Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/7EaTuDHFenlX4Oo7rJcfRWmOW0M.roa
File:                     7EaTuDHFenlX4Oo7rJcfRWmOW0M.roa (raw, json)
Hash identifier:          4wEBlvtDcIbUr8nJURCW5hxFDKfZQ6lvJenioQ3N3Z4=
Subject key identifier:   EC:46:93:B8:31:C5:7A:79:57:E0:EA:3B:AC:97:1F:45:69:8E:5B:43
Certificate issuer:       /CN=EB675F938C85021374CAB1E1AF5099319B110B07
Certificate serial:       3076
Authority key identifier: EB:67:5F:93:8C:85:02:13:74:CA:B1:E1:AF:50:99:31:9B:11:0B:07
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/7EaTuDHFenlX4Oo7rJcfRWmOW0M.roa
Signing time:             Mon 26 Aug 2024 05:29:28 +0000
ROA not before:           Mon 26 Aug 2024 05:29:28 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     38841
IP address blocks:        103.224.192.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 14:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12406 (0x3076)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=EB675F938C85021374CAB1E1AF5099319B110B07
        Validity
            Not Before: Aug 26 05:29:28 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=EC4693B831C57A7957E0EA3BAC971F45698E5B43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c5:52:52:22:2f:0f:5c:a4:35:31:cd:fd:8b:
                    22:4e:cd:bd:01:e7:23:3b:44:22:3a:55:b5:37:4f:
                    f2:dc:c0:14:84:ff:1c:90:92:58:8e:e9:5f:56:b3:
                    63:65:d8:ec:10:e5:f3:d2:1d:29:76:67:61:9f:b4:
                    6b:c9:3b:86:a4:f7:71:9f:94:00:d6:d3:f9:5d:d9:
                    15:85:c8:c8:fe:71:95:2a:d5:3e:2c:fb:89:2b:8f:
                    5d:aa:cb:cc:5a:0a:8b:d3:d5:3a:d6:78:fe:12:c4:
                    53:5f:c0:ae:b7:5b:36:d6:d7:cf:06:a8:62:22:ca:
                    66:d0:d8:35:f0:27:8d:24:76:f7:ed:a9:19:29:17:
                    c6:b8:8b:c1:26:50:fa:ca:57:a1:de:df:9b:31:ca:
                    6d:1c:cb:1e:8e:de:e1:ca:73:b3:0e:1d:e2:ea:bf:
                    28:4d:6a:76:22:3f:f1:b8:b7:6f:38:90:b4:55:e1:
                    de:3f:d2:d6:4e:d5:a9:30:ca:44:38:5e:95:7f:f1:
                    f5:8d:14:c2:9f:84:cd:da:67:bb:e0:5e:1b:70:ce:
                    cc:36:00:4d:3f:2a:2e:c0:79:b1:6f:30:8a:7c:1a:
                    de:5c:9d:9b:2d:a3:15:56:21:44:80:37:89:d4:4d:
                    9c:5c:61:6d:ff:e6:2f:14:ba:03:e2:b2:4c:73:44:
                    19:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:46:93:B8:31:C5:7A:79:57:E0:EA:3B:AC:97:1F:45:69:8E:5B:43
            X509v3 Authority Key Identifier:
                keyid:EB:67:5F:93:8C:85:02:13:74:CA:B1:E1:AF:50:99:31:9B:11:0B:07

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/7EaTuDHFenlX4Oo7rJcfRWmOW0M.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.224.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:43:d5:0b:2b:7b:49:e0:23:c8:de:3a:88:0a:22:f4:67:35:
         68:2c:6a:c4:22:a5:90:c9:48:92:a9:ed:2c:62:e0:87:53:92:
         33:2a:e3:6c:72:a0:b0:6d:ac:0a:dc:ab:e9:60:08:da:0c:a8:
         d8:63:2f:c6:58:43:0d:05:07:e6:74:24:bc:0e:a4:89:3f:fe:
         23:3a:14:9a:85:7d:4b:74:fc:ae:f7:21:4b:87:18:7e:07:77:
         39:e5:6a:4a:e2:a7:cd:f8:80:e7:e0:18:e3:7d:76:4d:9c:74:
         22:8d:00:b7:f3:22:81:57:82:e5:44:76:b9:15:43:aa:b3:4a:
         d7:4c:43:f3:94:0d:92:d3:16:8f:6c:0d:f3:5b:06:6c:94:ac:
         ce:97:f3:d1:99:a7:13:ed:86:53:6a:93:dc:83:b3:07:28:bc:
         79:14:a6:e9:9a:f1:ab:5f:61:70:cb:c0:ab:34:b0:e6:1e:ca:
         72:1a:e2:db:0b:55:fe:d1:20:56:ac:91:6c:f2:99:cc:a6:79:
         15:48:f0:e3:24:8b:ca:6c:28:01:fc:8c:6a:fa:52:5b:c5:b6:
         2d:f1:de:1a:63:03:f4:04:49:7f:62:d5:ca:3a:a4:ea:59:2a:
         4d:0c:7e:b7:9a:f1:8b:40:b6:09:cb:b0:3c:10:df:64:9b:c6:
         c8:47:b9:7a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICMHYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUI2
NzVGOTM4Qzg1MDIxMzc0Q0FCMUUxQUY1MDk5MzE5QjExMEIwNzAeFw0yNDA4MjYw
NTI5MjhaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKEVDNDY5M0I4MzFDNTdB
Nzk1N0UwRUEzQkFDOTcxRjQ1Njk4RTVCNDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCtxVJSIi8PXKQ1Mc39iyJOzb0B5yM7RCI6VbU3T/LcwBSE/xyQ
kliO6V9Ws2Nl2OwQ5fPSHSl2Z2GftGvJO4ak93GflADW0/ld2RWFyMj+cZUq1T4s
+4krj12qy8xaCovT1TrWeP4SxFNfwK63WzbW188GqGIiymbQ2DXwJ40kdvftqRkp
F8a4i8EmUPrKV6He35sxym0cyx6O3uHKc7MOHeLqvyhNanYiP/G4t284kLRV4d4/
0tZO1akwykQ4XpV/8fWNFMKfhM3aZ7vgXhtwzsw2AE0/Ki7AebFvMIp8Gt5cnZst
oxVWIUSAN4nUTZxcYW3/5i8UugPiskxzRBmLAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQU7EaTuDHFenlX4Oo7rJcfRWmOW0MwHwYDVR0jBBgwFoAU62dfk4yFAhN0yrHh
r1CZMZsRCwcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvVFVOR0hP
LzYyZGZrNHlGQWhOMHlySGhyMUNaTVpzUkN3Yy5jcmwwYAYIKwYBBQUHAQEEVDBS
MFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklD
Q0EvNjJkZms0eUZBaE4weXJIaHIxQ1pNWnNSQ3djLmNlcjAOBgNVHQ8BAf8EBAMC
B4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jwa2lj
YS50d25pYy50dy9ycGtpL1RXTklDQ0EvVFVOR0hPLzdFYVR1REhGZW5sWDRPbzdy
SmNmUldtT1cwTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50d25pYy50
dy9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJn
4MAwDQYJKoZIhvcNAQELBQADggEBAC9D1Qsre0ngI8jeOogKIvRnNWgsasQipZDJ
SJKp7Sxi4IdTkjMq42xyoLBtrArcq+lgCNoMqNhjL8ZYQw0FB+Z0JLwOpIk//iM6
FJqFfUt0/K73IUuHGH4Hdznlakrip834gOfgGON9dk2cdCKNALfzIoFXguVEdrkV
Q6qzStdMQ/OUDZLTFo9sDfNbBmyUrM6X89GZpxPthlNqk9yDswcovHkUpuma8atf
YXDLwKs0sOYeynIa4tsLVf7RIFaskWzymcymeRVI8OMki8psKAH8jGr6UlvFti3x
3hpjA/QESX9i1co6pOpZKk0Mfrea8YtAtgnLsDwQ32SbxshHuXo=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:06:55 2024 by rpki-client on console-fra.rpki-client.org