Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/TANET/ZmmuqSue9GzkbQyrve25xeyRRs0.roa
File:                     ZmmuqSue9GzkbQyrve25xeyRRs0.roa (raw, json)
Hash identifier:          PZwl3ODRhRitrbtWU7QCfSTVYNkXb8vJIX7X6I3Vpgc=
Subject key identifier:   66:69:AE:A9:2B:9E:F4:6C:E4:6D:0C:AB:BD:ED:B9:C5:EC:91:46:CD
Certificate issuer:       /CN=457B10372A686E3FF73656BEB5CD3DEBC932371A
Certificate serial:       0FF7
Authority key identifier: 45:7B:10:37:2A:68:6E:3F:F7:36:56:BE:B5:CD:3D:EB:C9:32:37:1A
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/RXsQNypobj_3Nla-tc0968kyNxo.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/ZmmuqSue9GzkbQyrve25xeyRRs0.roa
Signing time:             Fri 22 Aug 2025 08:55:47 +0000
ROA not before:           Fri 22 Aug 2025 08:55:47 +0000
ROA not after:            Sat 22 Aug 2026 08:14:28 +0000
asID:                     18217
IP address blocks:        140.109.224.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/RXsQNypobj_3Nla-tc0968kyNxo.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/RXsQNypobj_3Nla-tc0968kyNxo.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/RXsQNypobj_3Nla-tc0968kyNxo.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/FDE5Ly-m0Y9mdB4uoa7qF4GGF0M.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/FDE5Ly-m0Y9mdB4uoa7qF4GGF0M.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/FDE5Ly-m0Y9mdB4uoa7qF4GGF0M.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 24 Aug 2025 08:44:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4087 (0xff7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=457B10372A686E3FF73656BEB5CD3DEBC932371A
        Validity
            Not Before: Aug 22 08:55:47 2025 GMT
            Not After : Aug 22 08:14:28 2026 GMT
        Subject: CN=6669AEA92B9EF46CE46D0CABBDEDB9C5EC9146CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:48:0c:9c:df:c4:6f:52:81:b6:e4:fc:63:b4:
                    43:92:4f:a5:ab:9e:86:3d:f2:de:a1:65:ec:51:6f:
                    99:ca:eb:dd:32:8d:90:20:6d:e4:e8:64:f0:58:7d:
                    65:bc:dd:e9:5f:42:97:65:a1:02:4d:91:c5:c9:4e:
                    24:5b:9a:6f:83:a8:d6:ce:38:ef:c4:d0:38:69:97:
                    ba:b8:db:10:31:ba:10:75:32:92:bf:38:af:a7:4c:
                    b2:53:98:ce:d0:1a:b1:38:dc:c6:81:28:ea:c1:93:
                    1f:ce:01:e2:ef:73:58:81:82:e7:1b:b0:fe:58:61:
                    50:a0:7e:57:48:10:ec:80:dc:e1:3e:5a:e1:ff:db:
                    d6:56:5d:9b:17:d5:a8:ba:73:3f:39:66:78:c7:f3:
                    fd:9f:69:60:9e:10:6e:a5:da:73:7f:02:ca:ae:39:
                    d9:a6:1c:91:63:f6:4d:68:c1:9c:80:bc:fc:e0:ce:
                    42:4e:c6:d4:e6:e5:c9:2d:66:0c:ea:21:34:2c:5e:
                    23:ef:b4:7c:30:c1:8d:56:95:3f:81:b5:67:6d:05:
                    de:21:40:c0:ce:ff:b8:e3:c5:08:05:02:33:dc:f4:
                    d5:f0:d9:b0:13:f2:da:bd:dc:11:ca:db:f5:ff:b5:
                    7b:4b:76:b8:42:b3:fa:99:1d:a4:7b:2b:d7:22:62:
                    03:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:69:AE:A9:2B:9E:F4:6C:E4:6D:0C:AB:BD:ED:B9:C5:EC:91:46:CD
            X509v3 Authority Key Identifier:
                keyid:45:7B:10:37:2A:68:6E:3F:F7:36:56:BE:B5:CD:3D:EB:C9:32:37:1A

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/RXsQNypobj_3Nla-tc0968kyNxo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/RXsQNypobj_3Nla-tc0968kyNxo.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TANET/ZmmuqSue9GzkbQyrve25xeyRRs0.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.109.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:c0:8e:85:60:e3:49:a9:aa:55:e7:68:c1:3d:e6:95:90:d3:
         7f:d9:d2:e9:0a:7c:fa:df:e6:26:1b:e0:7f:6b:63:a3:a3:26:
         31:d8:94:9c:42:7f:f4:5d:70:40:a1:92:b6:e1:4d:ac:d2:ff:
         b1:69:4e:54:8e:20:1f:18:5c:d8:28:ec:84:42:d9:b5:a5:a5:
         c8:b3:d3:0b:bb:a7:fb:69:57:fe:7d:f9:73:af:66:62:34:f0:
         24:17:59:28:9e:5e:95:3a:4b:0d:e1:37:3b:89:c8:28:48:1e:
         a4:18:d3:25:96:5c:16:d8:e7:90:a2:cb:36:3f:3b:53:1b:3e:
         9a:d6:8f:df:4d:ed:5d:63:08:86:fb:b2:fc:e7:8c:3f:35:3f:
         fe:3b:6e:97:d3:fd:ad:dd:73:ac:67:5b:4d:7a:2b:8c:ad:c0:
         36:4c:45:76:ea:2a:d2:b7:ca:eb:8b:19:f8:24:b5:95:ab:80:
         05:00:1c:b9:cb:a3:33:ef:8d:3e:46:25:82:6a:27:10:10:2a:
         5f:5b:13:09:53:62:7a:a1:2f:9d:ba:b5:f4:6f:36:57:22:71:
         48:45:f8:49:17:13:72:6c:08:ed:f2:66:92:5c:94:ad:e8:b4:
         86:8b:ee:27:bd:79:85:ec:a3:5e:d2:60:43:de:10:4c:16:a2:
         04:dc:0d:d1
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICD/cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDU3
QjEwMzcyQTY4NkUzRkY3MzY1NkJFQjVDRDNERUJDOTMyMzcxQTAeFw0yNTA4MjIw
ODU1NDdaFw0yNjA4MjIwODE0MjhaMDMxMTAvBgNVBAMTKDY2NjlBRUE5MkI5RUY0
NkNFNDZEMENBQkJERURCOUM1RUM5MTQ2Q0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDSAyc38RvUoG25PxjtEOST6WrnoY98t6hZexRb5nK690yjZAg
beToZPBYfWW83elfQpdloQJNkcXJTiRbmm+DqNbOOO/E0Dhpl7q42xAxuhB1MpK/
OK+nTLJTmM7QGrE43MaBKOrBkx/OAeLvc1iBgucbsP5YYVCgfldIEOyA3OE+WuH/
29ZWXZsX1ai6cz85ZnjH8/2faWCeEG6l2nN/AsquOdmmHJFj9k1owZyAvPzgzkJO
xtTm5cktZgzqITQsXiPvtHwwwY1WlT+BtWdtBd4hQMDO/7jjxQgFAjPc9NXw2bAT
8tq93BHK2/X/tXtLdrhCs/qZHaR7K9ciYgO3AgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUZmmuqSue9GzkbQyrve25xeyRRs0wHwYDVR0jBBgwFoAURXsQNypobj/3Nla+
tc0968kyNxowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvVEFORVQv
UlhzUU55cG9ial8zTmxhLXRjMDk2OGt5TnhvLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9SWHNRTnlwb2JqXzNObGEtdGMwOTY4a3lOeG8uY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9UQU5FVC9abW11cVN1ZTlHemtiUXlydmUy
NXhleVJSczAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjG3g
MA0GCSqGSIb3DQEBCwUAA4IBAQB+wI6FYONJqapV52jBPeaVkNN/2dLpCnz63+Ym
G+B/a2OjoyYx2JScQn/0XXBAoZK24U2s0v+xaU5UjiAfGFzYKOyEQtm1paXIs9ML
u6f7aVf+fflzr2ZiNPAkF1konl6VOksN4Tc7icgoSB6kGNMlllwW2OeQoss2PztT
Gz6a1o/fTe1dYwiG+7L854w/NT/+O26X0/2t3XOsZ1tNeiuMrcA2TEV26irSt8rr
ixn4JLWVq4AFABy5y6Mz740+RiWCaicQECpfWxMJU2J6oS+durX0bzZXInFIRfhJ
FxNybAjt8maSXJSt6LSGi+4nvXmF7KNe0mBD3hBMFqIE3A3R
-----END CERTIFICATE-----