Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/TANET/UtCV5o13cygopIDqNqZRBA9yQjI.roa
File:                     UtCV5o13cygopIDqNqZRBA9yQjI.roa (raw, json)
Hash identifier:          ly0HgKxYvJjcmYhC8FV1l0RcLr4JfT6jsIZXiLHkshs=
Subject key identifier:   52:D0:95:E6:8D:77:73:28:28:A4:80:EA:36:A6:51:04:0F:72:42:32
Certificate issuer:       /CN=E1A88C34D246EF7C2A7C1AC5FE97B262BC48178E
Certificate serial:       0E50
Authority key identifier: E1:A8:8C:34:D2:46:EF:7C:2A:7C:1A:C5:FE:97:B2:62:BC:48:17:8E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/4aiMNNJG73wqfBrF_peyYrxIF44.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/UtCV5o13cygopIDqNqZRBA9yQjI.roa
Signing time:             Mon 26 Aug 2024 05:27:14 +0000
ROA not before:           Mon 26 Aug 2024 05:27:14 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     131150
IP address blocks:        163.32.188.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/4aiMNNJG73wqfBrF_peyYrxIF44.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/4aiMNNJG73wqfBrF_peyYrxIF44.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/4aiMNNJG73wqfBrF_peyYrxIF44.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:24:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3664 (0xe50)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=E1A88C34D246EF7C2A7C1AC5FE97B262BC48178E
        Validity
            Not Before: Aug 26 05:27:14 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=52D095E68D77732828A480EA36A651040F724232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:eb:4e:25:64:71:59:0b:07:57:86:63:5e:3b:
                    96:3b:d0:f8:bf:a0:6c:f8:77:ec:d9:e9:de:ae:69:
                    d7:58:51:53:50:cd:7d:c9:11:97:b0:69:92:c0:82:
                    e4:25:34:24:49:c6:d8:a2:1b:ab:0d:57:ad:05:2c:
                    c7:18:2a:9d:50:5f:42:28:63:2f:a0:04:30:5a:bc:
                    5d:50:81:38:41:0f:ef:c3:75:8e:bd:49:e3:de:d3:
                    74:bf:5b:ee:29:fe:58:12:6d:09:98:01:36:bb:ef:
                    3f:12:ac:4a:d4:c1:40:69:32:ef:03:0e:06:5d:48:
                    6b:84:23:26:99:7f:94:76:ef:92:8a:af:ca:6a:32:
                    6e:5c:e5:b3:97:55:f7:72:ea:43:1d:bb:07:f7:5b:
                    91:f3:30:3c:d5:b3:3a:6a:2b:18:1d:b4:46:41:7d:
                    9b:aa:28:73:fd:bf:49:10:1a:e4:65:35:be:23:08:
                    41:69:e5:41:49:15:4b:11:f5:e5:a1:30:8b:05:7b:
                    bc:3b:7a:73:d0:45:8c:d2:ce:9a:76:9f:2a:7a:ac:
                    7e:94:25:7e:81:39:14:bf:73:8f:7e:f2:db:96:14:
                    df:80:ff:dd:be:8c:3f:68:de:15:65:7a:8c:b2:6a:
                    de:72:fb:33:b2:b7:4c:03:3e:ba:66:cf:9d:bf:1d:
                    95:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D0:95:E6:8D:77:73:28:28:A4:80:EA:36:A6:51:04:0F:72:42:32
            X509v3 Authority Key Identifier:
