Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/KBT/j_ns-L0zHaiOQXB6GBfT15-WhUA.roa
File:                     j_ns-L0zHaiOQXB6GBfT15-WhUA.roa (raw, json)
Hash identifier:          ofj/aTCAa5UDhZ8dEbl76P9WmwVEEtffMzpR1HbPbY8=
Subject key identifier:   8F:F9:EC:F8:BD:33:1D:A8:8E:41:70:7A:18:17:D3:D7:9F:96:85:40
Certificate issuer:       /CN=2DBED751DA8F01930418E2DE2432D0D03A97DA7C
Certificate serial:       0CAB
Authority key identifier: 2D:BE:D7:51:DA:8F:01:93:04:18:E2:DE:24:32:D0:D0:3A:97:DA:7C
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/Lb7XUdqPAZMEGOLeJDLQ0DqX2nw.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/KBT/j_ns-L0zHaiOQXB6GBfT15-WhUA.roa
Signing time:             Mon 26 Aug 2024 05:19:26 +0000
ROA not before:           Mon 26 Aug 2024 05:19:26 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18042
IP address blocks:        58.86.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/KBT/Lb7XUdqPAZMEGOLeJDLQ0DqX2nw.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/KBT/Lb7XUdqPAZMEGOLeJDLQ0DqX2nw.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/Lb7XUdqPAZMEGOLeJDLQ0DqX2nw.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:24:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3243 (0xcab)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2DBED751DA8F01930418E2DE2432D0D03A97DA7C
        Validity
            Not Before: Aug 26 05:19:26 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=8FF9ECF8BD331DA88E41707A1817D3D79F968540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:1a:1f:15:f3:b1:ef:ab:18:c2:80:13:64:22:
                    2d:7a:95:a0:7a:aa:25:d2:a3:95:c5:34:30:92:aa:
                    6c:41:f0:6a:9f:88:20:b2:67:13:e0:c8:cf:89:c7:
                    17:5a:f4:c7:62:f1:38:d0:70:5a:e6:b3:d7:72:67:
                    c5:ed:0b:7e:59:7c:aa:5f:bf:c5:ab:5c:1b:5d:28:
                    d4:c1:f8:94:c3:8a:35:31:1e:9c:14:1f:71:02:a5:
                    5a:38:ba:89:ef:8b:c1:54:e9:e1:69:34:bd:f0:4d:
                    ba:86:25:4f:68:40:85:c6:66:b5:15:2e:90:9b:13:
                    f7:dd:d8:64:66:c2:2b:72:05:09:80:e1:c8:56:f0:
                    9b:67:15:8e:ea:d6:1d:11:9c:cb:d5:f2:19:3f:98:
                    f5:17:0a:bf:6a:63:11:a2:a1:38:c7:47:f2:8f:82:
                    3a:f7:38:f2:fb:3b:05:01:84:65:b1:86:55:64:97:
                    2d:da:b4:37:7f:35:bf:8f:74:93:a8:20:ca:f7:1c:
                    74:25:5e:b0:65:bc:22:1f:7f:c3:5d:0d:4f:4e:da:
                    67:2e:c3:73:45:9b:58:fd:13:1b:76:e4:51:ef:ac:
                    da:d3:9b:d8:bb:d9:d2:7a:44:f3:8e:e4:f2:3e:4a:
                    3c:d5:92:70:04:f9:aa:28:1d:50:cb:e0:96:aa:f2:
                    46:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:F9:EC:F8:BD:33:1D:A8:8E:41:70:7A:18:17:D3:D7:9F:96:85:40
            X509v3 Authority Key Identifier:
                keyid:2D:BE:D7:51:DA:8F:01:93:04:18:E2:DE:24:32:D0:D0:3A:97:DA:7C

