Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/NCIC/op3DW-m9i9pHtIGLkVOMKIPQ_gc.roa
File:                     op3DW-m9i9pHtIGLkVOMKIPQ_gc.roa (raw, json)
Hash identifier:          Z2zwpcBHjoLS1ByHQ4sLh7k2NSrHAxKv16t9wFtsizM=
Subject key identifier:   A2:9D:C3:5B:E9:BD:8B:DA:47:B4:81:8B:91:53:8C:28:83:D0:FE:07
Certificate issuer:       /CN=6EE5B41857AD23D5BEE6716E31AA334BF2545B72
Certificate serial:       16EA
Authority key identifier: 6E:E5:B4:18:57:AD:23:D5:BE:E6:71:6E:31:AA:33:4B:F2:54:5B:72
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/buW0GFetI9W-5nFuMaozS_JUW3I.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/NCIC/op3DW-m9i9pHtIGLkVOMKIPQ_gc.roa
Signing time:             Mon 26 Aug 2024 05:22:46 +0000
ROA not before:           Mon 26 Aug 2024 05:22:46 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     18049
IP address blocks:        106.105.80.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/NCIC/buW0GFetI9W-5nFuMaozS_JUW3I.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/NCIC/buW0GFetI9W-5nFuMaozS_JUW3I.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/buW0GFetI9W-5nFuMaozS_JUW3I.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:24:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5866 (0x16ea)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6EE5B41857AD23D5BEE6716E31AA334BF2545B72
        Validity
            Not Before: Aug 26 05:22:46 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=A29DC35BE9BD8BDA47B4818B91538C2883D0FE07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ae:09:e6:46:72:68:4a:f2:63:87:e6:3d:76:
                    22:8e:e1:fb:c6:2e:a8:59:0a:24:87:3f:ef:f4:27:
                    33:99:c9:30:8e:fd:58:87:50:09:bf:a4:1d:97:1b:
                    01:25:69:1a:17:88:ce:c6:f2:3c:ff:c9:88:51:93:
                    2b:21:97:64:c1:0a:7a:6e:78:20:cb:c5:2f:84:77:
                    55:5f:84:72:72:6e:44:9f:fc:11:de:21:00:36:11:
                    37:7a:28:49:e9:16:21:ef:57:6c:c7:cd:fb:ae:ab:
                    bf:82:08:a6:bf:24:e5:b5:31:63:c2:e6:eb:35:2d:
                    cb:e7:95:c4:7d:7b:ed:a2:31:ae:4e:ca:72:c1:d2:
                    74:d4:c6:bc:17:8d:b5:7b:d1:c6:42:b2:03:89:5e:
                    cc:1c:05:46:fd:f8:e5:cc:17:e8:0f:c5:2e:76:06:
                    29:6f:dd:7a:3b:75:86:60:b1:84:72:43:03:de:2e:
                    3a:7e:81:1d:e6:bf:a2:e6:0d:99:8e:3b:d2:66:d1:
                    02:04:3c:04:ff:ad:4c:19:4d:ef:bd:21:2d:f1:40:
                    81:0b:72:ea:6f:72:e9:4a:d5:10:75:d3:15:f0:8a:
                    c7:4f:6a:5a:42:9d:33:37:eb:79:fe:f6:59:c7:5f:
                    49:b8:01:5f:b2:37:1d:7b:c6:31:1a:f5:36:4c:b8:
                    c9:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:9D:C3:5B:E9:BD:8B:DA:47:B4:81:8B:91:53:8C:28:83:D0:FE:07
            X509v3 Authority Key Identifier:
                keyid:6E:E5:B4:18:57:AD:23:D5:BE:E6:71:6E:31:AA:33:4B:F2:54:5B:72

