Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/SCNET/BOUJqf_UxMAUP7-fEcf663gKvtM.roa
File:                     BOUJqf_UxMAUP7-fEcf663gKvtM.roa (raw, json)
Hash identifier:          FdvQSbLWP+Bw3FaRe+k/Cw8o6w1R2z8zr2eKg0Y42Js=
Subject key identifier:   04:E5:09:A9:FF:D4:C4:C0:14:3F:BF:9F:11:C7:FA:EB:78:0A:BE:D3
Certificate issuer:       /CN=349B9CE90AE03DAD19BC54DFF63AE8C41E223948
Certificate serial:       12A0
Authority key identifier: 34:9B:9C:E9:0A:E0:3D:AD:19:BC:54:DF:F6:3A:E8:C4:1E:22:39:48
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/NJuc6QrgPa0ZvFTf9jroxB4iOUg.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/SCNET/BOUJqf_UxMAUP7-fEcf663gKvtM.roa
Signing time:             Mon 12 Feb 2024 16:30:20 +0000
ROA not before:           Mon 12 Feb 2024 16:30:20 +0000
ROA not after:            Sat 31 Aug 2024 03:10:53 +0000
asID:                     131631
IP address blocks:        103.123.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/SCNET/NJuc6QrgPa0ZvFTf9jroxB4iOUg.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/SCNET/NJuc6QrgPa0ZvFTf9jroxB4iOUg.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/NJuc6QrgPa0ZvFTf9jroxB4iOUg.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 17 Jun 2024 22:13:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4768 (0x12a0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349B9CE90AE03DAD19BC54DFF63AE8C41E223948
        Validity
            Not Before: Feb 12 16:30:20 2024 GMT
            Not After : Aug 31 03:10:53 2024 GMT
        Subject: CN=04E509A9FFD4C4C0143FBF9F11C7FAEB780ABED3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:32:ea:fe:c0:bf:eb:df:9a:94:6a:e7:76:f5:
                    e0:c8:d1:d5:94:9b:97:0c:90:ef:19:9d:0b:d9:c4:
                    34:6b:ad:43:d5:6b:6d:4d:5f:d2:28:0d:9e:c1:0c:
                    74:2c:23:b9:d6:93:12:07:40:c5:4e:77:4c:7d:93:
                    f1:0d:53:78:18:66:82:b7:54:98:b5:4b:93:04:59:
                    21:9c:85:3b:52:cf:6d:6b:46:a5:71:05:82:cd:1e:
                    e9:ef:46:b4:16:ac:8c:36:05:1e:ab:f5:71:35:cc:
                    f1:05:36:f4:7a:e6:25:a8:67:9e:ce:f2:d9:0d:0e:
                    e3:46:d0:f8:29:19:4d:b6:b1:47:3d:0f:b5:e2:5f:
                    70:84:9c:0a:90:ba:ea:0f:54:cb:7e:8a:30:42:79:
                    91:22:db:fe:90:c8:aa:d0:4b:05:4e:b7:fa:a0:7f:
                    9c:a2:c2:b9:97:49:31:9a:4f:f6:30:da:90:42:72:
                    fc:9a:ab:a0:40:b5:c0:23:79:c7:11:5d:83:57:53:
                    63:9a:13:8e:8b:d8:a0:82:57:6c:23:bb:d0:25:c3:
                    06:e0:42:44:d2:39:c2:ef:03:a6:70:ed:f9:59:cb:
                    05:73:71:fc:60:40:83:8c:6e:33:45:09:ea:8b:5e:
                    02:12:4a:87:63:21:de:f1:63:33:62:14:55:5a:1f:
                    ce:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:E5:09:A9:FF:D4:C4:C0:14:3F:BF:9F:11:C7:FA:EB:78:0A:BE:D3
            X509v3 Authority Key Identifier:
                keyid:34:9B:9C:E9:0A:E0:3D:AD:19:BC:54:DF:F6:3A:E8:C4:1E:22:39:48

