Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/4vVaQxa1TbnGywdR0GouEC8GNkw.roa
File:                     4vVaQxa1TbnGywdR0GouEC8GNkw.roa (raw, json)
Hash identifier:          IDu86ecOUBz/nZ05cnYea999oZCUmAIBMqVhOm2dbBA=
Subject key identifier:   E2:F5:5A:43:16:B5:4D:B9:C6:CB:07:51:D0:6A:2E:10:2F:06:36:4C
Certificate issuer:       /CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Certificate serial:       0A68
Authority key identifier: 38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/4vVaQxa1TbnGywdR0GouEC8GNkw.roa
Signing time:             Thu 15 Sep 2022 02:47:50 +0000
ROA not before:           Thu 15 Sep 2022 02:47:50 +0000
ROA not after:            Wed 06 Sep 2023 03:00:35 +0000
asID:                     20473
IP address blocks:        2403:9340::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2664 (0xa68)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
        Validity
            Not Before: Sep 15 02:47:50 2022 GMT
            Not After : Sep  6 03:00:35 2023 GMT
        Subject: CN=E2F55A4316B54DB9C6CB0751D06A2E102F06364C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:bf:88:2f:3d:73:6d:ef:b2:e7:8f:d4:64:29:
                    68:51:1b:a7:ae:62:67:c6:b4:7a:04:6b:cb:4f:31:
                    2a:24:63:54:a6:f7:aa:dd:a9:25:27:8a:14:6f:63:
                    19:72:1b:33:d5:bc:8c:a7:97:54:ea:96:36:0c:83:
                    90:a6:b2:3f:21:52:34:fd:e2:2c:14:1c:b8:c0:32:
                    49:2b:3f:10:e0:b7:94:d4:9b:be:59:54:09:de:dd:
                    ba:6e:22:52:22:0d:70:d1:72:b8:ea:5e:35:6d:6e:
                    42:56:ef:8c:7a:47:23:7b:3d:72:2a:f0:a3:65:74:
                    bf:2b:cf:12:60:35:e6:d2:e4:82:85:c6:fa:d8:f4:
                    24:f7:61:37:b8:a3:f6:fb:ae:64:5e:a7:6b:de:8b:
                    56:94:85:22:a8:bc:06:10:ae:00:b8:51:02:8a:ef:
                    2c:e9:00:f0:a5:18:1a:04:1a:16:c1:0c:5a:be:09:
                    e8:90:c6:90:98:2c:54:58:0a:ab:1a:66:51:9f:b6:
                    d8:87:23:4b:37:37:a2:5e:30:8d:41:75:e3:9a:20:
                    23:57:c5:eb:f6:15:62:1c:d5:48:59:d0:51:ef:a4:
                    36:1c:0e:3d:63:19:3c:31:54:ef:95:72:67:fb:e7:
                    a4:a9:f0:c9:16:cd:d9:7c:03:d1:9d:b5:79:ee:9c:
                    b0:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:F5:5A:43:16:B5:4D:B9:C6:CB:07:51:D0:6A:2E:10:2F:06:36:4C
            X509v3 Authority Key Identifier:
                keyid:38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/OFcT41n8ucqxLyDbP_GQ_KgeMj4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/4vVaQxa1TbnGywdR0GouEC8GNkw.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:9340::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:9a:c4:87:d3:4d:d9:e4:4c:23:a9:24:d6:5e:93:1f:b2:63:
