Route Origin Authorization
$ rpki-client -vvf rpkica.twnic.tw/rpki/NCIC/0/AS9919.roa
File: AS9919.roa (raw, json)
Hash identifier: JwfQn1hUSvt65Led9JO3jmgx3jNJ4soXXV2HBjCYjzg=
Subject key identifier: 2A:DB:99:C7:73:D9:BD:D8:54:42:15:E2:BB:E9:34:B7:C5:FD:54:4B
Certificate issuer: /CN=CCF85F9A124EB315FA6F5A1B38237B2CB474E7FB
Certificate serial: 03A0C781FBC76F0AB8B678B9F58692D30C821402
Authority key identifier: CC:F8:5F:9A:12:4E:B3:15:FA:6F:5A:1B:38:23:7B:2C:B4:74:E7:FB
Authority info access: rsync://rpkica.twnic.tw/rpki/TWNICCA/1/CCF85F9A124EB315FA6F5A1B38237B2CB474E7FB.cer
Subject info access: rsync://rpkica.twnic.tw/rpki/NCIC/0/AS9919.roa
Signing time: Tue 12 May 2026 01:49:02 +0000
ROA not before: Tue 12 May 2026 01:44:02 +0000
ROA not after: Tue 11 May 2027 01:49:02 +0000
asID: 9919
IP address blocks: 42.0.64.0/18 maxlen: 24
45.64.228.0/22 maxlen: 24
59.104.0.0/15 maxlen: 24
60.245.64.0/19 maxlen: 24
60.245.96.0/19 maxlen: 24
61.56.192.0/19 maxlen: 24
61.56.224.0/19 maxlen: 24
61.59.0.0/16 maxlen: 24
61.61.0.0/17 maxlen: 24
61.61.48.0/24 maxlen: 24
61.61.128.0/18 maxlen: 24
61.66.0.0/16 maxlen: 24
103.234.40.0/22 maxlen: 24
106.104.0.0/14 maxlen: 24
106.105.32.0/19 maxlen: 24
106.105.48.0/20 maxlen: 24
106.106.197.0/24 maxlen: 24
106.106.220.0/22 maxlen: 24
106.106.236.0/24 maxlen: 24
112.104.0.0/15 maxlen: 24
113.196.0.0/16 maxlen: 24
113.196.0.0/17 maxlen: 24
113.196.128.0/17 maxlen: 24
113.196.128.0/20 maxlen: 24
113.196.152.0/21 maxlen: 24
113.196.160.0/19 maxlen: 24
113.196.192.0/18 maxlen: 24
115.30.64.0/18 maxlen: 24
122.146.0.0/15 maxlen: 24
122.146.0.0/18 maxlen: 24
122.146.64.0/18 maxlen: 24
122.146.64.0/19 maxlen: 24
122.146.96.0/19 maxlen: 24
122.146.96.0/21 maxlen: 24
122.146.104.0/22 maxlen: 24
122.146.110.0/23 maxlen: 24
122.146.112.0/20 maxlen: 24
122.146.128.0/17 maxlen: 24
122.147.0.0/16 maxlen: 24
122.147.0.0/20 maxlen: 24
122.147.24.0/21 maxlen: 24
122.147.32.0/19 maxlen: 24
122.147.64.0/18 maxlen: 24
122.147.128.0/19 maxlen: 24
122.147.166.0/23 maxlen: 24
122.147.168.0/21 maxlen: 24
122.147.176.0/20 maxlen: 24
122.147.192.0/18 maxlen: 24
123.51.128.0/17 maxlen: 24
123.204.0.0/15 maxlen: 24
123.204.0.0/16 maxlen: 24
123.205.0.0/16 maxlen: 24
175.180.0.0/14 maxlen: 24
175.180.0.0/16 maxlen: 24