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/NCIC/buW0GFetI9W-5nFuMaozS_JUW3I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/buW0GFetI9W-5nFuMaozS_JUW3I.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/NCIC/op3DW-m9i9pHtIGLkVOMKIPQ_gc.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  106.105.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         77:98:66:94:ea:6e:14:86:6a:00:ef:fa:b9:37:2e:c3:e0:78:
         d0:41:d8:34:18:93:8f:5e:1f:7e:c2:3f:12:cb:a8:90:ce:d8:
         ae:19:ee:73:fd:74:1f:c1:28:4b:e8:d7:eb:b9:e7:75:23:ba:
         50:e5:a9:64:0b:4c:c3:a4:82:b3:d3:f3:34:43:a3:9b:44:ec:
         10:be:ec:b8:28:eb:14:70:cb:78:39:6c:7d:36:8d:68:7d:78:
         5e:21:d7:ca:8d:64:50:c9:63:9e:46:f3:a2:ab:06:c6:e5:9d:
         66:72:78:b2:d2:27:af:c2:a3:91:d2:17:5d:f1:00:1b:03:79:
         c9:af:b6:30:ff:68:0d:96:8d:2f:35:47:41:d9:d3:a9:63:75:
         2d:bf:fc:a5:f9:b6:61:51:d8:94:6c:2c:bd:83:12:31:ec:9b:
         cb:56:3c:18:2f:06:d8:7e:c1:65:09:a9:da:f9:fd:8d:50:88:
         99:27:95:74:84:7d:b5:f8:ac:8a:ca:23:60:04:35:8c:52:e4:
         ed:53:2d:81:b1:ed:09:4f:fc:f2:8f:da:fb:51:a7:ae:ba:61:
         71:14:7e:1f:d4:2f:e5:09:1a:f5:5e:bc:30:21:5a:9c:0c:f7:
         2d:d4:fb:53:52:d0:0e:7b:78:be:c1:9b:22:23:eb:98:af:b8:
         24:9f:c9:7c
-----BEGIN CERTIFICATE-----
MIIEzjCCA7agAwIBAgICFuowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNkVF
NUI0MTg1N0FEMjNENUJFRTY3MTZFMzFBQTMzNEJGMjU0NUI3MjAeFw0yNDA4MjYw
NTIyNDZaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKEEyOURDMzVCRTlCRDhC
REE0N0I0ODE4QjkxNTM4QzI4ODNEMEZFMDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDergnmRnJoSvJjh+Y9diKO4fvGLqhZCiSHP+/0JzOZyTCO/ViH
UAm/pB2XGwElaRoXiM7G8jz/yYhRkyshl2TBCnpueCDLxS+Ed1VfhHJybkSf/BHe
IQA2ETd6KEnpFiHvV2zHzfuuq7+CCKa/JOW1MWPC5us1LcvnlcR9e+2iMa5OynLB
0nTUxrwXjbV70cZCsgOJXswcBUb9+OXMF+gPxS52Bilv3Xo7dYZgsYRyQwPeLjp+
gR3mv6LmDZmOO9Jm0QIEPAT/rUwZTe+9IS3xQIELcupvculK1RB10xXwisdPalpC
nTM363n+9lnHX0m4AV+yNx17xjEa9TZMuMk5AgMBAAGjggHqMIIB5jAdBgNVHQ4E
FgQUop3DW+m9i9pHtIGLkVOMKIPQ/gcwHwYDVR0jBBgwFoAUbuW0GFetI9W+5nFu
MaozS/JUW3IwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBaBgNVHR8EUzBRME+g
TaBLhklyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvTkNJQy9i
dVcwR0ZldEk5Vy01bkZ1TWFvelNfSlVXM0kuY3JsMGAGCCsGAQUFBwEBBFQwUjBQ
BggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpY2EudHduaWMudHcvcnBraS9UV05JQ0NB
L2J1VzBHRmV0STlXLTVuRnVNYW96U19KVVczSS5jZXIwDgYDVR0PAQH/BAQDAgeA
MIGaBggrBgEFBQcBCwSBjTCBijBVBggrBgEFBQcwC4ZJcnN5bmM6Ly9ycGtpY2Eu
dHduaWMudHcvcnBraS9UV05JQ0NBL05DSUMvb3AzRFctbTlpOXBIdElHTGtWT01L
SVBRX2djLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycmRwLnR3bmljLnR3L3Jy
ZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA2ppUDAN
BgkqhkiG9w0BAQsFAAOCAQEAd5hmlOpuFIZqAO/6uTcuw+B40EHYNBiTj14ffsI/
EsuokM7Yrhnuc/10H8EoS+jX67nndSO6UOWpZAtMw6SCs9PzNEOjm0TsEL7suCjr
FHDLeDlsfTaNaH14XiHXyo1kUMljnkbzoqsGxuWdZnJ4stInr8KjkdIXXfEAGwN5
ya+2MP9oDZaNLzVHQdnTqWN1Lb/8pfm2YVHYlGwsvYMSMeyby1Y8GC8G2H7BZQmp
2vn9jVCImSeVdIR9tfisisojYAQ1jFLk7VMtgbHtCU/88o/a+1GnrrphcRR+H9Qv
5Qka9V68MCFanAz3LdT7U1LQDnt4vsGbIiPrmK+4JJ/JfA==
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:43:42 2024 by rpki-client on console-fra.rpki-client.org