Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/hBmXsPAdvQJZodvEiNeSXyfqyhM.roa
File:                     hBmXsPAdvQJZodvEiNeSXyfqyhM.roa (raw, json)
Hash identifier:          2irILe8yPoofVuoRvRX/po4slXG2b/nM2zVvbeiMxVg=
Subject key identifier:   84:19:97:B0:F0:1D:BD:02:59:A1:DB:C4:88:D7:92:5F:27:EA:CA:13
Certificate issuer:       /CN=EB675F938C85021374CAB1E1AF5099319B110B07
Certificate serial:       30BA
Authority key identifier: EB:67:5F:93:8C:85:02:13:74:CA:B1:E1:AF:50:99:31:9B:11:0B:07
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/hBmXsPAdvQJZodvEiNeSXyfqyhM.roa
Signing time:             Mon 26 Aug 2024 05:29:46 +0000
ROA not before:           Mon 26 Aug 2024 05:29:46 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     38841
IP address blocks:        180.177.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:24:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12474 (0x30ba)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=EB675F938C85021374CAB1E1AF5099319B110B07
        Validity
            Not Before: Aug 26 05:29:46 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=841997B0F01DBD0259A1DBC488D7925F27EACA13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ce:87:dd:c9:33:4c:5e:a7:79:80:0b:4f:1a:
                    81:e7:7e:3d:f1:f9:bf:76:22:36:8a:46:37:07:6d:
                    58:a8:cc:e6:c2:3b:b0:a7:eb:9c:67:43:a1:c8:ec:
                    2d:42:90:85:65:50:fb:97:e1:8e:8b:a3:2c:a6:ef:
                    4e:74:13:9e:8f:44:60:ea:82:c8:72:a4:50:96:fa:
                    5e:38:aa:b6:f8:bb:b9:89:ac:ea:fc:80:a5:cd:d9:
                    59:a4:e3:4d:61:06:95:54:b1:f0:f9:ca:c3:08:d7:
                    d7:c2:55:06:a0:46:64:fb:17:fd:33:61:f5:70:a6:
                    de:45:54:2a:30:8c:ed:92:72:35:c0:05:8c:2e:a4:
                    b8:0b:08:75:19:62:5d:3f:50:4e:5c:10:70:12:fc:
                    dd:c1:92:a1:a3:3e:f8:b7:d7:8a:6f:05:89:db:33:
                    76:a8:6d:bc:02:d1:5a:87:6a:66:20:af:9f:80:02:
                    5a:a4:ca:3b:14:ee:33:31:f4:b4:7a:68:3b:65:9e:
                    a2:e7:b4:b7:ff:34:98:e0:70:a1:9c:32:fc:73:dd:
                    59:1d:4b:8d:6c:4e:77:43:82:89:4e:73:d8:cc:79:
                    45:5b:d0:69:7f:1d:97:50:9c:3a:fb:ba:2f:12:45:
                    c7:8c:3c:42:4f:57:4e:00:f3:c9:21:24:89:bf:8a:
                    b8:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:19:97:B0:F0:1D:BD:02:59:A1:DB:C4:88:D7:92:5F:27:EA:CA:13
            X509v3 Authority Key Identifier:
                keyid:EB:67:5F:93:8C:85:02:13:74:CA:B1:E1:AF:50:99:31:9B:11:0B:07

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/hBmXsPAdvQJZodvEiNeSXyfqyhM.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  180.177.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:91:71:b9:ed:b0:3b:c4:1c:52:89:83:eb:f8:67:31:47:98:
