Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/TWNTT/9alYZTlFUvK16_ZIgZsYZDRQYFY.roa
File:                     9alYZTlFUvK16_ZIgZsYZDRQYFY.roa (raw, json)
Hash identifier:          hKPGI/1sLSt7G8mkHfRjU0Nb4d3B4wrmfL82fOsZ7AY=
Subject key identifier:   F5:A9:58:65:39:45:52:F2:B5:EB:F6:48:81:9B:18:64:34:50:60:56
Certificate issuer:       /CN=9E2697FA70252F83F41D121EC0B5CB458B6FF214
Certificate serial:       0DE6
Authority key identifier: 9E:26:97:FA:70:25:2F:83:F4:1D:12:1E:C0:B5:CB:45:8B:6F:F2:14
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/niaX-nAlL4P0HRIewLXLRYtv8hQ.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/TWNTT/9alYZTlFUvK16_ZIgZsYZDRQYFY.roa
Signing time:             Fri 22 Aug 2025 08:52:09 +0000
ROA not before:           Fri 22 Aug 2025 08:52:09 +0000
ROA not after:            Sat 22 Aug 2026 08:14:28 +0000
asID:                     2914
IP address blocks:        2001:d40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpkica.twnic.tw/rpki/TWNICCA/TWNTT/niaX-nAlL4P0HRIewLXLRYtv8hQ.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/TWNTT/niaX-nAlL4P0HRIewLXLRYtv8hQ.mft
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/niaX-nAlL4P0HRIewLXLRYtv8hQ.cer
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl
                          rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 24 Aug 2025 13:14:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3558 (0xde6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9E2697FA70252F83F41D121EC0B5CB458B6FF214
        Validity
            Not Before: Aug 22 08:52:09 2025 GMT
            Not After : Aug 22 08:14:28 2026 GMT
        Subject: CN=F5A95865394552F2B5EBF648819B186434506056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e6:39:1f:4c:69:6d:04:c2:80:20:b0:4c:cd:
                    ef:b6:42:fc:a2:00:3d:9e:0f:b1:2e:db:c7:ca:ad:
                    9b:e8:6e:9d:e5:7d:33:b3:e7:fb:04:55:ef:31:9b:
                    2f:70:17:46:f7:31:07:ca:5e:f6:ed:ca:20:2f:73:
                    ba:54:18:62:a2:5d:9d:b9:ec:c1:a1:9e:74:1d:b3:
                    55:14:db:29:a7:9d:44:31:ef:ad:2f:d0:c7:1c:55:
                    5e:fe:a7:e0:8d:cd:1b:0f:cf:f9:a5:70:cf:c3:4b:
                    51:44:06:56:90:c1:2b:71:f7:f6:05:ea:95:48:cf:
                    65:ab:81:7e:22:92:a0:c1:52:92:aa:06:56:c3:21:
                    0e:30:5b:2f:d9:0b:bc:35:4d:03:68:95:c1:fe:0e:
                    06:d4:92:95:61:b6:54:98:a0:55:1f:bd:54:7c:84:
                    1d:72:a7:35:31:36:df:c4:5f:84:79:c7:29:57:56:
                    8d:4b:ba:cf:cd:06:41:3a:99:6a:ae:38:6f:a8:d4:
                    a8:26:5e:d2:07:af:73:d6:22:0e:99:31:51:58:47:
                    52:4b:ce:7f:f3:d9:fb:f4:61:f6:3d:2f:be:6b:70:
                    3c:97:0f:ae:cb:83:78:89:dd:a0:94:be:da:94:5a:
                    e6:aa:6a:b2:78:b5:c2:d7:02:2d:6d:4f:c6:0d:b7:
                    fb:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:A9:58:65:39:45:52:F2:B5:EB:F6:48:81:9B:18:64:34:50:60:56
