Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CGNET/Dx57YhFiRtkO5dDcdyBj5s8EKSE.roa
File:                     Dx57YhFiRtkO5dDcdyBj5s8EKSE.roa (raw, json)
Hash identifier:          J0aoUhOt+zeWxsYj81GUsvOF9ROTsozLKszsiK94aEI=
Subject key identifier:   0F:1E:7B:62:11:62:46:D9:0E:E5:D0:DC:77:20:63:E6:CF:04:29:21
Certificate issuer:       /CN=5D1E3F3C8BA89DC1310410345F50C10076181261
Certificate serial:       0DA6
Authority key identifier: 5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/Dx57YhFiRtkO5dDcdyBj5s8EKSE.roa
Signing time:             Mon 26 Aug 2024 05:10:18 +0000
ROA not before:           Mon 26 Aug 2024 05:10:18 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18429
IP address blocks:        2407:4900::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:24:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3494 (0xda6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5D1E3F3C8BA89DC1310410345F50C10076181261
        Validity
            Not Before: Aug 26 05:10:18 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=0F1E7B62116246D90EE5D0DC772063E6CF042921
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:37:a8:8c:24:4d:0b:25:e3:ac:6e:7d:56:f3:
                    54:8e:77:29:d3:73:68:1d:48:de:9c:d1:93:5c:9b:
                    67:d9:a3:7a:19:06:52:28:c2:78:36:94:27:d2:fc:
                    2c:f4:8b:a3:dc:8c:59:16:35:ca:da:46:5b:5f:30:
                    33:91:28:64:e8:47:47:a3:1f:2e:55:74:ea:60:9e:
                    57:64:3c:a4:c2:bb:aa:01:e7:7f:4f:1b:e8:43:8f:
                    ca:e3:37:c8:0a:a7:56:18:46:ab:d1:4c:25:a2:ec:
                    01:ed:c4:ff:56:2f:6d:80:31:d8:5e:55:80:c5:80:
                    3c:cb:7c:24:95:c8:12:64:d0:a7:36:5c:e4:b8:d5:
                    95:53:3d:e1:0d:a1:fa:6d:e1:fc:0f:62:19:2c:d5:
                    d2:d9:c5:fa:b3:5f:ec:3a:16:26:6f:3f:a4:7a:10:
                    89:42:a1:b8:2d:19:87:20:74:69:68:07:58:ca:f5:
                    80:9f:8f:5a:b4:72:47:10:d8:c9:86:9e:ee:a0:29:
                    5b:1f:8e:6f:2a:f9:9f:12:37:3b:af:98:bd:65:95:
                    76:fe:78:23:e1:00:8a:43:f1:3a:fa:5a:e0:8e:d3:
                    08:c0:f6:71:37:cf:e7:d5:b5:f2:2d:b3:45:cb:5f:
                    f6:bd:cc:0e:7e:89:8d:15:27:7a:7b:46:69:62:eb:
                    09:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:1E:7B:62:11:62:46:D9:0E:E5:D0:DC:77:20:63:E6:CF:04:29:21
            X509v3 Authority Key Identifier:
                keyid:5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/Dx57YhFiRtkO5dDcdyBj5s8EKSE.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:4900::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:e4:5f:85:ae:19:a9:90:8c:18:f8:24:61:db:99:e3:a8:5c:
         66:60:37:c0:4a:3b:60:10:dd:72:fa:03:0b:40:b0:74:1f:c4:
         4f:97:f8:f8:48:23:44:6a:9c:ee:3c:5f:17:87:3e:6d:34:dd:
         c9:e7:a1:9c:7d:bc:08:c4:ea:16:1c:16:44:43:a3:00:18:7c:
         05:d6:33:db:f0:d3:d0:6b:b9:61:37:51:1b:ac:37:d6:cd:fb:
         32:9f:4a:07:4c:c2:e3:50:2f:94:d7:8d:18:c0:97:7a:ff:c3:
         a9:c6:e4:f4:13:c3:e7:d4:f9:cd:49:33:47:de:8c:f6:bb:76:
         e6:8c:28:26:0e:89:6b:6f:ee:0d:03:3a:b3:3c:24:6d:9d:35:
         8a:a1:27:8e:24:0a:8a:2a:ad:7e:30:5b:54:3a:6a:0d:f4:3e:
         04:11:27:9c:1d:ca:a8:82:61:19:6d:c6:d1:0f:39:1b:ae:27:
         16:1d:6d:ff:c8:ad:27:ad:91:6b:49:0b:df:e0:12:73:07:2b:
         bf:28:6a:55:11:75:da:70:f6:41:5c:86:d1:ce:7e:6d:f1:fe:
         6a:d7:36:7f:ae:f5:89:aa:6d:19:c2:4a:28:08:43:83:ac:79:
         99:ef:68:c4:bd:f9:b8:bb:28:61:76:22:7a:f6:bf:22:8d:e8:
         c7:07:a8:c2
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgICDaYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNUQx
RTNGM0M4QkE4OURDMTMxMDQxMDM0NUY1MEMxMDA3NjE4MTI2MTAeFw0yNDA4MjYw
NTEwMThaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDBGMUU3QjYyMTE2MjQ2
RDkwRUU1RDBEQzc3MjA2M0U2Q0YwNDI5MjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVN6iMJE0LJeOsbn1W81SOdynTc2gdSN6c0ZNcm2fZo3oZBlIo
wng2lCfS/Cz0i6PcjFkWNcraRltfMDORKGToR0ejHy5VdOpgnldkPKTCu6oB539P
G+hDj8rjN8gKp1YYRqvRTCWi7AHtxP9WL22AMdheVYDFgDzLfCSVyBJk0Kc2XOS4
1ZVTPeENofpt4fwPYhks1dLZxfqzX+w6FiZvP6R6EIlCobgtGYcgdGloB1jK9YCf
j1q0ckcQ2MmGnu6gKVsfjm8q+Z8SNzuvmL1llXb+eCPhAIpD8Tr6WuCO0wjA9nE3
z+fVtfIts0XLX/a9zA5+iY0VJ3p7Rmli6wl7AgMBAAGjggHtMIIB6TAdBgNVHQ4E
FgQUDx57YhFiRtkO5dDcdyBj5s8EKSEwHwYDVR0jBBgwFoAUXR4/PIuoncExBBA0
X1DBAHYYEmEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ0dORVQv
WFI0X1BJdW9uY0V4QkJBMFgxREJBSFlZRW1FLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9YUjRfUEl1b25jRXhCQkEwWDFEQkFIWVlFbUUuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9DR05FVC9EeDU3WWhGaVJ0a081ZERjZHlC
ajVzOEVLU0Uucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAJAdJ
ADANBgkqhkiG9w0BAQsFAAOCAQEAZuRfha4ZqZCMGPgkYduZ46hcZmA3wEo7YBDd
cvoDC0CwdB/ET5f4+EgjRGqc7jxfF4c+bTTdyeehnH28CMTqFhwWREOjABh8BdYz
2/DT0Gu5YTdRG6w31s37Mp9KB0zC41AvlNeNGMCXev/Dqcbk9BPD59T5zUkzR96M
9rt25owoJg6Ja2/uDQM6szwkbZ01iqEnjiQKiiqtfjBbVDpqDfQ+BBEnnB3KqIJh
GW3G0Q85G64nFh1t/8itJ62Ra0kL3+AScwcrvyhqVRF12nD2QVyG0c5+bfH+atc2
f671iaptGcJKKAhDg6x5me9oxL35uLsoYXYieva/Io3oxweowg==
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:43:35 2024 by rpki-client on console-fra.rpki-client.org