Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CGNET/pDdV4_gXA9o1Py2FQa3nNy8LbTM.roa
File:                     pDdV4_gXA9o1Py2FQa3nNy8LbTM.roa (raw, json)
Hash identifier:          gMDt5R45pUX7oBC7qxlMrjNVG+w2CzuYD6XHWCxNEnM=
Subject key identifier:   A4:37:55:E3:F8:17:03:DA:35:3F:2D:85:41:AD:E7:37:2F:0B:6D:33
Certificate issuer:       /CN=5D1E3F3C8BA89DC1310410345F50C10076181261
Certificate serial:       0DA7
Authority key identifier: 5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/pDdV4_gXA9o1Py2FQa3nNy8LbTM.roa
Signing time:             Mon 26 Aug 2024 05:10:18 +0000
ROA not before:           Mon 26 Aug 2024 05:10:18 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18429
IP address blocks:        61.57.144.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Nov 2024 07:07:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3495 (0xda7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5D1E3F3C8BA89DC1310410345F50C10076181261
        Validity
            Not Before: Aug 26 05:10:18 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=A43755E3F81703DA353F2D8541ADE7372F0B6D33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b1:d3:34:20:d1:77:e8:8f:0e:8f:a3:54:9a:
                    93:03:83:c4:1a:66:f8:eb:dc:0f:85:9d:61:20:46:
                    f2:67:89:57:7c:15:fd:ec:a4:0e:38:a5:80:b0:13:
                    0e:94:48:69:e6:bc:27:d3:88:7b:88:30:68:1e:72:
                    5f:de:3e:1d:56:9c:db:34:30:82:62:25:66:03:0e:
                    5a:20:b6:35:1e:33:73:c7:83:0d:81:9b:99:77:6f:
                    50:15:9f:c7:85:cc:4c:06:43:b8:cb:11:cc:12:ab:
                    8b:fe:31:cc:81:67:f5:21:8f:ce:ef:21:af:87:d2:
                    cf:99:26:e9:8f:a8:83:fc:24:80:a3:45:c0:d2:f8:
                    29:d7:d6:52:3d:a5:ee:00:6e:cb:3d:60:aa:61:0d:
                    c1:af:56:88:cd:82:b7:58:67:30:20:cf:9c:a5:ea:
                    fd:38:d0:93:75:52:21:da:80:9e:c8:72:1c:bf:e6:
                    e7:4e:6e:f7:d3:8b:c4:5f:5b:3e:3e:68:b4:c2:70:
                    a5:40:71:30:76:42:97:ba:3f:13:d0:d7:69:d6:d5:
                    44:de:13:8e:c1:a2:23:0b:53:53:99:d5:60:46:5d:
                    bd:eb:47:a2:d0:1b:ba:a8:a9:cc:48:21:77:0b:65:
                    19:2e:39:87:da:30:19:bc:55:dd:98:75:b8:88:df:
                    96:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:37:55:E3:F8:17:03:DA:35:3F:2D:85:41:AD:E7:37:2F:0B:6D:33
            X509v3 Authority Key Identifier:
                keyid:5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/pDdV4_gXA9o1Py2FQa3nNy8LbTM.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  61.57.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         98:c6:a7:b3:a5:24:09:8f:ff:05:1c:9d:69:e5:a5:3c:fe:17:
         2f:eb:22:d9:a5:d5:52:28:4b:5c:ac:97:43:97:a9:41:54:6c:
         01:1e:04:2c:66:66:f6:22:95:25:fe:42:1f:2f:2f:ac:6a:37:
         b5:32:89:95:7a:95:e7:3a:89:ea:f1:c7:70:2a:e5:14:ce:39:
         41:83:e8:de:8b:9a:49:6e:2c:88:d9:74:98:a8:5b:65:c7:ba:
         64:6c:0c:7f:fa:11:9e:4f:be:51:4f:9b:39:b1:82:12:46:87:
         78:a8:07:c4:3e:62:ba:3e:bd:59:23:cb:3f:f0:41:25:94:25:
         a4:b1:fb:9f:b8:fe:a7:86:ef:98:7a:bc:6c:35:7c:b1:50:21:
         74:dd:81:6e:c0:ff:49:b4:67:fe:fc:98:c8:1a:a1:5e:90:46:
         ea:73:72:2e:09:36:a3:01:eb:25:8d:f1:a9:44:e1:82:3c:6e:
         ae:d0:bb:e8:a0:9b:99:77:fb:5f:8f:db:5f:a8:86:40:7c:0e:
         05:88:bf:f4:de:9b:84:17:61:b1:35:87:00:a0:89:d2:bd:5f:
         b7:b0:e5:fd:76:8e:40:0f:28:b3:9e:41:a5:62:17:cb:ca:bc:
         42:81:48:9a:f7:20:14:7f:99:6d:d5:45:f4:01:cb:a3:29:42:
         d4:a0:9c:b7
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICDacwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNUQx
RTNGM0M4QkE4OURDMTMxMDQxMDM0NUY1MEMxMDA3NjE4MTI2MTAeFw0yNDA4MjYw
NTEwMThaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKEE0Mzc1NUUzRjgxNzAz
REEzNTNGMkQ4NTQxQURFNzM3MkYwQjZEMzMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJsdM0INF36I8Oj6NUmpMDg8QaZvjr3A+FnWEgRvJniVd8Ff3s
pA44pYCwEw6USGnmvCfTiHuIMGgecl/ePh1WnNs0MIJiJWYDDlogtjUeM3PHgw2B
m5l3b1AVn8eFzEwGQ7jLEcwSq4v+McyBZ/Uhj87vIa+H0s+ZJumPqIP8JICjRcDS
+CnX1lI9pe4Abss9YKphDcGvVojNgrdYZzAgz5yl6v040JN1UiHagJ7Ichy/5udO
bvfTi8RfWz4+aLTCcKVAcTB2Qpe6PxPQ12nW1UTeE47BoiMLU1OZ1WBGXb3rR6LQ
G7qoqcxIIXcLZRkuOYfaMBm8Vd2YdbiI35blAgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUpDdV4/gXA9o1Py2FQa3nNy8LbTMwHwYDVR0jBBgwFoAUXR4/PIuoncExBBA0
X1DBAHYYEmEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ0dORVQv
WFI0X1BJdW9uY0V4QkJBMFgxREJBSFlZRW1FLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9YUjRfUEl1b25jRXhCQkEwWDFEQkFIWVlFbUUuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9DR05FVC9wRGRWNF9nWEE5bzFQeTJGUWEz
bk55OExiVE0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEPTmQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCYxqezpSQJj/8FHJ1p5aU8/hcv6yLZpdVSKEtc
rJdDl6lBVGwBHgQsZmb2IpUl/kIfLy+saje1MomVepXnOonq8cdwKuUUzjlBg+je
i5pJbiyI2XSYqFtlx7pkbAx/+hGeT75RT5s5sYISRod4qAfEPmK6Pr1ZI8s/8EEl
lCWksfufuP6nhu+YerxsNXyxUCF03YFuwP9JtGf+/JjIGqFekEbqc3IuCTajAesl
jfGpROGCPG6u0LvooJuZd/tfj9tfqIZAfA4FiL/03puEF2GxNYcAoInSvV+3sOX9
do5ADyiznkGlYhfLyrxCgUia9yAUf5lt1UX0AcujKULUoJy3
-----END CERTIFICATE-----
Generated at Thu Nov 14 05:00:49 2024 by rpki-client on console-fra.rpki-client.org