Route Origin Authorization

$ rpki-client -vvf dev.tw/rpki/AS945/5/326131333a633030373a383130303a3a2f34302d3438203d3e20323135323332.roa
File:                     326131333a633030373a383130303a3a2f34302d3438203d3e20323135323332.roa (raw, json)
Hash identifier:          UUagBs8SeUSGyBHOT5W+P3Ak/xG0U9JziAlIh91OvUg=
Subject key identifier:   49:01:48:E5:CD:E9:75:EA:0D:1D:85:91:85:15:D6:0F:EC:58:D9:4A
Certificate issuer:       /CN=A5B1E05036940FBC80C2944856DC1168E62E2364
Certificate serial:       4510E03E11DCAD9BBFAFCC7EF4494845213CAE9D
Authority key identifier: A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64
Authority info access:    rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer
Subject info access:      rsync://dev.tw/rpki/AS945/5/326131333a633030373a383130303a3a2f34302d3438203d3e20323135323332.roa
Signing time:             Wed 23 Oct 2024 06:39:08 +0000
ROA not before:           Wed 23 Oct 2024 06:34:08 +0000
ROA not after:            Wed 22 Oct 2025 06:39:08 +0000
asID:                     215232
IP address blocks:        2a13:c007:8100::/40 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:10:e0:3e:11:dc:ad:9b:bf:af:cc:7e:f4:49:48:45:21:3c:ae:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A5B1E05036940FBC80C2944856DC1168E62E2364
        Validity
            Not Before: Oct 23 06:34:08 2024 GMT
            Not After : Oct 22 06:39:08 2025 GMT
        Subject: CN=490148E5CDE975EA0D1D85918515D60FEC58D94A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1d:4a:26:d6:81:7a:9d:19:06:0e:fc:c8:fe:
                    62:3d:e0:d5:bd:6a:e6:a5:24:bf:12:e6:b8:30:63:
                    bd:01:b5:23:90:84:7c:34:91:0b:d2:10:81:9f:3a:
                    18:ce:12:c8:02:90:e1:2a:88:7e:2b:82:9a:89:c0:
                    c8:77:fd:be:a3:af:1b:1f:31:ae:aa:1f:5b:ec:f2:
                    21:ea:ad:ca:70:d7:09:33:95:36:54:ce:38:18:d0:
                    41:42:ce:ad:76:f9:bc:5e:a5:05:5e:04:38:5a:7f:
                    04:1d:09:63:6f:72:17:81:b4:f1:86:b1:23:0d:60:
                    4f:e5:88:fb:53:1c:15:84:c9:bc:29:e8:84:a9:07:
                    c2:c7:78:79:b3:bb:69:ef:e1:61:54:43:87:ba:e7:
                    4f:d6:6e:48:ab:b0:17:e1:e0:c3:3c:c9:75:90:95:
                    ae:09:f0:1e:9b:6d:64:c6:e2:e0:51:10:e9:71:05:
                    13:ae:37:d6:08:f6:58:7d:27:50:63:30:92:e0:44:
                    1f:6e:4f:30:9c:b0:e5:34:91:7a:0c:7d:81:c7:08:
                    8b:34:4d:40:27:d9:c8:59:2f:a7:45:81:55:d8:0c:
                    81:93:bc:50:7b:07:ee:0f:97:68:1c:18:90:9f:46:
                    1b:e7:26:5f:39:a3:d8:aa:c1:34:2d:65:5d:ae:09:
                    c4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:01:48:E5:CD:E9:75:EA:0D:1D:85:91:85:15:D6:0F:EC:58:D9:4A
            X509v3 Authority Key Identifier:
                keyid:A5:B1:E0:50:36:94:0F:BC:80:C2:94:48:56:DC:11:68:E6:2E:23:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://dev.tw/rpki/AS945/5/A5B1E05036940FBC80C2944856DC1168E62E2364.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/1/A5B1E05036940FBC80C2944856DC1168E62E2364.cer

            Subject Information Access:
                Signed Object - URI:rsync://dev.tw/rpki/AS945/5/326131333a633030373a383130303a3a2f34302d3438203d3e20323135323332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:8100::/40

