Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/FET/OlX8-mqBn6oRpqO6038YqYODQ-U.roa
File:                     OlX8-mqBn6oRpqO6038YqYODQ-U.roa (raw, json)
Hash identifier:          PSxkOjBsYg/6EqB4DsGBa9ID7MLql/H7wL0LpCrIxSQ=
Subject key identifier:   3A:55:FC:FA:6A:81:9F:AA:11:A6:A3:BA:D3:7F:18:A9:83:83:43:E5
Certificate issuer:       /CN=3E63A587D5E71FBBD8C81EC34FE5366AC691AB51
Certificate serial:       1366
Authority key identifier: 3E:63:A5:87:D5:E7:1F:BB:D8:C8:1E:C3:4F:E5:36:6A:C6:91:AB:51
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/PmOlh9XnH7vYyB7DT-U2asaRq1E.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/FET/OlX8-mqBn6oRpqO6038YqYODQ-U.roa
Signing time:             Fri 18 Jul 2025 08:52:57 +0000
ROA not before:           Fri 18 Jul 2025 08:52:57 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     131602
IP address blocks:        218.35.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/FET/PmOlh9XnH7vYyB7DT-U2asaRq1E.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/FET/PmOlh9XnH7vYyB7DT-U2asaRq1E.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/PmOlh9XnH7vYyB7DT-U2asaRq1E.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 21 Jul 2025 05:36:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4966 (0x1366)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3E63A587D5E71FBBD8C81EC34FE5366AC691AB51
        Validity
            Not Before: Jul 18 08:52:57 2025 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=3A55FCFA6A819FAA11A6A3BAD37F18A9838343E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5e:7d:b3:3c:e7:64:e0:6c:a7:12:cb:bc:37:
                    da:e3:b5:c7:15:16:05:1c:91:1d:41:5b:bc:db:01:
                    35:f2:f4:7a:76:a0:02:cc:7d:fe:b2:73:d0:50:c2:
                    fd:d7:36:b2:5f:4a:1b:a4:37:e6:f7:e4:2a:d0:b3:
                    f5:92:cc:82:cd:f5:73:05:63:4a:15:1e:0c:97:90:
                    bd:ed:4b:e8:ea:9a:0e:87:8e:7b:9b:7f:71:fc:6a:
                    7f:f4:0b:83:87:95:e8:23:0a:c6:54:4e:f0:27:d1:
                    7a:1d:f2:ac:fa:30:38:54:8f:48:ef:05:fd:b7:17:
                    af:c6:c7:6d:d6:8c:a7:e9:b0:86:83:b9:1b:9e:d8:
                    33:b8:0d:22:3f:e2:87:2b:55:5c:cc:9a:ea:c1:5a:
                    93:7e:60:62:25:6c:f6:d9:7f:5b:fe:5c:b5:d8:6c:
                    85:ef:30:02:5c:17:59:54:a2:77:75:a5:d4:6f:ca:
                    76:1b:b9:82:e5:5e:62:19:29:ca:12:a2:0a:b5:4e:
                    03:9b:3d:bf:53:9c:61:9b:f0:8b:74:43:53:17:05:
                    6d:d7:07:25:ae:78:ff:90:49:a6:76:8b:29:9d:3c:
                    4a:ab:72:09:9f:8a:ab:51:1c:88:67:f6:fb:88:b4:
                    23:f8:18:fb:3e:7c:0c:03:bb:34:57:ca:01:b1:93:
                    62:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:55:FC:FA:6A:81:9F:AA:11:A6:A3:BA:D3:7F:18:A9:83:83:43:E5
            X509v3 Authority Key Identifier:
                keyid:3E:63:A5:87:D5:E7:1F:BB:D8:C8:1E:C3:4F:E5:36:6A:C6:91:AB:51

