Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CGNET/yYbmD2B_JaBdEMWieWH2qwiUVP4.roa
File:                     yYbmD2B_JaBdEMWieWH2qwiUVP4.roa (raw, json)
Hash identifier:          XBc/yN/6xcEvKMFGb2aFlq4bRDqzVdUB8cSZDaKIiOc=
Subject key identifier:   C9:86:E6:0F:60:7F:25:A0:5D:10:C5:A2:79:61:F6:AB:08:94:54:FE
Certificate issuer:       /CN=5D1E3F3C8BA89DC1310410345F50C10076181261
Certificate serial:       0DAB
Authority key identifier: 5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/yYbmD2B_JaBdEMWieWH2qwiUVP4.roa
Signing time:             Mon 26 Aug 2024 05:10:19 +0000
ROA not before:           Mon 26 Aug 2024 05:10:19 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18429
IP address blocks:        124.155.170.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Nov 2024 07:07:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3499 (0xdab)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5D1E3F3C8BA89DC1310410345F50C10076181261
        Validity
            Not Before: Aug 26 05:10:19 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=C986E60F607F25A05D10C5A27961F6AB089454FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:eb:57:11:63:8c:5f:88:9c:79:85:56:33:f3:
                    a5:12:51:3f:43:37:5c:f9:4f:b9:4a:07:e0:5a:84:
                    40:5b:fb:7a:90:2b:8d:53:01:5c:8e:9a:c4:8a:d0:
                    53:46:b1:2e:fc:0b:13:04:86:99:60:8f:55:a0:df:
                    60:58:74:67:4a:a0:f6:21:a8:1b:a1:16:bd:2e:14:
                    50:d9:04:ed:a3:24:3a:8a:56:c0:fe:d9:80:f4:e8:
                    ad:24:28:b7:94:50:c5:88:74:ae:d5:8b:a6:ba:60:
                    50:a2:42:9d:9b:b0:3c:53:3a:f2:1a:6a:b7:a1:84:
                    60:40:83:53:9c:95:44:e0:27:ea:42:d7:a4:2a:6c:
                    8c:3d:f0:01:a3:36:48:16:ac:2e:1d:b1:ad:77:62:
                    ca:0b:95:23:21:ab:e5:a4:ab:b6:9a:15:d4:05:bb:
                    d8:3f:33:b4:e5:bd:0d:3b:1e:fe:57:9c:be:5b:06:
                    44:95:46:e7:a1:45:a2:e0:e9:2f:40:c9:75:e0:44:
                    19:f4:52:6b:72:e8:93:db:6d:a8:ec:ce:f8:e2:b2:
                    5f:db:ba:3a:3c:ed:4e:55:32:5d:7e:bd:76:67:f2:
                    35:15:37:cb:fe:bb:a1:62:14:58:23:0b:73:ae:21:
                    b0:9d:5c:3c:32:ae:8d:9d:38:a8:03:fa:4b:21:7d:
                    59:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:86:E6:0F:60:7F:25:A0:5D:10:C5:A2:79:61:F6:AB:08:94:54:FE
            X509v3 Authority Key Identifier:
                keyid:5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/yYbmD2B_JaBdEMWieWH2qwiUVP4.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.155.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:e1:e4:be:36:8a:c6:e1:2e:cf:bb:fe:54:e4:2c:71:b3:9f:
         23:a1:4d:40:65:4e:6c:5b:7b:d6:ef:b3:4a:f2:02:b9:fa:1b:
         5f:09:be:71:af:a6:0d:48:53:d7:94:d1:31:8d:c4:33:0a:a5:
         25:d9:6f:4b:ce:3c:30:39:05:31:f0:74:18:13:7e:12:0a:cc:
         51:15:50:44:14:db:ca:bf:1d:25:de:51:0c:2c:d7:01:d5:f0:
         b3:94:6f:3f:64:39:5b:d2:24:0f:60:8a:43:85:a2:a2:e6:ec:
         c0:bf:7c:b8:89:9e:8d:32:30:de:9d:2b:3a:c2:fa:56:cb:ef:
         0a:e4:41:65:cc:f8:68:91:29:f9:eb:87:d8:f7:69:cc:c0:46:
         4a:f6:2b:9b:56:bb:01:13:4f:c0:e2:fe:e7:6c:87:33:39:ad:
         e4:bd:b3:8c:e7:81:a4:ac:3d:96:14:d5:c5:fc:e0:1d:d3:c9:
         83:05:a0:78:07:e0:a4:54:4e:b1:d1:de:4d:73:55:df:6a:30:
         c6:98:3f:6d:2a:cb:be:04:39:cd:96:6a:8b:86:4d:41:16:7d:
         3f:22:4a:3e:65:58:77:e0:5a:2c:c1:27:da:b3:d6:4b:a9:2a:
         2f:62:c7:b3:dd:1e:87:45:7e:74:ae:94:5f:b1:11:4e:d1:22:
         88:38:7c:84
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICDaswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNUQx
RTNGM0M4QkE4OURDMTMxMDQxMDM0NUY1MEMxMDA3NjE4MTI2MTAeFw0yNDA4MjYw
NTEwMTlaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKEM5ODZFNjBGNjA3RjI1
QTA1RDEwQzVBMjc5NjFGNkFCMDg5NDU0RkUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDp61cRY4xfiJx5hVYz86USUT9DN1z5T7lKB+BahEBb+3qQK41T
AVyOmsSK0FNGsS78CxMEhplgj1Wg32BYdGdKoPYhqBuhFr0uFFDZBO2jJDqKVsD+
2YD06K0kKLeUUMWIdK7Vi6a6YFCiQp2bsDxTOvIaarehhGBAg1OclUTgJ+pC16Qq
bIw98AGjNkgWrC4dsa13YsoLlSMhq+Wkq7aaFdQFu9g/M7TlvQ07Hv5XnL5bBkSV
RuehRaLg6S9AyXXgRBn0Umty6JPbbajszvjisl/bujo87U5VMl1+vXZn8jUVN8v+
u6FiFFgjC3OuIbCdXDwyro2dOKgD+kshfVk5AgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUyYbmD2B/JaBdEMWieWH2qwiUVP4wHwYDVR0jBBgwFoAUXR4/PIuoncExBBA0
X1DBAHYYEmEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ0dORVQv
WFI0X1BJdW9uY0V4QkJBMFgxREJBSFlZRW1FLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9YUjRfUEl1b25jRXhCQkEwWDFEQkFIWVlFbUUuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9DR05FVC95WWJtRDJCX0phQmRFTVdpZVdI
MnF3aVVWUDQucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBfJuq
MA0GCSqGSIb3DQEBCwUAA4IBAQA34eS+NorG4S7Pu/5U5Cxxs58joU1AZU5sW3vW
77NK8gK5+htfCb5xr6YNSFPXlNExjcQzCqUl2W9LzjwwOQUx8HQYE34SCsxRFVBE
FNvKvx0l3lEMLNcB1fCzlG8/ZDlb0iQPYIpDhaKi5uzAv3y4iZ6NMjDenSs6wvpW
y+8K5EFlzPhokSn564fY92nMwEZK9iubVrsBE0/A4v7nbIczOa3kvbOM54GkrD2W
FNXF/OAd08mDBaB4B+CkVE6x0d5Nc1XfajDGmD9tKsu+BDnNlmqLhk1BFn0/Iko+
ZVh34FoswSfas9ZLqSovYsez3R6HRX50rpRfsRFO0SKIOHyE
-----END CERTIFICATE-----
Generated at Thu Nov 14 05:00:49 2024 by rpki-client on console-fra.rpki-client.org