                keyid:E1:A8:8C:34:D2:46:EF:7C:2A:7C:1A:C5:FE:97:B2:62:BC:48:17:8E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/4aiMNNJG73wqfBrF_peyYrxIF44.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/4aiMNNJG73wqfBrF_peyYrxIF44.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/UtCV5o13cygopIDqNqZRBA9yQjI.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.32.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:c8:12:48:3e:9e:ae:51:b1:57:2b:82:d8:d8:39:94:13:3a:
         6e:e8:04:fd:4f:83:ed:f6:91:e2:e1:36:58:f0:3b:f5:4a:b9:
         a2:a1:86:20:58:d1:19:51:89:ad:ad:0b:76:33:9f:1b:d4:f8:
         fe:b0:7b:a4:b3:e4:7d:24:cf:10:76:76:23:7b:5b:de:71:13:
         80:91:38:e7:26:b1:27:05:f5:7d:b2:f4:27:2f:85:0b:05:c1:
         f0:01:c0:60:74:37:0f:36:a5:80:03:dc:4a:78:fa:3c:76:a5:
         b3:74:dd:5c:f1:56:c7:5b:4e:22:a8:ae:e0:6b:d6:35:30:56:
         a6:48:90:bd:6b:fe:60:0a:21:cb:c9:bc:92:40:c7:da:61:29:
         fc:e3:70:6e:40:e8:eb:4f:98:55:e9:d6:43:8f:ab:a4:64:95:
         15:b4:ee:b5:25:22:44:a7:0f:8a:ed:b1:40:c5:58:dc:3d:03:
         df:31:5d:31:7d:cf:39:51:d2:b5:c4:e3:7a:71:16:b9:fe:a9:
         2d:35:1c:ba:7c:6a:53:0a:d5:a6:3e:f2:e7:28:a8:5f:e0:41:
         8f:46:a5:fe:d1:6a:89:fc:69:82:86:4d:53:1f:94:1a:37:a6:
         03:f6:e1:b4:b9:11:ab:10:8e:f4:d8:a3:91:a8:12:3f:9f:b4:
         d9:1e:94:44
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICDlAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRTFB
ODhDMzREMjQ2RUY3QzJBN0MxQUM1RkU5N0IyNjJCQzQ4MTc4RTAeFw0yNDA4MjYw
NTI3MTRaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDUyRDA5NUU2OEQ3Nzcz
MjgyOEE0ODBFQTM2QTY1MTA0MEY3MjQyMzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC2604lZHFZCwdXhmNeO5Y70Pi/oGz4d+zZ6d6uaddYUVNQzX3J
EZewaZLAguQlNCRJxtiiG6sNV60FLMcYKp1QX0IoYy+gBDBavF1QgThBD+/DdY69
SePe03S/W+4p/lgSbQmYATa77z8SrErUwUBpMu8DDgZdSGuEIyaZf5R275KKr8pq
Mm5c5bOXVfdy6kMduwf3W5HzMDzVszpqKxgdtEZBfZuqKHP9v0kQGuRlNb4jCEFp
5UFJFUsR9eWhMIsFe7w7enPQRYzSzpp2nyp6rH6UJX6BORS/c49+8tuWFN+A/92+
jD9o3hVleoyyat5y+zOyt0wDPrpmz52/HZUFAgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUUtCV5o13cygopIDqNqZRBA9yQjIwHwYDVR0jBBgwFoAU4aiMNNJG73wqfBrF
/peyYrxIF44wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvVEFORVQv
NGFpTU5OSkc3M3dxZkJyRl9wZXlZcnhJRjQ0LmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS80YWlNTk5KRzczd3FmQnJGX3BleVlyeElGNDQuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9UQU5FVC9VdENWNW8xM2N5Z29wSURxTnFa
UkJBOXlRakkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCoyC8
MA0GCSqGSIb3DQEBCwUAA4IBAQAOyBJIPp6uUbFXK4LY2DmUEzpu6AT9T4Pt9pHi
4TZY8Dv1SrmioYYgWNEZUYmtrQt2M58b1Pj+sHuks+R9JM8QdnYje1vecROAkTjn
JrEnBfV9svQnL4ULBcHwAcBgdDcPNqWAA9xKePo8dqWzdN1c8VbHW04iqK7ga9Y1
MFamSJC9a/5gCiHLybySQMfaYSn843BuQOjrT5hV6dZDj6ukZJUVtO61JSJEpw+K
7bFAxVjcPQPfMV0xfc85UdK1xON6cRa5/qktNRy6fGpTCtWmPvLnKKhf4EGPRqX+
0WqJ/GmChk1TH5QaN6YD9uG0uRGrEI702KORqBI/n7TZHpRE
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:15 2024 by rpki-client on console-ams.rpki-client.org