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/FET/PmOlh9XnH7vYyB7DT-U2asaRq1E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/PmOlh9XnH7vYyB7DT-U2asaRq1E.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/FET/OlX8-mqBn6oRpqO6038YqYODQ-U.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  218.35.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:c5:4a:ea:6d:39:55:86:40:15:f5:d8:f8:41:bc:1c:ee:83:
         2b:50:6e:bf:6e:b2:2e:8d:8e:13:a2:5d:de:e1:63:c5:9b:9a:
         68:f7:4c:b1:71:92:90:46:17:6d:1f:60:f5:1e:d8:aa:b3:f4:
         62:fa:e2:f7:50:d8:f7:8a:20:ea:24:7a:f8:50:41:30:e3:c3:
         1e:f8:f7:b1:e3:91:93:3b:e2:0d:d3:01:43:08:aa:13:a8:33:
         be:6b:7b:cd:58:af:eb:a8:6d:d3:da:07:30:2f:b3:a4:c9:3a:
         87:f6:a3:74:34:c8:c1:77:5e:5d:ca:3d:57:f0:c5:99:7a:71:
         62:97:59:7a:a6:75:84:27:bd:71:2c:2a:db:5e:91:88:ad:95:
         a2:bf:d6:4f:eb:dc:95:b2:b7:54:08:5d:25:06:aa:a8:53:72:
         94:a6:f2:56:7a:b9:6a:ed:ed:fc:dd:63:f4:45:b8:d3:c8:7f:
         6d:3e:2d:57:c9:39:9d:37:16:4b:33:9b:fb:36:d0:da:24:15:
         63:54:39:44:59:d1:4a:e1:c4:66:0e:cb:fb:02:c6:f1:07:e3:
         22:ab:d0:a4:cb:1c:4e:39:6d:e0:31:ff:ad:53:2d:ce:7c:fe:
         7a:83:f4:36:cb:2f:e5:81:4e:20:7b:7f:82:36:1b:f3:8d:a2:
         a4:54:ac:1c
-----BEGIN CERTIFICATE-----
MIIEzDCCA7SgAwIBAgICE2YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoM0U2
M0E1ODdENUU3MUZCQkQ4QzgxRUMzNEZFNTM2NkFDNjkxQUI1MTAeFw0yNTA3MTgw
ODUyNTdaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDNBNTVGQ0ZBNkE4MTlG
QUExMUE2QTNCQUQzN0YxOEE5ODM4MzQzRTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7Xn2zPOdk4GynEsu8N9rjtccVFgUckR1BW7zbATXy9Hp2oALM
ff6yc9BQwv3XNrJfShukN+b35CrQs/WSzILN9XMFY0oVHgyXkL3tS+jqmg6Hjnub
f3H8an/0C4OHlegjCsZUTvAn0Xod8qz6MDhUj0jvBf23F6/Gx23WjKfpsIaDuRue
2DO4DSI/4ocrVVzMmurBWpN+YGIlbPbZf1v+XLXYbIXvMAJcF1lUond1pdRvynYb
uYLlXmIZKcoSogq1TgObPb9TnGGb8It0Q1MXBW3XByWueP+QSaZ2iymdPEqrcgmf
iqtRHIhn9vuItCP4GPs+fAwDuzRXygGxk2IlAgMBAAGjggHoMIIB5DAdBgNVHQ4E
FgQUOlX8+mqBn6oRpqO6038YqYODQ+UwHwYDVR0jBBgwFoAUPmOlh9XnH7vYyB7D
T+U2asaRq1EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBZBgNVHR8EUjBQME6g
TKBKhkhyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvRkVUL1Bt
T2xoOVhuSDd2WXlCN0RULVUyYXNhUnExRS5jcmwwYAYIKwYBBQUHAQEEVDBSMFAG
CCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0Ev
UG1PbGg5WG5IN3ZZeUI3RFQtVTJhc2FScTFFLmNlcjAOBgNVHQ8BAf8EBAMCB4Aw
gZkGCCsGAQUFBwELBIGMMIGJMFQGCCsGAQUFBzALhkhyc3luYzovL3Jwa2ljYS50
d25pYy50dy9ycGtpL1RXTklDQ0EvRkVUL09sWDgtbXFCbjZvUnBxTzYwMzhZcVlP
RFEtVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50d25pYy50dy9ycmRw
L25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALaI2gwDQYJ
KoZIhvcNAQELBQADggEBAJDFSuptOVWGQBX12PhBvBzugytQbr9usi6NjhOiXd7h
Y8Wbmmj3TLFxkpBGF20fYPUe2Kqz9GL64vdQ2PeKIOokevhQQTDjwx7497HjkZM7
4g3TAUMIqhOoM75re81Yr+uobdPaBzAvs6TJOof2o3Q0yMF3Xl3KPVfwxZl6cWKX
WXqmdYQnvXEsKttekYitlaK/1k/r3JWyt1QIXSUGqqhTcpSm8lZ6uWrt7fzdY/RF
uNPIf20+LVfJOZ03Fkszm/s20NokFWNUOURZ0UrhxGYOy/sCxvEH4yKr0KTLHE45
beAx/61TLc58/nqD9DbLL+WBTiB7f4I2G/ONoqRUrBw=
-----END CERTIFICATE-----
Generated at Mon Jul 21 03:05:58 2025 by rpki-client