175.182.77.0/24 maxlen: 24
175.183.137.0/24 maxlen: 24
175.183.138.0/23 maxlen: 24
203.67.0.0/16 maxlen: 24
203.70.0.0/16 maxlen: 24
203.73.0.0/16 maxlen: 24
203.190.16.0/21 maxlen: 24
210.64.0.0/16 maxlen: 24
210.66.0.0/16 maxlen: 24
210.68.0.0/16 maxlen: 24
210.243.128.0/17 maxlen: 24
210.244.0.0/17 maxlen: 24
211.74.0.0/16 maxlen: 24
211.74.0.0/17 maxlen: 24
211.74.128.0/17 maxlen: 24
211.78.0.0/18 maxlen: 24
211.78.128.0/19 maxlen: 24
211.78.160.0/19 maxlen: 24
218.32.0.0/16 maxlen: 24
218.210.0.0/15 maxlen: 24
218.210.0.0/16 maxlen: 24
218.210.0.0/19 maxlen: 24
218.210.48.0/20 maxlen: 24
218.210.64.0/18 maxlen: 24
218.210.128.0/17 maxlen: 24
218.211.0.0/16 maxlen: 24
220.228.0.0/15 maxlen: 24
220.228.0.0/16 maxlen: 24
220.229.0.0/16 maxlen: 24
220.229.0.0/18 maxlen: 24
220.229.64.0/24 maxlen: 24
220.229.72.0/21 maxlen: 24
220.229.80.0/20 maxlen: 24
220.229.96.0/19 maxlen: 24
220.229.128.0/17 maxlen: 24
221.169.0.0/16 maxlen: 24
2401:8000::/26 maxlen: 48
2401:a040::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpkica.twnic.tw/rpki/NCIC/0/CCF85F9A124EB315FA6F5A1B38237B2CB474E7FB.crl
rsync://rpkica.twnic.tw/rpki/NCIC/0/CCF85F9A124EB315FA6F5A1B38237B2CB474E7FB.mft
rsync://rpkica.twnic.tw/rpki/TWNICCA/1/CCF85F9A124EB315FA6F5A1B38237B2CB474E7FB.cer
rsync://rpkica.twnic.tw/rpki/TWNICCA/1/DA632505767413A1409A3E33B99D256CDFB1901D.crl
rsync://rpkica.twnic.tw/rpki/TWNICCA/1/DA632505767413A1409A3E33B99D256CDFB1901D.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2mMlBXZ0E6FAmj4zuZ0lbN-xkB0.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Wed 13 May 2026 02:30:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:a0:c7:81:fb:c7:6f:0a:b8:b6:78:b9:f5:86:92:d3:0c:82:14:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=CCF85F9A124EB315FA6F5A1B38237B2CB474E7FB
Validity
Not Before: May 12 01:44:02 2026 GMT
Not After : May 11 01:49:02 2027 GMT
Subject: CN=2ADB99C773D9BDD8544215E2BBE934B7C5FD544B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:49:17:2f:6c:ab:1f:dd:96:3b:44:53:30:19:
d0:60:87:4b:75:80:8a:2a:89:28:07:a2:1d:b6:c7:
24:30:89:28:3e:d6:2c:df:0d:98:e8:35:ed:be:11:
1e:0d:6a:10:b9:78:ed:b2:e6:d4:31:88:f5:b6:3c:
50:80:9d:f8:98:49:34:10:f1:03:7c:56:f4:1d:df:
15:43:2f:a2:b1:b5:08:17:ba:1a:fb:fe:82:d5:21:
20:48:46:27:db:96:3f:09:22:cb:54:47:1c:a3:2e:
ae:72:32:f3:7b:a6:79:43:ba:87:6a:b4:be:97:09:
37:9b:35:fa:00:3b:80:6d:51:9d:31:72:d1:8d:6e:
c2:a5:6a:67:d2:d8:3f:d9:69:e4:88:37:07:82:d2:
c2:e2:6e:bc:18:69:56:23:df:5d:9e:76:3a:00:70:
e9:9c:ee:27:5d:d8:cb:a3:42:13:eb:fc:b1:a1:4d:
95:e7:8e:0a:4e:41:8b:88:bf:14:3a:26:9a:96:c3:
92:97:2c:35:0e:2c:b4:2c:a3:82:23:9a:2c:d2:63:
64:36:f8:23:f7:63:af:cb:af:a1:b3:37:94:5b:96:
cc:ee:65:cc:de:e4:3d:9a:0d:03:03:fc:46:69:3f:
43:f6:15:2c:ca:b2:8c:28:82:eb:18:d5:98:f4:ae:
f6:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:DB:99:C7:73:D9:BD:D8:54:42:15:E2:BB:E9:34:B7:C5:FD:54:4B
X509v3 Authority Key Identifier:
keyid:CC:F8:5F:9A:12:4E:B3:15:FA:6F:5A:1B:38:23:7B:2C:B4:74:E7:FB
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpkica.twnic.tw/rpki/NCIC/0/CCF85F9A124EB315FA6F5A1B38237B2CB474E7FB.crl
Authority Information Access:
CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/1/CCF85F9A124EB315FA6F5A1B38237B2CB474E7FB.cer
Subject Information Access:
Signed Object - URI:rsync://rpkica.twnic.tw/rpki/NCIC/0/AS9919.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
42.0.64.0/18
45.64.228.0/22
59.104.0.0/15
60.245.64.0/18
61.56.192.0/18
61.59.0.0/16
61.61.0.0-61.61.191.255
61.66.0.0/16
103.234.40.0/22
106.104.0.0/14
112.104.0.0/15
113.196.0.0/16
115.30.64.0/18
122.146.0.0/15
123.51.128.0/17
123.204.0.0/15
175.180.0.0/14
203.67.0.0/16
203.70.0.0/16
203.73.0.0/16
203.190.16.0/21
210.64.0.0/16
210.66.0.0/16
210.68.0.0/16
210.243.128.0-210.244.127.255
211.74.0.0/16
211.78.0.0/18
211.78.128.0/18
218.32.0.0/16
218.210.0.0/15
220.228.0.0/15
221.169.0.0/16
IPv6:
2401:8000::/26
2401:a040::/32
Signature Algorithm: sha256WithRSAEncryption
10:c4:24:8d:85:73:de:19:6b:c9:eb:d3:93:ce:e9:69:33:5b:
43:47:e7:6c:3c:ef:93:fa:fa:8a:d4:e0:e3:a3:1c:8e:30:90:
ac:7b:03:aa:18:69:c3:2c:82:d3:9b:c6:96:8a:4c:60:8c:e1:
59:4f:0d:28:72:12:6b:0f:c9:f3:da:61:36:37:a3:35:67:7e:
63:92:26:a0:4d:0b:b1:b5:66:47:4f:d8:86:53:3e:64:8f:55:
fa:ba:9f:8e:bd:7a:d6:f8:74:18:35:ab:f5:ba:e6:c6:81:df:
58:d7:92:15:ed:ea:fc:de:6f:ac:e4:77:10:f1:ce:cf:5b:b4:
f6:df:97:7b:1f:d2:e8:f9:4c:ff:93:93:ac:a2:c9:47:f1:ce:
82:7c:03:45:ed:e0:c4:cf:0b:c0:53:0b:b0:84:81:b8:e5:d3:
a6:70:af:d5:1b:5f:74:34:e8:e9:d5:01:1a:50:07:8b:17:67:
2b:4e:14:d8:88:3a:d4:8d:d5:4d:c2:5c:b5:9a:49:3a:e5:cb:
a7:cb:ab:8a:a1:17:d0:4c:e3:c3:a1:3d:cf:1b:97:d8:74:02:
7b:a0:7c:fc:a2:c5:1e:65:5a:38:a5:1e:a0:bc:00:1e:4a:e5:
d8:75:93:98:ea:1c:3d:5e:3d:db:d3:de:9d:ee:78:e5:63:77:
2f:bc:89:bd
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgIUA6DHgfvHbwq4tni59YaS0wyCFAIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0NGODVGOUExMjRFQjMxNUZBNkY1QTFCMzgyMzdCMkNC
NDc0RTdGQjAeFw0yNjA1MTIwMTQ0MDJaFw0yNzA1MTEwMTQ5MDJaMDMxMTAvBgNV
BAMTKDJBREI5OUM3NzNEOUJERDg1NDQyMTVFMkJCRTkzNEI3QzVGRDU0NEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZSRcvbKsf3ZY7RFMwGdBgh0t1
gIoqiSgHoh22xyQwiSg+1izfDZjoNe2+ER4NahC5eO2y5tQxiPW2PFCAnfiYSTQQ
8QN8VvQd3xVDL6KxtQgXuhr7/oLVISBIRifblj8JIstURxyjLq5yMvN7pnlDuodq
tL6XCTebNfoAO4BtUZ0xctGNbsKlamfS2D/ZaeSINweC0sLibrwYaVYj312edjoA
cOmc7idd2MujQhPr/LGhTZXnjgpOQYuIvxQ6JpqWw5KXLDUOLLQso4IjmizSY2Q2
+CP3Y6/Lr6GzN5RblszuZcze5D2aDQMD/EZpP0P2FSzKsowogusY1Zj0rvblAgMB
AAGjggJ/MIICezAdBgNVHQ4EFgQUKtuZx3PZvdhUQhXiu+k0t8X9VEswHwYDVR0j
BBgwFoAUzPhfmhJOsxX6b1obOCN7LLR05/swDgYDVR0PAQH/BAQDAgeAMGEGA1Ud
HwRaMFgwVqBUoFKGUHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvTkNJQy8w
L0NDRjg1RjlBMTI0RUIzMTVGQTZGNUExQjM4MjM3QjJDQjQ3NEU3RkIuY3JsMG8G
CCsGAQUFBwEBBGMwYTBfBggrBgEFBQcwAoZTcnN5bmM6Ly9ycGtpY2EudHduaWMu
dHcvcnBraS9UV05JQ0NBLzEvQ0NGODVGOUExMjRFQjMxNUZBNkY1QTFCMzgyMzdC
MkNCNDc0RTdGQi5jZXIwSgYIKwYBBQUHAQsEPjA8MDoGCCsGAQUFBzALhi5yc3lu
YzovL3Jwa2ljYS50d25pYy50dy9ycGtpL05DSUMvMC9BUzk5MTkucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwge4GCCsGAQUFBwEHAQH/BIHeMIHbMIHCBAIA
ATCBuwMEBioAQAMEAi1A5AMDATtoAwQGPPVAAwQGPTjAAwMAPTswCwMDAD09AwQG
PT2AAwMAPUIDBAJn6igDAwJqaAMDAXBoAwMAccQDBAZzHkADAwF6kgMEB3szgAMD
AXvMAwMCr7QDAwDLQwMDAMtGAwMAy0kDBAPLvhADAwDSQAMDANJCAwMA0kQwDAME
B9LzgAMEB9L0AAMDANNKAwQG004AAwQG006AAwMA2iADAwHa0gMDAdzkAwMA3akw
FAQCAAIwDgMFBiQBgAADBQAkAaBAMA0GCSqGSIb3DQEBCwUAA4IBAQAQxCSNhXPe
GWvJ69OTzulpM1tDR+dsPO+T+vqK1ODjoxyOMJCsewOqGGnDLILTm8aWikxgjOFZ
Tw0ochJrD8nz2mE2N6M1Z35jkiagTQuxtWZHT9iGUz5kj1X6up+OvXrW+HQYNav1
uubGgd9Y15IV7er83m+s5HcQ8c7PW7T235d7H9Lo+Uz/k5OsoslH8c6CfANF7eDE
zwvAUwuwhIG45dOmcK/VG190NOjp1QEaUAeLF2crThTYiDrUjdVNwly1mkk65cun
y6uKoRfQTOPDoT3PG5fYdAJ7oHz8osUeZVo4pR6gvAAeSuXYdZOY6hw9Xj3b096d
7njlY3cvvIm9
-----END CERTIFICATE-----
Generated at Tue May 12 22:53:34 2026 by rpki-client