Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/A-EFRkn-AJU5xhhybOktctL39q8.roa
File:                     A-EFRkn-AJU5xhhybOktctL39q8.roa (raw, json)
Hash identifier:          NjbliROEnReOqEBomvITYFWYINMM6ZKC7FTzWCo7C7Q=
Subject key identifier:   03:E1:05:46:49:FE:00:95:39:C6:18:72:6C:E9:2D:72:D2:F7:F6:AF
Certificate issuer:       /CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Certificate serial:       097A
Authority key identifier: 38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/A-EFRkn-AJU5xhhybOktctL39q8.roa
Signing time:             Wed 29 Sep 2021 02:50:32 +0000
ROA not before:           Wed 29 Sep 2021 02:50:32 +0000
ROA not after:            Thu 29 Sep 2022 02:36:22 +0000
asID:                     20473
IP address blocks:        2403:9340::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2426 (0x97a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
        Validity
            Not Before: Sep 29 02:50:32 2021 GMT
            Not After : Sep 29 02:36:22 2022 GMT
        Subject: CN=03E1054649FE009539C618726CE92D72D2F7F6AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:89:45:f0:a5:e1:76:13:c0:bc:47:3d:55:72:
                    05:56:d2:f0:f5:eb:d2:11:ae:9c:ca:23:c3:c4:a9:
                    6f:7b:88:8c:1b:c9:e6:2f:69:a1:92:f8:4b:1a:fd:
                    a7:79:f7:37:f0:e4:c2:a5:c6:df:f0:4d:ca:23:a7:
                    48:3a:05:59:63:9d:79:4d:ee:47:8f:8d:33:eb:d5:
                    5b:08:e3:41:25:20:aa:26:e9:1f:56:8f:76:09:1b:
                    98:8e:d9:e5:6b:db:29:03:5d:5b:c1:80:d8:6c:50:
                    bb:3c:9f:37:42:63:f0:1c:b6:ab:8f:42:c8:02:a5:
                    32:e9:19:88:e6:53:04:86:d4:82:e0:c9:8d:33:b8:
                    8c:99:7e:8a:79:3d:1d:1e:ae:f6:68:ce:2e:0d:f5:
                    51:d1:a2:50:3e:58:dd:d7:61:ee:d6:35:ee:09:03:
                    cc:ac:09:8f:f8:9e:d3:f8:4d:9f:10:69:05:c9:13:
                    1b:83:7a:0b:ce:f1:a2:cc:49:33:ff:67:91:b5:d7:
                    ef:8a:50:20:5d:04:a6:81:35:3f:1a:ba:f8:49:ac:
                    4d:8d:a0:a4:e8:e4:47:5c:53:a9:6c:58:0e:46:f6:
                    42:6b:5a:e4:6b:cf:60:90:b5:7a:3c:e6:fa:ad:d6:
                    84:db:64:1b:bc:8b:90:dc:0b:64:b0:53:92:45:a8:
                    30:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:E1:05:46:49:FE:00:95:39:C6:18:72:6C:E9:2D:72:D2:F7:F6:AF
            X509v3 Authority Key Identifier:
                keyid:38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/OFcT41n8ucqxLyDbP_GQ_KgeMj4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/A-EFRkn-AJU5xhhybOktctL39q8.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:9340::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:15:75:c4:e8:aa:47:b0:49:d7:41:e0:e3:82:50:dc:7d:e1:
         63:83:5e:21:80:84:b0:ee:01:f8:cb:cb:25:a9:f2:e4:7b:69:
         f5:48:ae:16:c0:71:64:0f:84:5f:32:20:f6:93:d7:6f:8e:3e:
         1b:6b:51:82:f0:12:b0:c2:ce:9d:80:68:f2:0c:62:c9:d1:7f:
         ea:f5:c5:61:e3:f2:7f:2b:6b:39:e3:b4:10:19:f4:8c:e9:06:
         e8:9d:0c:d7:27:c4:17:20:2f:ab:7a:c7:6f:a2:2a:64:14:8d:
         9a:e6:20:43:3e:79:5d:e6:1f:37:3d:7e:df:32:7c:97:74:eb:
         88:7c:d7:31:53:59:be:41:90:0e:74:27:b9:ec:43:ec:1b:08:
         f9:ca:eb:db:a0:15:67:f4:60:16:f6:e3:2e:d7:91:20:9e:e9:
         92:c6:0d:c9:f8:3d:75:63:06:2c:3b:c6:51:91:13:00:5f:fc:
         24:ab:5a:c1:19:4d:5f:59:15:fa:07:52:d0:6b:9e:2c:23:88:
         08:7b:08:b0:d0:1f:b9:5e:98:40:3b:cd:38:57:93:33:87:95:
         62:38:9f:2d:53:00:62:30:75:ba:8a:e6:08:f2:46:05:bb:fe:
         36:c0:f6:3f:9e:37:1c:20:9d:3b:91:d9:17:a0:b0:16:bf:66:
         c3:06:89:f7
-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgICCXowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzg1
NzEzRTM1OUZDQjlDQUIxMkYyMERCM0ZGMTkwRkNBODFFMzIzRTAeFw0yMTA5Mjkw
MjUwMzJaFw0yMjA5MjkwMjM2MjJaMDMxMTAvBgNVBAMTKDAzRTEwNTQ2NDlGRTAw
OTUzOUM2MTg3MjZDRTkyRDcyRDJGN0Y2QUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQD3iUXwpeF2E8C8Rz1VcgVW0vD169IRrpzKI8PEqW97iIwbyeYv
aaGS+Esa/ad59zfw5MKlxt/wTcojp0g6BVljnXlN7kePjTPr1VsI40ElIKom6R9W
j3YJG5iO2eVr2ykDXVvBgNhsULs8nzdCY/ActquPQsgCpTLpGYjmUwSG1ILgyY0z
uIyZfop5PR0ervZozi4N9VHRolA+WN3XYe7WNe4JA8ysCY/4ntP4TZ8QaQXJExuD
egvO8aLMSTP/Z5G11++KUCBdBKaBNT8auvhJrE2NoKTo5EdcU6lsWA5G9kJrWuRr
z2CQtXo85vqt1oTbZBu8i5DcC2SwU5JFqDAFAgMBAAGjggHzMIIB7zAdBgNVHQ4E
FgQUA+EFRkn+AJU5xhhybOktctL39q8wHwYDVR0jBBgwFoAUOFcT41n8ucqxLyDb
P/GQ/KgeMj4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEhSQ09M
VEQvT0ZjVDQxbjh1Y3F4THlEYlBfR1FfS2dlTWo0LmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9PRmNUNDFuOHVjcXhMeURiUF9HUV9LZ2VNajQuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISFJDT0xURC9BLUVGUmtuLUFKVTV4
aGh5Yk9rdGN0TDM5cTgucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAH
AwUAJAOTQDANBgkqhkiG9w0BAQsFAAOCAQEAhRV1xOiqR7BJ10Hg44JQ3H3hY4Ne
IYCEsO4B+MvLJany5Htp9UiuFsBxZA+EXzIg9pPXb44+G2tRgvASsMLOnYBo8gxi
ydF/6vXFYePyfytrOeO0EBn0jOkG6J0M1yfEFyAvq3rHb6IqZBSNmuYgQz55XeYf
Nz1+3zJ8l3TriHzXMVNZvkGQDnQnuexD7BsI+crr26AVZ/RgFvbjLteRIJ7pksYN
yfg9dWMGLDvGUZETAF/8JKtawRlNX1kV+gdS0GueLCOICHsIsNAfuV6YQDvNOFeT
M4eVYjifLVMAYjB1uormCPJGBbv+NsD2P543HCCdO5HZF6CwFr9mwwaJ9w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:07 2024 by rpki-client on console-ams.rpki-client.org