Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HINET/CAyigB-E_2nYusgDObw4kuNg20g.roa
File:                     CAyigB-E_2nYusgDObw4kuNg20g.roa (raw, json)
Hash identifier:          uhufdOtjwn/olUJBPhfO3WuJLIh6kmhTYGQ98IGW07A=
Subject key identifier:   08:0C:A2:80:1F:84:FF:69:D8:BA:C8:03:39:BC:38:92:E3:60:DB:48
Certificate issuer:       /CN=C49E7B6F951B112F9106A96FE7F8774EAE802509
Certificate serial:       0F5D
Authority key identifier: C4:9E:7B:6F:95:1B:11:2F:91:06:A9:6F:E7:F8:77:4E:AE:80:25:09
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/xJ57b5UbES-RBqlv5_h3Tq6AJQk.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HINET/CAyigB-E_2nYusgDObw4kuNg20g.roa
Signing time:             Fri 01 Sep 2023 08:56:59 +0000
ROA not before:           Fri 01 Sep 2023 08:56:59 +0000
ROA not after:            Sat 31 Aug 2024 03:10:53 +0000
asID:                     198949
IP address blocks:        203.75.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/HINET/xJ57b5UbES-RBqlv5_h3Tq6AJQk.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/HINET/xJ57b5UbES-RBqlv5_h3Tq6AJQk.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/xJ57b5UbES-RBqlv5_h3Tq6AJQk.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 17 Jun 2024 15:53:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3933 (0xf5d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C49E7B6F951B112F9106A96FE7F8774EAE802509
        Validity
            Not Before: Sep  1 08:56:59 2023 GMT
            Not After : Aug 31 03:10:53 2024 GMT
        Subject: CN=080CA2801F84FF69D8BAC80339BC3892E360DB48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:05:44:d2:bc:06:c2:16:71:f7:12:59:60:f4:
                    92:ca:d5:02:64:7b:8d:79:3f:2c:f0:d8:fd:88:f9:
                    b6:b4:67:de:5c:cd:53:e8:cd:63:76:47:5c:93:59:
                    90:2c:69:bd:02:a6:25:69:7b:ec:f4:db:93:2c:63:
                    29:48:ac:72:55:5a:3e:08:5e:fb:52:9c:e1:3a:dd:
                    80:38:52:48:2e:7c:27:aa:68:c7:0e:57:c8:c9:ec:
                    47:72:4a:77:ff:9f:d5:fe:69:48:df:3a:34:5e:5f:
                    dc:cc:33:bc:f5:61:e7:d8:b5:07:01:1d:34:a9:e3:
                    25:21:0d:7f:73:c9:06:c9:e7:e1:fc:14:7b:c0:26:
                    59:e4:58:7a:e9:93:71:93:95:90:2d:04:b1:12:da:
                    d7:51:dc:e8:24:3e:cc:e0:c7:ce:7d:73:d5:32:f2:
                    44:07:71:0b:ca:78:d4:2e:6a:75:d5:86:2d:fb:e5:
                    4f:1c:2b:d0:92:7f:06:56:69:23:03:2d:0e:44:71:
                    d5:9f:93:82:ab:ce:14:a4:62:75:e9:13:6d:d9:f6:
                    a3:92:bf:68:ce:cf:7c:b7:34:5e:0f:b3:f8:26:51:
                    38:c6:33:4d:7b:f5:76:1a:0f:58:9c:87:bc:7b:3c:
                    9c:b7:f3:ff:0b:fc:ee:89:1d:21:aa:55:bb:32:52:
                    42:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:0C:A2:80:1F:84:FF:69:D8:BA:C8:03:39:BC:38:92:E3:60:DB:48
            X509v3 Authority Key Identifier:
                keyid:C4:9E:7B:6F:95:1B:11:2F:91:06:A9:6F:E7:F8:77:4E:AE:80:25:09

