Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/TGM/O-yzXgc2YMRYmpKT1j6Zu22TahU.roa
File:                     O-yzXgc2YMRYmpKT1j6Zu22TahU.roa (raw, json)
Hash identifier:          XSv8XcCeZfYxpCo5qMJuIhatnzkc+thCXb6Jb+IQqsQ=
Subject key identifier:   3B:EC:B3:5E:07:36:60:C4:58:9A:92:93:D6:3E:99:BB:6D:93:6A:15
Certificate issuer:       /CN=9B60696D68773AE2E532F0CD5D10FDC0C8273EA5
Certificate serial:       0293
Authority key identifier: 9B:60:69:6D:68:77:3A:E2:E5:32:F0:CD:5D:10:FD:C0:C8:27:3E:A5
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/m2BpbWh3OuLlMvDNXRD9wMgnPqU.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/TGM/O-yzXgc2YMRYmpKT1j6Zu22TahU.roa
Signing time:             Mon 26 Aug 2024 05:27:51 +0000
ROA not before:           Mon 26 Aug 2024 05:27:51 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     131642
IP address blocks:        2400:5120::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/TGM/m2BpbWh3OuLlMvDNXRD9wMgnPqU.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/TGM/m2BpbWh3OuLlMvDNXRD9wMgnPqU.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/m2BpbWh3OuLlMvDNXRD9wMgnPqU.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:24:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 659 (0x293)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9B60696D68773AE2E532F0CD5D10FDC0C8273EA5
        Validity
            Not Before: Aug 26 05:27:51 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=3BECB35E073660C4589A9293D63E99BB6D936A15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:21:b4:33:e8:22:4d:62:9a:c0:37:f0:8c:7c:
                    bc:46:19:c7:06:3d:d3:cc:e4:ef:66:99:ae:ab:85:
                    5b:c6:e8:64:d7:c1:a1:38:05:0e:56:d5:df:42:75:
                    54:ec:9e:30:35:6c:e2:59:39:8d:8b:5d:a1:d6:4b:
                    11:7c:b2:be:1f:c5:82:ea:69:71:91:ac:24:a5:4e:
                    ba:6a:f2:3e:7b:96:f4:05:f5:35:a1:3e:26:b2:3c:
                    53:7f:d7:1d:3b:c5:ce:9b:a2:1a:dd:89:83:3d:19:
                    cd:77:5f:83:f2:cf:9e:b3:4a:f7:b4:d6:14:10:9c:
                    1d:39:88:51:84:d2:59:af:4d:9e:91:ec:08:49:38:
                    55:43:f5:c0:a2:a7:4b:99:e6:cb:16:2d:21:bb:9c:
                    7e:9a:a9:89:99:4e:49:8d:32:2b:ee:38:dc:bc:a6:
                    53:a8:7c:cd:8b:1b:1e:49:f4:f4:4e:62:e9:11:b3:
                    dc:00:30:eb:74:de:f2:31:e9:18:48:c2:f3:3a:68:
                    b7:86:31:b2:07:97:44:f6:41:16:c6:0a:8e:98:57:
                    a4:8e:7b:ab:d5:73:59:4b:7f:41:5f:e2:d5:e0:a8:
                    f9:e0:30:66:a2:f0:8c:2c:3a:3b:b4:d0:86:83:ea:
                    ce:14:c8:e1:9c:05:50:84:c3:50:ae:29:20:2c:a2:
                    6e:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:EC:B3:5E:07:36:60:C4:58:9A:92:93:D6:3E:99:BB:6D:93:6A:15
            X509v3 Authority Key Identifier:
                keyid:9B:60:69:6D:68:77:3A:E2:E5:32:F0:CD:5D:10:FD:C0:C8:27:3E:A5

