Route Origin Authorization
$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/FET/3Vks5OnEPav4xG6W-UJ1-hvgdiQ.roa
File: 3Vks5OnEPav4xG6W-UJ1-hvgdiQ.roa (raw, json)
Hash identifier: r820T5O1H7ykB7dkjIFIwOIs1XITndyZO826QOsX+xs=
Subject key identifier: DD:59:2C:E4:E9:C4:3D:AB:F8:C4:6E:96:F9:42:75:FA:1B:E0:76:24
Certificate issuer: /CN=3E63A587D5E71FBBD8C81EC34FE5366AC691AB51
Certificate serial: 1266
Authority key identifier: 3E:63:A5:87:D5:E7:1F:BB:D8:C8:1E:C3:4F:E5:36:6A:C6:91:AB:51
Authority info access: rsync://rpkica.twnic.tw/rpki/TWNICCA/PmOlh9XnH7vYyB7DT-U2asaRq1E.cer
Subject info access: rsync://rpkica.twnic.tw/rpki/TWNICCA/FET/3Vks5OnEPav4xG6W-UJ1-hvgdiQ.roa
Signing time: Mon 10 Feb 2025 14:28:22 +0000
ROA not before: Mon 10 Feb 2025 14:28:22 +0000
ROA not after: Tue 26 Aug 2025 01:57:03 +0000
asID: 17709
IP address blocks: 203.207.32.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpkica.twnic.tw/rpki/TWNICCA/FET/PmOlh9XnH7vYyB7DT-U2asaRq1E.crl
rsync://rpkica.twnic.tw/rpki/TWNICCA/FET/PmOlh9XnH7vYyB7DT-U2asaRq1E.mft
rsync://rpkica.twnic.tw/rpki/TWNICCA/PmOlh9XnH7vYyB7DT-U2asaRq1E.cer
rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Mon 14 Apr 2025 20:38:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4710 (0x1266)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3E63A587D5E71FBBD8C81EC34FE5366AC691AB51
Validity
Not Before: Feb 10 14:28:22 2025 GMT
Not After : Aug 26 01:57:03 2025 GMT
Subject: CN=DD592CE4E9C43DABF8C46E96F94275FA1BE07624
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:08:fa:94:7a:a0:0a:7e:11:e6:7a:c8:05:ac:
e8:57:83:d5:b6:94:33:74:26:bc:0e:97:eb:5f:ed:
46:4d:43:1f:65:06:55:d8:18:16:d0:f0:4e:39:a0:
da:c6:a7:63:99:e4:13:1f:c0:a0:ed:ef:1f:a5:93:
1a:b2:9e:94:3b:65:1f:bb:78:c6:c0:f0:f3:6b:cf:
24:a7:28:42:98:51:5f:6e:c3:3c:48:29:8c:15:dd:
84:9f:e9:6f:ac:f2:bf:df:d8:f9:b7:b5:98:36:9e:
57:08:3c:dc:80:9c:f7:79:50:9b:c2:93:6c:8e:67:
69:2c:8f:cb:e7:b5:81:f9:e8:25:a0:e4:5f:88:52:
69:b7:1f:ee:f7:0f:c0:3d:a6:76:ab:b7:ea:e2:c0:
0c:fb:bc:a0:c0:13:d0:81:c0:e1:99:f1:a9:b4:0a:
5d:ed:06:0b:d8:2b:b2:30:3f:ef:60:df:c8:c4:68:
fa:60:13:31:c3:3b:be:eb:19:7a:4c:3d:86:65:c8:
08:0c:8b:9c:48:5a:5d:25:e9:5d:b9:ea:e0:af:93:
b7:da:45:27:bd:73:f8:0a:d7:54:1b:3f:d7:e8:b2:
82:1c:7d:9c:37:73:79:92:01:6e:0e:20:a6:bc:fe:
9d:d7:42:cc:d8:04:46:a9:1c:d6:9b:05:79:c1:e6:
65:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:59:2C:E4:E9:C4:3D:AB:F8:C4:6E:96:F9:42:75:FA:1B:E0:76:24
X509v3 Authority Key Identifier:
keyid:3E:63:A5:87:D5:E7:1F:BB:D8:C8:1E:C3:4F:E5:36:6A:C6:91:AB:51
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/FET/PmOlh9XnH7vYyB7DT-U2asaRq1E.crl
Authority Information Access:
CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/PmOlh9XnH7vYyB7DT-U2asaRq1E.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/FET/3Vks5OnEPav4xG6W-UJ1-hvgdiQ.roa
RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
203.207.32.0/20
Signature Algorithm: sha256WithRSAEncryption
0c:0f:b6:33:37:a6:ef:1b:bb:8a:7a:18:cd:7a:3f:bd:2f:25:
eb:b6:2b:dd:86:ef:67:95:21:a4:cc:19:b2:df:c4:b3:01:c9:
c9:91:b3:65:44:c1:46:40:ac:23:17:40:92:16:c3:91:b4:31:
6c:34:a3:d8:b5:7c:01:02:a2:5a:02:97:4f:95:cd:f0:73:3f:
7e:e7:a6:81:06:29:4f:1a:02:f2:06:4b:3e:0b:ca:87:ea:c9:
c7:4c:37:37:e8:3c:74:cf:4c:a8:8a:65:f6:06:0c:fc:d9:be:
0c:21:c6:6e:7b:47:41:9c:64:8b:a6:32:ca:35:81:ec:5a:c1:
94:6f:d1:3e:98:38:ac:af:00:7e:c1:1e:23:8c:2c:b1:92:fb:
84:4b:10:8d:2d:39:a1:3d:2b:da:8e:47:33:b1:47:a1:c2:35:
c1:b7:68:99:da:3e:1d:76:53:23:d9:99:07:c0:3e:f1:00:c0:
8d:74:86:87:39:f8:13:c8:dd:b6:5b:8c:06:f9:e5:6f:47:28:
7d:cf:70:f0:97:d5:60:c2:54:10:29:27:b6:e4:5f:90:77:fa:
3d:b5:ed:0d:43:1a:f1:a8:33:d2:3f:2e:79:d1:e0:9e:bc:d3:
f6:3d:13:b3:a8:db:e1:2d:ce:cc:ce:3c:e0:68:fa:a4:0e:b7:
12:1b:e3:83
-----BEGIN CERTIFICATE-----
MIIEzDCCA7SgAwIBAgICEmYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoM0U2
M0E1ODdENUU3MUZCQkQ4QzgxRUMzNEZFNTM2NkFDNjkxQUI1MTAeFw0yNTAyMTAx
NDI4MjJaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKERENTkyQ0U0RTlDNDNE
QUJGOEM0NkU5NkY5NDI3NUZBMUJFMDc2MjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2CPqUeqAKfhHmesgFrOhXg9W2lDN0JrwOl+tf7UZNQx9lBlXY
GBbQ8E45oNrGp2OZ5BMfwKDt7x+lkxqynpQ7ZR+7eMbA8PNrzySnKEKYUV9uwzxI
KYwV3YSf6W+s8r/f2Pm3tZg2nlcIPNyAnPd5UJvCk2yOZ2ksj8vntYH56CWg5F+I
Umm3H+73D8A9pnart+riwAz7vKDAE9CBwOGZ8am0Cl3tBgvYK7IwP+9g38jEaPpg
EzHDO77rGXpMPYZlyAgMi5xIWl0l6V256uCvk7faRSe9c/gK11QbP9fosoIcfZw3
c3mSAW4OIKa8/p3XQszYBEapHNabBXnB5mVVAgMBAAGjggHoMIIB5DAdBgNVHQ4E
FgQU3Vks5OnEPav4xG6W+UJ1+hvgdiQwHwYDVR0jBBgwFoAUPmOlh9XnH7vYyB7D
T+U2asaRq1EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBZBgNVHR8EUjBQME6g
TKBKhkhyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvRkVUL1Bt
T2xoOVhuSDd2WXlCN0RULVUyYXNhUnExRS5jcmwwYAYIKwYBBQUHAQEEVDBSMFAG
CCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0Ev
UG1PbGg5WG5IN3ZZeUI3RFQtVTJhc2FScTFFLmNlcjAOBgNVHQ8BAf8EBAMCB4Aw
gZkGCCsGAQUFBwELBIGMMIGJMFQGCCsGAQUFBzALhkhyc3luYzovL3Jwa2ljYS50
d25pYy50dy9ycGtpL1RXTklDQ0EvRkVULzNWa3M1T25FUGF2NHhHNlctVUoxLWh2
Z2RpUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50d25pYy50dy9ycmRw
L25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBATLzyAwDQYJ
KoZIhvcNAQELBQADggEBAAwPtjM3pu8bu4p6GM16P70vJeu2K92G72eVIaTMGbLf
xLMBycmRs2VEwUZArCMXQJIWw5G0MWw0o9i1fAEColoCl0+VzfBzP37npoEGKU8a
AvIGSz4LyofqycdMNzfoPHTPTKiKZfYGDPzZvgwhxm57R0GcZIumMso1gexawZRv
0T6YOKyvAH7BHiOMLLGS+4RLEI0tOaE9K9qORzOxR6HCNcG3aJnaPh12UyPZmQfA
PvEAwI10hoc5+BPI3bZbjAb55W9HKH3PcPCX1WDCVBApJ7bkX5B3+j217Q1DGvGo
M9I/LnnR4J680/Y9E7Oo2+EtzszOPOBo+qQOtxIb44M=
-----END CERTIFICATE-----
Generated at Mon Apr 14 19:09:21 2025 by rpki-client