Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CGNET/CpFWBDoeVXB98zz1kn5AZrzY1yA.roa
File:                     CpFWBDoeVXB98zz1kn5AZrzY1yA.roa (raw, json)
Hash identifier:          tm8m5HXvXfYytlR5MddNmtyo3KOa7Wryi0403mwoZqM=
Subject key identifier:   0A:91:56:04:3A:1E:55:70:7D:F3:3C:F5:92:7E:40:66:BC:D8:D7:20
Certificate issuer:       /CN=5D1E3F3C8BA89DC1310410345F50C10076181261
Certificate serial:       0DC1
Authority key identifier: 5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/CpFWBDoeVXB98zz1kn5AZrzY1yA.roa
Signing time:             Mon 26 Aug 2024 05:10:24 +0000
ROA not before:           Mon 26 Aug 2024 05:10:24 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18429
IP address blocks:        124.155.172.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:24:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3521 (0xdc1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5D1E3F3C8BA89DC1310410345F50C10076181261
        Validity
            Not Before: Aug 26 05:10:24 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=0A9156043A1E55707DF33CF5927E4066BCD8D720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:55:d4:75:a4:7b:04:21:62:7d:62:63:38:b0:
                    b6:41:de:ba:89:89:14:b6:bb:e9:84:ed:9f:3b:10:
                    28:98:67:d1:50:64:52:7f:f4:90:95:d2:c6:9f:4e:
                    c3:7a:52:78:e7:07:85:ea:95:38:53:b2:fc:8d:8e:
                    c0:09:2f:3f:75:90:52:b9:46:ad:ee:6f:26:33:be:
                    d7:1e:b7:a6:ed:55:2d:e4:3c:86:5c:0f:0c:c0:8b:
                    7e:60:ba:8f:ab:aa:a7:a8:56:75:05:37:71:2b:31:
                    4a:78:a7:46:19:d3:1c:d2:c6:61:8f:96:a5:78:29:
                    af:04:93:8a:dd:11:37:e9:9a:ba:50:ec:b7:b4:ca:
                    18:15:01:91:be:44:cc:78:7e:50:35:6b:3b:31:42:
                    1f:aa:b3:e8:ea:a3:c9:ab:f7:14:f1:82:22:18:df:
                    e4:f3:c6:0f:83:ed:a7:c4:d5:32:0b:5f:ef:81:66:
                    7d:cc:a8:8f:e7:32:10:e6:3f:3f:ae:cb:5c:cc:13:
                    b3:70:44:e5:af:4f:2d:a4:81:57:27:7e:19:5c:1e:
                    79:13:73:cf:17:e2:25:1c:30:92:a3:0e:38:c0:d6:
                    a9:7e:76:a7:9c:95:6c:14:cb:5d:8e:f5:93:78:13:
                    ae:3f:02:7d:c3:2c:9c:7d:4c:ba:77:4d:32:2b:eb:
                    fd:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:91:56:04:3A:1E:55:70:7D:F3:3C:F5:92:7E:40:66:BC:D8:D7:20
            X509v3 Authority Key Identifier:
                keyid:5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/CpFWBDoeVXB98zz1kn5AZrzY1yA.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.155.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:13:95:ef:5d:6c:2f:27:02:37:9b:45:fb:3b:5f:3e:0c:97:
         16:90:c5:1a:be:35:f5:6e:94:63:bb:68:67:35:5a:8c:63:b5:
         59:42:49:2b:98:dd:91:4e:ec:6f:28:c6:c1:5a:04:a7:e0:6b:
         8b:26:66:d7:5f:d6:a9:4a:e8:f4:ab:f8:d5:3e:c4:e7:3c:c1:
         a8:d1:94:1e:3b:f4:ff:5d:5d:a1:b2:db:32:4d:0d:5e:ca:9a:
         9f:ba:0e:e6:8f:9a:f8:8a:de:68:85:43:7f:b1:c6:d1:27:10:
         20:15:87:ff:4b:cf:1a:52:33:95:b0:bf:d3:2a:d5:99:13:35:
         17:09:ec:fe:1c:cb:08:48:5e:61:f8:7c:4d:dd:db:7c:44:98:
         da:52:5f:ed:5c:b7:1d:28:b5:11:9e:75:df:f5:18:78:3b:b1:
         72:dd:bf:de:09:37:ca:80:48:5e:97:81:c5:ac:0f:5d:04:20:
         a3:9a:a2:31:39:9d:b7:1e:37:0e:96:83:69:11:f4:5f:ae:f6:
         fc:fd:d3:ea:a1:7f:43:6b:e0:81:d1:b4:f7:b1:49:3e:5e:b9:
         27:7e:fc:70:0e:c3:4c:24:3b:d5:dc:7b:df:a0:ef:60:f7:6d:
         58:3e:19:5c:ea:ae:e1:28:60:eb:83:f0:52:3f:2c:17:51:7c:
         b4:c2:de:28
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICDcEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNUQx
RTNGM0M4QkE4OURDMTMxMDQxMDM0NUY1MEMxMDA3NjE4MTI2MTAeFw0yNDA4MjYw
NTEwMjRaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDBBOTE1NjA0M0ExRTU1
NzA3REYzM0NGNTkyN0U0MDY2QkNEOEQ3MjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDSVdR1pHsEIWJ9YmM4sLZB3rqJiRS2u+mE7Z87ECiYZ9FQZFJ/
9JCV0safTsN6UnjnB4XqlThTsvyNjsAJLz91kFK5Rq3ubyYzvtcet6btVS3kPIZc
DwzAi35guo+rqqeoVnUFN3ErMUp4p0YZ0xzSxmGPlqV4Ka8Ek4rdETfpmrpQ7Le0
yhgVAZG+RMx4flA1azsxQh+qs+jqo8mr9xTxgiIY3+Tzxg+D7afE1TILX++BZn3M
qI/nMhDmPz+uy1zME7NwROWvTy2kgVcnfhlcHnkTc88X4iUcMJKjDjjA1ql+dqec
lWwUy12O9ZN4E64/An3DLJx9TLp3TTIr6/1XAgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUCpFWBDoeVXB98zz1kn5AZrzY1yAwHwYDVR0jBBgwFoAUXR4/PIuoncExBBA0
X1DBAHYYEmEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ0dORVQv
WFI0X1BJdW9uY0V4QkJBMFgxREJBSFlZRW1FLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9YUjRfUEl1b25jRXhCQkEwWDFEQkFIWVlFbUUuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9DR05FVC9DcEZXQkRvZVZYQjk4enoxa241
QVpyelkxeUEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBfJus
MA0GCSqGSIb3DQEBCwUAA4IBAQAVE5XvXWwvJwI3m0X7O18+DJcWkMUavjX1bpRj
u2hnNVqMY7VZQkkrmN2RTuxvKMbBWgSn4GuLJmbXX9apSuj0q/jVPsTnPMGo0ZQe
O/T/XV2hstsyTQ1eypqfug7mj5r4it5ohUN/scbRJxAgFYf/S88aUjOVsL/TKtWZ
EzUXCez+HMsISF5h+HxN3dt8RJjaUl/tXLcdKLURnnXf9Rh4O7Fy3b/eCTfKgEhe
l4HFrA9dBCCjmqIxOZ23HjcOloNpEfRfrvb8/dPqoX9Da+CB0bT3sUk+Xrknfvxw
DsNMJDvV3HvfoO9g921YPhlc6q7hKGDrg/BSPywXUXy0wt4o
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:01 2024 by rpki-client on console-ams.rpki-client.org