Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HOSTIN/AWsXTHcoZgIG-XotVXnGUwITKSQ.roa
File:                     AWsXTHcoZgIG-XotVXnGUwITKSQ.roa (raw, json)
Hash identifier:          nqiA5c0LeOpHZGXJmBbqCZjh0nzp8obqMt04uR9im+M=
Subject key identifier:   01:6B:17:4C:77:28:66:02:06:F9:7A:2D:55:79:C6:53:02:13:29:24
Certificate issuer:       /CN=ABED28FFCC040E36032C42615495562BCC6EF45C
Certificate serial:       0571
Authority key identifier: AB:ED:28:FF:CC:04:0E:36:03:2C:42:61:54:95:56:2B:CC:6E:F4:5C
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/q-0o_8wEDjYDLEJhVJVWK8xu9Fw.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HOSTIN/AWsXTHcoZgIG-XotVXnGUwITKSQ.roa
Signing time:             Fri 01 Sep 2023 09:00:34 +0000
ROA not before:           Fri 01 Sep 2023 09:00:34 +0000
ROA not after:            Sat 31 Aug 2024 03:10:53 +0000
asID:                     9678
IP address blocks:        103.98.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/HOSTIN/q-0o_8wEDjYDLEJhVJVWK8xu9Fw.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/HOSTIN/q-0o_8wEDjYDLEJhVJVWK8xu9Fw.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/q-0o_8wEDjYDLEJhVJVWK8xu9Fw.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 03:49:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1393 (0x571)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ABED28FFCC040E36032C42615495562BCC6EF45C
        Validity
            Not Before: Sep  1 09:00:34 2023 GMT
            Not After : Aug 31 03:10:53 2024 GMT
        Subject: CN=016B174C7728660206F97A2D5579C65302132924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:44:4a:80:3e:51:15:5e:46:90:fa:db:3a:f8:
                    f6:0b:8d:4d:4a:78:65:50:06:1e:c8:d3:46:6d:c2:
                    81:53:0b:03:16:8d:81:91:f5:31:90:fe:b6:62:a4:
                    23:28:e1:36:c3:2d:c7:05:3c:a7:7e:55:e5:4a:01:
                    d6:cd:b0:52:5f:19:fc:42:12:7a:af:43:4d:84:e9:
                    bb:d0:cc:93:33:33:58:78:a1:de:4a:13:1b:d4:01:
                    85:ec:67:ea:fa:83:11:b9:e7:f3:7a:e9:e3:f6:d5:
                    e2:d2:99:c8:0f:9b:9a:82:8c:7e:4d:84:71:e6:c6:
                    a6:63:57:c6:7a:a9:63:16:b0:02:f0:5f:08:d4:16:
                    01:cf:f5:92:09:0f:ad:dd:bc:49:dc:54:c4:f9:5d:
                    3f:c0:39:43:0b:b8:88:f2:2c:f4:67:23:7a:ef:a0:
                    cd:df:ca:27:0b:58:f2:bf:45:7e:83:f4:9b:78:10:
                    19:a2:64:a6:00:12:73:cd:ab:f4:00:20:65:dd:d3:
                    cc:92:5d:43:5b:60:00:7a:e0:5c:fa:73:81:22:72:
                    cc:c4:72:e4:4c:d2:34:d0:a9:eb:99:4d:72:f2:66:
                    62:86:07:c8:17:9f:28:60:67:fa:61:77:12:0c:b5:
                    a5:01:22:f1:f4:01:1e:8d:80:d9:9b:16:f0:fe:36:
                    98:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:6B:17:4C:77:28:66:02:06:F9:7A:2D:55:79:C6:53:02:13:29:24
            X509v3 Authority Key Identifier:
                keyid:AB:ED:28:FF:CC:04:0E:36:03:2C:42:61:54:95:56:2B:CC:6E:F4:5C

