Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CGNET/phonMXxA1jRgA9MI59GnWU-n7N4.roa
File:                     phonMXxA1jRgA9MI59GnWU-n7N4.roa (raw, json)
Hash identifier:          e1ARHL/TsSP4dRllKG1L3+OAE9OuIvOQYEhtmYFEHkQ=
Subject key identifier:   A6:1A:27:31:7C:40:D6:34:60:03:D3:08:E7:D1:A7:59:4F:A7:EC:DE
Certificate issuer:       /CN=5D1E3F3C8BA89DC1310410345F50C10076181261
Certificate serial:       0DAD
Authority key identifier: 5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/phonMXxA1jRgA9MI59GnWU-n7N4.roa
Signing time:             Mon 26 Aug 2024 05:10:19 +0000
ROA not before:           Mon 26 Aug 2024 05:10:19 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18429
IP address blocks:        61.57.136.0/21 maxlen: 23

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Nov 2024 07:07:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3501 (0xdad)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5D1E3F3C8BA89DC1310410345F50C10076181261
        Validity
            Not Before: Aug 26 05:10:19 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=A61A27317C40D6346003D308E7D1A7594FA7ECDE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:02:c3:59:f0:0f:5e:e5:d2:a6:0e:a8:af:2a:
                    dd:cd:8d:76:b8:2c:22:b5:58:f3:fb:80:6b:78:84:
                    23:b5:af:cb:4f:76:cb:b0:cc:6d:a8:fc:54:d6:ef:
                    28:66:27:ee:9c:ee:82:66:e2:2e:b3:a6:ba:15:59:
                    48:51:ca:43:1e:89:b3:c3:9d:c7:bb:bc:75:7e:e6:
                    d0:f6:8f:7e:e2:a3:96:19:60:fc:f3:a1:a2:7e:d8:
                    cd:2a:0b:2f:ac:b9:19:22:f7:82:e1:1a:b2:40:4c:
                    59:28:05:29:7f:2c:28:92:87:7d:29:14:82:c5:08:
                    15:31:db:b3:56:68:6f:ff:ba:40:cb:26:5d:e1:ab:
                    4e:34:7d:02:b2:42:52:ec:f8:d9:4f:cc:d0:74:e2:
                    4f:01:b3:cc:ba:9d:eb:d6:37:37:09:d7:3d:59:eb:
                    df:7e:fd:23:a8:f3:2b:1a:47:c1:b3:92:28:ce:ba:
                    5f:03:30:d4:24:2f:4c:eb:ac:49:89:c7:4e:52:3c:
                    26:39:9e:1c:7c:54:86:9e:3f:06:af:19:4b:e4:a5:
                    5a:10:a6:f5:1d:1e:00:5b:a8:1c:3f:68:21:43:b9:
                    1f:96:bd:a0:9e:5b:35:1d:c3:7e:63:a9:1b:fa:85:
                    be:a8:f5:a8:3c:93:9b:45:28:52:f5:45:1c:22:58:
                    fa:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:1A:27:31:7C:40:D6:34:60:03:D3:08:E7:D1:A7:59:4F:A7:EC:DE
            X509v3 Authority Key Identifier:
                keyid:5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/phonMXxA1jRgA9MI59GnWU-n7N4.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  61.57.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6f:a8:7c:60:fb:59:7e:f3:2a:18:9b:15:3c:b7:9b:be:0b:29:
         8d:72:04:f1:f7:f5:d2:05:a0:e0:dd:c7:c1:8d:0b:50:23:47:
         15:a6:1a:0d:da:78:9b:e3:df:20:73:b7:da:eb:54:b8:58:42:
         b2:ef:3c:53:a6:27:5c:6a:8d:1d:d4:70:55:ad:51:1a:3e:44:
         06:a9:6b:62:93:94:30:0d:f0:d3:50:e5:ff:5a:b4:b4:bb:83:
         45:1f:59:2f:9b:46:d3:b2:29:07:11:47:6b:21:20:22:4f:a8:
         b8:47:37:8f:d3:01:08:e0:da:ec:0d:61:00:0e:a3:51:83:58:
         46:19:f6:45:e4:bd:3a:f5:c3:23:c8:c9:dc:ec:60:28:c1:be:
         21:15:59:f1:18:17:5a:2d:05:d7:44:84:a5:3b:ee:19:48:41:
         67:ac:74:75:ec:5d:12:19:50:a0:a9:28:06:fa:f0:f1:70:8b:
         aa:e4:31:fd:27:4a:47:ca:2c:84:a8:6e:18:d3:fc:bc:cb:99:
         04:30:1d:45:66:14:f9:f8:7d:a7:5a:83:e2:51:df:c9:92:11:
         20:d7:b0:2a:b9:c3:24:9f:20:86:5c:d9:03:b9:25:a6:d5:72:
         e1:64:37:dd:56:08:f2:4b:06:7a:1a:44:db:5d:f4:84:24:8c:
         7f:83:d2:bf
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICDa0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNUQx
RTNGM0M4QkE4OURDMTMxMDQxMDM0NUY1MEMxMDA3NjE4MTI2MTAeFw0yNDA4MjYw
NTEwMTlaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKEE2MUEyNzMxN0M0MEQ2
MzQ2MDAzRDMwOEU3RDFBNzU5NEZBN0VDREUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwAsNZ8A9e5dKmDqivKt3NjXa4LCK1WPP7gGt4hCO1r8tPdsuw
zG2o/FTW7yhmJ+6c7oJm4i6zproVWUhRykMeibPDnce7vHV+5tD2j37io5YZYPzz
oaJ+2M0qCy+suRki94LhGrJATFkoBSl/LCiSh30pFILFCBUx27NWaG//ukDLJl3h
q040fQKyQlLs+NlPzNB04k8Bs8y6nevWNzcJ1z1Z699+/SOo8ysaR8GzkijOul8D
MNQkL0zrrEmJx05SPCY5nhx8VIaePwavGUvkpVoQpvUdHgBbqBw/aCFDuR+WvaCe
WzUdw35jqRv6hb6o9ag8k5tFKFL1RRwiWPojAgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUphonMXxA1jRgA9MI59GnWU+n7N4wHwYDVR0jBBgwFoAUXR4/PIuoncExBBA0
X1DBAHYYEmEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ0dORVQv
WFI0X1BJdW9uY0V4QkJBMFgxREJBSFlZRW1FLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9YUjRfUEl1b25jRXhCQkEwWDFEQkFIWVlFbUUuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9DR05FVC9waG9uTVh4QTFqUmdBOU1JNTlH
bldVLW43TjQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPTmI
MA0GCSqGSIb3DQEBCwUAA4IBAQBvqHxg+1l+8yoYmxU8t5u+CymNcgTx9/XSBaDg
3cfBjQtQI0cVphoN2nib498gc7fa61S4WEKy7zxTpidcao0d1HBVrVEaPkQGqWti
k5QwDfDTUOX/WrS0u4NFH1kvm0bTsikHEUdrISAiT6i4RzeP0wEI4NrsDWEADqNR
g1hGGfZF5L069cMjyMnc7GAowb4hFVnxGBdaLQXXRISlO+4ZSEFnrHR17F0SGVCg
qSgG+vDxcIuq5DH9J0pHyiyEqG4Y0/y8y5kEMB1FZhT5+H2nWoPiUd/JkhEg17Aq
ucMknyCGXNkDuSWm1XLhZDfdVgjySwZ6GkTbXfSEJIx/g9K/
-----END CERTIFICATE-----
Generated at Thu Nov 14 05:00:49 2024 by rpki-client on console-fra.rpki-client.org