Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/4oXfaEIYw4Ppya6F8smnT1O10h8.roa
File:                     4oXfaEIYw4Ppya6F8smnT1O10h8.roa (raw, json)
Hash identifier:          kRWNcZC0WVJzFbnWk7BNhrBKijoaS4Be8Tf1vLRmfxk=
Subject key identifier:   E2:85:DF:68:42:18:C3:83:E9:C9:AE:85:F2:C9:A7:4F:53:B5:D2:1F
Certificate issuer:       /CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Certificate serial:       0B6F
Authority key identifier: 38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/4oXfaEIYw4Ppya6F8smnT1O10h8.roa
Signing time:             Fri 01 Sep 2023 08:56:22 +0000
ROA not before:           Fri 01 Sep 2023 08:56:22 +0000
ROA not after:            Sat 31 Aug 2024 03:10:53 +0000
asID:                     131657
IP address blocks:        103.122.189.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2927 (0xb6f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
        Validity
            Not Before: Sep  1 08:56:22 2023 GMT
            Not After : Aug 31 03:10:53 2024 GMT
        Subject: CN=E285DF684218C383E9C9AE85F2C9A74F53B5D21F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:73:2d:1e:34:03:c9:a7:e5:c5:b1:1e:7d:0c:
                    b5:32:e5:98:b8:6a:99:5e:bd:b1:22:b3:be:6d:47:
                    a5:b3:58:97:75:f1:2b:46:cc:49:39:63:b7:89:d1:
                    bd:75:a4:52:12:d9:8e:58:a1:9d:be:47:a2:66:38:
                    33:5e:f6:c5:01:b1:84:11:5c:d5:c1:cf:ba:a9:d6:
                    71:83:02:00:49:bb:65:d2:f5:91:1c:ff:76:f1:4a:
                    46:10:3e:ed:54:1f:d2:a9:95:99:fb:b1:ef:1a:f5:
                    05:aa:2f:c7:c3:ca:0f:12:f7:46:8f:0b:28:c7:4c:
                    e3:94:68:37:d0:a2:2f:18:c5:67:e3:8c:f7:6f:fe:
                    91:35:c8:00:af:1d:ae:7a:21:f5:fb:0a:c9:4b:d5:
                    44:a5:d0:de:3c:48:2c:9f:f4:97:54:4e:59:cf:14:
                    09:33:92:23:1a:1b:45:4e:b5:ee:db:66:cc:0d:be:
                    8a:de:ab:04:03:17:61:f2:58:89:fe:18:9a:b5:cd:
                    d4:5c:e5:f1:34:4d:f4:fa:34:75:ad:e4:95:5d:ec:
                    04:1c:80:fa:80:33:25:8e:74:53:91:c2:c6:99:8c:
                    ad:5b:a9:8a:4f:89:52:9c:3e:90:ec:87:c8:73:46:
                    8a:b8:0b:9e:6c:2e:60:ae:83:17:bb:e5:6d:5e:65:
                    fb:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:85:DF:68:42:18:C3:83:E9:C9:AE:85:F2:C9:A7:4F:53:B5:D2:1F
            X509v3 Authority Key Identifier:
                keyid:38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/OFcT41n8ucqxLyDbP_GQ_KgeMj4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/4oXfaEIYw4Ppya6F8smnT1O10h8.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.122.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:9d:e3:6d:84:15:a1:e8:c2:e6:b3:8c:a2:39:15:c3:16:10:
