Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CGNET/7JFZSaV5AwSmm6B-BudDowKXNeA.roa
File:                     7JFZSaV5AwSmm6B-BudDowKXNeA.roa (raw, json)
Hash identifier:          5AqhK8oJvCM6Vvq/m6sGrbQjNQmWgQfxViGaEPrk1tM=
Subject key identifier:   EC:91:59:49:A5:79:03:04:A6:9B:A0:7E:06:E7:43:A3:02:97:35:E0
Certificate issuer:       /CN=5D1E3F3C8BA89DC1310410345F50C10076181261
Certificate serial:       0DC3
Authority key identifier: 5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/7JFZSaV5AwSmm6B-BudDowKXNeA.roa
Signing time:             Mon 26 Aug 2024 05:10:24 +0000
ROA not before:           Mon 26 Aug 2024 05:10:24 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18429
IP address blocks:        61.57.128.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 14:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3523 (0xdc3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5D1E3F3C8BA89DC1310410345F50C10076181261
        Validity
            Not Before: Aug 26 05:10:24 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=EC915949A5790304A69BA07E06E743A3029735E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:1d:c5:2c:30:c6:1f:5b:86:10:ca:07:94:5b:
                    8d:fe:89:4b:01:f8:2a:f8:2d:62:0e:bb:80:70:28:
                    4f:dd:49:5d:d6:54:bc:ff:4c:5e:3e:51:04:e0:55:
                    71:dd:60:ed:f8:5d:d5:bc:d6:c7:76:9f:92:32:e0:
                    78:f9:62:8e:26:8a:9f:54:7b:4c:65:03:a0:40:81:
                    00:dd:bc:56:b1:4b:48:45:3b:df:fa:05:82:ad:81:
                    c1:ce:01:ce:40:30:60:bc:db:cc:e0:b3:a9:57:b5:
                    b0:06:c9:1a:8f:bd:0e:ea:18:ca:26:c3:dd:cf:a5:
                    9d:8a:cd:87:6b:79:d6:6c:0e:4a:ca:68:08:9d:35:
                    0c:95:8c:1e:44:6a:1e:6b:3e:b3:83:5e:26:de:51:
                    17:1c:aa:06:4f:51:fe:a0:a9:63:af:20:f5:26:3b:
                    dc:8d:19:be:72:20:11:3f:18:65:f1:9c:30:42:3f:
                    95:de:43:fe:e3:e5:9c:d0:34:31:a2:4a:3c:3d:9a:
                    d0:dd:c2:ad:81:3e:71:e4:44:ca:20:61:c9:f4:ce:
                    31:12:ed:61:84:fa:a1:f7:c0:92:35:03:b0:e8:2d:
                    1b:e8:d6:69:ae:f9:28:ae:93:8d:19:00:80:a2:50:
                    e2:ac:c6:b7:2c:38:0a:cb:7a:32:d3:bb:0f:b2:14:
                    a7:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:91:59:49:A5:79:03:04:A6:9B:A0:7E:06:E7:43:A3:02:97:35:E0
            X509v3 Authority Key Identifier:
                keyid:5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/7JFZSaV5AwSmm6B-BudDowKXNeA.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  61.57.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         60:4d:a6:04:52:4f:4e:4a:1b:bb:7b:d6:c0:b7:23:2c:7a:06:
         00:16:56:74:84:c9:ba:20:0d:e0:5f:57:f9:96:e7:38:aa:8f:
         9c:b0:aa:e3:12:e9:59:0e:e4:4e:e6:dc:c0:9e:73:30:1b:07:
         28:be:0c:08:dd:45:7b:a3:04:50:2b:3f:12:d6:c8:45:c7:b9:
         b7:ae:da:bc:cd:31:a0:04:f9:9c:cf:b9:bc:f4:99:d3:f6:26:
         0a:e2:4b:76:61:52:c7:94:10:f4:b1:8e:ca:9a:22:3c:25:be:
         c2:d6:ec:c3:07:5e:48:58:f5:e3:d7:a8:98:80:34:e6:d1:25:
         63:da:14:e0:37:aa:10:9a:1a:b1:83:af:0a:1f:c0:86:7b:a8:
         15:97:66:39:fc:cf:fb:4c:cf:9a:05:61:e1:17:6b:59:73:68:
         36:22:3d:19:4f:7f:92:1a:2a:24:41:b6:7e:5d:da:e0:3e:c0:
         06:21:89:54:75:c0:df:7a:2a:36:69:1b:70:55:ce:74:c2:df:
         34:eb:d0:0a:ac:ab:8b:9f:10:75:47:bf:b2:1f:e9:c6:8b:b9:
         e0:15:7e:af:32:7f:48:b0:e9:ad:8d:e7:59:94:e7:c9:70:84:
         c8:5e:06:8d:b2:51:8c:7e:f7:ec:ba:3a:3b:dc:31:56:f8:03:
         23:e9:fe:71
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICDcMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNUQx
RTNGM0M4QkE4OURDMTMxMDQxMDM0NUY1MEMxMDA3NjE4MTI2MTAeFw0yNDA4MjYw
NTEwMjRaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKEVDOTE1OTQ5QTU3OTAz
MDRBNjlCQTA3RTA2RTc0M0EzMDI5NzM1RTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDCHcUsMMYfW4YQygeUW43+iUsB+Cr4LWIOu4BwKE/dSV3WVLz/
TF4+UQTgVXHdYO34XdW81sd2n5Iy4Hj5Yo4mip9Ue0xlA6BAgQDdvFaxS0hFO9/6
BYKtgcHOAc5AMGC828zgs6lXtbAGyRqPvQ7qGMomw93PpZ2KzYdredZsDkrKaAid
NQyVjB5Eah5rPrODXibeURccqgZPUf6gqWOvIPUmO9yNGb5yIBE/GGXxnDBCP5Xe
Q/7j5ZzQNDGiSjw9mtDdwq2BPnHkRMogYcn0zjES7WGE+qH3wJI1A7DoLRvo1mmu
+Siuk40ZAICiUOKsxrcsOArLejLTuw+yFKc3AgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQU7JFZSaV5AwSmm6B+BudDowKXNeAwHwYDVR0jBBgwFoAUXR4/PIuoncExBBA0
X1DBAHYYEmEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ0dORVQv
WFI0X1BJdW9uY0V4QkJBMFgxREJBSFlZRW1FLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9YUjRfUEl1b25jRXhCQkEwWDFEQkFIWVlFbUUuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9DR05FVC83SkZaU2FWNUF3U21tNkItQnVk
RG93S1hOZUEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEPTmA
MA0GCSqGSIb3DQEBCwUAA4IBAQBgTaYEUk9OShu7e9bAtyMsegYAFlZ0hMm6IA3g
X1f5luc4qo+csKrjEulZDuRO5tzAnnMwGwcovgwI3UV7owRQKz8S1shFx7m3rtq8
zTGgBPmcz7m89JnT9iYK4kt2YVLHlBD0sY7KmiI8Jb7C1uzDB15IWPXj16iYgDTm
0SVj2hTgN6oQmhqxg68KH8CGe6gVl2Y5/M/7TM+aBWHhF2tZc2g2Ij0ZT3+SGiok
QbZ+XdrgPsAGIYlUdcDfeio2aRtwVc50wt8069AKrKuLnxB1R7+yH+nGi7ngFX6v
Mn9IsOmtjedZlOfJcITIXgaNslGMfvfsujo73DFW+AMj6f5x
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:29 2024 by rpki-client on console-ams.rpki-client.org