Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CGNET/Y_y0Fu6GvIMhNn06Kh0FBkQQtzI.roa
File:                     Y_y0Fu6GvIMhNn06Kh0FBkQQtzI.roa (raw, json)
Hash identifier:          i3DK4WvIH7Rd7SdYEd6Cu/619ft59EVJpPCZuHs+iCc=
Subject key identifier:   63:FC:B4:16:EE:86:BC:83:21:36:7D:3A:2A:1D:05:06:44:10:B7:32
Certificate issuer:       /CN=5D1E3F3C8BA89DC1310410345F50C10076181261
Certificate serial:       0DB8
Authority key identifier: 5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/Y_y0Fu6GvIMhNn06Kh0FBkQQtzI.roa
Signing time:             Mon 26 Aug 2024 05:10:21 +0000
ROA not before:           Mon 26 Aug 2024 05:10:21 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18429
IP address blocks:        27.147.16.0/21 maxlen: 22

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:24:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3512 (0xdb8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5D1E3F3C8BA89DC1310410345F50C10076181261
        Validity
            Not Before: Aug 26 05:10:21 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=63FCB416EE86BC8321367D3A2A1D05064410B732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:bb:3d:52:3b:89:c6:05:92:a3:a0:78:81:c5:
                    eb:86:6a:f3:cb:37:7a:4a:a0:de:de:e3:ab:26:1a:
                    fb:c9:1e:43:0f:f3:c1:b3:69:03:39:44:a4:43:31:
                    3c:ae:36:f6:04:b5:3b:38:06:f0:aa:07:64:1f:4b:
                    28:a7:ca:70:c2:64:45:a0:83:48:63:1c:d9:85:7c:
                    f3:6d:d2:96:64:13:bc:95:dd:b4:e7:7e:cd:e1:d3:
                    ce:49:3a:5f:37:f8:d7:c4:5f:9a:fa:83:7a:03:ea:
                    b7:b2:d5:df:95:cf:5a:cd:e1:4e:91:01:b7:2f:41:
                    cf:07:9c:84:48:b4:5d:88:a8:15:e5:4c:75:6d:54:
                    d9:fe:7c:60:4e:20:d4:03:17:1f:75:0a:29:69:52:
                    8b:3c:b3:71:d7:35:09:05:74:1e:9e:cc:dc:e9:9c:
                    b7:90:df:58:d9:20:2a:fc:e5:56:e0:2a:c1:5a:8e:
                    85:dd:43:44:dc:45:df:ad:92:fc:10:34:f7:9a:06:
                    15:a3:f5:f7:ff:6e:b7:44:37:0e:fc:58:02:1e:36:
                    9a:f1:2f:9d:23:09:20:29:14:49:68:7b:fd:2c:fa:
                    c8:8b:0f:a9:eb:a3:e4:61:7d:ed:d7:e2:dd:58:d1:
                    59:95:13:fb:2a:22:4d:97:eb:22:5a:b3:54:16:23:
                    ec:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:FC:B4:16:EE:86:BC:83:21:36:7D:3A:2A:1D:05:06:44:10:B7:32
            X509v3 Authority Key Identifier:
                keyid:5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/Y_y0Fu6GvIMhNn06Kh0FBkQQtzI.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.147.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         55:6e:6a:bd:64:65:f0:15:5c:37:87:9d:a7:7f:65:ba:74:9a:
         f1:bb:c8:99:3c:08:17:25:3a:dd:f8:3b:a9:fa:c9:b1:de:1b:
         b4:64:e5:4a:f5:29:70:43:37:34:a7:7d:d0:52:25:9c:61:24:
         4f:a8:1d:16:7d:d8:01:fa:20:67:2e:4a:35:f2:97:a9:9b:b9:
         1f:d0:50:80:43:b8:46:1a:95:50:d6:55:75:70:de:cd:a7:77:
         ca:57:2b:7d:dc:6b:d8:ef:22:af:ea:a6:80:8b:c3:65:b9:2e:
         e2:88:e1:39:bb:8a:14:a0:2d:2e:23:f7:e7:ac:bf:e5:4a:e3:
         a3:26:f4:97:b6:bb:7e:29:d4:69:d9:02:79:2d:89:41:57:91:
         6e:e4:6a:f7:31:44:4f:94:c3:a2:e4:75:77:2c:49:36:82:ad:
         83:c8:b4:8a:d1:80:fd:dc:8e:1f:e0:f0:1a:1f:d5:c5:f4:ef:
         39:17:82:31:5c:31:6b:48:d3:fb:98:6c:b2:56:d9:96:1f:67:
         09:e9:21:1a:21:4d:6d:1b:5a:d1:77:6b:c0:0f:8b:8b:4e:8f:
         b4:f0:b2:96:14:88:89:8d:22:6a:9b:8e:bc:d3:fc:d6:e9:67:
         3f:0c:b8:a5:a4:a9:7c:0e:4b:c5:95:f8:47:d7:0e:da:84:ad:
         09:66:84:f2
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICDbgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNUQx
RTNGM0M4QkE4OURDMTMxMDQxMDM0NUY1MEMxMDA3NjE4MTI2MTAeFw0yNDA4MjYw
NTEwMjFaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDYzRkNCNDE2RUU4NkJD
ODMyMTM2N0QzQTJBMUQwNTA2NDQxMEI3MzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDuz1SO4nGBZKjoHiBxeuGavPLN3pKoN7e46smGvvJHkMP88Gz
aQM5RKRDMTyuNvYEtTs4BvCqB2QfSyinynDCZEWgg0hjHNmFfPNt0pZkE7yV3bTn
fs3h085JOl83+NfEX5r6g3oD6rey1d+Vz1rN4U6RAbcvQc8HnIRItF2IqBXlTHVt
VNn+fGBOINQDFx91CilpUos8s3HXNQkFdB6ezNzpnLeQ31jZICr85VbgKsFajoXd
Q0TcRd+tkvwQNPeaBhWj9ff/brdENw78WAIeNprxL50jCSApFEloe/0s+siLD6nr
o+Rhfe3X4t1Y0VmVE/sqIk2X6yJas1QWI+z5AgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUY/y0Fu6GvIMhNn06Kh0FBkQQtzIwHwYDVR0jBBgwFoAUXR4/PIuoncExBBA0
X1DBAHYYEmEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ0dORVQv
WFI0X1BJdW9uY0V4QkJBMFgxREJBSFlZRW1FLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9YUjRfUEl1b25jRXhCQkEwWDFEQkFIWVlFbUUuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9DR05FVC9ZX3kwRnU2R3ZJTWhObjA2S2gw
RkJrUVF0ekkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDG5MQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBVbmq9ZGXwFVw3h52nf2W6dJrxu8iZPAgXJTrd
+Dup+smx3hu0ZOVK9SlwQzc0p33QUiWcYSRPqB0WfdgB+iBnLko18pepm7kf0FCA
Q7hGGpVQ1lV1cN7Np3fKVyt93GvY7yKv6qaAi8NluS7iiOE5u4oUoC0uI/fnrL/l
SuOjJvSXtrt+KdRp2QJ5LYlBV5Fu5Gr3MURPlMOi5HV3LEk2gq2DyLSK0YD93I4f
4PAaH9XF9O85F4IxXDFrSNP7mGyyVtmWH2cJ6SEaIU1tG1rRd2vAD4uLTo+08LKW
FIiJjSJqm4680/zW6Wc/DLilpKl8DkvFlfhH1w7ahK0JZoTy
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:01 2024 by rpki-client on console-ams.rpki-client.org