         28:2b:3b:b8:1a:a0:18:e0:2d:81:e2:ba:31:69:6e:6c:da:49:
         68:af:a9:96:08:e5:b9:1d:f0:1c:61:64:c6:bd:37:c2:f9:18:
         6c:0f:0c:73:4f:ae:06:aa:00:7d:d3:1a:58:e6:ae:b9:50:69:
         dc:23:50:a9:8f:79:7e:e1:55:19:ce:51:8e:88:dd:5f:76:96:
         52:ba:53:cf:a0:46:a3:60:1f:3b:51:88:46:52:22:c6:6b:c9:
         1b:76:f3:7e:29:0b:da:95:8a:9e:2e:39:96:0d:24:b9:07:f2:
         ea:e4:e4:a8:a5:12:e6:4c:26:df:76:bf:8d:7a:38:cd:f1:14:
         39:29:d2:7f:87:21:d2:28:d2:36:fe:a0:44:64:f0:b3:f6:d3:
         5b:8e:71:b1:16:c9:6d:cd:08:0f:6b:94:2d:64:55:9e:65:80:
         6d:68:47:1c:7a:c5:90:81:df:39:21:38:05:04:6b:9a:de:ec:
         aa:bc:a1:ec:f9:9b:13:1e:47:14:09:22:19:53:73:05:56:10:
         3e:d9:a2:b3:93:3e:ee:c3:0b:23:b1:a4:ce:8e:20:41:68:32:
         77:e3:f5:63:5c:a4:4c:b6:fe:c0:58:9c:9a:8b:ec:91:d9:a1:
         29:db:6e:6c
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgICC28wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzg1
NzEzRTM1OUZDQjlDQUIxMkYyMERCM0ZGMTkwRkNBODFFMzIzRTAeFw0yMzA5MDEw
ODU2MjJaFw0yNDA4MzEwMzEwNTNaMDMxMTAvBgNVBAMTKEUyODVERjY4NDIxOEMz
ODNFOUM5QUU4NUYyQzlBNzRGNTNCNUQyMUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDPcy0eNAPJp+XFsR59DLUy5Zi4aplevbEis75tR6WzWJd18StG
zEk5Y7eJ0b11pFIS2Y5YoZ2+R6JmODNe9sUBsYQRXNXBz7qp1nGDAgBJu2XS9ZEc
/3bxSkYQPu1UH9KplZn7se8a9QWqL8fDyg8S90aPCyjHTOOUaDfQoi8YxWfjjPdv
/pE1yACvHa56IfX7CslL1USl0N48SCyf9JdUTlnPFAkzkiMaG0VOte7bZswNvore
qwQDF2HyWIn+GJq1zdRc5fE0TfT6NHWt5JVd7AQcgPqAMyWOdFORwsaZjK1bqYpP
iVKcPpDsh8hzRoq4C55sLmCugxe75W1eZfvrAgMBAAGjggHyMIIB7jAdBgNVHQ4E
FgQU4oXfaEIYw4Ppya6F8smnT1O10h8wHwYDVR0jBBgwFoAUOFcT41n8ucqxLyDb
P/GQ/KgeMj4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEhSQ09M
VEQvT0ZjVDQxbjh1Y3F4THlEYlBfR1FfS2dlTWo0LmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9PRmNUNDFuOHVjcXhMeURiUF9HUV9LZ2VNajQuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISFJDT0xURC80b1hmYUVJWXc0UHB5
YTZGOHNtblQxTzEwaDgucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQAZ3q9MA0GCSqGSIb3DQEBCwUAA4IBAQA3neNthBWh6MLms4yiORXDFhAoKzu4
GqAY4C2B4roxaW5s2klor6mWCOW5HfAcYWTGvTfC+RhsDwxzT64GqgB90xpY5q65
UGncI1Cpj3l+4VUZzlGOiN1fdpZSulPPoEajYB87UYhGUiLGa8kbdvN+KQvalYqe
LjmWDSS5B/Lq5OSopRLmTCbfdr+NejjN8RQ5KdJ/hyHSKNI2/qBEZPCz9tNbjnGx
FsltzQgPa5QtZFWeZYBtaEccesWQgd85ITgFBGua3uyqvKHs+ZsTHkcUCSIZU3MF
VhA+2aKzkz7uwwsjsaTOjiBBaDJ34/VjXKRMtv7AWJyai+yR2aEp225s
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:36 2024 by rpki-client on console-fra.rpki-client.org