Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/NIMBUSCOM/p8RSINp3fRwBYdyK1RxpJyAL3Ss.roa
File:                     p8RSINp3fRwBYdyK1RxpJyAL3Ss.roa (raw, json)
Hash identifier:          XMRKYHwXJe1W6RwG3sTFdsZiPHKbtdCkaPJ8psi+9KU=
Subject key identifier:   A7:C4:52:20:DA:77:7D:1C:01:61:DC:8A:D5:1C:69:27:20:0B:DD:2B
Certificate issuer:       /CN=3122A9292CC930152ADE5A25848C1BDC4044C902
Certificate serial:       0505
Authority key identifier: 31:22:A9:29:2C:C9:30:15:2A:DE:5A:25:84:8C:1B:DC:40:44:C9:02
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/MSKpKSzJMBUq3lolhIwb3EBEyQI.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/NIMBUSCOM/p8RSINp3fRwBYdyK1RxpJyAL3Ss.roa
Signing time:             Fri 22 Aug 2025 08:52:17 +0000
ROA not before:           Fri 22 Aug 2025 08:52:17 +0000
ROA not after:            Sat 22 Aug 2026 08:14:28 +0000
asID:                     31972
IP address blocks:        103.159.88.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/NIMBUSCOM/MSKpKSzJMBUq3lolhIwb3EBEyQI.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/NIMBUSCOM/MSKpKSzJMBUq3lolhIwb3EBEyQI.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/MSKpKSzJMBUq3lolhIwb3EBEyQI.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 24 Aug 2025 13:14:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1285 (0x505)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3122A9292CC930152ADE5A25848C1BDC4044C902
        Validity
            Not Before: Aug 22 08:52:17 2025 GMT
            Not After : Aug 22 08:14:28 2026 GMT
        Subject: CN=A7C45220DA777D1C0161DC8AD51C6927200BDD2B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a0:bb:5f:1b:58:83:c9:ab:56:e7:a6:5b:c3:
                    73:36:b4:08:e0:c7:7d:2d:35:0d:4d:0a:c2:d9:5d:
                    b4:85:4e:9a:2b:ac:26:d3:8a:14:18:d9:6a:c6:2b:
                    bb:de:dd:02:95:44:c8:ed:29:fa:22:9a:83:1b:4f:
                    41:c8:ee:72:63:75:0c:ad:85:95:11:b7:01:44:5b:
                    4e:5a:e5:59:37:0d:cb:0a:21:8b:b8:68:0b:91:78:
                    2a:0d:9f:b5:e9:49:a8:0f:9e:58:08:08:3c:72:e1:
                    82:b0:4e:9b:9d:a8:9e:1c:e1:7b:16:e6:c5:61:08:
                    c0:61:eb:56:72:67:cd:ae:64:00:09:ea:dd:4c:ec:
                    df:c4:87:e4:90:4b:ae:ff:e4:e8:85:3d:d5:64:97:
                    89:6f:5c:0d:73:82:85:2e:b6:73:92:14:01:1f:a0:
                    80:a1:37:55:a7:3d:5f:cb:95:af:3d:db:f8:2a:c0:
                    75:18:d6:15:4e:d2:32:98:c5:ae:b8:db:83:4b:23:
                    a2:a9:e8:e3:21:f8:31:03:7a:fb:2a:46:b9:db:44:
                    22:8e:13:ff:b2:70:c0:d7:76:9e:83:f7:5e:28:22:
                    32:ce:df:24:d9:de:73:83:43:8d:02:69:c4:b3:f3:
                    d7:b2:3b:59:e1:3c:60:60:ec:0f:67:9a:68:e8:36:
                    bb:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:C4:52:20:DA:77:7D:1C:01:61:DC:8A:D5:1C:69:27:20:0B:DD:2B
            X509v3 Authority Key Identifier:
                keyid:31:22:A9:29:2C:C9:30:15:2A:DE:5A:25:84:8C:1B:DC:40:44:C9:02

