Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CGNET/fW3XAh6fP3no_tXXphEsfRcuZhc.roa
File:                     fW3XAh6fP3no_tXXphEsfRcuZhc.roa (raw, json)
Hash identifier:          sHXHtHNBXeWvn14v/xg/dpA+WbLQ855Gm4uL3Ti3Gwk=
Subject key identifier:   7D:6D:D7:02:1E:9F:3F:79:E8:FE:D5:D7:A6:11:2C:7D:17:2E:66:17
Certificate issuer:       /CN=5D1E3F3C8BA89DC1310410345F50C10076181261
Certificate serial:       0DA4
Authority key identifier: 5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/fW3XAh6fP3no_tXXphEsfRcuZhc.roa
Signing time:             Mon 26 Aug 2024 05:10:17 +0000
ROA not before:           Mon 26 Aug 2024 05:10:17 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18429
IP address blocks:        27.147.8.0/21 maxlen: 22

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Nov 2024 07:07:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3492 (0xda4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5D1E3F3C8BA89DC1310410345F50C10076181261
        Validity
            Not Before: Aug 26 05:10:17 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=7D6DD7021E9F3F79E8FED5D7A6112C7D172E6617
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:41:4c:01:34:f3:07:c8:f2:4f:e0:a9:b2:38:
                    8b:a6:6f:41:d5:b0:74:60:73:43:e0:ac:db:d6:17:
                    ec:9e:de:55:c0:2a:c7:9a:9d:82:c4:c5:5f:11:75:
                    1d:63:00:1a:5d:34:29:b5:5c:0f:fc:d7:a9:c5:42:
                    fa:54:21:fe:dc:9b:4b:cd:c9:98:a1:ba:9a:aa:45:
                    81:00:88:eb:7b:c4:bf:d3:8c:91:46:30:39:e0:23:
                    ac:c4:6b:4e:bd:0a:35:f3:27:df:b4:1e:d6:0e:b4:
                    91:a4:30:e9:ae:8d:8a:27:9b:09:fe:9a:d8:28:10:
                    ac:7f:45:1e:be:4d:5e:7c:f3:f8:d6:32:b8:f8:b0:
                    cf:f8:41:f2:b0:31:88:a8:4c:26:66:9d:26:47:85:
                    d4:c7:98:9e:ea:2f:32:c4:4b:9b:5d:c7:60:ee:4e:
                    b1:39:2a:9a:68:53:60:0d:17:8f:af:c3:df:bd:cd:
                    e6:66:58:cb:b1:6b:ed:ad:e8:91:70:1e:3b:38:a7:
                    6b:8b:63:fd:df:f8:4b:58:4b:15:a6:b3:27:7c:42:
                    eb:21:f6:7a:d0:23:7f:bf:a0:80:ef:00:9a:99:4b:
                    51:30:22:e2:51:ac:7e:04:23:40:df:72:90:83:e4:
                    b6:d0:97:bd:26:55:38:70:0f:ba:7e:63:14:21:2b:
                    34:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:6D:D7:02:1E:9F:3F:79:E8:FE:D5:D7:A6:11:2C:7D:17:2E:66:17
            X509v3 Authority Key Identifier:
                keyid:5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/fW3XAh6fP3no_tXXphEsfRcuZhc.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.147.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a4:0e:7a:54:4e:c5:ac:a9:2f:38:41:7a:63:84:b0:20:7f:9a:
         28:42:24:e5:1c:a6:6b:8f:8c:9c:97:54:3d:3a:82:e5:0a:16:
         36:e3:5c:78:e4:0b:e6:f7:17:f4:28:62:a3:f1:11:0b:e9:0a:
         6d:ae:42:93:86:88:39:13:ad:e6:44:b0:06:a9:8b:a7:7a:d8:
         a4:b1:2a:02:ad:64:89:68:10:09:6e:69:df:04:a9:c1:80:a6:
         f2:0d:44:37:b1:35:8c:16:33:7f:d2:53:d2:b9:85:1d:a3:78:
         3e:45:6a:71:d9:22:e6:94:73:99:d1:f5:e8:c2:0c:47:35:b5:
         8b:88:b1:2f:e7:ba:e1:68:97:b1:c5:e8:50:87:b5:77:bb:8b:
         fe:73:b9:8e:d2:c1:2a:92:a4:ad:6e:74:25:e9:af:95:55:98:
         17:9a:11:4c:09:09:d9:73:71:e3:2d:3c:b9:85:ff:21:63:9d:
         ef:c7:c0:20:28:cc:8c:87:9f:4e:62:66:fd:83:57:5d:83:c6:
         3f:e8:af:97:a0:00:de:57:fa:29:fb:7d:9e:20:21:28:74:14:
         7d:fe:b3:3f:63:39:01:82:03:54:bd:c0:9b:d7:47:2a:9a:6b:
         19:e6:cb:83:39:7a:09:2b:37:f5:76:c9:67:56:a4:fd:bb:8a:
         7f:d7:90:a0
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICDaQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNUQx
RTNGM0M4QkE4OURDMTMxMDQxMDM0NUY1MEMxMDA3NjE4MTI2MTAeFw0yNDA4MjYw
NTEwMTdaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDdENkRENzAyMUU5RjNG
NzlFOEZFRDVEN0E2MTEyQzdEMTcyRTY2MTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJQUwBNPMHyPJP4KmyOIumb0HVsHRgc0PgrNvWF+ye3lXAKsea
nYLExV8RdR1jABpdNCm1XA/816nFQvpUIf7cm0vNyZihupqqRYEAiOt7xL/TjJFG
MDngI6zEa069CjXzJ9+0HtYOtJGkMOmujYonmwn+mtgoEKx/RR6+TV588/jWMrj4
sM/4QfKwMYioTCZmnSZHhdTHmJ7qLzLES5tdx2DuTrE5KppoU2ANF4+vw9+9zeZm
WMuxa+2t6JFwHjs4p2uLY/3f+EtYSxWmsyd8Qush9nrQI3+/oIDvAJqZS1EwIuJR
rH4EI0DfcpCD5LbQl70mVThwD7p+YxQhKzQNAgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUfW3XAh6fP3no/tXXphEsfRcuZhcwHwYDVR0jBBgwFoAUXR4/PIuoncExBBA0
X1DBAHYYEmEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ0dORVQv
WFI0X1BJdW9uY0V4QkJBMFgxREJBSFlZRW1FLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9YUjRfUEl1b25jRXhCQkEwWDFEQkFIWVlFbUUuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9DR05FVC9mVzNYQWg2ZlAzbm9fdFhYcGhF
c2ZSY3VaaGMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDG5MI
MA0GCSqGSIb3DQEBCwUAA4IBAQCkDnpUTsWsqS84QXpjhLAgf5ooQiTlHKZrj4yc
l1Q9OoLlChY241x45Avm9xf0KGKj8REL6QptrkKThog5E63mRLAGqYunetiksSoC
rWSJaBAJbmnfBKnBgKbyDUQ3sTWMFjN/0lPSuYUdo3g+RWpx2SLmlHOZ0fXowgxH
NbWLiLEv57rhaJexxehQh7V3u4v+c7mO0sEqkqStbnQl6a+VVZgXmhFMCQnZc3Hj
LTy5hf8hY53vx8AgKMyMh59OYmb9g1ddg8Y/6K+XoADeV/op+32eICEodBR9/rM/
YzkBggNUvcCb10cqmmsZ5suDOXoJKzf1dslnVqT9u4p/15Cg
-----END CERTIFICATE-----
Generated at Thu Nov 14 06:09:14 2024 by rpki-client on console-ams.rpki-client.org