Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CGNET/1lEmwpXmdAQ6ZkVKOwEq2N6hecY.roa
File:                     1lEmwpXmdAQ6ZkVKOwEq2N6hecY.roa (raw, json)
Hash identifier:          XoWoftTvCyQBdeXggxksKVHigvvrg5302lzUPmIHDf0=
Subject key identifier:   D6:51:26:C2:95:E6:74:04:3A:66:45:4A:3B:01:2A:D8:DE:A1:79:C6
Certificate issuer:       /CN=5D1E3F3C8BA89DC1310410345F50C10076181261
Certificate serial:       09DC
Authority key identifier: 5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/1lEmwpXmdAQ6ZkVKOwEq2N6hecY.roa
Signing time:             Wed 29 Sep 2021 02:52:04 +0000
ROA not before:           Wed 29 Sep 2021 02:52:04 +0000
ROA not after:            Thu 29 Sep 2022 02:36:22 +0000
asID:                     18429
IP address blocks:        123.50.32.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2524 (0x9dc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5D1E3F3C8BA89DC1310410345F50C10076181261
        Validity
            Not Before: Sep 29 02:52:04 2021 GMT
            Not After : Sep 29 02:36:22 2022 GMT
        Subject: CN=D65126C295E674043A66454A3B012AD8DEA179C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ff:7b:13:e8:36:a3:e1:00:b4:8b:90:c6:7b:
                    19:ad:d7:fe:4d:13:9e:63:f8:60:fe:d5:67:1e:e2:
                    9f:b0:e7:e6:01:12:35:64:00:aa:fc:d0:b8:0e:dd:
                    b4:66:ae:f5:59:de:bd:88:c5:be:23:d6:30:db:57:
                    84:39:f2:21:71:1b:79:e6:c2:11:08:5d:8f:ff:d3:
                    30:41:5d:57:a9:39:4f:2a:79:61:82:cc:ed:f6:7a:
                    51:a8:ee:f6:ae:a6:b4:79:57:0e:ea:57:75:e6:21:
                    9c:81:64:ae:33:ea:2c:aa:de:1f:1e:1f:2a:9f:a4:
                    c3:d4:cf:6a:79:f7:f0:1a:9d:6d:6f:9c:6f:a2:83:
                    fe:b1:02:0a:92:2c:f1:c9:e9:db:2c:2f:81:fe:6c:
                    ea:60:a2:a2:71:16:3e:ba:9b:96:6f:3d:a3:e8:11:
                    33:29:b6:6f:f1:c0:1f:f8:2e:b4:a7:63:be:4e:b1:
                    63:32:0d:cb:1a:98:2e:3b:86:78:e0:f0:86:9d:07:
                    5a:26:82:5c:ef:4f:71:0f:01:2d:90:3f:51:f8:56:
                    03:15:d5:6d:4d:60:99:23:bd:2c:52:e2:a7:81:3b:
                    a1:85:4a:4f:55:73:ea:6d:03:72:23:75:63:87:11:
                    69:19:0c:fb:39:78:72:28:51:94:59:2a:44:05:d7:
                    5f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:51:26:C2:95:E6:74:04:3A:66:45:4A:3B:01:2A:D8:DE:A1:79:C6
            X509v3 Authority Key Identifier:
                keyid:5D:1E:3F:3C:8B:A8:9D:C1:31:04:10:34:5F:50:C1:00:76:18:12:61