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/NIMBUSCOM/MSKpKSzJMBUq3lolhIwb3EBEyQI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/MSKpKSzJMBUq3lolhIwb3EBEyQI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/NIMBUSCOM/p8RSINp3fRwBYdyK1RxpJyAL3Ss.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.159.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:66:ec:18:37:3a:61:26:b0:3a:89:cf:41:13:44:e1:fd:09:
         f1:99:3a:f8:fd:80:17:15:7e:42:93:ae:54:4d:7c:a7:0d:ef:
         ca:10:b0:bc:25:5f:2f:9e:13:be:b6:2b:7d:7b:c9:fc:e5:26:
         63:55:6d:ec:de:86:6d:71:da:01:48:61:34:3b:12:5b:ad:81:
         8b:d2:57:7f:07:97:54:4d:f3:ff:fc:ac:1a:c9:46:d5:bb:90:
         de:7a:55:20:52:dd:71:f2:d1:b8:a2:d1:78:92:16:4d:18:69:
         fe:1e:3f:08:40:77:25:63:17:79:52:3d:db:40:31:84:89:61:
         0d:83:5e:d4:e9:76:06:75:c9:fb:51:a6:da:57:b8:96:95:0a:
         da:5e:65:d7:ea:9c:5d:72:bf:32:69:15:47:a4:a9:6f:8c:96:
         6a:6a:d7:0b:86:79:1e:7b:b3:25:37:c0:54:c5:28:49:c4:8b:
         86:05:51:e3:11:94:b2:f0:91:be:fc:ae:59:d3:c7:21:17:48:
         67:6f:7b:02:b6:2a:35:54:db:90:df:eb:e3:a7:02:36:ca:89:
         88:07:a9:bf:82:26:f6:63:01:50:a0:39:97:39:22:6d:06:cf:
         e1:85:d0:83:4c:91:62:bc:87:04:54:eb:fe:91:5d:f1:ec:3d:
         f4:32:33:5d
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICBQUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzEy
MkE5MjkyQ0M5MzAxNTJBREU1QTI1ODQ4QzFCREM0MDQ0QzkwMjAeFw0yNTA4MjIw
ODUyMTdaFw0yNjA4MjIwODE0MjhaMDMxMTAvBgNVBAMTKEE3QzQ1MjIwREE3NzdE
MUMwMTYxREM4QUQ1MUM2OTI3MjAwQkREMkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7oLtfG1iDyatW56Zbw3M2tAjgx30tNQ1NCsLZXbSFTporrCbT
ihQY2WrGK7ve3QKVRMjtKfoimoMbT0HI7nJjdQythZURtwFEW05a5Vk3DcsKIYu4
aAuReCoNn7XpSagPnlgICDxy4YKwTpudqJ4c4XsW5sVhCMBh61ZyZ82uZAAJ6t1M
7N/Eh+SQS67/5OiFPdVkl4lvXA1zgoUutnOSFAEfoIChN1WnPV/Lla892/gqwHUY
1hVO0jKYxa6424NLI6Kp6OMh+DEDevsqRrnbRCKOE/+ycMDXdp6D914oIjLO3yTZ
3nODQ40CacSz89eyO1nhPGBg7A9nmmjoNrsvAgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUp8RSINp3fRwBYdyK1RxpJyAL3SswHwYDVR0jBBgwFoAUMSKpKSzJMBUq3lol
hIwb3EBEyQIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBfBgNVHR8EWDBWMFSg
UqBQhk5yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvTklNQlVT
Q09NL01TS3BLU3pKTUJVcTNsb2xoSXdiM0VCRXlRSS5jcmwwYAYIKwYBBQUHAQEE
VDBSMFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RX
TklDQ0EvTVNLcEtTekpNQlVxM2xvbGhJd2IzRUJFeVFJLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZ8GCCsGAQUFBwELBIGSMIGPMFoGCCsGAQUFBzALhk5yc3luYzovL3Jw
a2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvTklNQlVTQ09NL3A4UlNJTnAzZlJ3
QllkeUsxUnhwSnlBTDNTcy5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnJkcC50
d25pYy50dy9ycmRwL25vdGlmeS54bWwwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFnn1gwDQYJKoZIhvcNAQELBQADggEBAHRm7Bg3OmEmsDqJz0ETROH9CfGZ
Ovj9gBcVfkKTrlRNfKcN78oQsLwlXy+eE762K317yfzlJmNVbezehm1x2gFIYTQ7
ElutgYvSV38Hl1RN8//8rBrJRtW7kN56VSBS3XHy0bii0XiSFk0Yaf4ePwhAdyVj
F3lSPdtAMYSJYQ2DXtTpdgZ1yftRptpXuJaVCtpeZdfqnF1yvzJpFUekqW+Mlmpq
1wuGeR57syU3wFTFKEnEi4YFUeMRlLLwkb78rlnTxyEXSGdvewK2KjVU25Df6+On
AjbKiYgHqb+CJvZjAVCgOZc5Im0Gz+GF0INMkWK8hwRU6/6RXfHsPfQyM10=
-----END CERTIFICATE-----
Generated at Sun Aug 24 11:40:22 2025 by rpki-client