         3d:d2:0f:d2:b6:d4:e1:43:73:92:a0:05:99:37:2d:51:a8:82:
         0e:dd:1d:91:4b:95:da:27:87:a1:10:0b:4b:10:1d:a3:05:32:
         de:b2:ef:3e:4d:75:e4:ab:06:41:83:03:ae:29:f3:05:1e:4b:
         e0:2f:c5:83:2a:2a:5a:c3:53:bb:34:b5:37:dc:be:c9:ae:0e:
         31:69:5a:41:aa:b0:9a:00:64:6f:da:24:12:0f:ef:77:cf:0f:
         9d:3c:fa:16:fa:8b:a0:9c:36:51:d9:78:34:5a:67:3b:45:70:
         3e:aa:8c:62:fd:90:7c:40:3f:c9:59:e7:c9:9e:2d:e6:8a:5a:
         22:d8:b9:bd:90:5c:e5:a0:b2:80:8a:26:00:ed:38:03:5a:0f:
         6d:95:64:92:54:0b:b0:70:a9:5d:c2:0c:02:27:64:fe:8c:c2:
         2a:f1:7c:ef:f3:81:2a:5a:56:a7:31:ca:11:82:46:3a:46:e1:
         a4:27:42:d4:d8:0e:cb:30:be:70:21:ea:d4:20:ac:98:cd:42:
         82:db:9b:16:4c:89:9d:a8:72:7f:47:6d:b7:cd:55:47:34:5d:
         0b:34:c6:06:f3:40:3b:00:7a:c3:8a:0a:4e:5e:f9:38:a2:39:
         c4:6b:99:97
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICCmgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzg1
NzEzRTM1OUZDQjlDQUIxMkYyMERCM0ZGMTkwRkNBODFFMzIzRTAeFw0yMjA5MTUw
MjQ3NTBaFw0yMzA5MDYwMzAwMzVaMDMxMTAvBgNVBAMTKEUyRjU1QTQzMTZCNTRE
QjlDNkNCMDc1MUQwNkEyRTEwMkYwNjM2NEMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLv4gvPXNt77Lnj9RkKWhRG6euYmfGtHoEa8tPMSokY1Sm96rd
qSUnihRvYxlyGzPVvIynl1TqljYMg5Cmsj8hUjT94iwUHLjAMkkrPxDgt5TUm75Z
VAne3bpuIlIiDXDRcrjqXjVtbkJW74x6RyN7PXIq8KNldL8rzxJgNebS5IKFxvrY
9CT3YTe4o/b7rmRep2vei1aUhSKovAYQrgC4UQKK7yzpAPClGBoEGhbBDFq+CeiQ
xpCYLFRYCqsaZlGfttiHI0s3N6JeMI1BdeOaICNXxev2FWIc1UhZ0FHvpDYcDj1j
GTwxVO+Vcmf756Sp8MkWzdl8A9GdtXnunLCxAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQU4vVaQxa1TbnGywdR0GouEC8GNkwwHwYDVR0jBBgwFoAUOFcT41n8ucqxLyDb
P/GQ/KgeMj4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEhSQ09M
VEQvT0ZjVDQxbjh1Y3F4THlEYlBfR1FfS2dlTWo0LmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9PRmNUNDFuOHVjcXhMeURiUF9HUV9LZ2VNajQuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISFJDT0xURC80dlZhUXhhMVRibkd5
d2RSMEdvdUVDOEdOa3cucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAJAOTQDANBgkqhkiG9w0BAQsFAAOCAQEAFprEh9NN2eRMI6kk1l6TH7JjPdIP
0rbU4UNzkqAFmTctUaiCDt0dkUuV2ieHoRALSxAdowUy3rLvPk115KsGQYMDrinz
BR5L4C/FgyoqWsNTuzS1N9y+ya4OMWlaQaqwmgBkb9okEg/vd88PnTz6FvqLoJw2
Udl4NFpnO0VwPqqMYv2QfEA/yVnnyZ4t5opaIti5vZBc5aCygIomAO04A1oPbZVk
klQLsHCpXcIMAidk/ozCKvF87/OBKlpWpzHKEYJGOkbhpCdC1NgOyzC+cCHq1CCs
mM1CgtubFkyJnahyf0dtt81VRzRdCzTGBvNAOwB6w4oKTl75OKI5xGuZlw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:07 2024 by rpki-client on console-ams.rpki-client.org