Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/EMAX/2H4O4JPFHHul-uUl2wXadC1uDJk.roa
File:                     2H4O4JPFHHul-uUl2wXadC1uDJk.roa (raw, json)
Hash identifier:          eTzJaG7u5Cq4U3T2Es5E+xEukL1iVO2GeNhJ7kVusxU=
Subject key identifier:   D8:7E:0E:E0:93:C5:1C:7B:A5:FA:E5:25:DB:05:DA:74:2D:6E:0C:99
Certificate issuer:       /CN=2A478155382731E5C0F6821DD5389F9E52E1E4D6
Certificate serial:       104F
Authority key identifier: 2A:47:81:55:38:27:31:E5:C0:F6:82:1D:D5:38:9F:9E:52:E1:E4:D6
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/KkeBVTgnMeXA9oId1TifnlLh5NY.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/EMAX/2H4O4JPFHHul-uUl2wXadC1uDJk.roa
Signing time:             Wed 04 Sep 2024 06:04:42 +0000
ROA not before:           Wed 04 Sep 2024 06:04:42 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18046
IP address blocks:        119.15.192.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/EMAX/KkeBVTgnMeXA9oId1TifnlLh5NY.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/EMAX/KkeBVTgnMeXA9oId1TifnlLh5NY.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/KkeBVTgnMeXA9oId1TifnlLh5NY.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 10 Nov 2024 22:51:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4175 (0x104f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2A478155382731E5C0F6821DD5389F9E52E1E4D6
        Validity
            Not Before: Sep  4 06:04:42 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=D87E0EE093C51C7BA5FAE525DB05DA742D6E0C99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2e:bc:f7:47:6b:a5:df:e0:78:ed:80:14:fe:
                    b2:96:be:98:3e:21:e9:9e:b7:e1:5e:e6:c3:d1:3b:
                    f4:41:04:0e:fa:2f:1f:2d:fd:1d:5c:90:eb:0a:37:
                    2b:9e:a8:92:a0:ac:3e:e2:18:ba:0d:9a:7a:69:99:
                    a9:d4:01:72:d7:a9:66:49:0f:b8:5b:1d:f1:c0:3e:
                    ee:1e:cb:da:27:f7:48:80:a2:9b:c7:94:5d:31:6f:
                    07:4c:f7:84:cb:a4:8a:94:f2:d6:e5:d3:6f:56:88:
                    cb:df:47:d1:13:1e:f3:88:f6:e2:23:9a:58:d8:30:
                    e2:2c:58:a6:b3:80:1a:e0:bb:51:dc:f1:8d:ea:27:
                    18:af:08:db:6b:e2:40:07:92:10:95:b0:3c:d9:d4:
                    9a:b7:1e:52:50:c3:8c:38:a9:36:dc:47:8c:82:6c:
                    4e:d6:e1:44:bd:c6:88:1e:3a:d5:7a:45:be:f3:28:
                    71:61:5a:81:f9:1d:6b:ea:09:c4:ce:be:a7:2e:87:
                    87:ed:52:7a:a4:94:f8:14:20:99:ce:76:db:a6:c5:
                    7e:85:0d:2c:04:1d:6d:bf:9a:7a:2b:e2:ed:f5:1c:
                    ac:6e:17:19:a3:8c:7f:e7:53:f7:96:d0:f8:c5:d8:
                    4e:4a:24:23:0f:04:df:86:68:ac:94:29:e3:48:35:
                    e2:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:7E:0E:E0:93:C5:1C:7B:A5:FA:E5:25:DB:05:DA:74:2D:6E:0C:99
            X509v3 Authority Key Identifier:
                keyid:2A:47:81:55:38:27:31:E5:C0:F6:82:1D:D5:38:9F:9E:52:E1:E4:D6

