Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/SYMPHOX/qvou2uNDx9ZQaktEtGSCpeHQgX4.roa
File:                     qvou2uNDx9ZQaktEtGSCpeHQgX4.roa (raw, json)
Hash identifier:          k9hEW83Y42p6gzpjaeHIf/hjSQqpa0HyQUfTMI/PjTE=
Subject key identifier:   AA:FA:2E:DA:E3:43:C7:D6:50:6A:4B:44:B4:64:82:A5:E1:D0:81:7E
Certificate issuer:       /CN=A61402819401D363CB1F9BFBD538875F41F211C3
Certificate serial:       0D44
Authority key identifier: A6:14:02:81:94:01:D3:63:CB:1F:9B:FB:D5:38:87:5F:41:F2:11:C3
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/phQCgZQB02PLH5v71TiHX0HyEcM.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/SYMPHOX/qvou2uNDx9ZQaktEtGSCpeHQgX4.roa
Signing time:             Fri 22 Aug 2025 08:57:45 +0000
ROA not before:           Fri 22 Aug 2025 08:57:45 +0000
ROA not after:            Sat 22 Aug 2026 08:14:28 +0000
asID:                     56179
IP address blocks:        211.76.128.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/SYMPHOX/phQCgZQB02PLH5v71TiHX0HyEcM.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/SYMPHOX/phQCgZQB02PLH5v71TiHX0HyEcM.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/phQCgZQB02PLH5v71TiHX0HyEcM.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 21 Oct 2025 08:26:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3396 (0xd44)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A61402819401D363CB1F9BFBD538875F41F211C3
        Validity
            Not Before: Aug 22 08:57:45 2025 GMT
            Not After : Aug 22 08:14:28 2026 GMT
        Subject: CN=AAFA2EDAE343C7D6506A4B44B46482A5E1D0817E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:6c:6e:56:8a:fe:6b:28:fb:cc:c3:13:67:78:
                    0d:37:ab:58:a8:2c:eb:05:3d:96:28:01:12:98:68:
                    49:f2:d5:53:a9:fa:54:0c:70:a8:7b:f7:70:d7:b3:
                    93:2b:46:87:ff:38:b0:02:cb:ef:18:ab:83:17:ff:
                    c4:fe:e9:c4:c8:08:ef:19:5c:2c:74:b4:0d:2c:2e:
                    45:96:22:93:f4:a0:68:68:94:12:56:8d:1a:dc:aa:
                    0a:9b:8c:3c:e2:39:93:73:3f:e0:d7:e5:03:1a:15:
                    f1:b6:0f:37:9b:b8:22:c1:c1:82:10:a7:4a:87:ea:
                    15:10:de:fe:17:e3:3b:c1:6f:bf:a9:43:03:a3:a7:
                    bd:2a:d2:80:bc:ba:e7:97:d3:69:1b:67:0b:1d:08:
                    a4:e7:40:73:e4:72:a8:87:0e:0b:49:62:eb:e6:ea:
                    ec:53:9b:e7:e7:92:00:3c:f4:e1:53:b9:df:85:42:
                    35:ba:ca:b2:50:c7:0f:a3:db:6d:c8:e0:7a:cf:f9:
                    02:5c:39:3a:a0:21:c4:60:3e:26:4e:38:ed:ab:ee:
                    bf:bc:7a:b7:b8:df:bc:92:19:cc:92:b6:3a:39:38:
                    cb:6f:d4:59:6a:5c:73:9f:36:03:ca:c9:78:06:b0:
                    e7:67:92:08:fa:39:f3:97:a4:e6:82:92:80:93:ab:
                    52:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:FA:2E:DA:E3:43:C7:D6:50:6A:4B:44:B4:64:82:A5:E1:D0:81:7E
            X509v3 Authority Key Identifier:
                keyid:A6:14:02:81:94:01:D3:63:CB:1F:9B:FB:D5:38:87:5F:41:F2:11:C3

