Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/TIDC/GdvrtS2WwbiQaAhNS2ZNqKo-bFU.roa
File:                     GdvrtS2WwbiQaAhNS2ZNqKo-bFU.roa (raw, json)
Hash identifier:          i/a5VuOiJaUJu73wc66XRXL3/whSmaNqXg/nfgAu3cY=
Subject key identifier:   19:DB:EB:B5:2D:96:C1:B8:90:68:08:4D:4B:66:4D:A8:AA:3E:6C:55
Certificate issuer:       /CN=C08515C8B9FB53F8CED489D2134F6441FFADA05E
Certificate serial:       0C19
Authority key identifier: C0:85:15:C8:B9:FB:53:F8:CE:D4:89:D2:13:4F:64:41:FF:AD:A0:5E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/wIUVyLn7U_jO1InSE09kQf-toF4.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/TIDC/GdvrtS2WwbiQaAhNS2ZNqKo-bFU.roa
Signing time:             Mon 26 Aug 2024 05:27:56 +0000
ROA not before:           Mon 26 Aug 2024 05:27:56 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     131609
IP address blocks:        103.99.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/TIDC/wIUVyLn7U_jO1InSE09kQf-toF4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/TIDC/wIUVyLn7U_jO1InSE09kQf-toF4.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/wIUVyLn7U_jO1InSE09kQf-toF4.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 13 Nov 2024 06:52:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3097 (0xc19)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C08515C8B9FB53F8CED489D2134F6441FFADA05E
        Validity
            Not Before: Aug 26 05:27:56 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=19DBEBB52D96C1B89068084D4B664DA8AA3E6C55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e1:1b:a2:64:0e:8e:f2:08:15:bb:1a:ad:e0:
                    7e:65:bd:26:06:21:4c:fd:3b:ed:90:95:fb:da:cd:
                    59:15:80:2b:2d:40:a7:63:08:15:9e:9a:eb:2c:d7:
                    4c:6a:4a:fd:84:b8:26:be:bc:79:cf:2d:31:77:d7:
                    9a:dd:ce:80:e2:68:d1:ad:f3:ed:96:f6:4b:49:b2:
                    8d:da:09:d2:bd:c4:98:8e:98:1b:d6:24:db:3a:25:
                    9c:e0:cd:f8:96:bc:2b:8a:11:8a:4d:7a:03:eb:27:
                    96:a6:79:05:1e:ff:cc:6d:d1:c8:d6:1f:72:4a:78:
                    3e:09:08:69:a5:59:32:af:ba:b3:e4:93:52:bc:67:
                    a9:bc:fe:7b:fc:dc:61:ed:26:ad:c4:dc:f3:fe:31:
                    7b:39:22:61:48:d6:49:da:3b:7f:79:1d:f2:b7:cf:
                    3d:b2:23:63:4b:88:81:41:0a:c9:7f:a8:60:32:ef:
                    e1:ba:71:4d:fa:c7:d8:9d:03:2b:de:b8:06:89:8b:
                    3d:a3:b8:61:fc:b6:95:56:03:05:05:1f:43:ec:d0:
                    50:10:fe:08:d9:e2:2f:6e:02:a1:bb:58:fd:e2:53:
                    92:3e:15:a6:fe:ac:13:63:49:c8:c9:50:e9:44:c5:
                    cf:d9:5a:bf:2a:82:6b:80:63:86:7e:7c:84:dc:e5:
                    b2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:DB:EB:B5:2D:96:C1:B8:90:68:08:4D:4B:66:4D:A8:AA:3E:6C:55
            X509v3 Authority Key Identifier:
                keyid:C0:85:15:C8:B9:FB:53:F8:CE:D4:89:D2:13:4F:64:41:FF:AD:A0:5E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TIDC/wIUVyLn7U_jO1InSE09kQf-toF4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/wIUVyLn7U_jO1InSE09kQf-toF4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TIDC/GdvrtS2WwbiQaAhNS2ZNqKo-bFU.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.99.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:67:e2:e0:ed:45:e8:01:22:bb:30:c5:7b:ea:df:15:d3:a2:
         58:7d:d7:2c:57:61:b7:d1:74:16:42:b3:1b:f2:1d:6c:e4:70:
         89:94:e4:46:53:c9:a4:a0:97:93:01:15:8f:58:60:ad:95:7b:
         c7:f7:40:cb:94:c4:06:e5:be:42:a5:3f:57:4b:61:c6:05:43:
         c7:bd:79:0a:10:5d:84:2b:61:cc:69:1f:74:44:c4:c9:34:c0:
         4c:18:cd:33:b4:99:ca:07:28:59:3d:80:9a:e9:3d:fa:87:05:
         bf:70:aa:21:e1:ba:6d:5f:d9:79:74:8d:80:0a:28:a8:33:46:
         33:ef:d3:05:04:8e:61:df:16:fe:c2:91:ce:f8:48:15:8c:b2:
         d7:5d:9b:46:f7:4d:db:33:18:12:58:e4:8e:17:b8:84:e0:4e:
         90:35:ac:1e:92:54:5a:25:c9:27:8c:b6:dd:8d:91:e5:a2:3d:
         26:27:f0:73:20:9e:8a:ea:38:b9:74:a3:f4:d8:60:b9:4e:2a:
         f0:11:d5:10:ef:dc:14:9e:26:69:ce:ee:53:83:e9:fb:b4:1d:
         81:3e:7e:bc:17:e1:66:0a:37:a7:30:14:d3:52:d0:43:5f:42:
         2b:0d:f3:aa:6a:3d:44:34:0d:06:58:03:e2:54:d0:72:f1:dd:
         e9:e2:31:9f
-----BEGIN CERTIFICATE-----
MIIEzjCCA7agAwIBAgICDBkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQzA4
NTE1QzhCOUZCNTNGOENFRDQ4OUQyMTM0RjY0NDFGRkFEQTA1RTAeFw0yNDA4MjYw
NTI3NTZaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDE5REJFQkI1MkQ5NkMx
Qjg5MDY4MDg0RDRCNjY0REE4QUEzRTZDNTUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCb4RuiZA6O8ggVuxqt4H5lvSYGIUz9O+2QlfvazVkVgCstQKdj
CBWemuss10xqSv2EuCa+vHnPLTF315rdzoDiaNGt8+2W9ktJso3aCdK9xJiOmBvW
JNs6JZzgzfiWvCuKEYpNegPrJ5ameQUe/8xt0cjWH3JKeD4JCGmlWTKvurPkk1K8
Z6m8/nv83GHtJq3E3PP+MXs5ImFI1knaO395HfK3zz2yI2NLiIFBCsl/qGAy7+G6
cU36x9idAyveuAaJiz2juGH8tpVWAwUFH0Ps0FAQ/gjZ4i9uAqG7WP3iU5I+Fab+
rBNjScjJUOlExc/ZWr8qgmuAY4Z+fITc5bKrAgMBAAGjggHqMIIB5jAdBgNVHQ4E
FgQUGdvrtS2WwbiQaAhNS2ZNqKo+bFUwHwYDVR0jBBgwFoAUwIUVyLn7U/jO1InS
E09kQf+toF4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBaBgNVHR8EUzBRME+g
TaBLhklyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvVElEQy93
SVVWeUxuN1Vfak8xSW5TRTA5a1FmLXRvRjQuY3JsMGAGCCsGAQUFBwEBBFQwUjBQ
BggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpY2EudHduaWMudHcvcnBraS9UV05JQ0NB
L3dJVVZ5TG43VV9qTzFJblNFMDlrUWYtdG9GNC5jZXIwDgYDVR0PAQH/BAQDAgeA
MIGaBggrBgEFBQcBCwSBjTCBijBVBggrBgEFBQcwC4ZJcnN5bmM6Ly9ycGtpY2Eu
dHduaWMudHcvcnBraS9UV05JQ0NBL1RJREMvR2R2cnRTMld3YmlRYUFoTlMyWk5x
S28tYkZVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycmRwLnR3bmljLnR3L3Jy
ZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAmdjWDAN
BgkqhkiG9w0BAQsFAAOCAQEAqmfi4O1F6AEiuzDFe+rfFdOiWH3XLFdht9F0FkKz
G/IdbORwiZTkRlPJpKCXkwEVj1hgrZV7x/dAy5TEBuW+QqU/V0thxgVDx715ChBd
hCthzGkfdETEyTTATBjNM7SZygcoWT2Amuk9+ocFv3CqIeG6bV/ZeXSNgAooqDNG
M+/TBQSOYd8W/sKRzvhIFYyy112bRvdN2zMYEljkjhe4hOBOkDWsHpJUWiXJJ4y2
3Y2R5aI9JifwcyCeiuo4uXSj9NhguU4q8BHVEO/cFJ4mac7uU4Pp+7QdgT5+vBfh
Zgo3pzAU01LQQ19CKw3zqmo9RDQNBlgD4lTQcvHd6eIxnw==
-----END CERTIFICATE-----
Generated at Wed Nov 13 02:24:56 2024 by rpki-client on console-fra.rpki-client.org