Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/NBP7pyGui1-BwUB4zl8b4ykQR34.roa
File:                     NBP7pyGui1-BwUB4zl8b4ykQR34.roa (raw, json)
Hash identifier:          iY21Blka01mNBMlGEXvig6VRSnvmlQunCrGvJKr9iZ4=
Subject key identifier:   34:13:FB:A7:21:AE:8B:5F:81:C1:40:78:CE:5F:1B:E3:29:10:47:7E
Certificate issuer:       /CN=EB675F938C85021374CAB1E1AF5099319B110B07
Certificate serial:       30D7
Authority key identifier: EB:67:5F:93:8C:85:02:13:74:CA:B1:E1:AF:50:99:31:9B:11:0B:07
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/NBP7pyGui1-BwUB4zl8b4ykQR34.roa
Signing time:             Mon 26 Aug 2024 05:29:52 +0000
ROA not before:           Mon 26 Aug 2024 05:29:52 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     38841
IP address blocks:        211.76.119.128/25 maxlen: 25

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 14:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12503 (0x30d7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=EB675F938C85021374CAB1E1AF5099319B110B07
        Validity
            Not Before: Aug 26 05:29:52 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=3413FBA721AE8B5F81C14078CE5F1BE32910477E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ef:e4:50:a7:52:36:a0:ad:14:a1:c7:75:ac:
                    4c:ef:a8:f3:36:ad:89:fb:f2:08:15:0b:b9:6a:9a:
                    a8:a9:01:27:f8:b7:be:45:66:c5:3d:d9:7d:00:d8:
                    ca:6e:80:20:8b:db:35:f3:30:0c:9c:4d:51:16:7a:
                    21:9f:de:ba:5d:5d:08:96:81:9d:74:1d:f9:d5:fd:
                    16:64:c9:cf:18:f1:5d:1c:bb:59:65:1c:23:4f:35:
                    ce:8d:94:60:2d:45:2c:31:27:f3:18:9b:20:7a:fd:
                    0d:71:27:53:f5:53:cc:44:12:1a:f4:29:9d:25:a2:
                    26:c4:cc:32:19:f5:51:56:8c:ce:79:a6:d1:8f:2d:
                    b1:f3:68:d7:7a:de:81:30:41:1e:b5:f3:1d:cd:84:
                    31:bb:36:3a:71:b8:8b:86:58:75:5b:35:1d:ed:15:
                    1d:5c:06:2f:9d:e6:a0:c0:03:73:03:90:88:5b:32:
                    07:01:66:14:62:57:a4:4b:a2:97:06:c3:3e:c6:d0:
                    b2:99:64:6e:9f:fd:10:95:a0:bd:b7:9b:09:c7:07:
                    a4:1b:6c:5f:68:11:74:e9:a0:11:98:f7:03:99:cc:
                    d9:6e:04:87:af:19:ac:da:6f:89:79:19:07:bb:80:
                    29:cd:b7:6b:a9:fa:37:48:b6:d3:58:19:2e:5b:f5:
                    b1:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:13:FB:A7:21:AE:8B:5F:81:C1:40:78:CE:5F:1B:E3:29:10:47:7E
            X509v3 Authority Key Identifier:
                keyid:EB:67:5F:93:8C:85:02:13:74:CA:B1:E1:AF:50:99:31:9B:11:0B:07

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/NBP7pyGui1-BwUB4zl8b4ykQR34.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  211.76.119.128/25

