Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/bxVhVzfZzZUlq4wf60iuAGI8tGw.roa
File:                     bxVhVzfZzZUlq4wf60iuAGI8tGw.roa (raw, json)
Hash identifier:          NtXQKWT2vZBZsDtDX2/rznlkbsxhhxDmJQIplcpG1eU=
Subject key identifier:   6F:15:61:57:37:D9:CD:95:25:AB:8C:1F:EB:48:AE:00:62:3C:B4:6C
Certificate issuer:       /CN=EB675F938C85021374CAB1E1AF5099319B110B07
Certificate serial:       2FF3
Authority key identifier: EB:67:5F:93:8C:85:02:13:74:CA:B1:E1:AF:50:99:31:9B:11:0B:07
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/bxVhVzfZzZUlq4wf60iuAGI8tGw.roa
Signing time:             Mon 26 Aug 2024 05:29:00 +0000
ROA not before:           Mon 26 Aug 2024 05:29:00 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     38841
IP address blocks:        118.232.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 14:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12275 (0x2ff3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=EB675F938C85021374CAB1E1AF5099319B110B07
        Validity
            Not Before: Aug 26 05:29:00 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=6F15615737D9CD9525AB8C1FEB48AE00623CB46C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:34:0c:33:22:3f:5f:4b:21:b1:b3:a9:84:75:
                    d1:fd:dc:35:36:2d:22:dd:64:fa:df:40:d3:7b:f4:
                    08:38:07:69:8f:77:2a:6e:58:dd:0f:46:8b:32:37:
                    40:b5:6b:1f:30:8f:73:e9:93:ce:d4:13:e4:28:be:
                    79:8e:c1:6f:ec:44:86:12:b0:f0:06:99:bc:56:4e:
                    32:cb:d3:e2:46:90:b3:f9:bc:d9:5b:58:f2:08:ee:
                    60:f5:3c:a1:22:b5:e3:bc:b4:3b:ac:2c:75:15:dc:
                    92:80:17:be:6c:1c:0a:3d:1d:9c:de:8c:1b:f2:d8:
                    15:8f:c2:9a:ea:66:65:df:2d:35:5f:e7:63:b0:c1:
                    ce:57:70:f1:a3:df:ef:f0:56:48:51:a9:27:2a:f1:
                    ff:fc:82:4e:65:44:c8:99:11:3e:4d:50:90:c2:89:
                    18:12:7a:64:c9:cf:dc:f5:05:83:60:c9:96:5e:e3:
                    0f:96:bc:78:2b:81:7c:45:82:ff:13:13:b2:93:d7:
                    dd:86:cf:4b:b8:f2:3f:e1:c1:a7:2d:24:ee:74:21:
                    ab:ea:4f:cf:02:5d:94:b8:24:b6:3c:89:7b:f7:e0:
                    6f:7b:c6:ef:b0:72:d6:e8:e5:c4:e6:dc:f4:00:af:
                    28:2d:89:fa:d8:d0:c0:61:ef:6e:68:d5:6e:4c:ed:
                    17:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:15:61:57:37:D9:CD:95:25:AB:8C:1F:EB:48:AE:00:62:3C:B4:6C
            X509v3 Authority Key Identifier:
                keyid:EB:67:5F:93:8C:85:02:13:74:CA:B1:E1:AF:50:99:31:9B:11:0B:07

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/bxVhVzfZzZUlq4wf60iuAGI8tGw.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  118.232.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:a5:db:7d:30:5d:ef:4b:e9:69:94:c8:2c:2b:7a:fb:85:be:
         3b:24:01:54:58:45:84:d3:21:1f:fe:a0:f0:63:51:ab:c1:70:
         cd:f8:e5:ac:13:3c:68:d5:42:d0:61:a2:71:f7:12:e0:70:9c:
         94:82:34:a9:ee:c3:56:5a:cd:4c:96:c3:02:52:8c:43:42:3f:
         d2:36:50:7b:95:40:cf:29:2e:bb:58:e9:96:13:13:df:7b:ac:
         7b:b2:e3:8b:b1:32:68:09:a9:f6:aa:e9:3f:dc:74:52:fd:fb:
         78:51:19:4c:ee:98:38:1c:09:49:37:20:9b:79:d7:b5:b3:62:
         ac:2b:dd:2e:bb:1b:a9:08:0f:63:eb:49:80:b6:d8:c8:dc:f7:
         07:ac:2b:46:95:3f:eb:5a:eb:89:86:b5:0f:f1:e2:5e:60:9f:
         04:2d:be:d5:90:e6:8e:e3:94:0a:b9:c0:c8:d6:1a:c7:26:1c:
         a7:d6:6f:ef:d1:f5:bf:d1:1c:0d:8b:a2:c1:9f:87:4d:b7:de:
         4a:ff:75:64:95:0e:ba:17:76:3d:dc:60:8b:f3:5f:20:5a:a3:
         0a:79:4b:df:5f:8b:05:26:ff:ea:0a:78:fe:fb:07:cf:a3:f4:
         bd:90:bc:51:86:ac:32:f8:b7:3d:4b:20:e3:08:9e:96:0c:a7:
         bb:9b:ff:32
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICL/MwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUI2
NzVGOTM4Qzg1MDIxMzc0Q0FCMUUxQUY1MDk5MzE5QjExMEIwNzAeFw0yNDA4MjYw
NTI5MDBaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDZGMTU2MTU3MzdEOUNE
OTUyNUFCOEMxRkVCNDhBRTAwNjIzQ0I0NkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCwNAwzIj9fSyGxs6mEddH93DU2LSLdZPrfQNN79Ag4B2mPdypu
WN0PRosyN0C1ax8wj3Ppk87UE+QovnmOwW/sRIYSsPAGmbxWTjLL0+JGkLP5vNlb
WPII7mD1PKEiteO8tDusLHUV3JKAF75sHAo9HZzejBvy2BWPwprqZmXfLTVf52Ow
wc5XcPGj3+/wVkhRqScq8f/8gk5lRMiZET5NUJDCiRgSemTJz9z1BYNgyZZe4w+W
vHgrgXxFgv8TE7KT192Gz0u48j/hwactJO50IavqT88CXZS4JLY8iXv34G97xu+w
ctbo5cTm3PQArygtifrY0MBh725o1W5M7RftAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUbxVhVzfZzZUlq4wf60iuAGI8tGwwHwYDVR0jBBgwFoAU62dfk4yFAhN0yrHh
r1CZMZsRCwcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvVFVOR0hP
LzYyZGZrNHlGQWhOMHlySGhyMUNaTVpzUkN3Yy5jcmwwYAYIKwYBBQUHAQEEVDBS
MFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklD
Q0EvNjJkZms0eUZBaE4weXJIaHIxQ1pNWnNSQ3djLmNlcjAOBgNVHQ8BAf8EBAMC
B4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jwa2lj
YS50d25pYy50dy9ycGtpL1RXTklDQ0EvVFVOR0hPL2J4VmhWemZaelpVbHE0d2Y2
MGl1QUdJOHRHdy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50d25pYy50
dy9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJ2
6HwwDQYJKoZIhvcNAQELBQADggEBAKSl230wXe9L6WmUyCwrevuFvjskAVRYRYTT
IR/+oPBjUavBcM345awTPGjVQtBhonH3EuBwnJSCNKnuw1ZazUyWwwJSjENCP9I2
UHuVQM8pLrtY6ZYTE997rHuy44uxMmgJqfaq6T/cdFL9+3hRGUzumDgcCUk3IJt5
17WzYqwr3S67G6kID2PrSYC22Mjc9wesK0aVP+ta64mGtQ/x4l5gnwQtvtWQ5o7j
lAq5wMjWGscmHKfWb+/R9b/RHA2LosGfh0233kr/dWSVDroXdj3cYIvzXyBaowp5
S99fiwUm/+oKeP77B8+j9L2QvFGGrDL4tz1LIOMInpYMp7ub/zI=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:06:57 2024 by rpki-client on console-fra.rpki-client.org