Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/MINGYITEA/I_RNZnv7q6wqNyMmWuWt4VHCpLU.roa
File:                     I_RNZnv7q6wqNyMmWuWt4VHCpLU.roa (raw, json)
Hash identifier:          nX6MYGVyeFZS/jxqUKChdFzcYsnWfLfB3iUCBaBbjs4=
Subject key identifier:   23:F4:4D:66:7B:FB:AB:AC:2A:37:23:26:5A:E5:AD:E1:51:C2:A4:B5
Certificate issuer:       /CN=ADFE6E56DAF8492EC7DE88B3A906B3139B55B864
Certificate serial:       06E3
Authority key identifier: AD:FE:6E:56:DA:F8:49:2E:C7:DE:88:B3:A9:06:B3:13:9B:55:B8:64
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/rf5uVtr4SS7H3oizqQazE5tVuGQ.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/MINGYITEA/I_RNZnv7q6wqNyMmWuWt4VHCpLU.roa
Signing time:             Mon 26 Aug 2024 05:20:59 +0000
ROA not before:           Mon 26 Aug 2024 05:20:59 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     131682
IP address blocks:        103.152.202.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/MINGYITEA/rf5uVtr4SS7H3oizqQazE5tVuGQ.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/MINGYITEA/rf5uVtr4SS7H3oizqQazE5tVuGQ.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/rf5uVtr4SS7H3oizqQazE5tVuGQ.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 14:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1763 (0x6e3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ADFE6E56DAF8492EC7DE88B3A906B3139B55B864
        Validity
            Not Before: Aug 26 05:20:59 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=23F44D667BFBABAC2A3723265AE5ADE151C2A4B5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:3b:9f:56:37:38:a6:6e:75:13:38:c2:8d:31:
                    d1:35:b6:75:ea:ea:ca:fe:2d:6c:1f:51:9f:b9:74:
                    1d:6d:0c:58:e3:fc:a7:e2:7c:61:ce:a4:02:1a:0d:
                    e5:59:20:6e:9e:35:e3:27:63:7f:62:f6:a5:bf:60:
                    ca:ec:20:41:d0:12:2b:c4:05:61:22:6e:78:06:60:
                    41:ae:f9:56:a9:5e:27:65:1c:d7:71:25:87:b2:c8:
                    ee:4e:ba:9c:fa:e9:5e:0d:d3:f9:df:fb:a5:56:2f:
                    25:24:b4:e2:7c:57:cf:d0:05:92:85:f6:7d:84:de:
                    57:5a:6d:79:3a:4a:aa:ed:80:cc:1b:89:6a:cc:7d:
                    3b:9c:19:f4:f7:d8:5e:25:51:95:ca:1b:f0:6c:ca:
                    22:d4:74:e2:35:85:d9:b2:8a:3b:9f:0b:cc:8e:ba:
                    1b:a1:70:9f:e6:60:59:61:43:0b:42:3b:ea:af:b6:
                    3f:5d:7d:5e:5c:0b:b1:2b:de:a9:41:fd:aa:08:e7:
                    e8:c3:e1:30:a7:a6:b2:86:7f:c2:71:0d:77:18:a4:
                    2e:82:2b:9d:52:30:1c:23:52:c6:bf:17:94:28:b4:
                    97:4b:7e:96:2f:37:4b:df:1e:be:8c:fc:d8:a7:59:
                    37:14:94:c1:ec:c0:0f:19:1e:89:05:f4:d1:6f:5c:
                    8b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:F4:4D:66:7B:FB:AB:AC:2A:37:23:26:5A:E5:AD:E1:51:C2:A4:B5
            X509v3 Authority Key Identifier:
                keyid:AD:FE:6E:56:DA:F8:49:2E:C7:DE:88:B3:A9:06:B3:13:9B:55:B8:64

