Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/BEYONDORBIT/COEdACwy04wMuHUAtpKemf4QlfA.roa
File:                     COEdACwy04wMuHUAtpKemf4QlfA.roa (raw, json)
Hash identifier:          akCDtPLmQmzXKJSaZAxnc7t0kNxGvoyWpePHS8xt07E=
Subject key identifier:   08:E1:1D:00:2C:32:D3:8C:0C:B8:75:00:B6:92:9E:99:FE:10:95:F0
Certificate issuer:       /CN=455CD50D82958499FDAFCB0ADF10251F4CAB3E2D
Certificate serial:       0FE7
Authority key identifier: 45:5C:D5:0D:82:95:84:99:FD:AF:CB:0A:DF:10:25:1F:4C:AB:3E:2D
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/RVzVDYKVhJn9r8sK3xAlH0yrPi0.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/BEYONDORBIT/COEdACwy04wMuHUAtpKemf4QlfA.roa
Signing time:             Fri 01 Sep 2023 08:24:42 +0000
ROA not before:           Fri 01 Sep 2023 08:24:42 +0000
ROA not after:            Sat 31 Aug 2024 03:10:53 +0000
asID:                     131675
IP address blocks:        2404:2ec0::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4071 (0xfe7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=455CD50D82958499FDAFCB0ADF10251F4CAB3E2D
        Validity
            Not Before: Sep  1 08:24:42 2023 GMT
            Not After : Aug 31 03:10:53 2024 GMT
        Subject: CN=08E11D002C32D38C0CB87500B6929E99FE1095F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:e6:d5:2a:53:f7:a2:7f:57:e6:8f:3f:3b:ee:
                    fa:d0:bc:e1:8b:9a:0d:9a:6b:f6:53:9b:96:7b:3a:
                    3a:91:a9:0c:51:45:2e:c7:fa:8d:5e:84:66:32:76:
                    0c:ea:ac:ca:32:e6:e8:22:46:e9:c0:dc:6e:96:4c:
                    01:ee:7a:eb:0b:f7:33:0e:16:b4:57:3c:8d:a2:5f:
                    f8:15:2b:a6:d4:ea:00:ee:c6:87:de:e2:be:1a:e8:
                    9b:e0:e8:92:e9:a9:03:ea:24:4d:c0:4a:af:ec:11:
                    c9:8a:4c:f6:db:04:68:96:a1:6d:b3:42:ed:34:dc:
                    dc:7a:13:65:03:1d:15:47:97:40:46:77:22:d7:f5:
                    87:98:bc:16:91:28:55:c4:f0:3e:55:a6:b9:e1:71:
                    ca:49:65:da:92:f7:df:92:b0:6d:06:b5:b6:ef:f3:
                    19:92:e4:30:d7:bf:76:c4:21:a6:19:f2:1e:b5:b9:
                    7a:bc:95:e7:e1:35:73:f9:4c:96:05:63:64:51:be:
                    89:38:23:de:58:f8:b7:61:55:c2:b8:ae:5a:42:e1:
                    1f:45:8e:13:a2:2e:94:3b:aa:77:34:5b:e2:c6:f0:
                    56:99:be:af:b2:6f:91:6e:b2:a1:ac:f5:e2:8e:7b:
                    2f:e1:ff:c8:24:f5:a0:44:c1:1e:86:7d:7c:a0:bf:
                    bf:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:E1:1D:00:2C:32:D3:8C:0C:B8:75:00:B6:92:9E:99:FE:10:95:F0
            X509v3 Authority Key Identifier:
                keyid:45:5C:D5:0D:82:95:84:99:FD:AF:CB:0A:DF:10:25:1F:4C:AB:3E:2D

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/BEYONDORBIT/RVzVDYKVhJn9r8sK3xAlH0yrPi0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/RVzVDYKVhJn9r8sK3xAlH0yrPi0.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/BEYONDORBIT/COEdACwy04wMuHUAtpKemf4QlfA.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:2ec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         87:6a:b1:b8:f4:09:8b:19:c4:91:4c:ee:d0:16:7c:76:b7:20:
         c1:f6:72:2e:eb:c9:16:54:1e:a2:26:6a:10:36:82:e7:2f:1f:
         18:c9:2a:48:98:a9:aa:13:58:1e:0b:f8:26:e1:33:72:f8:d7:
         3c:24:8a:db:da:26:68:43:a9:01:a8:f6:43:21:94:6c:be:27:
         34:9a:2f:97:00:6c:3f:58:92:dd:f5:e7:7d:5e:96:06:c2:31:
         18:0c:9b:6e:fa:3b:54:3a:4c:0c:50:a6:0e:9b:30:45:42:47:
         8b:a3:88:2e:e2:34:d1:9f:ce:a0:ad:37:d9:88:d3:70:71:4e:
         20:01:cf:8e:5b:47:47:e4:16:52:a8:70:93:f2:c5:4d:42:b1:
         f0:39:ee:e0:28:67:3c:3b:11:3c:dc:0a:93:c3:34:08:3e:e1:
         d6:23:17:83:6b:e7:7e:b3:28:ff:8b:24:2b:30:c8:e8:80:4a:
         1d:e9:d7:ad:e9:06:da:26:df:16:d7:71:45:83:03:c6:d9:ea:
         2e:51:44:9c:8e:62:0e:22:97:8a:08:7e:bf:af:a0:b8:df:89:
         ad:d5:d9:f1:bd:bf:1c:3b:85:26:19:e0:6e:07:ab:2d:f2:de:
         0f:5f:f8:35:b2:a5:d1:12:bf:e8:b9:7b:64:5f:a7:70:21:82:
         75:f4:4f:d5
-----BEGIN CERTIFICATE-----
MIIE3TCCA8WgAwIBAgICD+cwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNDU1
Q0Q1MEQ4Mjk1ODQ5OUZEQUZDQjBBREYxMDI1MUY0Q0FCM0UyRDAeFw0yMzA5MDEw
ODI0NDJaFw0yNDA4MzEwMzEwNTNaMDMxMTAvBgNVBAMTKDA4RTExRDAwMkMzMkQz
OEMwQ0I4NzUwMEI2OTI5RTk5RkUxMDk1RjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDv5tUqU/eif1fmjz877vrQvOGLmg2aa/ZTm5Z7OjqRqQxRRS7H
+o1ehGYydgzqrMoy5ugiRunA3G6WTAHueusL9zMOFrRXPI2iX/gVK6bU6gDuxofe
4r4a6Jvg6JLpqQPqJE3ASq/sEcmKTPbbBGiWoW2zQu003Nx6E2UDHRVHl0BGdyLX
9YeYvBaRKFXE8D5VprnhccpJZdqS99+SsG0Gtbbv8xmS5DDXv3bEIaYZ8h61uXq8
lefhNXP5TJYFY2RRvok4I95Y+LdhVcK4rlpC4R9FjhOiLpQ7qnc0W+LG8FaZvq+y
b5FusqGs9eKOey/h/8gk9aBEwR6GfXygv79zAgMBAAGjggH5MIIB9TAdBgNVHQ4E
FgQUCOEdACwy04wMuHUAtpKemf4QlfAwHwYDVR0jBBgwFoAURVzVDYKVhJn9r8sK
3xAlH0yrPi0wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBhBgNVHR8EWjBYMFag
VKBShlByc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvQkVZT05E
T1JCSVQvUlZ6VkRZS1ZoSm45cjhzSzN4QWxIMHlyUGkwLmNybDBgBggrBgEFBQcB
AQRUMFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kv
VFdOSUNDQS9SVnpWRFlLVmhKbjlyOHNLM3hBbEgweXJQaTAuY2VyMA4GA1UdDwEB
/wQEAwIHgDCBoQYIKwYBBQUHAQsEgZQwgZEwXAYIKwYBBQUHMAuGUHJzeW5jOi8v
cnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9CRVlPTkRPUkJJVC9DT0VkQUN3
eTA0d011SFVBdHBLZW1mNFFsZkEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3Jy
ZHAudHduaWMudHcvcnJkcC9ub3RpZnkueG1sMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJAQuwDANBgkqhkiG9w0BAQsFAAOCAQEAh2qxuPQJixnEkUzu0BZ8
drcgwfZyLuvJFlQeoiZqEDaC5y8fGMkqSJipqhNYHgv4JuEzcvjXPCSK29omaEOp
Aaj2QyGUbL4nNJovlwBsP1iS3fXnfV6WBsIxGAybbvo7VDpMDFCmDpswRUJHi6OI
LuI00Z/OoK032YjTcHFOIAHPjltHR+QWUqhwk/LFTUKx8Dnu4ChnPDsRPNwKk8M0
CD7h1iMXg2vnfrMo/4skKzDI6IBKHenXrekG2ibfFtdxRYMDxtnqLlFEnI5iDiKX
igh+v6+guN+JrdXZ8b2/HDuFJhngbgerLfLeD1/4NbKl0RK/6Ll7ZF+ncCGCdfRP
1Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:02 2024 by rpki-client on console-ams.rpki-client.org