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/SYMPHOX/phQCgZQB02PLH5v71TiHX0HyEcM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/phQCgZQB02PLH5v71TiHX0HyEcM.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/SYMPHOX/qvou2uNDx9ZQaktEtGSCpeHQgX4.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  211.76.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a0:7d:e7:53:52:b4:87:51:c9:3c:b1:5d:06:5c:eb:83:73:41:
         a9:e4:79:d7:45:c2:82:b0:01:1e:77:c5:7b:5f:e1:63:03:1f:
         6b:67:80:ac:a2:e8:ca:af:15:e0:1b:70:64:4d:b8:9b:30:e2:
         79:fa:26:bb:54:ef:85:a8:af:14:64:17:f5:e7:64:af:53:aa:
         f0:cc:c8:a5:08:ec:09:a3:d0:50:d0:50:91:7b:b4:1a:57:cb:
         ee:c5:79:c5:eb:32:08:d5:c1:67:0a:8b:e8:2a:35:c1:76:53:
         ea:25:39:9c:91:49:ec:60:b8:cb:a6:a3:cb:66:34:6c:fd:26:
         84:98:a1:c9:bf:15:43:2d:03:1a:1d:6f:fd:de:1e:0d:79:04:
         b5:0f:6c:78:67:26:27:6a:6c:13:5b:88:83:f4:13:6d:a1:38:
         3f:39:58:57:b1:15:7c:fa:28:72:a2:0e:f1:bc:13:3c:8c:d5:
         00:ba:91:94:75:7c:65:b4:64:a9:71:54:16:84:ca:ca:c1:af:
         93:ca:4a:57:1a:0c:d3:4b:aa:ed:30:bc:f0:da:e4:b4:13:b3:
         1c:5f:d8:5a:48:a0:a5:ef:31:df:8a:11:8d:15:79:e9:f6:4d:
         af:46:c0:b7:d1:54:d7:a7:a1:e3:f8:da:72:9d:ae:6c:d1:6d:
         f4:5b:6e:25
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICDUQwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQTYx
NDAyODE5NDAxRDM2M0NCMUY5QkZCRDUzODg3NUY0MUYyMTFDMzAeFw0yNTA4MjIw
ODU3NDVaFw0yNjA4MjIwODE0MjhaMDMxMTAvBgNVBAMTKEFBRkEyRURBRTM0M0M3
RDY1MDZBNEI0NEI0NjQ4MkE1RTFEMDgxN0UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDhbG5Wiv5rKPvMwxNneA03q1ioLOsFPZYoARKYaEny1VOp+lQM
cKh793DXs5MrRof/OLACy+8Yq4MX/8T+6cTICO8ZXCx0tA0sLkWWIpP0oGholBJW
jRrcqgqbjDziOZNzP+DX5QMaFfG2DzebuCLBwYIQp0qH6hUQ3v4X4zvBb7+pQwOj
p70q0oC8uueX02kbZwsdCKTnQHPkcqiHDgtJYuvm6uxTm+fnkgA89OFTud+FQjW6
yrJQxw+j223I4HrP+QJcOTqgIcRgPiZOOO2r7r+8ere437ySGcyStjo5OMtv1Flq
XHOfNgPKyXgGsOdnkgj6OfOXpOaCkoCTq1LHAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUqvou2uNDx9ZQaktEtGSCpeHQgX4wHwYDVR0jBBgwFoAUphQCgZQB02PLH5v7
1TiHX0HyEcMwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvU1lNUEhP
WC9waFFDZ1pRQjAyUExINXY3MVRpSFgwSHlFY00uY3JsMGAGCCsGAQUFBwEBBFQw
UjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpY2EudHduaWMudHcvcnBraS9UV05J
Q0NBL3BoUUNnWlFCMDJQTEg1djcxVGlIWDBIeUVjTS5jZXIwDgYDVR0PAQH/BAQD
AgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9ycGtp
Y2EudHduaWMudHcvcnBraS9UV05JQ0NBL1NZTVBIT1gvcXZvdTJ1TkR4OVpRYWt0
RXRHU0NwZUhRZ1g0LnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycmRwLnR3bmlj
LnR3L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgME
BNNMgDANBgkqhkiG9w0BAQsFAAOCAQEAoH3nU1K0h1HJPLFdBlzrg3NBqeR510XC
grABHnfFe1/hYwMfa2eArKLoyq8V4BtwZE24mzDiefomu1TvhaivFGQX9edkr1Oq
8MzIpQjsCaPQUNBQkXu0GlfL7sV5xesyCNXBZwqL6Co1wXZT6iU5nJFJ7GC4y6aj
y2Y0bP0mhJihyb8VQy0DGh1v/d4eDXkEtQ9seGcmJ2psE1uIg/QTbaE4PzlYV7EV
fPoocqIO8bwTPIzVALqRlHV8ZbRkqXFUFoTKysGvk8pKVxoM00uq7TC88NrktBOz
HF/YWkigpe8x34oRjRV56fZNr0bAt9FU16eh4/jacp2ubNFt9FtuJQ==
-----END CERTIFICATE-----
Generated at Tue Oct 21 05:27:38 2025 by rpki-client