         2f:f9:44:b0:54:94:97:d3:90:6b:fa:3a:0e:f9:e6:f2:12:14:
         a5:d8:cf:0e:7e:23:63:36:67:d7:0e:14:94:6f:ba:12:d7:17:
         42:8d:a8:bb:25:2a:90:2b:ce:5e:af:e6:c6:cb:43:2a:b7:12:
         d4:54:cb:00:ea:13:2e:54:ab:44:85:15:7c:6c:cb:84:6c:41:
         4b:bd:7f:09:5c:e9:d1:03:99:3a:d1:b2:f4:a5:c6:17:c3:83:
         fb:33:b7:50:73:ed:2a:ca:73:cb:6f:da:06:2b:8f:98:76:1b:
         44:65:39:c9:13:78:61:7b:5a:c0:95:2c:2b:73:b9:2e:66:d1:
         0a:99:39:9a:68:b5:52:3c:4b:3e:4d:d2:d3:1b:d7:c9:19:33:
         3e:8e:e0:8e:f7:6a:1a:e2:45:10:ce:10:83:d7:b3:99:f8:a2:
         b1:4e:d7:26:31:53:a3:1c:aa:d9:af:99:dc:d3:3a:90:3e:4b:
         95:50:94:24:e5:2d:49:cb:94:58:d3:0b:5b:ab:2e:54:13:1c:
         3f:b1:7b:b1:05:43:27:83:53:99:30:50:86:b7:99:65:82:6b:
         88:53:ae:bc:d2:89:c8:1d:8e:7a:6f:eb:9f:cc:58:68:f3:6d:
         e7:a9:ce:5b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICMLowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUI2
NzVGOTM4Qzg1MDIxMzc0Q0FCMUUxQUY1MDk5MzE5QjExMEIwNzAeFw0yNDA4MjYw
NTI5NDZaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKDg0MTk5N0IwRjAxREJE
MDI1OUExREJDNDg4RDc5MjVGMjdFQUNBMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC5zofdyTNMXqd5gAtPGoHnfj3x+b92IjaKRjcHbViozObCO7Cn
65xnQ6HI7C1CkIVlUPuX4Y6Loyym7050E56PRGDqgshypFCW+l44qrb4u7mJrOr8
gKXN2Vmk401hBpVUsfD5ysMI19fCVQagRmT7F/0zYfVwpt5FVCowjO2ScjXABYwu
pLgLCHUZYl0/UE5cEHAS/N3BkqGjPvi314pvBYnbM3aobbwC0VqHamYgr5+AAlqk
yjsU7jMx9LR6aDtlnqLntLf/NJjgcKGcMvxz3VkdS41sTndDgolOc9jMeUVb0Gl/
HZdQnDr7ui8SRceMPEJPV04A88khJIm/irhjAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUhBmXsPAdvQJZodvEiNeSXyfqyhMwHwYDVR0jBBgwFoAU62dfk4yFAhN0yrHh
r1CZMZsRCwcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvVFVOR0hP
LzYyZGZrNHlGQWhOMHlySGhyMUNaTVpzUkN3Yy5jcmwwYAYIKwYBBQUHAQEEVDBS
MFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklD
Q0EvNjJkZms0eUZBaE4weXJIaHIxQ1pNWnNSQ3djLmNlcjAOBgNVHQ8BAf8EBAMC
B4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jwa2lj
YS50d25pYy50dy9ycGtpL1RXTklDQ0EvVFVOR0hPL2hCbVhzUEFkdlFKWm9kdkVp
TmVTWHlmcXloTS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50d25pYy50
dy9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAK0
sdQwDQYJKoZIhvcNAQELBQADggEBAJ6RcbntsDvEHFKJg+v4ZzFHmC/5RLBUlJfT
kGv6Og755vISFKXYzw5+I2M2Z9cOFJRvuhLXF0KNqLslKpArzl6v5sbLQyq3EtRU
ywDqEy5Uq0SFFXxsy4RsQUu9fwlc6dEDmTrRsvSlxhfDg/szt1Bz7SrKc8tv2gYr
j5h2G0RlOckTeGF7WsCVLCtzuS5m0QqZOZpotVI8Sz5N0tMb18kZMz6O4I73ahri
RRDOEIPXs5n4orFO1yYxU6McqtmvmdzTOpA+S5VQlCTlLUnLlFjTC1urLlQTHD+x
e7EFQyeDU5kwUIa3mWWCa4hTrrzSicgdjnpv65/MWGjzbeepzls=
-----END CERTIFICATE-----
Generated at Mon Nov 25 17:14:21 2024 by rpki-client on console-ams.rpki-client.org