Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/GARENATW/gaAzLSgBW2PJq3nMg0K9ZfdKQgk.roa
File:                     gaAzLSgBW2PJq3nMg0K9ZfdKQgk.roa (raw, json)
Hash identifier:          nfNk2Bfi7AJSkr7xNYIVSB5S/MN+ffxITfYnDaYCxSs=
Subject key identifier:   81:A0:33:2D:28:01:5B:63:C9:AB:79:CC:83:42:BD:65:F7:4A:42:09
Certificate issuer:       /CN=261E03DBE27DFCD8B3E0C55F2F0433EA022D1D4B
Certificate serial:       0762
Authority key identifier: 26:1E:03:DB:E2:7D:FC:D8:B3:E0:C5:5F:2F:04:33:EA:02:2D:1D:4B
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/Jh4D2-J9_Niz4MVfLwQz6gItHUs.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/GARENATW/gaAzLSgBW2PJq3nMg0K9ZfdKQgk.roa
Signing time:             Tue 29 Sep 2020 10:03:44 +0000
ROA not before:           Tue 29 Sep 2020 10:03:44 +0000
ROA not after:            Wed 29 Sep 2021 09:51:23 +0000
asID:                     9924
IP address blocks:        103.121.178.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1890 (0x762)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=261E03DBE27DFCD8B3E0C55F2F0433EA022D1D4B
        Validity
            Not Before: Sep 29 10:03:44 2020 GMT
            Not After : Sep 29 09:51:23 2021 GMT
        Subject: CN=81A0332D28015B63C9AB79CC8342BD65F74A4209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:eb:9d:d5:fa:e8:85:12:07:d7:7b:90:fb:dd:
                    33:32:4c:20:f4:d0:40:2e:bf:6c:54:55:5f:63:42:
                    b4:c3:43:bd:a3:c6:8f:64:74:56:6a:18:58:89:83:
                    54:8e:26:cc:94:42:b9:16:f5:72:52:d4:50:00:61:
                    62:68:27:fa:34:23:8e:3d:a3:29:d6:17:88:27:c3:
                    6e:67:35:77:d0:f6:38:85:16:c5:41:36:bd:0b:61:
                    c7:e4:d9:c5:69:5b:d3:8a:01:de:92:cc:98:aa:5a:
                    89:3d:40:fd:47:d2:99:a5:e5:eb:34:c3:cf:9e:3e:
                    14:62:66:16:db:b6:c4:3e:6e:07:e9:59:84:5b:6c:
                    97:55:26:81:55:a1:46:81:11:5c:f0:0e:a1:b3:8b:
                    7f:88:60:27:6c:38:7a:fb:52:6a:40:ff:20:60:ee:
                    ee:b1:97:1a:d9:79:7e:ff:e4:5a:d9:33:8b:b8:55:
                    8e:39:72:6f:1e:4f:7f:1d:e0:80:a0:1f:23:a4:d5:
                    40:32:da:ad:89:1c:b3:9b:c3:cf:21:e5:40:9b:78:
                    84:1f:18:d6:44:26:9e:4e:96:81:8e:70:ea:a3:e6:
                    31:f9:fb:b0:3e:58:a5:6b:2e:3f:66:a4:55:5a:b2:
                    5b:b3:30:ba:81:1d:6f:d1:a0:e0:5f:a2:5b:c5:a0:
                    ed:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:A0:33:2D:28:01:5B:63:C9:AB:79:CC:83:42:BD:65:F7:4A:42:09
            X509v3 Authority Key Identifier:
                keyid:26:1E:03:DB:E2:7D:FC:D8:B3:E0:C5:5F:2F:04:33:EA:02:2D:1D:4B

