Route Origin Authorization
$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/CROWN/zYOAda_dqYRG58pmgs8vinnq5-c.roa
File: zYOAda_dqYRG58pmgs8vinnq5-c.roa (raw, json)
Hash identifier: FyJblzVJYYm6VU1Em4UXnYkW/6mC/dzjGb7qre+u5+k=
Subject key identifier: CD:83:80:75:AF:DD:A9:84:46:E7:CA:66:82:CF:2F:8A:79:EA:E7:E7
Certificate issuer: /CN=4A7B5FFF97B89C87BDBFD46164EE924A87D696E9
Certificate serial: 0102
Authority key identifier: 4A:7B:5F:FF:97:B8:9C:87:BD:BF:D4:61:64:EE:92:4A:87:D6:96:E9
Authority info access: rsync://rpkica.twnic.tw/rpki/TWNICCA/Sntf_5e4nIe9v9RhZO6SSofWluk.cer
Subject info access: rsync://rpkica.twnic.tw/rpki/TWNICCA/CROWN/zYOAda_dqYRG58pmgs8vinnq5-c.roa
Signing time: Mon 26 Aug 2024 05:11:48 +0000
ROA not before: Mon 26 Aug 2024 05:11:48 +0000
ROA not after: Tue 26 Aug 2025 01:57:03 +0000
asID: 131642
IP address blocks: 2401:29e0::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 258 (0x102)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4A7B5FFF97B89C87BDBFD46164EE924A87D696E9
Validity
Not Before: Aug 26 05:11:48 2024 GMT
Not After : Aug 26 01:57:03 2025 GMT
Subject: CN=CD838075AFDDA98446E7CA6682CF2F8A79EAE7E7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:f7:e2:00:dd:f1:1f:e9:04:ec:6f:84:e4:8f:
30:c4:f9:c2:c4:8a:41:1e:13:d0:27:54:b6:a5:a1:
d2:36:32:b3:c1:04:d9:b3:0b:b8:b6:9e:92:3c:63:
79:ad:ef:dd:d4:cf:ff:1c:94:1b:53:77:62:fd:2f:
e7:53:68:ad:93:d3:00:8d:b6:64:a9:3b:24:5b:25:
d7:ea:e1:72:16:28:7c:72:ec:54:5a:f9:a5:56:c7:
d2:fd:35:f1:ce:fa:c8:4d:ad:fe:bf:ff:7d:fa:2f:
b2:5c:33:ca:87:c3:2e:47:b5:00:18:d1:55:ed:0d:
a9:45:b2:a1:33:56:b6:88:10:bd:e2:06:b6:05:cd:
13:c8:8e:75:c0:f4:ac:93:e7:00:85:49:28:59:c8:
94:a0:f3:31:d4:34:ed:dd:56:5c:01:67:15:85:50:
41:77:01:65:81:02:74:53:51:c9:63:67:d9:18:ef:
49:9e:9e:4b:f6:1f:22:1b:b3:c4:e3:4a:ac:55:98:
2c:2d:b0:5c:2d:a8:55:54:09:64:91:4d:8a:e9:33:
6f:bd:62:cd:d9:61:40:bc:eb:2f:25:ad:6f:71:b9:
e0:64:20:bb:e4:2d:db:4a:89:01:99:25:7c:f5:df:
64:21:c2:fd:30:08:e7:c8:85:a2:c9:83:92:34:86:
cd:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:83:80:75:AF:DD:A9:84:46:E7:CA:66:82:CF:2F:8A:79:EA:E7:E7
X509v3 Authority Key Identifier:
keyid:4A:7B:5F:FF:97:B8:9C:87:BD:BF:D4:61:64:EE:92:4A:87:D6:96:E9
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CROWN/Sntf_5e4nIe9v9RhZO6SSofWluk.crl
Authority Information Access:
CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/Sntf_5e4nIe9v9RhZO6SSofWluk.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/CROWN/zYOAda_dqYRG58pmgs8vinnq5-c.roa
RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2401:29e0::/32
Signature Algorithm: sha256WithRSAEncryption
54:e4:40:3c:9d:97:4b:50:d8:d8:64:48:a7:ec:6e:33:9d:f8:
4a:b1:3a:cc:4e:d5:29:eb:02:00:dd:34:9a:6f:4f:1b:4c:2c:
28:d7:49:6f:68:fe:22:d4:85:81:f4:e4:07:fb:60:1a:7a:d5:
4e:8c:ad:f3:31:c4:60:04:02:4b:f7:e0:a1:40:79:00:10:09:
c9:20:d1:e4:f0:31:70:7a:db:f4:3e:4e:ce:4e:44:d1:04:f4:
50:c9:34:7d:db:5f:d7:01:94:a1:77:31:dc:94:26:c1:71:1a:
32:d0:7d:bd:0d:07:ae:b8:1b:c6:41:06:85:c1:83:64:21:a9:
a1:13:dc:a3:4f:2e:b3:5d:d6:1a:1d:ac:89:39:7c:ab:88:f3:
cf:05:2e:49:50:f1:c4:92:d1:c9:c4:f2:6b:a3:09:3f:b4:05:
7f:1e:5c:d4:99:6f:d3:bd:ab:1a:b2:49:e9:05:ca:71:52:d9:
6d:4f:53:b1:63:74:95:e4:f8:ea:30:12:26:bd:75:bf:3f:96:
6b:08:40:49:b9:23:6c:f8:7c:a0:57:39:f6:92:ab:fb:0c:a5:
bc:67:28:f7:97:85:44:23:e8:f6:69:83:d3:60:94:60:bc:cc:
d5:c9:22:42:5b:a6:f8:8e:37:35:23:28:99:1e:b1:64:ab:6d:
32:8e:e0:3d
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgICAQIwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNEE3
QjVGRkY5N0I4OUM4N0JEQkZENDYxNjRFRTkyNEE4N0Q2OTZFOTAeFw0yNDA4MjYw
NTExNDhaFw0yNTA4MjYwMTU3MDNaMDMxMTAvBgNVBAMTKENEODM4MDc1QUZEREE5
ODQ0NkU3Q0E2NjgyQ0YyRjhBNzlFQUU3RTcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCy9+IA3fEf6QTsb4TkjzDE+cLEikEeE9AnVLalodI2MrPBBNmz
C7i2npI8Y3mt793Uz/8clBtTd2L9L+dTaK2T0wCNtmSpOyRbJdfq4XIWKHxy7FRa
+aVWx9L9NfHO+shNrf6//336L7JcM8qHwy5HtQAY0VXtDalFsqEzVraIEL3iBrYF
zRPIjnXA9KyT5wCFSShZyJSg8zHUNO3dVlwBZxWFUEF3AWWBAnRTUcljZ9kY70me
nkv2HyIbs8TjSqxVmCwtsFwtqFVUCWSRTYrpM2+9Ys3ZYUC86y8lrW9xueBkILvk
LdtKiQGZJXz132Qhwv0wCOfIhaLJg5I0hs1LAgMBAAGjggHtMIIB6TAdBgNVHQ4E
FgQUzYOAda/dqYRG58pmgs8vinnq5+cwHwYDVR0jBBgwFoAUSntf/5e4nIe9v9Rh
ZO6SSofWlukwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQ1JPV04v
U250Zl81ZTRuSWU5djlSaFpPNlNTb2ZXbHVrLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS9TbnRmXzVlNG5JZTl2OVJoWk82U1NvZldsdWsuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9DUk9XTi96WU9BZGFfZHFZUkc1OHBtZ3M4
dmlubnE1LWMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAJAEp
4DANBgkqhkiG9w0BAQsFAAOCAQEAVORAPJ2XS1DY2GRIp+xuM534SrE6zE7VKesC
AN00mm9PG0wsKNdJb2j+ItSFgfTkB/tgGnrVToyt8zHEYAQCS/fgoUB5ABAJySDR
5PAxcHrb9D5Ozk5E0QT0UMk0fdtf1wGUoXcx3JQmwXEaMtB9vQ0HrrgbxkEGhcGD
ZCGpoRPco08us13WGh2siTl8q4jzzwUuSVDxxJLRycTya6MJP7QFfx5c1Jlv072r
GrJJ6QXKcVLZbU9TsWN0leT46jASJr11vz+WawhASbkjbPh8oFc59pKr+wylvGco
95eFRCPo9mmD02CUYLzM1ckiQlum+I43NSMomR6xZKttMo7gPQ==
-----END CERTIFICATE-----
Generated at Fri Apr 18 23:45:50 2025 by rpki-client