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TGM/m2BpbWh3OuLlMvDNXRD9wMgnPqU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/m2BpbWh3OuLlMvDNXRD9wMgnPqU.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TGM/O-yzXgc2YMRYmpKT1j6Zu22TahU.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:5120::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:23:17:61:20:97:70:01:db:c4:73:fd:fa:97:1d:29:6c:f0:
         59:96:1c:54:17:15:ac:0b:26:58:fc:02:60:af:37:91:9d:a1:
         ce:fe:ef:1a:e8:e7:74:a9:64:09:16:9f:c2:77:0c:e4:1f:ff:
         41:a8:ce:56:4b:97:a8:c0:78:31:81:a4:91:d2:12:ce:8a:15:
         4c:d3:d1:96:d7:90:b2:95:aa:23:f1:97:8d:43:61:a8:79:ff:
         5b:d6:70:bd:39:5a:1f:a1:de:07:32:d4:57:d5:ef:9f:5c:28:
         26:d7:16:25:4b:50:0e:c9:2b:f8:08:f7:40:2c:bc:5e:f8:15:
         c3:e9:0a:f8:18:df:e6:81:83:6a:32:7f:84:95:55:b9:56:e7:
         5f:b6:fd:36:6b:9e:ab:3c:cb:58:9e:35:1c:17:27:b6:1f:91:
         7a:20:c3:b5:e5:4a:cc:86:a0:7c:3f:d8:f3:cc:6c:70:6a:23:
         a0:7d:1f:65:9e:bb:88:80:71:1c:f1:75:ea:e4:fc:4f:50:0f:
         1b:54:9f:c2:47:b4:01:95:55:8f:26:79:6b:cd:cc:84:97:81:
         73:ca:a0:1f:ee:2c:7f:76:83:87:56:f8:90:91:10:30:a8:18:
         2a:28:08:32:79:1d:ba:6b:10:f0:dd:be:92:da:83:a5:a7:ef:
         f8:6a:c0:84
-----BEGIN CERTIFICATE-----
MIIEzTCCA7WgAwIBAgICApMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOUI2
MDY5NkQ2ODc3M0FFMkU1MzJGMENENUQxMEZEQzBDODI3M0VBNTAeFw0yNDA4MjYw
NTI3NTFaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDNCRUNCMzVFMDczNjYw
QzQ1ODlBOTI5M0Q2M0U5OUJCNkQ5MzZBMTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYIbQz6CJNYprAN/CMfLxGGccGPdPM5O9mma6rhVvG6GTXwaE4
BQ5W1d9CdVTsnjA1bOJZOY2LXaHWSxF8sr4fxYLqaXGRrCSlTrpq8j57lvQF9TWh
PiayPFN/1x07xc6bohrdiYM9Gc13X4Pyz56zSve01hQQnB05iFGE0lmvTZ6R7AhJ
OFVD9cCip0uZ5ssWLSG7nH6aqYmZTkmNMivuONy8plOofM2LGx5J9PROYukRs9wA
MOt03vIx6RhIwvM6aLeGMbIHl0T2QRbGCo6YV6SOe6vVc1lLf0Ff4tXgqPngMGai
8IwsOju00IaD6s4UyOGcBVCEw1CuKSAsom6nAgMBAAGjggHpMIIB5TAdBgNVHQ4E
FgQUO+yzXgc2YMRYmpKT1j6Zu22TahUwHwYDVR0jBBgwFoAUm2BpbWh3OuLlMvDN
XRD9wMgnPqUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBZBgNVHR8EUjBQME6g
TKBKhkhyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvVEdNL20y
QnBiV2gzT3VMbE12RE5YUkQ5d01nblBxVS5jcmwwYAYIKwYBBQUHAQEEVDBSMFAG
CCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0Ev
bTJCcGJXaDNPdUxsTXZETlhSRDl3TWduUHFVLmNlcjAOBgNVHQ8BAf8EBAMCB4Aw
gZkGCCsGAQUFBwELBIGMMIGJMFQGCCsGAQUFBzALhkhyc3luYzovL3Jwa2ljYS50
d25pYy50dy9ycGtpL1RXTklDQ0EvVEdNL08teXpYZ2MyWU1SWW1wS1QxajZadTIy
VGFoVS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50d25pYy50dy9ycmRw
L25vdGlmeS54bWwwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAkAFEgMA0G
CSqGSIb3DQEBCwUAA4IBAQCXIxdhIJdwAdvEc/36lx0pbPBZlhxUFxWsCyZY/AJg
rzeRnaHO/u8a6Od0qWQJFp/CdwzkH/9BqM5WS5eowHgxgaSR0hLOihVM09GW15Cy
laoj8ZeNQ2Goef9b1nC9OVofod4HMtRX1e+fXCgm1xYlS1AOySv4CPdALLxe+BXD
6Qr4GN/mgYNqMn+ElVW5Vudftv02a56rPMtYnjUcFye2H5F6IMO15UrMhqB8P9jz
zGxwaiOgfR9lnruIgHEc8XXq5PxPUA8bVJ/CR7QBlVWPJnlrzcyEl4FzyqAf7ix/
doOHVviQkRAwqBgqKAgyeR26axDw3b6S2oOlp+/4asCE
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:43:45 2024 by rpki-client on console-fra.rpki-client.org