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/GARENATW/Jh4D2-J9_Niz4MVfLwQz6gItHUs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/Jh4D2-J9_Niz4MVfLwQz6gItHUs.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/GARENATW/gaAzLSgBW2PJq3nMg0K9ZfdKQgk.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.121.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:25:f4:2c:d8:af:11:70:fa:f6:11:5d:6c:c8:6b:b7:33:ce:
         01:4b:3b:d0:b3:0f:87:63:ea:19:28:8f:e5:ca:4b:7a:1b:68:
         19:73:3c:d2:d6:24:51:30:ff:e2:3b:71:56:97:ac:63:36:20:
         92:f4:72:d8:55:57:08:fe:c5:44:f9:5e:7a:84:6f:30:90:5e:
         ad:1a:62:09:bd:de:8a:92:b9:f5:1b:0f:81:11:70:6a:ce:b0:
         d5:22:de:01:37:13:1e:eb:69:66:e2:05:2f:13:26:69:d8:3a:
         50:a6:03:9d:c9:40:51:2e:b9:58:e1:e9:1c:c9:5e:55:17:13:
         27:c0:c8:e6:d5:89:40:e2:dd:43:fd:c1:d8:4e:f5:65:0e:89:
         3f:48:db:91:53:3e:80:f5:bf:5d:b7:3c:a4:cc:d1:b3:b1:41:
         e2:f8:27:d7:db:0f:e2:75:39:69:17:c4:da:06:f7:a4:c9:3d:
         e0:02:f5:12:a7:30:8c:38:af:e5:89:59:48:c9:1b:1a:1f:3e:
         d2:74:48:8f:14:27:ad:9f:2c:38:b9:25:d2:14:99:7a:2e:4f:
         64:bb:0e:6c:98:91:d4:df:72:68:b3:8d:af:e9:a5:d3:ab:e7:
         3e:ef:fe:61:c2:a9:4a:12:6a:db:8b:a3:63:ac:a3:09:05:85:
         0e:57:da:0c
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgICB2IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMjYx
RTAzREJFMjdERkNEOEIzRTBDNTVGMkYwNDMzRUEwMjJEMUQ0QjAeFw0yMDA5Mjkx
MDAzNDRaFw0yMTA5MjkwOTUxMjNaMDMxMTAvBgNVBAMTKDgxQTAzMzJEMjgwMTVC
NjNDOUFCNzlDQzgzNDJCRDY1Rjc0QTQyMDkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCo653V+uiFEgfXe5D73TMyTCD00EAuv2xUVV9jQrTDQ72jxo9k
dFZqGFiJg1SOJsyUQrkW9XJS1FAAYWJoJ/o0I449oynWF4gnw25nNXfQ9jiFFsVB
Nr0LYcfk2cVpW9OKAd6SzJiqWok9QP1H0pml5es0w8+ePhRiZhbbtsQ+bgfpWYRb
bJdVJoFVoUaBEVzwDqGzi3+IYCdsOHr7UmpA/yBg7u6xlxrZeX7/5FrZM4u4VY45
cm8eT38d4ICgHyOk1UAy2q2JHLObw88h5UCbeIQfGNZEJp5OloGOcOqj5jH5+7A+
WKVrLj9mpFVasluzMLqBHW/RoOBfolvFoO0dAgMBAAGjggHyMIIB7jAdBgNVHQ4E
FgQUgaAzLSgBW2PJq3nMg0K9ZfdKQgkwHwYDVR0jBBgwFoAUJh4D2+J9/Niz4MVf
LwQz6gItHUswGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvR0FSRU5B
VFcvSmg0RDItSjlfTml6NE1WZkx3UXo2Z0l0SFVzLmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9KaDREMi1KOV9OaXo0TVZmTHdRejZnSXRIVXMuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9HQVJFTkFUVy9nYUF6TFNnQlcyUEpx
M25NZzBLOVpmZEtRZ2sucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQAZ3myMA0GCSqGSIb3DQEBCwUAA4IBAQCAJfQs2K8RcPr2EV1syGu3M84BSzvQ
sw+HY+oZKI/lykt6G2gZczzS1iRRMP/iO3FWl6xjNiCS9HLYVVcI/sVE+V56hG8w
kF6tGmIJvd6Kkrn1Gw+BEXBqzrDVIt4BNxMe62lm4gUvEyZp2DpQpgOdyUBRLrlY
4ekcyV5VFxMnwMjm1YlA4t1D/cHYTvVlDok/SNuRUz6A9b9dtzykzNGzsUHi+CfX
2w/idTlpF8TaBvekyT3gAvUSpzCMOK/liVlIyRsaHz7SdEiPFCetnyw4uSXSFJl6
Lk9kuw5smJHU33Jos42v6aXTq+c+7/5hwqlKEmrbi6NjrKMJBYUOV9oM
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:36 2024 by rpki-client on console-fra.rpki-client.org