f4BRtEg6j+iu9jUBUDL/tgehNnCSoscV+prKQx5q
gxEZn1/mCNN93awRWP71zZpJn5d98YHjPiquFObEXlnue/kjqN6w2GyJiLVMVGGW
d59zghcfieQUtzrRncSadCMMElHCv+A9KJIHBAlp/JpZwiqWpDJ0qCW1wukCAwEA
AaOCAdEwggHNMB0GA1UdDgQWBBTKNjXBPHDT0bLF1Cr8JD5nW/QMyTAfBgNVHSME
GDAWgBQSliAooYHnWLiZCmyk8EqZimkxHjAOBgNVHQ8BAf8EBAMCB4AwWQYDVR0f
BFIwUDBOoEygSoZIcnN5bmM6Ly9kZXYudHcvcnBraS9BUzk0NS8xLzEyOTYyMDI4
QTE4MUU3NThCODk5MEE2Q0E0RjA0QTk5OEE2OTMxMUUuY3JsMGUGCCsGAQUFBwEB
BFkwVzBVBggrBgEFBQcwAoZJcnN5bmM6Ly9kZXYudHcvcnBraS9BdWd1c3QvNS8x
Mjk2MjAyOEExODFFNzU4Qjg5OTBBNkNBNEYwNEE5OThBNjkzMTFFLmNlcjB8Bggr
BgEFBQcBCwRwMG4wbAYIKwYBBQUHMAuGYHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5
NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTY2MzkzMDMwM2EzYTJmMzQzMDJkMzQz
ODIwM2QzZTIwMzIzMDMwMzgzMjM3LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhLdR/kwDQYJKoZIhvcN
AQELBQADggEBAMN5fLzqSnji1lW2HXghZhOJ8iKiJcjum9S2iaxHBJrgnOuYv2jS
y4xX2oKxrs8RlFbrQ/GYX+Mma4whtTACIm19/MggLzj4Nm4mZ/TPQHq5RIGd0bbh
ospHbrxuUEsDdAMJiAoo50IDnWoL8AyO+oHVd5rqtDRjw/OD+/Q7B1ajcdIFe5Yb
NcTR7xAwuSZuO0BM3dfn7Dc/4jFk5e6Bb58uX0Q8+WfG37vS4Ybv+EpfTq8+CFUI
bcuSa9E0cPDaIaSsnp84/oC9rFqxjWd4n++gl6G0EKE3i1qMdOn3S+GpCow5mofy
52m9KMFJlIVryLA03tZ+MtYu5LZtK4b5LDQ=
-----END CERTIFICATE-----