Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CCP1138470/Ds3APVDhm5TieBMn-5gmUv8rBBI.roa
File:                     Ds3APVDhm5TieBMn-5gmUv8rBBI.roa (raw, json)
Hash identifier:          DA+mYYYyw3+mFBfa15ODkbNfrB6uc4tOtTBJrBox9bg=
Subject key identifier:   0E:CD:C0:3D:50:E1:9B:94:E2:78:13:27:FB:98:26:52:FF:2B:04:12
Certificate issuer:       /CN=578183A0FE5DA4A0F3C0546FB6EC26CBD1232F99
Certificate serial:       0275
Authority key identifier: 57:81:83:A0:FE:5D:A4:A0:F3:C0:54:6F:B6:EC:26:CB:D1:23:2F:99
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/V4GDoP5dpKDzwFRvtuwmy9EjL5k.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/CCP1138470/Ds3APVDhm5TieBMn-5gmUv8rBBI.roa
Signing time:             Mon 26 Aug 2024 05:10:08 +0000
ROA not before:           Mon 26 Aug 2024 05:10:08 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     63893
IP address blocks:        2400:5060::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/CCP1138470/V4GDoP5dpKDzwFRvtuwmy9EjL5k.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/CCP1138470/V4GDoP5dpKDzwFRvtuwmy9EjL5k.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/V4GDoP5dpKDzwFRvtuwmy9EjL5k.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 Nov 2024 06:52:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 629 (0x275)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=578183A0FE5DA4A0F3C0546FB6EC26CBD1232F99
        Validity
            Not Before: Aug 26 05:10:08 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=0ECDC03D50E19B94E2781327FB982652FF2B0412
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:1f:bf:00:b5:b6:6c:86:89:47:b3:93:9f:c5:
                    1f:ee:0f:10:71:d2:08:c8:0b:b1:36:ed:c5:a8:89:
                    b2:78:69:06:2e:e2:ab:ab:e6:c3:81:08:2c:03:1a:
                    cf:c1:a7:43:45:c0:17:fb:a5:74:f0:43:a7:db:4d:
                    ac:c8:f6:b1:19:a7:a1:22:24:b1:52:29:b2:fd:a1:
                    eb:8f:fd:fa:cf:df:be:a2:70:15:1c:10:78:85:bf:
                    66:c3:c6:6b:42:05:fe:d4:4d:08:90:30:2b:d6:fa:
                    5f:50:38:9f:ca:58:ed:26:eb:c6:ce:9d:0e:4d:ae:
                    4a:db:d2:91:ac:00:d0:8b:24:19:c4:16:ba:34:a6:
                    a8:44:3c:60:d8:ab:49:30:38:b6:d3:91:13:59:95:
                    3e:8a:b5:d8:00:e4:5e:e4:9f:1f:a4:8f:77:54:b6:
                    bf:e5:02:6f:41:4a:7a:39:ab:d5:0d:91:a1:e2:8b:
                    95:71:38:57:bd:8d:0d:b7:70:30:dc:84:46:1a:ee:
                    81:9a:3f:90:d8:aa:22:9f:50:68:78:74:cb:22:0e:
                    77:27:e4:b9:0a:a0:78:e6:1d:57:96:a3:bf:07:70:
                    a3:0f:a0:70:04:97:94:3a:7d:34:a0:ae:c2:10:1a:
                    79:cc:cd:56:f6:8f:b0:bc:46:a5:c8:e2:6b:ac:fb:
                    ff:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:CD:C0:3D:50:E1:9B:94:E2:78:13:27:FB:98:26:52:FF:2B:04:12
            X509v3 Authority Key Identifier:
                keyid:57:81:83:A0:FE:5D:A4:A0:F3:C0:54:6F:B6:EC:26:CB:D1:23:2F:99

