Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/yjvRL7MQHjS4wm4Ev8MwYPHDnYE.roa
File:                     yjvRL7MQHjS4wm4Ev8MwYPHDnYE.roa (raw, json)
Hash identifier:          6AFMSCTeTT0aLBi5E/wpxTChslX0o3GFCQadUFdLH0Y=
Subject key identifier:   CA:3B:D1:2F:B3:10:1E:34:B8:C2:6E:04:BF:C3:30:60:F1:C3:9D:81
Certificate issuer:       /CN=EB675F938C85021374CAB1E1AF5099319B110B07
Certificate serial:       302F
Authority key identifier: EB:67:5F:93:8C:85:02:13:74:CA:B1:E1:AF:50:99:31:9B:11:0B:07
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/yjvRL7MQHjS4wm4Ev8MwYPHDnYE.roa
Signing time:             Mon 26 Aug 2024 05:29:13 +0000
ROA not before:           Mon 26 Aug 2024 05:29:13 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     38841
IP address blocks:        123.195.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 14:39:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12335 (0x302f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=EB675F938C85021374CAB1E1AF5099319B110B07
        Validity
            Not Before: Aug 26 05:29:13 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=CA3BD12FB3101E34B8C26E04BFC33060F1C39D81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:93:fc:11:12:33:f0:f0:a6:9f:06:81:8e:c7:
                    6e:e7:b1:63:53:fd:ef:cb:58:7e:ad:5a:b1:17:fa:
                    ea:12:ab:6a:7b:07:72:62:89:da:86:b2:6c:16:d9:
                    9b:25:af:eb:1b:23:2d:7d:34:8c:1e:d4:d3:09:a3:
                    d0:d2:ad:63:d2:33:e2:fc:8b:66:82:74:56:ff:1c:
                    8a:85:ed:e2:1b:0b:4a:c6:13:dc:4f:1b:c0:ab:e0:
                    dd:56:77:ec:1c:0e:55:11:89:33:c1:3a:83:b9:a6:
                    a4:de:04:57:e0:7a:f6:d1:49:0b:25:0e:5f:58:32:
                    03:e4:8e:40:b8:f3:a3:d0:25:e9:9d:74:00:7c:95:
                    41:b3:a0:f1:93:9f:fa:a3:0f:be:14:90:8b:35:0e:
                    33:ca:44:3c:89:6b:28:16:90:0a:15:0d:05:35:a0:
                    65:19:4d:30:76:b6:29:ba:5c:62:bd:12:dd:02:23:
                    1c:95:cc:8d:3a:cb:d5:86:f4:86:ab:0f:51:94:31:
                    b8:a1:87:8a:a2:68:97:6b:a7:6d:84:ae:4a:73:71:
                    24:35:04:33:06:be:38:3a:4b:91:27:23:48:06:21:
                    1b:9e:23:8e:f4:a8:d6:63:19:5f:28:06:4e:39:9e:
                    02:35:08:3c:ed:6b:89:0f:fd:52:52:67:63:d8:29:
                    50:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:3B:D1:2F:B3:10:1E:34:B8:C2:6E:04:BF:C3:30:60:F1:C3:9D:81
            X509v3 Authority Key Identifier:
                keyid:EB:67:5F:93:8C:85:02:13:74:CA:B1:E1:AF:50:99:31:9B:11:0B:07

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/62dfk4yFAhN0yrHhr1CZMZsRCwc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/62dfk4yFAhN0yrHhr1CZMZsRCwc.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TUNGHO/yjvRL7MQHjS4wm4Ev8MwYPHDnYE.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.195.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:ea:d0:67:92:83:f5:25:ae:ce:9c:06:1e:4d:dd:85:fd:a2:
         63:79:29:ad:f8:ee:c4:b5:0b:fa:2f:62:01:d5:87:7c:43:b3:
         16:27:8e:e8:16:66:b9:e0:8f:75:a4:fa:9d:b1:80:5c:a7:c0:
         b0:9a:55:d1:f2:d8:01:24:85:5e:3e:94:ee:89:20:27:fc:be:
         90:45:5c:05:07:08:69:36:2b:36:44:a0:68:97:2e:ed:c7:f0:
         b9:26:1c:ef:44:0c:cc:d0:bf:6b:10:06:f9:62:46:8d:63:c1:
         9e:1e:8e:6a:64:34:cc:4a:87:b9:07:48:d0:53:be:d8:22:bd:
         b8:89:20:c8:5d:48:c1:a6:78:cb:8e:fb:51:1a:5a:52:5b:ab:
         28:eb:ea:b5:22:e4:74:33:19:a1:48:59:da:36:14:b2:7b:eb:
         e3:16:65:55:bc:c9:da:c4:9a:d2:41:0c:af:b1:18:9d:ed:f5:
         bf:92:81:e1:a0:28:78:db:b6:55:9b:d3:68:7d:b1:d7:62:04:
         c7:5f:e6:12:0b:44:64:04:3d:c0:39:11:bc:ba:2b:a0:e3:cd:
         3f:9f:35:68:53:d7:c1:db:0f:32:4a:6e:66:5c:4c:d1:44:6c:
         e6:e5:20:0a:c7:de:60:65:72:13:f5:bd:7d:54:8e:7e:3f:d5:
         82:ae:4c:e4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgICMC8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUI2
NzVGOTM4Qzg1MDIxMzc0Q0FCMUUxQUY1MDk5MzE5QjExMEIwNzAeFw0yNDA4MjYw
NTI5MTNaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKENBM0JEMTJGQjMxMDFF
MzRCOEMyNkUwNEJGQzMzMDYwRjFDMzlEODEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDZk/wREjPw8KafBoGOx27nsWNT/e/LWH6tWrEX+uoSq2p7B3Ji
idqGsmwW2Zslr+sbIy19NIwe1NMJo9DSrWPSM+L8i2aCdFb/HIqF7eIbC0rGE9xP
G8Cr4N1Wd+wcDlURiTPBOoO5pqTeBFfgevbRSQslDl9YMgPkjkC486PQJemddAB8
lUGzoPGTn/qjD74UkIs1DjPKRDyJaygWkAoVDQU1oGUZTTB2tim6XGK9Et0CIxyV
zI06y9WG9IarD1GUMbihh4qiaJdrp22ErkpzcSQ1BDMGvjg6S5EnI0gGIRueI470
qNZjGV8oBk45ngI1CDzta4kP/VJSZ2PYKVBrAgMBAAGjggHuMIIB6jAdBgNVHQ4E
FgQUyjvRL7MQHjS4wm4Ev8MwYPHDnYEwHwYDVR0jBBgwFoAU62dfk4yFAhN0yrHh
r1CZMZsRCwcwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvVFVOR0hP
LzYyZGZrNHlGQWhOMHlySGhyMUNaTVpzUkN3Yy5jcmwwYAYIKwYBBQUHAQEEVDBS
MFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklD
Q0EvNjJkZms0eUZBaE4weXJIaHIxQ1pNWnNSQ3djLmNlcjAOBgNVHQ8BAf8EBAMC
B4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jwa2lj
YS50d25pYy50dy9ycGtpL1RXTklDQ0EvVFVOR0hPL3lqdlJMN01RSGpTNHdtNEV2
OE13WVBIRG5ZRS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50d25pYy50
dy9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJ7
wzQwDQYJKoZIhvcNAQELBQADggEBACvq0GeSg/Ulrs6cBh5N3YX9omN5Ka347sS1
C/ovYgHVh3xDsxYnjugWZrngj3Wk+p2xgFynwLCaVdHy2AEkhV4+lO6JICf8vpBF
XAUHCGk2KzZEoGiXLu3H8LkmHO9EDMzQv2sQBvliRo1jwZ4ejmpkNMxKh7kHSNBT
vtgivbiJIMhdSMGmeMuO+1EaWlJbqyjr6rUi5HQzGaFIWdo2FLJ76+MWZVW8ydrE
mtJBDK+xGJ3t9b+SgeGgKHjbtlWb02h9sddiBMdf5hILRGQEPcA5Eby6K6DjzT+f
NWhT18HbDzJKbmZcTNFEbOblIArH3mBlchP1vX1Ujn4/1YKuTOQ=
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:06:59 2024 by rpki-client on console-fra.rpki-client.org