Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/TANET/YfP8aZEQNnWiyqL4vKAc8kQyrKQ.roa
File:                     YfP8aZEQNnWiyqL4vKAc8kQyrKQ.roa (raw, json)
Hash identifier:          LKLJjw0eq9eFTRH/2Z/mvvkIWeFx9CF8bFqPJaJv90g=
Subject key identifier:   61:F3:FC:69:91:10:36:75:A2:CA:A2:F8:BC:A0:1C:F2:44:32:AC:A4
Certificate issuer:       /CN=E1A88C34D246EF7C2A7C1AC5FE97B262BC48178E
Certificate serial:       0E6E
Authority key identifier: E1:A8:8C:34:D2:46:EF:7C:2A:7C:1A:C5:FE:97:B2:62:BC:48:17:8E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/4aiMNNJG73wqfBrF_peyYrxIF44.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/YfP8aZEQNnWiyqL4vKAc8kQyrKQ.roa
Signing time:             Mon 26 Aug 2024 05:27:28 +0000
ROA not before:           Mon 26 Aug 2024 05:27:28 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     1659
IP address blocks:        210.62.224.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/4aiMNNJG73wqfBrF_peyYrxIF44.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/4aiMNNJG73wqfBrF_peyYrxIF44.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/4aiMNNJG73wqfBrF_peyYrxIF44.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 14:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3694 (0xe6e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=E1A88C34D246EF7C2A7C1AC5FE97B262BC48178E
        Validity
            Not Before: Aug 26 05:27:28 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=61F3FC6991103675A2CAA2F8BCA01CF24432ACA4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e8:8d:71:42:35:67:30:e6:54:08:9c:c0:bb:
                    77:df:fb:44:24:e3:00:dd:b9:d9:bd:93:9d:b0:4e:
                    a4:9e:b5:8a:90:9a:f5:e5:dc:3c:06:d0:a9:d7:1f:
                    3d:89:2e:0e:71:2d:e4:f9:7f:ad:70:22:eb:6d:de:
                    88:76:fa:31:c2:af:7a:c3:d3:c2:eb:7d:96:f7:d2:
                    c3:9b:52:78:33:b6:4a:e1:ca:82:b7:f0:88:9d:d2:
                    f4:90:6b:ed:da:da:be:00:bc:4e:69:cd:fc:64:61:
                    0a:cb:d7:4c:9f:c5:7f:60:3a:5c:c5:fe:fa:31:d0:
                    65:8f:cd:29:ea:c7:c1:c4:5f:2c:19:97:a1:c9:97:
                    17:80:0b:5f:7d:6f:b4:24:ce:8f:55:fc:f4:7e:fb:
                    63:a8:5b:75:2e:9f:0f:13:25:84:49:fc:cf:08:71:
                    61:d3:df:d9:be:fb:df:8a:ef:fa:fd:0c:a0:68:2d:
                    5e:08:83:61:d2:4d:ae:3d:4b:07:49:64:9b:56:43:
                    04:a4:4e:dc:7c:3a:60:b8:7e:47:19:17:f9:40:84:
                    ce:8d:1d:aa:2d:ec:e1:66:3a:f0:cf:c8:fd:6a:87:
                    2d:dd:2c:27:18:aa:3b:11:29:a5:0c:35:24:d7:80:
                    3f:15:0a:99:bd:87:ad:01:55:b0:6a:cb:e1:d4:4e:
                    20:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:F3:FC:69:91:10:36:75:A2:CA:A2:F8:BC:A0:1C:F2:44:32:AC:A4
            X509v3 Authority Key Identifier:
                keyid:E1:A8:8C:34:D2:46:EF:7C:2A:7C:1A:C5:FE:97:B2:62:BC:48:17:8E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/4aiMNNJG73wqfBrF_peyYrxIF44.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/4aiMNNJG73wqfBrF_peyYrxIF44.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/YfP8aZEQNnWiyqL4vKAc8kQyrKQ.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  210.62.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ab:1d:2a:46:ce:35:dd:9f:be:0c:93:b5:7b:e9:5f:95:41:78:
         d0:08:b5:63:0c:35:c1:0c:cc:6c:83:ae:ac:03:be:5c:33:00:
         33:2c:85:38:26:5c:2b:3e:3f:4b:3f:6b:56:e2:7f:d5:67:21:
         83:72:24:db:ed:e3:7c:b6:8e:95:d9:c2:1a:62:7c:8b:cf:c9:
         2d:29:96:e4:cb:c4:57:90:83:22:a5:b2:a4:14:9d:b8:6c:ae:
         43:34:d6:ee:f3:44:8e:4e:bb:7c:b2:35:9c:8c:22:49:8b:78:
         40:49:bd:c9:40:ae:a1:01:7d:a6:00:19:45:10:2d:20:87:d5:
         6c:24:0b:e8:3a:fb:c1:58:ee:ab:83:3a:ea:fa:82:95:a0:1c:
         b4:ca:a3:99:1e:98:7c:90:99:b9:ae:d1:15:50:ca:01:64:26:
         2b:0d:e0:39:16:a1:d6:7b:74:b5:8f:7f:7c:e1:38:9d:ee:e1:
         8e:78:cd:8b:1e:35:75:5d:95:25:03:09:4a:c4:7e:50:20:f5:
         94:6b:cf:ed:95:a3:11:5d:71:ec:86:31:21:e7:73:62:8c:f7:
         ec:81:f9:c3:2e:6e:9e:ae:8e:55:43:c3:9d:5b:e0:5e:ba:59:
         1d:db:e8:54:67:40:26:6c:4e:cf:e4:df:5c:30:bf:b5:5b:6f:
         dd:3c:98:53
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICDm4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRTFB
ODhDMzREMjQ2RUY3QzJBN0MxQUM1RkU5N0IyNjJCQzQ4MTc4RTAeFw0yNDA4MjYw
NTI3MjhaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDYxRjNGQzY5OTExMDM2
NzVBMkNBQTJGOEJDQTAxQ0YyNDQzMkFDQTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDa6I1xQjVnMOZUCJzAu3ff+0Qk4wDdudm9k52wTqSetYqQmvXl
3DwG0KnXHz2JLg5xLeT5f61wIutt3oh2+jHCr3rD08LrfZb30sObUngztkrhyoK3
8Iid0vSQa+3a2r4AvE5pzfxkYQrL10yfxX9gOlzF/vox0GWPzSnqx8HEXywZl6HJ
lxeAC199b7Qkzo9V/PR++2OoW3Uunw8TJYRJ/M8IcWHT39m++9+K7/r9DKBoLV4I
g2HSTa49SwdJZJtWQwSkTtx8OmC4fkcZF/lAhM6NHaot7OFmOvDPyP1qhy3dLCcY
qjsRKaUMNSTXgD8VCpm9h60BVbBqy+HUTiCFAgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUYfP8aZEQNnWiyqL4vKAc8kQyrKQwHwYDVR0jBBgwFoAU4aiMNNJG73wqfBrF
/peyYrxIF44wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvVEFORVQv
NGFpTU5OSkc3M3dxZkJyRl9wZXlZcnhJRjQ0LmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS80YWlNTk5KRzczd3FmQnJGX3BleVlyeElGNDQuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9UQU5FVC9ZZlA4YVpFUU5uV2l5cUw0dktB
YzhrUXlyS1Eucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE0j7g
MA0GCSqGSIb3DQEBCwUAA4IBAQCrHSpGzjXdn74Mk7V76V+VQXjQCLVjDDXBDMxs
g66sA75cMwAzLIU4JlwrPj9LP2tW4n/VZyGDciTb7eN8to6V2cIaYnyLz8ktKZbk
y8RXkIMipbKkFJ24bK5DNNbu80SOTrt8sjWcjCJJi3hASb3JQK6hAX2mABlFEC0g
h9VsJAvoOvvBWO6rgzrq+oKVoBy0yqOZHph8kJm5rtEVUMoBZCYrDeA5FqHWe3S1
j3984Tid7uGOeM2LHjV1XZUlAwlKxH5QIPWUa8/tlaMRXXHshjEh53NijPfsgfnD
Lm6ero5VQ8OdW+Beulkd2+hUZ0AmbE7P5N9cML+1W2/dPJhT
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:35 2024 by rpki-client on console-ams.rpki-client.org