Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HEALTHNET/Gjpj0hyCZa2KwksuNgK6Ogk2A58.roa
File:                     Gjpj0hyCZa2KwksuNgK6Ogk2A58.roa (raw, json)
Hash identifier:          4HhFWksuNpCNG0QWc4N+jsJSgRTkh/Ru/hTrrel+2Jw=
Subject key identifier:   1A:3A:63:D2:1C:82:65:AD:8A:C2:4B:2E:36:02:BA:3A:09:36:03:9F
Certificate issuer:       /CN=43FF5C92CC4950A457A7327D168FBC465B218322
Certificate serial:       0C23
Authority key identifier: 43:FF:5C:92:CC:49:50:A4:57:A7:32:7D:16:8F:BC:46:5B:21:83:22
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/Q_9cksxJUKRXpzJ9Fo-8RlshgyI.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HEALTHNET/Gjpj0hyCZa2KwksuNgK6Ogk2A58.roa
Signing time:             Mon 26 Aug 2024 05:17:28 +0000
ROA not before:           Mon 26 Aug 2024 05:17:28 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     4782
IP address blocks:        203.65.128.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/HEALTHNET/Q_9cksxJUKRXpzJ9Fo-8RlshgyI.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/HEALTHNET/Q_9cksxJUKRXpzJ9Fo-8RlshgyI.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/Q_9cksxJUKRXpzJ9Fo-8RlshgyI.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 14:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3107 (0xc23)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43FF5C92CC4950A457A7327D168FBC465B218322
        Validity
            Not Before: Aug 26 05:17:28 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=1A3A63D21C8265AD8AC24B2E3602BA3A0936039F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b2:9d:16:e5:f4:cb:a2:20:cf:68:55:86:9b:
                    f0:b3:72:b4:a3:de:4d:da:b5:b2:af:b3:ea:6a:c5:
                    59:48:ed:40:7b:52:e6:98:7c:77:c7:8d:a7:5d:03:
                    07:11:6f:3c:f2:c5:1f:f0:98:b0:d4:a6:dd:6a:bc:
                    58:ad:da:f1:da:cb:c9:36:78:94:c9:f3:a0:34:60:
                    14:06:77:f7:4f:15:a1:49:c2:65:61:88:e2:df:95:
                    dd:7c:f9:e7:3c:9c:70:01:38:d6:18:a6:a2:e1:0e:
                    f2:71:b8:0e:46:3e:11:70:ec:51:4e:23:9f:d3:4b:
                    1f:50:69:47:1d:1a:5b:66:ec:9d:56:bc:f5:25:d8:
                    98:fb:6f:71:b2:28:26:c1:6e:1a:a9:53:3a:4f:48:
                    de:09:41:da:b3:b9:1f:66:5e:75:e8:dc:88:a3:5a:
                    14:5f:9d:78:6e:cb:de:cc:10:21:e1:e8:be:86:db:
                    3d:e7:ee:6b:fe:36:d1:b1:29:77:5c:12:12:15:50:
                    e8:e4:0c:b3:39:d0:63:61:19:12:ae:0c:14:10:ab:
                    9c:c2:f3:5e:6c:07:65:b7:2a:57:50:79:2d:df:5c:
                    9b:93:73:47:a7:c7:b9:38:cf:b6:e7:01:72:7b:6d:
                    5f:1d:68:11:8a:9f:96:26:c7:15:cb:60:70:c4:f0:
                    f0:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:3A:63:D2:1C:82:65:AD:8A:C2:4B:2E:36:02:BA:3A:09:36:03:9F
            X509v3 Authority Key Identifier:
                keyid:43:FF:5C:92:CC:49:50:A4:57:A7:32:7D:16:8F:BC:46:5B:21:83:22