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/MINGYITEA/rf5uVtr4SS7H3oizqQazE5tVuGQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/rf5uVtr4SS7H3oizqQazE5tVuGQ.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/MINGYITEA/I_RNZnv7q6wqNyMmWuWt4VHCpLU.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.152.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:96:a7:bf:a1:8c:8b:38:1b:3c:3e:aa:8d:ec:b1:2e:ba:78:
         c5:4e:34:8c:92:c6:36:ac:92:e6:08:b4:69:9c:62:10:21:3f:
         fc:a4:fd:e8:05:76:c9:a2:d9:24:27:a3:82:b4:a4:7e:06:a9:
         33:10:43:61:df:04:98:5b:a3:d4:bd:de:f0:9f:28:6e:f7:2f:
         61:8a:f7:06:d6:cd:9c:6c:6c:2e:86:41:13:09:12:a7:67:9e:
         6f:29:77:d3:5c:12:6a:24:24:9a:bb:2e:5f:d4:ae:92:64:21:
         23:96:02:f2:2b:9e:66:31:29:80:02:b3:ab:8a:81:7c:63:af:
         56:d7:22:df:74:34:22:56:16:af:5e:66:10:dc:42:94:df:ac:
         b5:e7:01:b1:b5:07:a3:02:7a:b1:0f:36:cf:57:fd:05:7b:c0:
         0a:08:6d:a5:13:56:dc:e4:e2:38:85:99:4c:2b:af:83:bd:8c:
         45:45:c2:83:56:7c:03:f6:0c:cb:00:22:0b:a5:45:a8:ce:79:
         78:80:1b:36:a7:9a:cb:77:0a:24:7d:d3:cd:ab:fa:68:15:ab:
         3d:a5:9c:b4:84:05:7f:62:aa:cc:c2:c8:83:ee:5f:0f:47:a1:
         ce:b8:9e:98:44:85:51:9c:cc:a9:f6:0a:f3:9d:cd:84:ba:8a:
         37:c8:5c:a6
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICBuMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQURG
RTZFNTZEQUY4NDkyRUM3REU4OEIzQTkwNkIzMTM5QjU1Qjg2NDAeFw0yNDA4MjYw
NTIwNTlaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDIzRjQ0RDY2N0JGQkFC
QUMyQTM3MjMyNjVBRTVBREUxNTFDMkE0QjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDMO59WNzimbnUTOMKNMdE1tnXq6sr+LWwfUZ+5dB1tDFjj/Kfi
fGHOpAIaDeVZIG6eNeMnY39i9qW/YMrsIEHQEivEBWEibngGYEGu+VapXidlHNdx
JYeyyO5Oupz66V4N0/nf+6VWLyUktOJ8V8/QBZKF9n2E3ldabXk6SqrtgMwbiWrM
fTucGfT32F4lUZXKG/BsyiLUdOI1hdmyijufC8yOuhuhcJ/mYFlhQwtCO+qvtj9d
fV5cC7Er3qlB/aoI5+jD4TCnprKGf8JxDXcYpC6CK51SMBwjUsa/F5QotJdLfpYv
N0vfHr6M/NinWTcUlMHswA8ZHokF9NFvXIvZAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUI/RNZnv7q6wqNyMmWuWt4VHCpLUwHwYDVR0jBBgwFoAUrf5uVtr4SS7H3oiz
qQazE5tVuGQwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBfBgNVHR8EWDBWMFSg
UqBQhk5yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvTUlOR1lJ
VEVBL3JmNXVWdHI0U1M3SDNvaXpxUWF6RTV0VnVHUS5jcmwwYAYIKwYBBQUHAQEE
VDBSMFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RX
TklDQ0EvcmY1dVZ0cjRTUzdIM29penFRYXpFNXRWdUdRLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZ8GCCsGAQUFBwELBIGSMIGPMFoGCCsGAQUFBzALhk5yc3luYzovL3Jw
a2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvTUlOR1lJVEVBL0lfUk5abnY3cTZ3
cU55TW1XdVd0NFZIQ3BMVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50
d25pYy50dy9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFnmMowDQYJKoZIhvcNAQELBQADggEBADGWp7+hjIs4Gzw+qo3ssS66eMVO
NIySxjaskuYItGmcYhAhP/yk/egFdsmi2SQno4K0pH4GqTMQQ2HfBJhbo9S93vCf
KG73L2GK9wbWzZxsbC6GQRMJEqdnnm8pd9NcEmokJJq7Ll/UrpJkISOWAvIrnmYx
KYACs6uKgXxjr1bXIt90NCJWFq9eZhDcQpTfrLXnAbG1B6MCerEPNs9X/QV7wAoI
baUTVtzk4jiFmUwrr4O9jEVFwoNWfAP2DMsAIgulRajOeXiAGzanmst3CiR9082r
+mgVqz2lnLSEBX9iqszCyIPuXw9Hoc64nphEhVGczKn2CvOdzYS6ijfIXKY=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:33 2024 by rpki-client on console-ams.rpki-client.org