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/KBT/Lb7XUdqPAZMEGOLeJDLQ0DqX2nw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/Lb7XUdqPAZMEGOLeJDLQ0DqX2nw.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/KBT/j_ns-L0zHaiOQXB6GBfT15-WhUA.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  58.86.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:33:a5:90:6d:9b:53:66:ec:ef:55:62:4e:21:80:46:8e:27:
         cc:21:37:79:76:05:aa:a4:36:3f:9f:22:d3:2f:dc:db:95:25:
         0a:b8:5f:d7:04:b8:23:87:42:d0:82:6b:46:18:39:20:f8:bb:
         46:1c:32:0a:71:02:4a:c4:81:0a:cb:3f:0e:85:db:21:4b:55:
         b9:b5:b1:58:eb:30:94:58:e4:78:6c:c1:b0:e9:22:c6:3e:46:
         2c:75:b6:ad:38:c0:80:64:b3:61:95:9d:27:2e:ef:39:e9:ca:
         2a:be:0a:68:d6:76:3f:6b:ac:70:f8:eb:da:21:8b:ce:c1:a5:
         24:c8:af:74:f1:71:5e:2c:31:dc:11:03:04:23:b9:fa:50:8f:
         10:c2:d7:71:92:9e:6c:3f:3a:5c:ea:32:36:3e:a9:c3:b9:12:
         3e:ec:7c:9d:26:e9:65:6a:5b:61:b2:0b:68:07:19:0a:6c:89:
         65:d2:0a:be:d3:2a:40:27:66:02:04:33:c0:1b:d7:21:f0:7f:
         7a:52:da:81:1f:4c:0e:ea:88:af:c2:a6:3d:64:e7:5b:67:c9:
         47:c6:42:b8:7f:fd:c9:f3:9e:ef:2a:2b:d3:96:ce:f8:a6:5e:
         3e:c4:67:2a:5c:ec:e2:25:14:5c:cf:82:12:9c:90:0d:90:51:
         8c:c5:d2:60
-----BEGIN CERTIFICATE-----
MIIEzDCCA7SgAwIBAgICDKswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkRC
RUQ3NTFEQThGMDE5MzA0MThFMkRFMjQzMkQwRDAzQTk3REE3QzAeFw0yNDA4MjYw
NTE5MjZaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDhGRjlFQ0Y4QkQzMzFE
QTg4RTQxNzA3QTE4MTdEM0Q3OUY5Njg1NDAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXGh8V87HvqxjCgBNkIi16laB6qiXSo5XFNDCSqmxB8GqfiCCy
ZxPgyM+Jxxda9Mdi8TjQcFrms9dyZ8XtC35ZfKpfv8WrXBtdKNTB+JTDijUxHpwU
H3ECpVo4uonvi8FU6eFpNL3wTbqGJU9oQIXGZrUVLpCbE/fd2GRmwityBQmA4chW
8JtnFY7q1h0RnMvV8hk/mPUXCr9qYxGioTjHR/KPgjr3OPL7OwUBhGWxhlVkly3a
tDd/Nb+PdJOoIMr3HHQlXrBlvCIff8NdDU9O2mcuw3NFm1j9Ext25FHvrNrTm9i7
2dJ6RPOO5PI+SjzVknAE+aooHVDL4Jaq8kbTAgMBAAGjggHoMIIB5DAdBgNVHQ4E
FgQUj/ns+L0zHaiOQXB6GBfT15+WhUAwHwYDVR0jBBgwFoAULb7XUdqPAZMEGOLe
JDLQ0DqX2nwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBZBgNVHR8EUjBQME6g
TKBKhkhyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvS0JUL0xi
N1hVZHFQQVpNRUdPTGVKRExRMERxWDJudy5jcmwwYAYIKwYBBQUHAQEEVDBSMFAG
CCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0Ev
TGI3WFVkcVBBWk1FR09MZUpETFEwRHFYMm53LmNlcjAOBgNVHQ8BAf8EBAMCB4Aw
gZkGCCsGAQUFBwELBIGMMIGJMFQGCCsGAQUFBzALhkhyc3luYzovL3Jwa2ljYS50
d25pYy50dy9ycGtpL1RXTklDQ0EvS0JUL2pfbnMtTDB6SGFpT1FYQjZHQmZUMTUt
V2hVQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50d25pYy50dy9ycmRw
L25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAA6VjcwDQYJ
KoZIhvcNAQELBQADggEBAHAzpZBtm1Nm7O9VYk4hgEaOJ8whN3l2BaqkNj+fItMv
3NuVJQq4X9cEuCOHQtCCa0YYOSD4u0YcMgpxAkrEgQrLPw6F2yFLVbm1sVjrMJRY
5HhswbDpIsY+Rix1tq04wIBks2GVnScu7znpyiq+CmjWdj9rrHD469ohi87BpSTI
r3TxcV4sMdwRAwQjufpQjxDC13GSnmw/OlzqMjY+qcO5Ej7sfJ0m6WVqW2GyC2gH
GQpsiWXSCr7TKkAnZgIEM8Ab1yHwf3pS2oEfTA7qiK/Cpj1k51tnyUfGQrh//cnz
nu8qK9OWzvimXj7EZypc7OIlFFzPghKckA2QUYzF0mA=
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:43:40 2024 by rpki-client on console-fra.rpki-client.org