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/XR4_PIuoncExBBA0X1DBAHYYEmE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/XR4_PIuoncExBBA0X1DBAHYYEmE.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CGNET/1lEmwpXmdAQ6ZkVKOwEq2N6hecY.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.50.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6a:c0:4c:2a:ec:18:90:98:3d:ce:37:f2:fe:d3:27:ca:03:6a:
         b3:c3:da:fd:8e:56:ab:35:e6:ff:7e:f5:bc:50:dc:d2:3c:97:
         5d:6e:b0:af:d6:18:ca:66:ae:94:1e:8d:54:75:f0:32:86:22:
         06:b5:9f:65:6d:0d:21:90:e6:86:53:ea:33:a9:75:c2:23:9b:
         c2:e8:b8:6c:ed:19:79:21:1c:ba:4a:c4:ea:3a:68:61:98:25:
         5b:be:b0:91:72:33:71:bc:61:c5:07:a2:a7:04:b7:6f:5b:d9:
         f3:c7:1a:aa:e8:c1:dd:79:6f:9e:18:b9:55:f2:d4:1c:7e:5f:
         30:1b:32:81:2f:15:34:9e:36:62:d4:31:18:87:2a:2d:60:11:
         00:24:1e:0d:eb:4b:ad:7f:d4:39:f4:67:eb:72:f3:61:a7:43:
         0e:cc:a8:6e:69:8b:72:6c:19:9c:b3:3b:72:11:2c:f5:30:e1:
         4b:47:ba:09:e1:53:f0:32:8b:1e:3b:de:b0:c0:04:ee:44:64:
         88:84:44:c7:65:18:5f:82:28:15:03:78:ac:b0:0b:ad:0d:1c:
         c3:ec:45:90:fa:05:b2:5b:5e:75:0b:a1:27:ed:82:d9:63:76:
         c8:70:65:c0:04:e7:f3:11:da:d4:9a:70:98:fd:ab:43:67:e0:
         dc:40:f0:60
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICCdwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNUQx
RTNGM0M4QkE4OURDMTMxMDQxMDM0NUY1MEMxMDA3NjE4MTI2MTAeFw0yMTA5Mjkw
MjUyMDRaFw0yMjA5MjkwMjM2MjJaMDMxMTAvBgNVBAMTKEQ2NTEyNkMyOTVFNjc0
MDQzQTY2NDU0QTNCMDEyQUQ4REVBMTc5QzYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC0/3sT6Daj4QC0i5DGexmt1/5NE55j+GD+1Wce4p+w5+YBEjVk
AKr80LgO3bRmrvVZ3r2Ixb4j1jDbV4Q58iFxG3nmwhEIXY//0zBBXVepOU8qeWGC
zO32elGo7vauprR5Vw7qV3XmIZyBZK4z6iyq3h8eHyqfpMPUz2p59/AanW1vnG+i
g/6xAgqSLPHJ6dssL4H+bOpgoqJxFj66m5ZvPaPoETMptm/xwB/4LrSnY75OsWMy
DcsamC47hnjg8IadB1omglzvT3EPAS2QP1H4VgMV1W1NYJkjvSxS4qeBO6GFSk9V
c+ptA3IjdWOHEWkZDPs5eHIoUZRZKkQF11+pAgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQU1lEmwpXmdAQ6ZkVKOwEq2N6hecYwHwYDVR0jBBgwFoAUXR4/PIuoncExBBA0
X1DBAHYYEmEwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ0dORVQv
WFI0X1BJdW9uY0V4QkJBMFgxREJBSFlZRW1FLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9YUjRfUEl1b25jRXhCQkEwWDFEQkFIWVlFbUUuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9DR05FVC8xbEVtd3BYbWRBUTZaa1ZLT3dF
cTJONmhlY1kucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDezIg
MA0GCSqGSIb3DQEBCwUAA4IBAQBqwEwq7BiQmD3ON/L+0yfKA2qzw9r9jlarNeb/
fvW8UNzSPJddbrCv1hjKZq6UHo1UdfAyhiIGtZ9lbQ0hkOaGU+ozqXXCI5vC6Lhs
7Rl5IRy6SsTqOmhhmCVbvrCRcjNxvGHFB6KnBLdvW9nzxxqq6MHdeW+eGLlV8tQc
fl8wGzKBLxU0njZi1DEYhyotYBEAJB4N60utf9Q59GfrcvNhp0MOzKhuaYtybBmc
sztyESz1MOFLR7oJ4VPwMoseO96wwATuRGSIhETHZRhfgigVA3issAutDRzD7EWQ
+gWyW151C6En7YLZY3bIcGXABOfzEdrUmnCY/atDZ+DcQPBg
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:02 2024 by rpki-client on console-ams.rpki-client.org