Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CGNET/lIhSfAvxGubECLdEiKllzulJbSg.roa
File:                     lIhSfAvxGubECLdEiKllzulJbSg.roa (raw, json)
Hash identifier:          2vW69gA2BPF2YNB7/c/sxRaqH3DgshVPlf4KXbugmsc=
Subject key identifier:   94:88:52:7C:0B:F1:1A:E6:C4:08:B7:44:88:A9:65:CE:E9:49:6D:28
Certificate issuer:       /CN=5D1E3F3C8BA89DC1310410345F50C10076181261
Certificate serial:       0DCC
Authority key identifier: 5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/lIhSfAvxGubECLdEiKllzulJbSg.roa
Signing time:             Mon 26 Aug 2024 05:10:26 +0000
ROA not before:           Mon 26 Aug 2024 05:10:26 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18429
IP address blocks:        124.155.168.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 14:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3532 (0xdcc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5D1E3F3C8BA89DC1310410345F50C10076181261
        Validity
            Not Before: Aug 26 05:10:26 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=9488527C0BF11AE6C408B74488A965CEE9496D28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:5c:fd:11:1f:90:d9:6c:30:2e:26:99:f6:7a:
                    fc:2e:d8:b9:d8:f7:3f:a7:61:47:6c:b3:cb:2d:e7:
                    e0:e9:af:46:e3:9c:d4:8b:97:8c:27:5a:b3:dc:29:
                    be:4f:5e:e9:8a:54:72:29:57:00:e0:59:90:d0:e0:
                    23:aa:31:db:eb:41:0f:f4:01:2c:6e:c6:ba:ed:b6:
                    99:eb:d2:a3:ab:bb:17:2f:20:45:2d:6f:e0:a6:9f:
                    b3:2d:2d:2e:ef:86:84:46:13:8d:51:7b:1b:a5:9b:
                    a0:80:20:41:80:84:4c:ae:be:be:b4:2c:47:9a:91:
                    a5:9f:66:5f:e1:e7:5d:36:7b:94:a2:c6:0e:90:6e:
                    c9:20:79:cd:67:ff:df:9a:e0:46:93:1e:69:4c:f4:
                    36:9b:9c:92:35:67:9e:f6:7e:02:81:55:7b:2d:18:
                    64:03:7c:7c:af:c9:8e:63:65:31:b1:ba:82:0a:53:
                    a4:2c:da:e1:88:13:4d:45:51:1e:7d:2d:4e:63:1e:
                    a3:d6:e2:4e:15:c3:db:6a:63:1e:a4:0e:ab:96:29:
                    68:f6:c2:f3:38:a0:1a:b3:86:bf:f6:e1:11:ba:a8:
                    b3:db:0f:78:19:b9:c1:3c:fb:e5:ae:ab:a0:fc:6a:
                    3f:5d:65:1e:39:56:4a:63:6c:40:e2:29:17:00:0c:
                    d6:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:88:52:7C:0B:F1:1A:E6:C4:08:B7:44:88:A9:65:CE:E9:49:6D:28
            X509v3 Authority Key Identifier:
                keyid:5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/lIhSfAvxGubECLdEiKllzulJbSg.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.155.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:c7:ed:2e:b4:6c:32:91:b5:e7:83:50:4d:cb:1e:0c:29:ab:
         3d:70:a8:a3:da:9c:92:0a:78:5b:69:7e:5e:66:56:68:d4:da:
         1a:bc:96:b0:d4:a5:cf:6f:36:cd:41:b6:99:d3:62:15:44:16:
         cd:68:39:c4:61:33:10:a2:36:c6:d4:e3:c6:46:71:ca:2b:60:
         39:79:64:e9:6f:10:fe:0f:6c:fc:ef:f7:f2:b4:15:14:93:91:
         f5:db:c9:f8:1e:41:63:f8:65:92:9f:50:5a:a8:3f:db:25:de:
         44:1c:cf:29:08:10:0f:7c:9c:14:8f:81:a4:08:49:4c:e9:83:
         cc:58:ec:bd:80:40:13:d9:4c:1c:66:d1:1a:dc:9d:b7:dd:00:
         fa:e4:6f:2e:93:a0:5f:90:11:37:ca:1a:46:34:72:64:52:4c:
         c8:7f:19:3a:7c:6d:f1:24:b7:5c:ac:51:cb:41:2d:63:3a:65:
         72:cb:5e:6c:3b:34:24:bd:e5:60:42:22:75:e3:5a:65:ae:36:
         42:0d:bb:18:5c:93:27:2f:a3:11:59:97:6c:6f:a5:70:94:9a:
         ca:d8:90:66:88:de:72:a6:6d:1f:63:a5:b7:8d:99:55:58:e0:
         d8:79:b5:6b:de:18:82:e7:b8:cf:27:b8:9a:18:5f:8e:0c:4d:
         82:41:89:31
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICDcwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNUQx
RTNGM0M4QkE4OURDMTMxMDQxMDM0NUY1MEMxMDA3NjE4MTI2MTAeFw0yNDA4MjYw
NTEwMjZaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDk0ODg1MjdDMEJGMTFB
RTZDNDA4Qjc0NDg4QTk2NUNFRTk0OTZEMjgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDoXP0RH5DZbDAuJpn2evwu2LnY9z+nYUdss8st5+Dpr0bjnNSL
l4wnWrPcKb5PXumKVHIpVwDgWZDQ4COqMdvrQQ/0ASxuxrrttpnr0qOruxcvIEUt
b+Cmn7MtLS7vhoRGE41Rexulm6CAIEGAhEyuvr60LEeakaWfZl/h5102e5Sixg6Q
bskgec1n/9+a4EaTHmlM9DabnJI1Z572fgKBVXstGGQDfHyvyY5jZTGxuoIKU6Qs
2uGIE01FUR59LU5jHqPW4k4Vw9tqYx6kDquWKWj2wvM4oBqzhr/24RG6qLPbD3gZ
ucE8++Wuq6D8aj9dZR45VkpjbEDiKRcADNZbAgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUlIhSfAvxGubECLdEiKllzulJbSgwHwYDVR0jBBgwFoAUXR4/PIuoncExBBA0
X1DBAHYYEmEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ0dORVQv
WFI0X1BJdW9uY0V4QkJBMFgxREJBSFlZRW1FLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9YUjRfUEl1b25jRXhCQkEwWDFEQkFIWVlFbUUuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9DR05FVC9sSWhTZkF2eEd1YkVDTGRFaUts
bHp1bEpiU2cucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBfJuo
MA0GCSqGSIb3DQEBCwUAA4IBAQA/x+0utGwykbXng1BNyx4MKas9cKij2pySCnhb
aX5eZlZo1NoavJaw1KXPbzbNQbaZ02IVRBbNaDnEYTMQojbG1OPGRnHKK2A5eWTp
bxD+D2z87/fytBUUk5H128n4HkFj+GWSn1BaqD/bJd5EHM8pCBAPfJwUj4GkCElM
6YPMWOy9gEAT2UwcZtEa3J233QD65G8uk6BfkBE3yhpGNHJkUkzIfxk6fG3xJLdc
rFHLQS1jOmVyy15sOzQkveVgQiJ141plrjZCDbsYXJMnL6MRWZdsb6VwlJrK2JBm
iN5ypm0fY6W3jZlVWODYebVr3hiC57jPJ7iaGF+ODE2CQYkx
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:06:49 2024 by rpki-client on console-fra.rpki-client.org