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HINET/xJ57b5UbES-RBqlv5_h3Tq6AJQk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/xJ57b5UbES-RBqlv5_h3Tq6AJQk.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HINET/CAyigB-E_2nYusgDObw4kuNg20g.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.75.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:32:97:1a:87:34:17:be:a6:b6:95:86:bd:e9:12:ea:25:83:
         ee:c4:75:86:44:3d:22:6b:75:0c:73:9a:20:01:e3:d0:1e:9a:
         cd:11:45:e3:b9:41:25:ab:bb:8c:de:92:5f:b7:43:dc:ed:45:
         83:18:40:af:a7:38:76:b5:00:04:29:fe:59:fa:cc:d2:8a:12:
         2e:dd:01:de:2e:53:8a:af:6b:4b:7b:e5:6d:f0:f7:92:ac:3d:
         d4:1b:1e:3a:fe:f4:cb:64:be:5d:00:32:a1:55:35:90:7e:7e:
         4e:d8:95:69:31:ce:30:04:a7:59:d9:9c:ff:47:b1:c0:c0:7b:
         f8:29:c0:b3:ce:0d:0d:d3:c7:80:73:2b:11:d3:4f:28:48:c5:
         89:63:40:96:2c:cc:41:ea:38:a0:bd:3a:bf:f5:c6:cd:13:c6:
         61:a1:dc:81:8b:75:78:79:8a:20:c5:64:96:04:d3:fb:84:d8:
         59:ed:31:79:39:77:23:cc:b5:9e:df:1e:7f:fc:f7:72:d3:67:
         9e:78:43:26:ee:fd:8b:f0:7a:08:08:14:21:17:fe:f9:91:42:
         3c:aa:3e:89:db:4a:80:fd:fe:9b:b5:03:6a:ed:9e:21:cd:59:
         3c:c6:d9:89:1a:0b:a6:2c:66:4c:ff:c5:71:c0:81:3b:41:26:
         52:b7:26:1f
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICD10wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQzQ5
RTdCNkY5NTFCMTEyRjkxMDZBOTZGRTdGODc3NEVBRTgwMjUwOTAeFw0yMzA5MDEw
ODU2NTlaFw0yNDA4MzEwMzEwNTNaMDMxMTAvBgNVBAMTKDA4MENBMjgwMUY4NEZG
NjlEOEJBQzgwMzM5QkMzODkyRTM2MERCNDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuBUTSvAbCFnH3Ellg9JLK1QJke415Pyzw2P2I+ba0Z95czVPo
zWN2R1yTWZAsab0CpiVpe+z025MsYylIrHJVWj4IXvtSnOE63YA4UkgufCeqaMcO
V8jJ7EdySnf/n9X+aUjfOjReX9zMM7z1YefYtQcBHTSp4yUhDX9zyQbJ5+H8FHvA
JlnkWHrpk3GTlZAtBLES2tdR3OgkPszgx859c9Uy8kQHcQvKeNQuanXVhi375U8c
K9CSfwZWaSMDLQ5EcdWfk4KrzhSkYnXpE23Z9qOSv2jOz3y3NF4Ps/gmUTjGM017
9XYaD1ich7x7PJy38/8L/O6JHSGqVbsyUkLpAgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUCAyigB+E/2nYusgDObw4kuNg20gwHwYDVR0jBBgwFoAUxJ57b5UbES+RBqlv
5/h3Tq6AJQkwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSElORVQv
eEo1N2I1VWJFUy1SQnFsdjVfaDNUcTZBSlFrLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS94SjU3YjVVYkVTLVJCcWx2NV9oM1RxNkFKUWsuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISU5FVC9DQXlpZ0ItRV8ybll1c2dET2J3
NGt1TmcyMGcucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAy0v/
MA0GCSqGSIb3DQEBCwUAA4IBAQCDMpcahzQXvqa2lYa96RLqJYPuxHWGRD0ia3UM
c5ogAePQHprNEUXjuUElq7uM3pJft0Pc7UWDGECvpzh2tQAEKf5Z+szSihIu3QHe
LlOKr2tLe+Vt8PeSrD3UGx46/vTLZL5dADKhVTWQfn5O2JVpMc4wBKdZ2Zz/R7HA
wHv4KcCzzg0N08eAcysR008oSMWJY0CWLMxB6jigvTq/9cbNE8ZhodyBi3V4eYog
xWSWBNP7hNhZ7TF5OXcjzLWe3x5//Pdy02eeeEMm7v2L8HoICBQhF/75kUI8qj6J
20qA/f6btQNq7Z4hzVk8xtmJGgumLGZM/8VxwIE7QSZStyYf
-----END CERTIFICATE-----
Generated at Sat Jun 15 23:53:51 2024 by rpki-client on console-ams.rpki-client.org