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CCP1138470/V4GDoP5dpKDzwFRvtuwmy9EjL5k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/V4GDoP5dpKDzwFRvtuwmy9EjL5k.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CCP1138470/Ds3APVDhm5TieBMn-5gmUv8rBBI.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:5060::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:00:cf:80:18:14:a2:cc:94:9a:c0:a0:0a:b5:40:93:e8:c8:
         28:6c:9a:a4:ef:ba:60:7d:4b:79:23:78:94:1f:03:72:5c:2e:
         b7:91:63:55:be:ad:da:cd:c2:c5:08:0c:76:b1:51:c7:43:d1:
         55:2a:35:54:fa:29:e8:62:74:91:a3:6a:ef:24:da:2b:16:ac:
         bf:2d:e9:36:fd:f8:95:7e:6c:03:3b:63:de:b1:8b:ae:b5:22:
         94:1c:8f:a5:a6:73:2f:7c:d4:05:5c:31:71:4f:dd:02:dd:1c:
         9c:7c:0c:5e:a7:55:92:0b:16:03:d7:ae:d5:d5:00:99:f9:c9:
         91:46:87:c4:ef:78:9f:87:37:66:16:58:8b:5f:d7:71:da:07:
         50:fc:71:56:20:34:35:af:40:74:88:5d:07:02:2c:bc:b1:75:
         fc:d3:dd:56:c0:9d:a8:58:69:dc:9c:6b:e6:c2:8a:f9:e5:4b:
         57:7a:22:36:67:cf:71:e3:b2:9c:63:c0:4c:36:2d:0a:73:ee:
         a3:9b:04:5f:70:e4:ec:6d:f8:46:ca:d6:1f:d0:18:2c:c9:88:
         9f:69:1d:3f:7d:a1:6c:31:1e:bb:12:3f:9b:84:eb:06:36:16:
         6e:22:ad:90:83:5a:aa:29:ed:22:41:c7:a9:d9:1d:00:c9:03:
         ed:81:e4:44
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICAnUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNTc4
MTgzQTBGRTVEQTRBMEYzQzA1NDZGQjZFQzI2Q0JEMTIzMkY5OTAeFw0yNDA4MjYw
NTEwMDhaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDBFQ0RDMDNENTBFMTlC
OTRFMjc4MTMyN0ZCOTgyNjUyRkYyQjA0MTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDdH78AtbZsholHs5OfxR/uDxBx0gjIC7E27cWoibJ4aQYu4qur
5sOBCCwDGs/Bp0NFwBf7pXTwQ6fbTazI9rEZp6EiJLFSKbL9oeuP/frP376icBUc
EHiFv2bDxmtCBf7UTQiQMCvW+l9QOJ/KWO0m68bOnQ5Nrkrb0pGsANCLJBnEFro0
pqhEPGDYq0kwOLbTkRNZlT6KtdgA5F7knx+kj3dUtr/lAm9BSno5q9UNkaHii5Vx
OFe9jQ23cDDchEYa7oGaP5DYqiKfUGh4dMsiDncn5LkKoHjmHVeWo78HcKMPoHAE
l5Q6fTSgrsIQGnnMzVb2j7C8RqXI4mus+//FAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUDs3APVDhm5TieBMn+5gmUv8rBBIwHwYDVR0jBBgwFoAUV4GDoP5dpKDzwFRv
tuwmy9EjL5kwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBgBgNVHR8EWTBXMFWg
U6BRhk9yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ0NQMTEz
ODQ3MC9WNEdEb1A1ZHBLRHp3RlJ2dHV3bXk5RWpMNWsuY3JsMGAGCCsGAQUFBwEB
BFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpY2EudHduaWMudHcvcnBraS9U
V05JQ0NBL1Y0R0RvUDVkcEtEendGUnZ0dXdteTlFakw1ay5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGgBggrBgEFBQcBCwSBkzCBkDBbBggrBgEFBQcwC4ZPcnN5bmM6Ly9y
cGtpY2EudHduaWMudHcvcnBraS9UV05JQ0NBL0NDUDExMzg0NzAvRHMzQVBWRGht
NVRpZUJNbi01Z21VdjhyQkJJLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycmRw
LnR3bmljLnR3L3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQC
AAIwBwMFACQAUGAwDQYJKoZIhvcNAQELBQADggEBACMAz4AYFKLMlJrAoAq1QJPo
yChsmqTvumB9S3kjeJQfA3JcLreRY1W+rdrNwsUIDHaxUcdD0VUqNVT6KehidJGj
au8k2isWrL8t6Tb9+JV+bAM7Y96xi661IpQcj6Wmcy981AVcMXFP3QLdHJx8DF6n
VZILFgPXrtXVAJn5yZFGh8TveJ+HN2YWWItf13HaB1D8cVYgNDWvQHSIXQcCLLyx
dfzT3VbAnahYadyca+bCivnlS1d6IjZnz3HjspxjwEw2LQpz7qObBF9w5Oxt+EbK
1h/QGCzJiJ9pHT99oWwxHrsSP5uE6wY2Fm4irZCDWqop7SJBx6nZHQDJA+2B5EQ=
-----END CERTIFICATE-----
Generated at Wed Nov 13 04:15:01 2024 by rpki-client on console-ams.rpki-client.org