    Signature Algorithm: sha256WithRSAEncryption
         31:59:ce:b2:19:8d:ad:8e:4d:a2:3b:63:09:e4:81:90:13:93:
         9c:79:8c:8f:05:df:f7:f7:ba:c1:2d:d0:80:40:73:b1:41:17:
         86:39:8e:3c:8f:56:76:c0:b1:87:45:07:76:de:ea:7c:09:bd:
         a0:83:84:30:87:b8:9c:54:1b:ac:16:68:7f:6d:22:a7:f6:2a:
         48:1a:bf:33:b8:49:84:fe:ab:05:ba:53:39:12:05:59:f7:1f:
         a3:42:da:95:09:46:a7:74:e3:65:1a:42:8a:b0:4d:8f:d0:d5:
         91:1d:af:73:d0:fd:9e:c1:c1:a8:60:93:2b:10:3d:ce:2e:5e:
         ce:b9:f4:60:45:81:3f:4f:0e:a0:a1:70:cb:f5:80:ba:53:c5:
         bb:08:4f:c0:b0:67:4e:e1:d2:c6:b8:88:dd:f0:bd:b5:0f:6e:
         49:64:7f:06:3e:b2:0b:22:01:be:38:95:19:1b:49:13:d8:3a:
         51:c0:15:92:d0:7b:1a:cb:58:c5:66:82:27:3c:c7:de:4b:3d:
         70:42:eb:5f:17:c8:a0:29:ad:d7:28:fb:92:08:2d:21:87:e1:
         f4:34:ec:c9:47:e2:6c:c9:4c:aa:9e:74:97:18:c7:67:79:f1:
         6e:a8:d4:e4:82:42:ae:c0:e7:4b:33:f7:6e:4f:8c:99:c2:27:
         da:0c:65:1d
-----BEGIN CERTIFICATE-----
MIIExzCCA6+gAwIBAgIURRDgPhHcrZu/r8x+9ElIRSE8rp0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhF
NjJFMjM2NDAeFw0yNDEwMjMwNjM0MDhaFw0yNTEwMjIwNjM5MDhaMDMxMTAvBgNV
BAMTKDQ5MDE0OEU1Q0RFOTc1RUEwRDFEODU5MTg1MTVENjBGRUM1OEQ5NEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBHUom1oF6nRkGDvzI/mI94NW9
aualJL8S5rgwY70BtSOQhHw0kQvSEIGfOhjOEsgCkOEqiH4rgpqJwMh3/b6jrxsf
Ma6qH1vs8iHqrcpw1wkzlTZUzjgY0EFCzq12+bxepQVeBDhafwQdCWNvcheBtPGG
sSMNYE/liPtTHBWEybwp6ISpB8LHeHmzu2nv4WFUQ4e650/WbkirsBfh4MM8yXWQ
la4J8B6bbWTG4uBREOlxBROuN9YI9lh9J1BjMJLgRB9uTzCcsOU0kXoMfYHHCIs0
TUAn2chZL6dFgVXYDIGTvFB7B+4Pl2gcGJCfRhvnJl85o9iqwTQtZV2uCcTzAgMB
AAGjggHRMIIBzTAdBgNVHQ4EFgQUSQFI5c3pdeoNHYWRhRXWD+xY2UowHwYDVR0j
BBgwFoAUpbHgUDaUD7yAwpRIVtwRaOYuI2QwDgYDVR0PAQH/BAQDAgeAMFkGA1Ud
HwRSMFAwTqBMoEqGSHJzeW5jOi8vZGV2LnR3L3Jwa2kvQVM5NDUvNS9BNUIxRTA1
MDM2OTQwRkJDODBDMjk0NDg1NkRDMTE2OEU2MkUyMzY0LmNybDBlBggrBgEFBQcB
AQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzEv
QTVCMUUwNTAzNjk0MEZCQzgwQzI5NDQ4NTZEQzExNjhFNjJFMjM2NC5jZXIwfAYI
KwYBBQUHAQsEcDBuMGwGCCsGAQUFBzALhmByc3luYzovL2Rldi50dy9ycGtpL0FT
OTQ1LzUvMzI2MTMxMzMzYTYzMzAzMDM3M2EzODMxMzAzMDNhM2EyZjM0MzAyZDM0
MzgyMDNkM2UyMDMyMzEzNTMyMzMzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEF
BQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoTwAeBMA0GCSqGSIb3
DQEBCwUAA4IBAQAxWc6yGY2tjk2iO2MJ5IGQE5OceYyPBd/397rBLdCAQHOxQReG
OY48j1Z2wLGHRQd23up8Cb2gg4Qwh7icVBusFmh/bSKn9ipIGr8zuEmE/qsFulM5
EgVZ9x+jQtqVCUandONlGkKKsE2P0NWRHa9z0P2ewcGoYJMrED3OLl7OufRgRYE/
Tw6goXDL9YC6U8W7CE/AsGdO4dLGuIjd8L21D25JZH8GPrILIgG+OJUZG0kT2DpR
wBWS0Hsay1jFZoInPMfeSz1wQutfF8igKa3XKPuSCC0hh+H0NOzJR+JsyUyqnnSX
GMdnefFuqNTkgkKuwOdLM/duT4yZwifaDGUd
-----END CERTIFICATE-----
Generated at Mon Nov 25 22:25:03 2024 by rpki-client on console-ams.rpki-client.org