Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/WEBTAIWAN/tHS_xwEGWbnOGoosOG2nqX6E13k.roa
File:                     tHS_xwEGWbnOGoosOG2nqX6E13k.roa (raw, json)
Hash identifier:          P80Brz0p6CzZEG+PDkAi/+pSLkI6jDahldSW0itvWDg=
Subject key identifier:   B4:74:BF:C7:01:06:59:B9:CE:1A:8A:2C:38:6D:A7:A9:7E:84:D7:79
Certificate issuer:       /CN=FF7ECDB6202FFC2C34DF7BCD71A1C08885382FB7
Certificate serial:       0D9C
Authority key identifier: FF:7E:CD:B6:20:2F:FC:2C:34:DF:7B:CD:71:A1:C0:88:85:38:2F:B7
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/_37NtiAv_Cw033vNcaHAiIU4L7c.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/WEBTAIWAN/tHS_xwEGWbnOGoosOG2nqX6E13k.roa
Signing time:             Wed 18 Sep 2024 04:54:17 +0000
ROA not before:           Wed 18 Sep 2024 04:54:17 +0000
ROA not after:            Tue 26 Aug 2025 01:57:03 +0000
asID:                     24168
IP address blocks:        103.30.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/WEBTAIWAN/_37NtiAv_Cw033vNcaHAiIU4L7c.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/WEBTAIWAN/_37NtiAv_Cw033vNcaHAiIU4L7c.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/_37NtiAv_Cw033vNcaHAiIU4L7c.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Nov 2024 20:24:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3484 (0xd9c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=FF7ECDB6202FFC2C34DF7BCD71A1C08885382FB7
        Validity
            Not Before: Sep 18 04:54:17 2024 GMT
            Not After : Aug 26 01:57:03 2025 GMT
        Subject: CN=B474BFC7010659B9CE1A8A2C386DA7A97E84D779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d6:7e:88:51:ed:50:1c:4c:70:56:66:8f:84:
                    87:32:5a:91:31:ff:b6:23:27:ff:4e:0a:1a:a9:d5:
                    6a:94:7c:94:5d:a4:88:f3:8f:5d:07:7f:9e:04:ba:
                    55:8d:71:70:df:f6:ca:e1:ba:fe:67:10:db:dc:5b:
                    9d:26:55:3d:ac:30:5c:a1:cc:1d:5c:36:c0:e9:d8:
                    be:5d:00:11:2a:49:cb:71:e4:fb:23:0e:97:73:54:
                    a7:c6:1e:a3:6b:17:56:a0:08:10:56:80:25:78:50:
                    5e:84:57:83:dc:79:a5:f5:9f:c1:99:63:6a:de:ab:
                    92:95:41:ce:73:9a:eb:d9:d4:ae:db:3f:76:76:27:
                    f2:cf:ca:bd:57:2e:b0:9a:2e:46:39:49:02:08:bf:
                    b9:f9:ab:c9:80:d7:c3:67:81:c8:2f:c6:26:06:5b:
                    5c:a0:d7:9d:b7:6a:c4:d4:e1:34:c2:1d:bf:db:82:
                    9f:71:f4:a6:5d:95:ff:fc:20:de:a5:01:27:8d:dc:
                    0c:f0:3b:9f:29:f2:33:aa:6c:15:f1:63:a7:cc:a8:
                    6f:60:99:67:f5:54:70:59:2b:8f:71:2d:dc:d9:f1:
                    3d:32:09:cb:e4:29:45:76:e9:38:4f:81:de:58:15:
                    52:d6:27:a4:4a:d9:f1:17:51:12:56:2b:40:d1:89:
                    ff:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:74:BF:C7:01:06:59:B9:CE:1A:8A:2C:38:6D:A7:A9:7E:84:D7:79
            X509v3 Authority Key Identifier:
                keyid:FF:7E:CD:B6:20:2F:FC:2C:34:DF:7B:CD:71:A1:C0:88:85:38:2F:B7