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HEALTHNET/Q_9cksxJUKRXpzJ9Fo-8RlshgyI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/Q_9cksxJUKRXpzJ9Fo-8RlshgyI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HEALTHNET/Gjpj0hyCZa2KwksuNgK6Ogk2A58.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.65.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         58:06:be:83:1a:20:a1:f5:b5:7c:e2:9a:be:0a:29:61:e8:b0:
         81:b8:d5:46:6e:e4:c1:e3:c2:56:9c:ce:73:98:9a:5e:24:09:
         7b:72:31:af:9f:07:84:3d:f1:6e:1d:1b:bd:7f:6c:e8:de:37:
         c6:38:4d:53:44:a0:e0:4b:e6:d6:4d:c8:e0:a0:48:ba:56:03:
         fb:0a:7e:e9:f7:26:4a:01:73:09:2e:a0:d7:d0:e3:f9:e8:37:
         82:fc:de:e4:05:c0:be:fd:b3:da:7d:9f:0f:1a:a9:36:f3:9c:
         4d:31:21:5e:de:c6:33:9d:f6:40:5e:06:b3:75:86:8b:62:09:
         5b:54:78:be:52:a2:55:a6:d2:e4:b6:87:06:14:76:c7:49:84:
         d5:ee:7d:b6:fb:28:1b:ef:b6:0b:c7:c4:f6:a0:46:e7:f2:76:
         0e:6f:43:a3:ae:3e:3c:d0:ca:b9:f8:0c:98:23:6e:93:bf:65:
         ce:6a:85:b8:1b:25:4f:26:e6:44:d5:44:46:bb:6c:5c:a7:05:
         39:69:9e:4b:e1:88:57:92:5c:db:17:24:ae:60:78:21:0e:46:
         94:8d:7f:7c:c2:1e:3a:51:b2:1b:46:ef:fe:f7:ca:09:1c:92:
         13:f1:35:f4:64:95:af:ac:6e:a5:c3:98:9c:07:5d:4d:f5:bd:
         23:85:d3:db
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICDCMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDNG
RjVDOTJDQzQ5NTBBNDU3QTczMjdEMTY4RkJDNDY1QjIxODMyMjAeFw0yNDA4MjYw
NTE3MjhaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDFBM0E2M0QyMUM4MjY1
QUQ4QUMyNEIyRTM2MDJCQTNBMDkzNjAzOUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCysp0W5fTLoiDPaFWGm/CzcrSj3k3atbKvs+pqxVlI7UB7UuaY
fHfHjaddAwcRbzzyxR/wmLDUpt1qvFit2vHay8k2eJTJ86A0YBQGd/dPFaFJwmVh
iOLfld18+ec8nHABONYYpqLhDvJxuA5GPhFw7FFOI5/TSx9QaUcdGltm7J1WvPUl
2Jj7b3GyKCbBbhqpUzpPSN4JQdqzuR9mXnXo3IijWhRfnXhuy97MECHh6L6G2z3n
7mv+NtGxKXdcEhIVUOjkDLM50GNhGRKuDBQQq5zC815sB2W3KldQeS3fXJuTc0en
x7k4z7bnAXJ7bV8daBGKn5YmxxXLYHDE8PCPAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUGjpj0hyCZa2KwksuNgK6Ogk2A58wHwYDVR0jBBgwFoAUQ/9cksxJUKRXpzJ9
Fo+8RlshgyIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBfBgNVHR8EWDBWMFSg
UqBQhk5yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEVBTFRI
TkVUL1FfOWNrc3hKVUtSWHB6SjlGby04UmxzaGd5SS5jcmwwYAYIKwYBBQUHAQEE
VDBSMFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RX
TklDQ0EvUV85Y2tzeEpVS1JYcHpKOUZvLThSbHNoZ3lJLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZ8GCCsGAQUFBwELBIGSMIGPMFoGCCsGAQUFBzALhk5yc3luYzovL3Jw
a2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEVBTFRITkVUL0dqcGowaHlDWmEy
S3drc3VOZ0s2T2drMkE1OC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50
d25pYy50dy9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXLQYAwDQYJKoZIhvcNAQELBQADggEBAFgGvoMaIKH1tXzimr4KKWHosIG4
1UZu5MHjwlacznOYml4kCXtyMa+fB4Q98W4dG71/bOjeN8Y4TVNEoOBL5tZNyOCg
SLpWA/sKfun3JkoBcwkuoNfQ4/noN4L83uQFwL79s9p9nw8aqTbznE0xIV7exjOd
9kBeBrN1hotiCVtUeL5SolWm0uS2hwYUdsdJhNXufbb7KBvvtgvHxPagRufydg5v
Q6OuPjzQyrn4DJgjbpO/Zc5qhbgbJU8m5kTVREa7bFynBTlpnkvhiFeSXNsXJK5g
eCEORpSNf3zCHjpRshtG7/73ygkckhPxNfRkla+sbqXDmJwHXU31vSOF09s=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:06:51 2024 by rpki-client on console-fra.rpki-client.org