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/SCNET/NJuc6QrgPa0ZvFTf9jroxB4iOUg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/NJuc6QrgPa0ZvFTf9jroxB4iOUg.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/SCNET/BOUJqf_UxMAUP7-fEcf663gKvtM.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.123.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         df:f2:8e:08:ad:44:22:ef:c0:2a:1e:70:d7:c8:db:ee:3b:a9:
         b7:0c:a5:23:e8:c6:d0:1f:e1:24:bb:98:44:8e:19:91:6a:be:
         dc:6d:dd:7d:1f:0a:63:fe:82:ea:ea:cf:81:af:d7:87:88:04:
         8d:0c:18:da:55:e1:5e:7e:c1:84:09:3c:9e:67:6e:b1:11:bd:
         45:09:0e:b8:11:31:d2:bb:7a:2c:3d:66:b9:8b:d4:45:73:59:
         ee:83:8b:27:ca:3a:4a:56:e2:c5:88:a5:7b:b1:d2:65:f5:ca:
         09:3c:2d:95:de:69:93:40:61:c6:17:10:0b:0d:a1:ca:9b:36:
         07:be:e0:27:08:0a:94:78:0e:3f:d1:08:fb:a1:e3:0b:c2:37:
         77:1c:30:f1:33:58:33:da:7c:ac:28:80:3e:1c:41:d4:4f:ff:
         2b:c9:70:00:17:23:64:fb:5a:84:73:bc:8e:f4:42:d8:d6:ee:
         2a:a5:6b:8a:b4:e2:a0:30:12:0a:68:cd:de:5e:c8:3b:1b:32:
         cd:10:d2:66:be:5f:2c:28:30:19:4d:f7:85:d4:52:8e:85:ca:
         9d:20:88:05:ff:a0:85:aa:33:10:58:ee:58:3f:8d:67:fd:3c:
         2f:25:00:d9:fa:ca:6c:5d:c9:56:d5:67:34:97:83:5e:45:dc:
         b7:a4:02:e5
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICEqAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzQ5
QjlDRTkwQUUwM0RBRDE5QkM1NERGRjYzQUU4QzQxRTIyMzk0ODAeFw0yNDAyMTIx
NjMwMjBaFw0yNDA4MzEwMzEwNTNaMDMxMTAvBgNVBAMTKDA0RTUwOUE5RkZENEM0
QzAxNDNGQkY5RjExQzdGQUVCNzgwQUJFRDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXMur+wL/r35qUaud29eDI0dWUm5cMkO8ZnQvZxDRrrUPVa21N
X9IoDZ7BDHQsI7nWkxIHQMVOd0x9k/ENU3gYZoK3VJi1S5MEWSGchTtSz21rRqVx
BYLNHunvRrQWrIw2BR6r9XE1zPEFNvR65iWoZ57O8tkNDuNG0PgpGU22sUc9D7Xi
X3CEnAqQuuoPVMt+ijBCeZEi2/6QyKrQSwVOt/qgf5yiwrmXSTGaT/Yw2pBCcvya
q6BAtcAjeccRXYNXU2OaE46L2KCCV2wju9AlwwbgQkTSOcLvA6Zw7flZywVzcfxg
QIOMbjNFCeqLXgISSodjId7xYzNiFFVaH87RAgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUBOUJqf/UxMAUP7+fEcf663gKvtMwHwYDVR0jBBgwFoAUNJuc6QrgPa0ZvFTf
9jroxB4iOUgwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvU0NORVQv
Tkp1YzZRcmdQYTBadkZUZjlqcm94QjRpT1VnLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9OSnVjNlFyZ1BhMFp2RlRmOWpyb3hCNGlPVWcuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9TQ05FVC9CT1VKcWZfVXhNQVVQNy1mRWNm
NjYzZ0t2dE0ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ3vZ
MA0GCSqGSIb3DQEBCwUAA4IBAQDf8o4IrUQi78AqHnDXyNvuO6m3DKUj6MbQH+Ek
u5hEjhmRar7cbd19Hwpj/oLq6s+Br9eHiASNDBjaVeFefsGECTyeZ26xEb1FCQ64
ETHSu3osPWa5i9RFc1nug4snyjpKVuLFiKV7sdJl9coJPC2V3mmTQGHGFxALDaHK
mzYHvuAnCAqUeA4/0Qj7oeMLwjd3HDDxM1gz2nysKIA+HEHUT/8ryXAAFyNk+1qE
c7yO9ELY1u4qpWuKtOKgMBIKaM3eXsg7GzLNENJmvl8sKDAZTfeF1FKOhcqdIIgF
/6CFqjMQWO5YP41n/TwvJQDZ+spsXclW1Wc0l4NeRdy3pALl
-----END CERTIFICATE-----
Generated at Sun Jun 16 05:30:17 2024 by rpki-client on console-ams.rpki-client.org