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/WEBTAIWAN/_37NtiAv_Cw033vNcaHAiIU4L7c.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/_37NtiAv_Cw033vNcaHAiIU4L7c.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/WEBTAIWAN/tHS_xwEGWbnOGoosOG2nqX6E13k.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.30.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:4b:d5:58:43:7c:73:d7:49:96:76:92:fa:08:b4:31:a6:52:
         30:a4:a4:22:22:33:55:b5:4a:65:34:5c:53:79:8d:58:aa:24:
         0c:88:53:15:aa:47:22:00:71:30:61:88:9e:4b:d1:a4:1f:2e:
         d5:d1:1f:bb:42:69:ff:e3:d3:55:bc:b8:16:1c:14:cd:61:52:
         ba:5e:19:71:94:f6:48:64:33:a8:ac:7b:e4:80:e5:bd:58:f0:
         49:c2:93:c0:54:c3:d7:d8:a2:1d:5d:17:fb:35:00:6a:63:4b:
         a1:fd:fb:41:4e:64:26:11:ae:fb:50:56:d1:0c:3a:a3:46:d5:
         ea:a8:81:0c:b6:3c:80:9a:f3:aa:24:73:1a:45:a1:99:3f:c9:
         49:12:1e:5c:bd:85:03:33:8e:97:f7:4d:b2:c5:e2:16:22:6b:
         36:90:3f:2e:ee:c1:05:82:ab:43:fc:65:8a:cc:25:e4:bd:ac:
         37:e7:3c:5c:6e:88:fd:96:fe:04:05:d2:a4:20:f9:cd:3e:c7:
         3c:7b:2f:7c:47:1c:ef:9c:93:cb:3c:6d:80:2d:ce:f3:4f:f9:
         e4:ae:89:e4:22:56:89:2f:b7:5a:a1:45:0c:17:de:fe:d6:38:
         32:1e:b0:4e:84:b7:a4:ff:01:86:3a:b6:5f:82:11:8b:35:24:
         50:a6:b2:71
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICDZwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRkY3
RUNEQjYyMDJGRkMyQzM0REY3QkNENzFBMUMwODg4NTM4MkZCNzAeFw0yNDA5MTgw
NDU0MTdaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKEI0NzRCRkM3MDEwNjU5
QjlDRTFBOEEyQzM4NkRBN0E5N0U4NEQ3NzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCW1n6IUe1QHExwVmaPhIcyWpEx/7YjJ/9OChqp1WqUfJRdpIjz
j10Hf54EulWNcXDf9srhuv5nENvcW50mVT2sMFyhzB1cNsDp2L5dABEqSctx5Psj
DpdzVKfGHqNrF1agCBBWgCV4UF6EV4PceaX1n8GZY2req5KVQc5zmuvZ1K7bP3Z2
J/LPyr1XLrCaLkY5SQIIv7n5q8mA18NngcgvxiYGW1yg1523asTU4TTCHb/bgp9x
9KZdlf/8IN6lASeN3AzwO58p8jOqbBXxY6fMqG9gmWf1VHBZK49xLdzZ8T0yCcvk
KUV26ThPgd5YFVLWJ6RK2fEXURJWK0DRif/PAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUtHS/xwEGWbnOGoosOG2nqX6E13kwHwYDVR0jBBgwFoAU/37NtiAv/Cw033vN
caHAiIU4L7cwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBfBgNVHR8EWDBWMFSg
UqBQhk5yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvV0VCVEFJ
V0FOL18zN050aUF2X0N3MDMzdk5jYUhBaUlVNEw3Yy5jcmwwYAYIKwYBBQUHAQEE
VDBSMFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RX
TklDQ0EvXzM3TnRpQXZfQ3cwMzN2TmNhSEFpSVU0TDdjLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZ8GCCsGAQUFBwELBIGSMIGPMFoGCCsGAQUFBzALhk5yc3luYzovL3Jw
a2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvV0VCVEFJV0FOL3RIU194d0VHV2Ju
T0dvb3NPRzJucVg2RTEzay5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50
d25pYy50dy9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABnHi0wDQYJKoZIhvcNAQELBQADggEBABdL1VhDfHPXSZZ2kvoItDGmUjCk
pCIiM1W1SmU0XFN5jViqJAyIUxWqRyIAcTBhiJ5L0aQfLtXRH7tCaf/j01W8uBYc
FM1hUrpeGXGU9khkM6ise+SA5b1Y8EnCk8BUw9fYoh1dF/s1AGpjS6H9+0FOZCYR
rvtQVtEMOqNG1eqogQy2PICa86okcxpFoZk/yUkSHly9hQMzjpf3TbLF4hYiazaQ
Py7uwQWCq0P8ZYrMJeS9rDfnPFxuiP2W/gQF0qQg+c0+xzx7L3xHHO+ck8s8bYAt
zvNP+eSuieQiVokvt1qhRQwX3v7WODIesE6Et6T/AYY6tl+CEYs1JFCmsnE=
-----END CERTIFICATE-----
Generated at Mon Nov 25 16:43:56 2024 by rpki-client on console-fra.rpki-client.org