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HOSTIN/q-0o_8wEDjYDLEJhVJVWK8xu9Fw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/q-0o_8wEDjYDLEJhVJVWK8xu9Fw.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HOSTIN/AWsXTHcoZgIG-XotVXnGUwITKSQ.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.98.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:04:00:d6:04:3d:65:a3:6e:7c:0a:20:12:fc:de:f7:74:22:
         09:b8:a8:99:fe:7e:45:a0:81:d0:41:b9:6d:18:cf:aa:03:20:
         88:11:e1:6a:4e:9f:ee:d2:cb:20:41:ef:cc:84:43:23:1d:be:
         70:72:9d:98:22:98:40:47:4b:13:55:f5:b3:6a:d0:71:04:57:
         16:55:b4:67:ad:63:6c:5e:9a:15:04:ca:bb:6c:ac:8e:9b:21:
         08:58:56:97:5d:67:92:1e:c2:0f:74:d5:43:11:c1:78:f8:da:
         b4:18:55:b3:fc:e9:ae:0b:d9:49:ed:d4:25:4c:ea:82:69:53:
         e6:38:0f:17:2a:af:2c:82:ad:7e:52:19:4f:8d:f2:e2:5a:78:
         f6:08:02:50:be:24:34:7e:c2:96:81:e2:49:09:a3:83:03:8c:
         d0:ac:d8:fd:47:6e:1f:7f:a4:9e:39:68:f5:5a:4f:a6:7f:b2:
         a4:ea:1d:5a:5f:33:f9:0b:93:e1:6a:4a:37:bc:9e:0e:d4:75:
         7f:a8:75:76:56:0a:8a:da:14:36:45:32:f5:7d:53:9b:ca:ed:
         d7:3f:fd:9f:dd:42:31:c5:e3:8c:28:98:65:38:64:10:9c:51:
         1b:4d:51:77:c8:c1:ea:9a:d0:79:e1:63:66:2e:7c:57:58:2a:
         81:a0:af:d0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICBXEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQUJF
RDI4RkZDQzA0MEUzNjAzMkM0MjYxNTQ5NTU2MkJDQzZFRjQ1QzAeFw0yMzA5MDEw
OTAwMzRaFw0yNDA4MzEwMzEwNTNaMDMxMTAvBgNVBAMTKDAxNkIxNzRDNzcyODY2
MDIwNkY5N0EyRDU1NzlDNjUzMDIxMzI5MjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCuREqAPlEVXkaQ+ts6+PYLjU1KeGVQBh7I00ZtwoFTCwMWjYGR
9TGQ/rZipCMo4TbDLccFPKd+VeVKAdbNsFJfGfxCEnqvQ02E6bvQzJMzM1h4od5K
ExvUAYXsZ+r6gxG55/N66eP21eLSmcgPm5qCjH5NhHHmxqZjV8Z6qWMWsALwXwjU
FgHP9ZIJD63dvEncVMT5XT/AOUMLuIjyLPRnI3rvoM3fyicLWPK/RX6D9Jt4EBmi
ZKYAEnPNq/QAIGXd08ySXUNbYAB64Fz6c4EicszEcuRM0jTQqeuZTXLyZmKGB8gX
nyhgZ/phdxIMtaUBIvH0AR6NgNmbFvD+NphlAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUAWsXTHcoZgIG+XotVXnGUwITKSQwHwYDVR0jBBgwFoAUq+0o/8wEDjYDLEJh
VJVWK8xu9FwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSE9TVElO
L3EtMG9fOHdFRGpZRExFSmhWSlZXSzh4dTlGdy5jcmwwYAYIKwYBBQUHAQEEVDBS
MFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklD
Q0EvcS0wb184d0VEallETEVKaFZKVldLOHh1OUZ3LmNlcjAOBgNVHQ8BAf8EBAMC
B4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jwa2lj
YS50d25pYy50dy9ycGtpL1RXTklDQ0EvSE9TVElOL0FXc1hUSGNvWmdJRy1Yb3RW
WG5HVXdJVEtTUS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50d25pYy50
dy9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABn
YkgwDQYJKoZIhvcNAQELBQADggEBAGMEANYEPWWjbnwKIBL83vd0Igm4qJn+fkWg
gdBBuW0Yz6oDIIgR4WpOn+7SyyBB78yEQyMdvnBynZgimEBHSxNV9bNq0HEEVxZV
tGetY2xemhUEyrtsrI6bIQhYVpddZ5Iewg901UMRwXj42rQYVbP86a4L2Unt1CVM
6oJpU+Y4DxcqryyCrX5SGU+N8uJaePYIAlC+JDR+wpaB4kkJo4MDjNCs2P1Hbh9/
pJ45aPVaT6Z/sqTqHVpfM/kLk+FqSje8ng7UdX+odXZWCoraFDZFMvV9U5vK7dc/
/Z/dQjHF44womGU4ZBCcURtNUXfIweqa0HnhY2YufFdYKoGgr9A=
-----END CERTIFICATE-----
Generated at Tue Jun 18 13:13:38 2024 by rpki-client on console-fra.rpki-client.org