    Signature Algorithm: sha256WithRSAEncryption
         25:a2:3d:4a:1e:ec:62:2d:24:ac:40:6a:bd:01:43:4f:aa:19:
         2d:8f:4f:20:78:0a:cb:a6:f8:fb:a6:05:3c:ca:59:62:71:63:
         0c:93:94:fa:92:8f:b2:71:97:9a:c5:60:99:8c:4b:fb:43:9a:
         4f:a0:d7:89:ad:72:fa:be:34:42:59:e5:3a:4e:76:80:eb:9b:
         f0:22:ef:52:a7:b6:d2:4d:0f:80:d9:6b:9c:d5:e4:c4:cf:f5:
         92:4c:d1:9a:d6:36:6d:46:a0:0e:c1:c9:cf:06:b7:1a:b8:d6:
         42:28:97:21:be:28:06:44:55:64:12:13:9b:8f:43:36:d5:14:
         1a:41:6b:c7:65:0d:78:9d:f2:46:f3:16:e2:2b:31:4e:05:f0:
         fd:ed:9d:52:fd:a7:9e:12:eb:d9:c5:cf:3f:ef:8c:08:d2:62:
         95:bd:89:68:09:db:09:2c:c3:71:a5:af:a9:45:31:83:b6:8d:
         e0:1f:7f:bd:56:7b:25:c3:ba:4d:c7:a2:9a:83:06:fa:f7:59:
         39:38:d2:53:a7:03:2d:39:78:a3:e1:d2:a0:0c:b5:97:f1:8c:
         f4:a0:41:14:64:b6:11:f7:55:a9:29:f5:f1:41:40:08:20:9e:
         06:7c:74:fd:f6:5f:c7:07:a7:9f:41:50:d8:86:a7:c2:41:85:
         ed:04:5f:bf
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgICMNcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUI2
NzVGOTM4Qzg1MDIxMzc0Q0FCMUUxQUY1MDk5MzE5QjExMEIwNzAeFw0yNDA4MjYw
NTI5NTJaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDM0MTNGQkE3MjFBRThC
NUY4MUMxNDA3OENFNUYxQkUzMjkxMDQ3N0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC97+RQp1I2oK0Uocd1rEzvqPM2rYn78ggVC7lqmqipASf4t75F
ZsU92X0A2MpugCCL2zXzMAycTVEWeiGf3rpdXQiWgZ10HfnV/RZkyc8Y8V0cu1ll
HCNPNc6NlGAtRSwxJ/MYmyB6/Q1xJ1P1U8xEEhr0KZ0loibEzDIZ9VFWjM55ptGP
LbHzaNd63oEwQR618x3NhDG7NjpxuIuGWHVbNR3tFR1cBi+d5qDAA3MDkIhbMgcB
ZhRiV6RLopcGwz7G0LKZZG6f/RCVoL23mwnHB6QbbF9oEXTpoBGY9wOZzNluBIev
Gazab4l5GQe7gCnNt2up+jdIttNYGS5b9bHjAgMBAAGjggHvMIIB6zAdBgNVHQ4E
FgQUNBP7pyGui1+BwUB4zl8b4ykQR34wHwYDVR0jBBgwFoAU62dfk4yFAhN0yrHh
r1CZMZsRCwcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvVFVOR0hP
LzYyZGZrNHlGQWhOMHlySGhyMUNaTVpzUkN3Yy5jcmwwYAYIKwYBBQUHAQEEVDBS
MFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklD
Q0EvNjJkZms0eUZBaE4weXJIaHIxQ1pNWnNSQ3djLmNlcjAOBgNVHQ8BAf8EBAMC
B4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jwa2lj
YS50d25pYy50dy9ycGtpL1RXTklDQ0EvVFVOR0hPL05CUDdweUd1aTEtQndVQjR6
bDhiNHlrUVIzNC5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50d25pYy50
dy9ycmRwL25vdGlmeS54bWwwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgABMAcDBQfT
THeAMA0GCSqGSIb3DQEBCwUAA4IBAQAloj1KHuxiLSSsQGq9AUNPqhktj08geArL
pvj7pgU8yllicWMMk5T6ko+ycZeaxWCZjEv7Q5pPoNeJrXL6vjRCWeU6TnaA65vw
Iu9Sp7bSTQ+A2Wuc1eTEz/WSTNGa1jZtRqAOwcnPBrcauNZCKJchvigGRFVkEhOb
j0M21RQaQWvHZQ14nfJG8xbiKzFOBfD97Z1S/aeeEuvZxc8/74wI0mKVvYloCdsJ
LMNxpa+pRTGDto3gH3+9Vnslw7pNx6Kagwb691k5ONJTpwMtOXij4dKgDLWX8Yz0
oEEUZLYR91WpKfXxQUAIIJ4GfHT99l/HB6efQVDYhqfCQYXtBF+/
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:15:37 2024 by rpki-client on console-ams.rpki-client.org