Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CGNET/nienazNQlgPf8saqYnpMRPG3c9I.roa
File:                     nienazNQlgPf8saqYnpMRPG3c9I.roa (raw, json)
Hash identifier:          4Yikl3HwZaHwU50b/nay7eoZSXkEp14ty0dyF4VnRIU=
Subject key identifier:   9E:27:A7:6B:33:50:96:03:DF:F2:C6:AA:62:7A:4C:44:F1:B7:73:D2
Certificate issuer:       /CN=5D1E3F3C8BA89DC1310410345F50C10076181261
Certificate serial:       0DB9
Authority key identifier: 5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/nienazNQlgPf8saqYnpMRPG3c9I.roa
Signing time:             Mon 26 Aug 2024 05:10:22 +0000
ROA not before:           Mon 26 Aug 2024 05:10:22 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18429
IP address blocks:        124.155.160.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 14:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3513 (0xdb9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5D1E3F3C8BA89DC1310410345F50C10076181261
        Validity
            Not Before: Aug 26 05:10:22 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=9E27A76B33509603DFF2C6AA627A4C44F1B773D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0c:41:ee:b7:8a:38:6b:3e:47:33:85:7f:af:
                    4e:84:8e:2a:dc:e9:35:de:67:23:40:ca:0a:da:7a:
                    66:dc:e9:dd:25:17:01:86:5e:9d:06:cb:ac:ea:fb:
                    ad:8d:ed:f5:8e:14:de:be:20:f1:63:82:0b:13:81:
                    28:b3:f4:ce:6b:97:06:76:43:bf:49:68:97:e1:33:
                    22:35:50:95:7a:63:82:e7:e8:ea:81:13:cf:d5:9a:
                    fa:9d:4b:5e:bc:8b:b8:f5:9b:02:c0:22:61:b2:bd:
                    5e:ca:ce:62:71:82:cd:db:ae:76:4a:36:1d:43:32:
                    85:7f:fa:59:90:ba:f3:dc:0d:c0:76:af:6b:ce:fc:
                    d2:a7:55:3b:da:2f:e5:c9:46:76:22:fe:51:50:87:
                    44:4c:52:3f:95:1a:21:87:1d:85:67:6b:cb:a2:1b:
                    97:c1:23:d6:a0:b2:4e:7a:63:e4:1d:47:4b:96:29:
                    20:7f:36:17:94:a3:3f:73:98:39:be:d9:39:ca:c0:
                    24:05:12:82:69:3a:95:e1:89:e8:d2:5a:16:7f:12:
                    ef:10:6b:f1:b7:3e:1c:a4:65:fb:b4:12:46:95:e8:
                    ba:75:f2:b5:a2:69:3f:67:28:2a:f8:86:83:89:84:
                    e4:46:5b:e6:47:8f:3e:20:7f:9a:36:f5:e8:69:e9:
                    f5:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:27:A7:6B:33:50:96:03:DF:F2:C6:AA:62:7A:4C:44:F1:B7:73:D2
            X509v3 Authority Key Identifier:
                keyid:5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/nienazNQlgPf8saqYnpMRPG3c9I.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.155.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4b:cc:55:1e:31:c4:a2:26:f6:41:e4:b8:95:8f:89:33:bf:bf:
         89:07:ec:8e:5d:9d:a0:3f:2d:a0:23:b0:2d:e1:6d:14:76:5c:
         86:6f:e5:3d:f6:ac:2e:34:4a:a5:90:a5:c9:2c:12:fb:cc:2e:
         ee:b6:28:69:6b:5e:da:d6:f9:58:2e:37:1a:db:52:b9:cb:01:
         08:01:25:0e:e3:51:d4:2d:2f:3e:99:4c:e6:ec:89:52:4d:09:
         dc:86:b8:2e:d1:f5:c1:0c:db:c6:b3:02:4e:63:99:90:31:85:
         13:aa:02:82:bb:52:71:98:7f:fb:2a:67:f3:a7:2c:f0:3a:d7:
         4a:b5:3d:34:d8:ee:73:d3:88:74:51:a4:92:50:da:ed:26:3b:
         c5:92:40:e5:e7:4a:18:2f:2c:97:27:c0:3f:9c:93:d9:bc:ac:
         9b:6a:68:dc:aa:5e:47:d0:9c:f9:b3:5b:49:6e:b1:f5:b8:f4:
         56:bc:b0:33:e0:1c:a9:20:1c:da:86:1f:16:9d:0b:03:4a:ca:
         61:6a:73:47:9a:b8:0a:2f:61:80:2c:88:95:af:0c:1f:50:1c:
         f4:97:b4:91:86:f7:39:f9:f5:17:89:39:07:41:96:b6:68:b4:
         3a:e2:1a:44:d3:02:f8:3e:ff:b8:30:17:b2:e4:3b:10:d2:99:
         8e:f3:9e:be
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICDbkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNUQx
RTNGM0M4QkE4OURDMTMxMDQxMDM0NUY1MEMxMDA3NjE4MTI2MTAeFw0yNDA4MjYw
NTEwMjJaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDlFMjdBNzZCMzM1MDk2
MDNERkYyQzZBQTYyN0E0QzQ0RjFCNzczRDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIDEHut4o4az5HM4V/r06Ejirc6TXeZyNAygraembc6d0lFwGG
Xp0Gy6zq+62N7fWOFN6+IPFjggsTgSiz9M5rlwZ2Q79JaJfhMyI1UJV6Y4Ln6OqB
E8/VmvqdS168i7j1mwLAImGyvV7KzmJxgs3brnZKNh1DMoV/+lmQuvPcDcB2r2vO
/NKnVTvaL+XJRnYi/lFQh0RMUj+VGiGHHYVna8uiG5fBI9agsk56Y+QdR0uWKSB/
NheUoz9zmDm+2TnKwCQFEoJpOpXhiejSWhZ/Eu8Qa/G3PhykZfu0EkaV6Lp18rWi
aT9nKCr4hoOJhORGW+ZHjz4gf5o29ehp6fW7AgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUnienazNQlgPf8saqYnpMRPG3c9IwHwYDVR0jBBgwFoAUXR4/PIuoncExBBA0
X1DBAHYYEmEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ0dORVQv
WFI0X1BJdW9uY0V4QkJBMFgxREJBSFlZRW1FLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9YUjRfUEl1b25jRXhCQkEwWDFEQkFIWVlFbUUuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9DR05FVC9uaWVuYXpOUWxnUGY4c2FxWW5w
TVJQRzNjOUkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFfJug
MA0GCSqGSIb3DQEBCwUAA4IBAQBLzFUeMcSiJvZB5LiVj4kzv7+JB+yOXZ2gPy2g
I7At4W0UdlyGb+U99qwuNEqlkKXJLBL7zC7utihpa17a1vlYLjca21K5ywEIASUO
41HULS8+mUzm7IlSTQnchrgu0fXBDNvGswJOY5mQMYUTqgKCu1JxmH/7Kmfzpyzw
OtdKtT002O5z04h0UaSSUNrtJjvFkkDl50oYLyyXJ8A/nJPZvKybamjcql5H0Jz5
s1tJbrH1uPRWvLAz4BypIBzahh8WnQsDSsphanNHmrgKL2GALIiVrwwfUBz0l7SR
hvc5+fUXiTkHQZa2aLQ64hpE0wL4Pv+4MBey5DsQ0pmO856+
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:29 2024 by rpki-client on console-ams.rpki-client.org