            X509v3 Authority Key Identifier:
                keyid:9E:26:97:FA:70:25:2F:83:F4:1D:12:1E:C0:B5:CB:45:8B:6F:F2:14

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TWNTT/niaX-nAlL4P0HRIewLXLRYtv8hQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/niaX-nAlL4P0HRIewLXLRYtv8hQ.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TWNTT/9alYZTlFUvK16_ZIgZsYZDRQYFY.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:d1:80:d6:ef:1c:ec:8e:bb:a9:e0:c8:11:ca:8b:d7:d7:84:
         cb:66:ee:3c:b9:6f:df:07:6a:78:d0:27:f3:ef:d9:58:61:37:
         2a:6b:f6:2b:95:34:b7:c6:19:95:4a:6a:40:11:69:7f:8a:48:
         11:03:15:91:f8:8c:7d:89:53:35:65:03:cf:95:34:a3:af:d1:
         bf:56:67:e6:e8:f6:a4:9f:8e:d2:7c:ad:6e:a8:25:92:d6:63:
         38:f8:b3:1c:a7:44:2e:d8:cb:5b:12:25:ce:02:81:21:c8:8a:
         d9:d5:23:ac:18:c4:fb:61:2a:d9:79:e8:21:bf:e4:07:63:d7:
         a4:a5:d2:a2:98:2d:fe:c9:33:6b:70:9b:c9:dc:1b:74:d2:7c:
         6a:6c:3d:f2:fd:5d:cc:75:21:a4:c1:ef:27:4c:14:de:d7:b3:
         a5:9e:76:90:f2:67:39:7d:48:a8:51:ff:42:15:c5:0e:ec:72:
         32:ed:f2:fe:e0:76:97:a7:bd:15:0d:e8:09:6f:c8:b3:bf:7e:
         5b:13:4e:f5:ab:db:5b:6a:cd:21:56:45:db:95:e5:b1:d0:8f:
         5b:4c:7c:d3:23:57:ee:9c:d5:24:fd:8b:94:d7:ea:5f:4f:d8:
         91:eb:06:04:57:ad:5c:1c:a6:e9:f1:4b:f1:ad:d3:bf:b1:70:
         45:93:89:7e
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgICDeYwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoOUUy
Njk3RkE3MDI1MkY4M0Y0MUQxMjFFQzBCNUNCNDU4QjZGRjIxNDAeFw0yNTA4MjIw
ODUyMDlaFw0yNjA4MjIwODE0MjhaMDMxMTAvBgNVBAMTKEY1QTk1ODY1Mzk0NTUy
RjJCNUVCRjY0ODgxOUIxODY0MzQ1MDYwNTYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC15jkfTGltBMKAILBMze+2QvyiAD2eD7Eu28fKrZvobp3lfTOz
5/sEVe8xmy9wF0b3MQfKXvbtyiAvc7pUGGKiXZ257MGhnnQds1UU2ymnnUQx760v
0MccVV7+p+CNzRsPz/mlcM/DS1FEBlaQwStx9/YF6pVIz2WrgX4ikqDBUpKqBlbD
IQ4wWy/ZC7w1TQNolcH+DgbUkpVhtlSYoFUfvVR8hB1ypzUxNt/EX4R5xylXVo1L
us/NBkE6mWquOG+o1KgmXtIHr3PWIg6ZMVFYR1JLzn/z2fv0YfY9L75rcDyXD67L
g3iJ3aCUvtqUWuaqarJ4tcLXAi1tT8YNt/snAgMBAAGjggHtMIIB6TAdBgNVHQ4E
FgQU9alYZTlFUvK16/ZIgZsYZDRQYFYwHwYDVR0jBBgwFoAUniaX+nAlL4P0HRIe
wLXLRYtv8hQwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvVFdOVFQv
bmlhWC1uQWxMNFAwSFJJZXdMWExSWXR2OGhRLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9uaWFYLW5BbEw0UDBIUklld0xYTFJZdHY4aFEuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9UV05UVC85YWxZWlRsRlV2SzE2X1pJZ1pz
WVpEUlFZRlkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAIAEN
QDANBgkqhkiG9w0BAQsFAAOCAQEAStGA1u8c7I67qeDIEcqL19eEy2buPLlv3wdq
eNAn8+/ZWGE3Kmv2K5U0t8YZlUpqQBFpf4pIEQMVkfiMfYlTNWUDz5U0o6/Rv1Zn
5uj2pJ+O0nytbqglktZjOPizHKdELtjLWxIlzgKBIciK2dUjrBjE+2Eq2XnoIb/k
B2PXpKXSopgt/skza3CbydwbdNJ8amw98v1dzHUhpMHvJ0wU3tezpZ52kPJnOX1I
qFH/QhXFDuxyMu3y/uB2l6e9FQ3oCW/Is79+WxNO9avbW2rNIVZF25XlsdCPW0x8
0yNX7pzVJP2LlNfqX0/YkesGBFetXBym6fFL8a3Tv7FwRZOJfg==
-----END CERTIFICATE-----