Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/APOL/ehHstIdsKU795U0X3C_tLL2K3QE.roa
File:                     ehHstIdsKU795U0X3C_tLL2K3QE.roa (raw, json)
Hash identifier:          840LN8MtHrmevPkSonn706tYW+vLbGS5OFtuvbSQeXI=
Subject key identifier:   7A:11:EC:B4:87:6C:29:4E:FD:E5:4D:17:DC:2F:ED:2C:BD:8A:DD:01
Certificate issuer:       /CN=FB064230F3E39BEFBB73A7D4DDB26FE2D446EE25
Certificate serial:       1282
Authority key identifier: FB:06:42:30:F3:E3:9B:EF:BB:73:A7:D4:DD:B2:6F:E2:D4:46:EE:25
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/-wZCMPPjm--7c6fU3bJv4tRG7iU.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/APOL/ehHstIdsKU795U0X3C_tLL2K3QE.roa
Signing time:             Fri 01 Sep 2023 08:04:34 +0000
ROA not before:           Fri 01 Sep 2023 08:04:34 +0000
ROA not after:            Sat 31 Aug 2024 03:10:53 +0000
asID:                     17709
IP address blocks:        210.203.20.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4738 (0x1282)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=FB064230F3E39BEFBB73A7D4DDB26FE2D446EE25
        Validity
            Not Before: Sep  1 08:04:34 2023 GMT
            Not After : Aug 31 03:10:53 2024 GMT
        Subject: CN=7A11ECB4876C294EFDE54D17DC2FED2CBD8ADD01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:69:0b:8b:0b:6c:fd:20:b9:5d:c5:b4:3f:90:
                    4c:b1:37:cf:09:18:ec:a2:27:ac:b5:9a:bc:89:7a:
                    bd:7a:dd:f1:1c:a1:3b:d1:f5:20:f5:91:c5:32:f0:
                    c1:89:a2:e6:66:9c:ff:3a:21:19:6e:25:e9:03:85:
                    be:3f:91:e8:fd:1c:91:ad:2d:02:13:67:ed:a9:ab:
                    7c:e9:be:39:9a:f1:41:e5:4e:41:7b:c5:80:0c:81:
                    f9:88:ab:ed:c9:3c:5d:01:c8:c8:9b:48:f2:02:0d:
                    9b:29:7c:16:f0:4e:a2:dd:9b:03:df:b1:b1:6d:4f:
                    3c:6e:57:b8:9a:97:2e:9b:a3:ab:c8:0a:d6:46:23:
                    ee:ac:3c:d7:34:fd:e7:d2:40:03:68:e2:a7:0a:83:
                    18:eb:e6:f3:ad:53:60:bc:1e:a2:ea:1e:27:27:59:
                    f3:b1:8f:6d:42:1f:bf:b8:04:2d:e8:6e:cb:53:e7:
                    78:73:f2:73:77:47:d0:1b:5b:3c:c7:95:b7:d8:63:
                    76:8f:85:17:fd:1c:9a:4c:59:2a:81:6f:f8:b3:e8:
                    2e:a6:61:51:9e:a5:aa:23:bb:08:39:b4:92:32:ae:
                    53:c3:9d:75:4b:51:88:9c:ef:2b:17:f2:d6:d0:fc:
                    e8:6b:5e:ef:c5:57:f4:50:f4:81:5f:6a:5f:77:b9:
                    f5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:11:EC:B4:87:6C:29:4E:FD:E5:4D:17:DC:2F:ED:2C:BD:8A:DD:01
            X509v3 Authority Key Identifier:
                keyid:FB:06:42:30:F3:E3:9B:EF:BB:73:A7:D4:DD:B2:6F:E2:D4:46:EE:25

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/APOL/-wZCMPPjm--7c6fU3bJv4tRG7iU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/-wZCMPPjm--7c6fU3bJv4tRG7iU.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/APOL/ehHstIdsKU795U0X3C_tLL2K3QE.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  210.203.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:8d:e0:ef:f6:33:e5:73:e8:4c:cf:0f:9e:28:40:d0:83:57:
         b2:3d:ea:4c:79:89:5c:7d:16:e9:ba:57:9a:01:20:4f:e1:df:
         b4:04:01:e2:e9:91:40:27:ac:a6:5b:dc:06:be:7b:8f:d3:3d:
         d6:84:ce:78:f1:6b:ee:ea:62:4d:a1:29:95:8a:41:92:e7:7d:
         2e:6b:2b:eb:8c:bc:77:d5:6d:b5:cb:c1:7c:f0:7a:cf:a7:b7:
         ea:31:bd:42:c3:3a:f9:3e:6d:0c:d2:28:07:70:db:64:12:4b:
         db:84:f3:fa:98:d1:01:3f:5d:af:1f:b3:3f:c3:23:6a:ef:9d:
         f0:a4:e6:f8:b7:da:ae:a6:3e:d1:e3:66:bf:51:cb:46:c5:fa:
         d8:af:c2:d2:d3:9d:f4:50:9e:02:0f:19:f7:92:5f:77:ac:c9:
         f0:45:a9:e5:0d:58:b7:0e:64:99:58:15:b3:c7:9d:1c:5f:d5:
         56:77:08:3b:b4:b0:b6:ae:34:5c:d4:b5:77:00:1a:15:89:3d:
         e7:1a:0e:28:17:4c:f0:c0:48:4d:18:a2:ae:3f:e2:8f:be:39:
         db:56:b0:d4:e7:bb:97:42:e6:3e:94:cd:20:c8:e0:19:1f:ac:
         08:f4:25:61:b8:7f:cb:33:2a:fe:76:6f:d5:3c:f1:bf:9e:49:
         27:d7:27:ea
-----BEGIN CERTIFICATE-----
MIIEzjCCA7agAwIBAgICEoIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRkIw
NjQyMzBGM0UzOUJFRkJCNzNBN0Q0RERCMjZGRTJENDQ2RUUyNTAeFw0yMzA5MDEw
ODA0MzRaFw0yNDA4MzEwMzEwNTNaMDMxMTAvBgNVBAMTKDdBMTFFQ0I0ODc2QzI5
NEVGREU1NEQxN0RDMkZFRDJDQkQ4QUREMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCoaQuLC2z9ILldxbQ/kEyxN88JGOyiJ6y1mryJer163fEcoTvR
9SD1kcUy8MGJouZmnP86IRluJekDhb4/kej9HJGtLQITZ+2pq3zpvjma8UHlTkF7
xYAMgfmIq+3JPF0ByMibSPICDZspfBbwTqLdmwPfsbFtTzxuV7ialy6bo6vICtZG
I+6sPNc0/efSQANo4qcKgxjr5vOtU2C8HqLqHicnWfOxj21CH7+4BC3obstT53hz
8nN3R9AbWzzHlbfYY3aPhRf9HJpMWSqBb/iz6C6mYVGepaojuwg5tJIyrlPDnXVL
UYic7ysX8tbQ/OhrXu/FV/RQ9IFfal93ufW5AgMBAAGjggHqMIIB5jAdBgNVHQ4E
FgQUehHstIdsKU795U0X3C/tLL2K3QEwHwYDVR0jBBgwFoAU+wZCMPPjm++7c6fU
3bJv4tRG7iUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBaBgNVHR8EUzBRME+g
TaBLhklyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQVBPTC8t
d1pDTVBQam0tLTdjNmZVM2JKdjR0Ukc3aVUuY3JsMGAGCCsGAQUFBwEBBFQwUjBQ
BggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpY2EudHduaWMudHcvcnBraS9UV05JQ0NB
Ly13WkNNUFBqbS0tN2M2ZlUzYkp2NHRSRzdpVS5jZXIwDgYDVR0PAQH/BAQDAgeA
MIGaBggrBgEFBQcBCwSBjTCBijBVBggrBgEFBQcwC4ZJcnN5bmM6Ly9ycGtpY2Eu
dHduaWMudHcvcnBraS9UV05JQ0NBL0FQT0wvZWhIc3RJZHNLVTc5NVUwWDNDX3RM
TDJLM1FFLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycmRwLnR3bmljLnR3L3Jy
ZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAtLLFDAN
BgkqhkiG9w0BAQsFAAOCAQEAYI3g7/Yz5XPoTM8PnihA0INXsj3qTHmJXH0W6bpX
mgEgT+HftAQB4umRQCesplvcBr57j9M91oTOePFr7upiTaEplYpBkud9Lmsr64y8
d9VttcvBfPB6z6e36jG9QsM6+T5tDNIoB3DbZBJL24Tz+pjRAT9drx+zP8Mjau+d
8KTm+LfarqY+0eNmv1HLRsX62K/C0tOd9FCeAg8Z95Jfd6zJ8EWp5Q1Ytw5kmVgV
s8edHF/VVncIO7Swtq40XNS1dwAaFYk95xoOKBdM8MBITRiirj/ij74521aw1Oe7
l0LmPpTNIMjgGR+sCPQlYbh/yzMq/nZv1Tzxv55JJ9cn6g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:32 2024 by rpki-client on console-fra.rpki-client.org