Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CGNET/LIsMYhXvzt6J_mCZaWzVQkIcZLI.roa
File:                     LIsMYhXvzt6J_mCZaWzVQkIcZLI.roa (raw, json)
Hash identifier:          vbRXlqp6HbuqY6D7F5audyZl/ffAcVap1XEA7K9gM0A=
Subject key identifier:   2C:8B:0C:62:15:EF:CE:DE:89:FE:60:99:69:6C:D5:42:42:1C:64:B2
Certificate issuer:       /CN=5D1E3F3C8BA89DC1310410345F50C10076181261
Certificate serial:       0DCA
Authority key identifier: 5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/LIsMYhXvzt6J_mCZaWzVQkIcZLI.roa
Signing time:             Mon 26 Aug 2024 05:10:26 +0000
ROA not before:           Mon 26 Aug 2024 05:10:26 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18429
IP address blocks:        27.147.32.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 14:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3530 (0xdca)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5D1E3F3C8BA89DC1310410345F50C10076181261
        Validity
            Not Before: Aug 26 05:10:26 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=2C8B0C6215EFCEDE89FE6099696CD542421C64B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:84:14:29:05:d1:94:d9:e7:bf:e8:50:1a:34:
                    31:a3:93:49:d7:c4:5f:91:f9:45:7c:c3:93:67:2b:
                    2a:21:21:19:91:28:15:b9:7d:99:e9:2f:1d:5f:82:
                    0f:b6:c8:2f:ab:ff:bf:88:da:a5:86:72:ce:cd:2d:
                    f6:36:8f:0a:5b:31:b9:d6:c9:29:35:97:5c:5c:de:
                    23:ea:ab:8b:41:52:17:6a:5d:dc:b0:89:c3:8a:95:
                    19:ab:bb:7e:68:e2:f1:cb:dc:9a:ea:76:43:05:6f:
                    5a:53:7e:8d:1a:f1:7d:37:cf:e6:db:04:2d:14:71:
                    b5:2d:08:73:6e:89:d1:a8:90:41:9e:17:81:5d:37:
                    a9:24:1d:14:6e:64:07:10:a9:6e:97:b2:d8:5d:30:
                    be:40:3b:06:3d:38:4b:ef:ab:bb:78:a6:8d:d8:0b:
                    fc:9f:a4:2e:cc:6c:80:08:e7:5d:62:2f:91:e8:a4:
                    17:b8:ce:dc:56:6a:e3:1b:37:24:9b:30:73:ee:95:
                    c8:67:94:f3:f1:2a:71:e8:87:41:42:11:0a:af:e2:
                    18:bd:8a:3b:58:a4:3f:7d:44:3b:42:a2:8c:dc:ee:
                    98:66:4f:19:9a:58:fa:1d:40:6a:8a:8a:75:dd:bb:
                    b2:df:62:0f:e5:79:f5:e9:d4:b7:ea:7e:56:2f:64:
                    be:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:8B:0C:62:15:EF:CE:DE:89:FE:60:99:69:6C:D5:42:42:1C:64:B2
            X509v3 Authority Key Identifier:
                keyid:5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/LIsMYhXvzt6J_mCZaWzVQkIcZLI.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.147.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         56:61:97:df:fc:69:49:b3:48:17:f1:be:34:93:fd:31:5c:06:
         c4:36:84:16:95:a5:72:3e:f9:b2:39:94:4e:dd:a1:1d:1e:cb:
         0f:86:08:59:74:45:db:02:81:92:35:12:82:0a:31:93:6b:9f:
         91:72:5e:a9:5d:e4:23:2d:bc:25:4c:a1:02:f4:bc:35:8a:10:
         ff:88:ee:29:18:39:47:58:fb:08:aa:ef:89:2f:9c:22:a8:f1:
         8e:de:6d:64:88:d3:c7:0f:54:49:2d:43:84:79:7b:bb:da:39:
         b5:51:3d:9e:d3:02:f0:ea:0c:9b:e5:d2:b9:ae:ec:37:db:1e:
         63:86:a9:47:66:f5:2c:6d:cf:44:31:ff:82:69:1b:d8:1c:07:
         91:db:ee:88:f3:e4:4c:f3:de:46:1e:c1:05:b5:08:6e:f4:42:
         b4:8f:1b:7b:23:f7:5f:7a:97:0c:07:e1:53:c8:98:17:00:73:
         04:96:3c:11:1a:69:81:83:90:37:02:56:38:bc:f8:95:28:2d:
         e2:9a:7e:5c:46:85:d6:ac:12:47:da:0e:3a:fc:4b:5c:73:84:
         a7:c5:b5:e8:56:c9:7e:f2:3a:54:32:84:11:b7:54:d3:cc:f2:
         d4:3d:c2:7c:29:6a:79:99:6d:f8:91:34:55:c0:df:e5:9e:31:
         62:ee:1f:53
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICDcowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNUQx
RTNGM0M4QkE4OURDMTMxMDQxMDM0NUY1MEMxMDA3NjE4MTI2MTAeFw0yNDA4MjYw
NTEwMjZaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDJDOEIwQzYyMTVFRkNF
REU4OUZFNjA5OTY5NkNENTQyNDIxQzY0QjIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDahBQpBdGU2ee/6FAaNDGjk0nXxF+R+UV8w5NnKyohIRmRKBW5
fZnpLx1fgg+2yC+r/7+I2qWGcs7NLfY2jwpbMbnWySk1l1xc3iPqq4tBUhdqXdyw
icOKlRmru35o4vHL3JrqdkMFb1pTfo0a8X03z+bbBC0UcbUtCHNuidGokEGeF4Fd
N6kkHRRuZAcQqW6XsthdML5AOwY9OEvvq7t4po3YC/yfpC7MbIAI511iL5HopBe4
ztxWauMbNySbMHPulchnlPPxKnHoh0FCEQqv4hi9ijtYpD99RDtCoozc7phmTxma
WPodQGqKinXdu7LfYg/lefXp1LfqflYvZL6/AgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQULIsMYhXvzt6J/mCZaWzVQkIcZLIwHwYDVR0jBBgwFoAUXR4/PIuoncExBBA0
X1DBAHYYEmEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ0dORVQv
WFI0X1BJdW9uY0V4QkJBMFgxREJBSFlZRW1FLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9YUjRfUEl1b25jRXhCQkEwWDFEQkFIWVlFbUUuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9DR05FVC9MSXNNWWhYdnp0NkpfbUNaYVd6
VlFrSWNaTEkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDG5Mg
MA0GCSqGSIb3DQEBCwUAA4IBAQBWYZff/GlJs0gX8b40k/0xXAbENoQWlaVyPvmy
OZRO3aEdHssPhghZdEXbAoGSNRKCCjGTa5+Rcl6pXeQjLbwlTKEC9Lw1ihD/iO4p
GDlHWPsIqu+JL5wiqPGO3m1kiNPHD1RJLUOEeXu72jm1UT2e0wLw6gyb5dK5ruw3
2x5jhqlHZvUsbc9EMf+CaRvYHAeR2+6I8+RM895GHsEFtQhu9EK0jxt7I/dfepcM
B+FTyJgXAHMEljwRGmmBg5A3AlY4vPiVKC3imn5cRoXWrBJH2g46/Etcc4SnxbXo
Vsl+8jpUMoQRt1TTzPLUPcJ8KWp5mW34kTRVwN/lnjFi7h9T
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:06:49 2024 by rpki-client on console-fra.rpki-client.org