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/EMAX/KkeBVTgnMeXA9oId1TifnlLh5NY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/KkeBVTgnMeXA9oId1TifnlLh5NY.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/EMAX/2H4O4JPFHHul-uUl2wXadC1uDJk.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.15.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         52:9f:b2:aa:55:7c:0c:3e:3e:e9:8f:be:f5:df:0e:54:a7:f7:
         54:0e:f8:33:96:52:9e:81:41:b3:d8:cd:b2:c4:b1:42:22:2d:
         ab:48:f6:3a:56:25:2c:e5:a6:4f:b9:55:ee:31:7c:cb:6f:9f:
         af:93:4e:4f:d2:03:23:ca:4c:97:6d:2d:9b:50:90:25:9c:bd:
         98:a3:0a:f0:44:aa:f8:a7:d3:21:ce:30:4f:9b:82:49:f5:e7:
         01:28:02:aa:c1:7d:81:cd:15:db:d4:18:b5:36:46:e7:1c:02:
         9b:1c:9c:7b:5f:d8:53:72:47:20:28:74:9e:97:01:b5:00:31:
         f3:4b:df:c1:65:cd:18:10:31:4d:ab:17:2f:21:8a:79:1f:07:
         3e:ba:9f:39:c6:83:52:54:b8:cd:71:45:e9:92:c0:6e:30:e1:
         d7:7a:9a:42:3f:2f:98:8c:de:d5:62:3e:96:c7:36:d4:f9:ef:
         bc:15:f0:a2:d4:0f:4c:bf:b4:34:1c:b8:21:ac:16:76:ea:7d:
         c5:c4:72:44:21:b4:9b:71:f9:1a:59:1a:a5:bb:bd:31:4d:cb:
         d3:3f:e0:11:e1:6e:63:b8:bf:17:9d:ad:95:87:38:80:f4:8c:
         a4:c5:52:ef:fc:b5:3e:1f:24:21:a8:b9:70:8b:c1:e1:1c:fb:
         1b:c0:5a:91
-----BEGIN CERTIFICATE-----
MIIEzjCCA7agAwIBAgICEE8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkE0
NzgxNTUzODI3MzFFNUMwRjY4MjFERDUzODlGOUU1MkUxRTRENjAeFw0yNDA5MDQw
NjA0NDJaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKEQ4N0UwRUUwOTNDNTFD
N0JBNUZBRTUyNURCMDVEQTc0MkQ2RTBDOTkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCxLrz3R2ul3+B47YAU/rKWvpg+Iemet+Fe5sPRO/RBBA76Lx8t
/R1ckOsKNyueqJKgrD7iGLoNmnppmanUAXLXqWZJD7hbHfHAPu4ey9on90iAopvH
lF0xbwdM94TLpIqU8tbl029WiMvfR9ETHvOI9uIjmljYMOIsWKazgBrgu1Hc8Y3q
JxivCNtr4kAHkhCVsDzZ1Jq3HlJQw4w4qTbcR4yCbE7W4US9xogeOtV6Rb7zKHFh
WoH5HWvqCcTOvqcuh4ftUnqklPgUIJnOdtumxX6FDSwEHW2/mnor4u31HKxuFxmj
jH/nU/eW0PjF2E5KJCMPBN+GaKyUKeNINeLdAgMBAAGjggHqMIIB5jAdBgNVHQ4E
FgQU2H4O4JPFHHul+uUl2wXadC1uDJkwHwYDVR0jBBgwFoAUKkeBVTgnMeXA9oId
1TifnlLh5NYwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBaBgNVHR8EUzBRME+g
TaBLhklyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvRU1BWC9L
a2VCVlRnbk1lWEE5b0lkMVRpZm5sTGg1TlkuY3JsMGAGCCsGAQUFBwEBBFQwUjBQ
BggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpY2EudHduaWMudHcvcnBraS9UV05JQ0NB
L0trZUJWVGduTWVYQTlvSWQxVGlmbmxMaDVOWS5jZXIwDgYDVR0PAQH/BAQDAgeA
MIGaBggrBgEFBQcBCwSBjTCBijBVBggrBgEFBQcwC4ZJcnN5bmM6Ly9ycGtpY2Eu
dHduaWMudHcvcnBraS9UV05JQ0NBL0VNQVgvMkg0TzRKUEZISHVsLXVVbDJ3WGFk
QzF1REprLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycmRwLnR3bmljLnR3L3Jy
ZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBncPwDAN
BgkqhkiG9w0BAQsFAAOCAQEAUp+yqlV8DD4+6Y++9d8OVKf3VA74M5ZSnoFBs9jN
ssSxQiItq0j2OlYlLOWmT7lV7jF8y2+fr5NOT9IDI8pMl20tm1CQJZy9mKMK8ESq
+KfTIc4wT5uCSfXnASgCqsF9gc0V29QYtTZG5xwCmxyce1/YU3JHICh0npcBtQAx
80vfwWXNGBAxTasXLyGKeR8HPrqfOcaDUlS4zXFF6ZLAbjDh13qaQj8vmIze1WI+
lsc21PnvvBXwotQPTL+0NBy4IawWdup9xcRyRCG0m3H5Glkapbu9MU3L0z/gEeFu
Y7i/F52tlYc4gPSMpMVS7/y1Ph8kIai5cIvB4Rz7G8BakQ==
-----END CERTIFICATE-----
Generated at Sun Nov 10 20:49:05 2024 by rpki-client on console-fra.rpki-client.org