Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/DHD7-CPvaiq83QL-L_ffX52WgHA.roa
File:                     DHD7-CPvaiq83QL-L_ffX52WgHA.roa (raw, json)
Hash identifier:          0BN23evlGDy8WCFE0kYKdAauTKHVxp1usijHAhJE/NE=
Subject key identifier:   0C:70:FB:F8:23:EF:6A:2A:BC:DD:02:FE:2F:F7:DF:5F:9D:96:80:70
Certificate issuer:       /CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Certificate serial:       0A68
Authority key identifier: 38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/DHD7-CPvaiq83QL-L_ffX52WgHA.roa
Signing time:             Thu 15 Sep 2022 02:47:50 +0000
ROA not before:           Thu 15 Sep 2022 02:47:50 +0000
ROA not after:            Wed 06 Sep 2023 03:00:35 +0000
asID:                     131657
IP address blocks:        103.122.190.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2664 (0xa68)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
        Validity
            Not Before: Sep 15 02:47:50 2022 GMT
            Not After : Sep  6 03:00:35 2023 GMT
        Subject: CN=0C70FBF823EF6A2ABCDD02FE2FF7DF5F9D968070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f7:a6:8a:71:d6:0a:9f:f7:04:f6:46:1b:13:
                    dd:0c:8a:3a:f8:89:8d:75:dc:30:c3:75:83:ec:6b:
                    1b:d6:e9:cf:65:3d:60:d9:1c:1f:69:67:d1:50:66:
                    29:3b:af:2c:6a:0c:db:62:2f:05:39:9a:d8:2f:04:
                    e0:3b:ba:5a:31:6e:4d:3d:c9:13:c0:f2:d0:bb:bb:
                    54:cc:ac:21:be:df:da:31:3c:d2:fc:11:df:ac:88:
                    0f:23:a6:23:76:7c:0e:9b:4f:44:b9:be:77:5c:8e:
                    5f:70:2a:81:fe:e3:3e:3f:2c:a0:cd:fe:75:a5:99:
                    d3:b2:6f:c7:8e:fe:c8:2a:63:5b:aa:75:d1:84:ab:
                    82:4b:91:64:0d:bc:23:c8:92:ca:23:ad:67:19:aa:
                    51:38:a4:0c:06:ae:ba:34:b1:79:a4:5c:16:4e:2a:
                    9c:82:be:2d:ff:3d:4b:92:c2:6f:24:d3:dc:a9:2e:
                    67:ac:b7:8b:f7:6b:b2:85:15:58:f5:b5:b4:f4:9f:
                    98:3b:88:fb:eb:45:5b:b4:d1:16:f0:e0:26:2f:47:
                    34:47:8a:63:f0:b7:fd:b4:6d:22:ed:f0:c9:e3:9c:
                    8b:e1:d0:fa:a1:2a:c5:f4:52:a6:48:6c:a5:ca:98:
                    af:09:c3:ea:a6:79:49:8e:cc:38:ab:c0:d0:00:95:
                    3e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:70:FB:F8:23:EF:6A:2A:BC:DD:02:FE:2F:F7:DF:5F:9D:96:80:70
            X509v3 Authority Key Identifier:
                keyid:38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/OFcT41n8ucqxLyDbP_GQ_KgeMj4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/DHD7-CPvaiq83QL-L_ffX52WgHA.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.122.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:48:b6:79:5c:32:16:c8:0d:b5:36:cc:e5:0e:af:3b:cf:04:
         b9:c7:59:83:ea:0b:a1:c0:5a:a9:42:fd:c7:47:70:f8:89:64:
         b9:db:db:5d:55:70:59:8d:c2:59:5c:b8:dd:2c:81:cc:9e:81:
         d6:78:85:4b:ba:87:8c:c7:b9:b7:0f:3f:8e:44:4a:8b:ec:91:
         14:5e:38:da:49:a1:a1:ff:ad:aa:02:49:f5:b2:fd:99:ff:5a:
         c8:ee:4d:9e:2e:f5:33:7d:48:7a:f0:9d:50:71:c4:05:9b:45:
         53:ce:ed:90:08:b0:9f:78:ef:39:43:63:de:4c:c3:14:56:c8:
         78:ad:37:00:be:a5:9f:e3:af:a1:80:7e:90:66:3d:e0:f9:75:
         58:82:18:e7:ed:dd:a9:13:40:ed:8e:f6:17:7e:20:c1:91:e8:
         0a:e6:50:aa:2b:d3:58:74:fe:21:6b:1d:27:ea:9b:ef:3c:de:
         30:01:ca:a1:2e:38:f3:07:f4:43:38:c8:d4:8b:6b:08:da:07:
         b8:0f:b4:65:04:e6:ea:3b:9f:b4:81:b2:4a:34:e1:27:15:bb:
         46:9c:16:0c:a2:12:b1:49:05:e5:a4:2a:9f:dd:2e:60:2b:f7:
         d3:73:77:bc:23:48:da:09:4a:78:87:06:92:89:56:6a:f2:af:
         b5:eb:ea:27
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgICCmgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzg1
NzEzRTM1OUZDQjlDQUIxMkYyMERCM0ZGMTkwRkNBODFFMzIzRTAeFw0yMjA5MTUw
MjQ3NTBaFw0yMzA5MDYwMzAwMzVaMDMxMTAvBgNVBAMTKDBDNzBGQkY4MjNFRjZB
MkFCQ0REMDJGRTJGRjdERjVGOUQ5NjgwNzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC/96aKcdYKn/cE9kYbE90Mijr4iY113DDDdYPsaxvW6c9lPWDZ
HB9pZ9FQZik7ryxqDNtiLwU5mtgvBOA7uloxbk09yRPA8tC7u1TMrCG+39oxPNL8
Ed+siA8jpiN2fA6bT0S5vndcjl9wKoH+4z4/LKDN/nWlmdOyb8eO/sgqY1uqddGE
q4JLkWQNvCPIksojrWcZqlE4pAwGrro0sXmkXBZOKpyCvi3/PUuSwm8k09ypLmes
t4v3a7KFFVj1tbT0n5g7iPvrRVu00Rbw4CYvRzRHimPwt/20bSLt8MnjnIvh0Pqh
KsX0UqZIbKXKmK8Jw+qmeUmOzDirwNAAlT7nAgMBAAGjggHyMIIB7jAdBgNVHQ4E
FgQUDHD7+CPvaiq83QL+L/ffX52WgHAwHwYDVR0jBBgwFoAUOFcT41n8ucqxLyDb
P/GQ/KgeMj4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEhSQ09M
VEQvT0ZjVDQxbjh1Y3F4THlEYlBfR1FfS2dlTWo0LmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9PRmNUNDFuOHVjcXhMeURiUF9HUV9LZ2VNajQuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISFJDT0xURC9ESEQ3LUNQdmFpcTgz
UUwtTF9mZlg1MldnSEEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQAZ3q+MA0GCSqGSIb3DQEBCwUAA4IBAQAaSLZ5XDIWyA21NszlDq87zwS5x1mD
6guhwFqpQv3HR3D4iWS529tdVXBZjcJZXLjdLIHMnoHWeIVLuoeMx7m3Dz+OREqL
7JEUXjjaSaGh/62qAkn1sv2Z/1rI7k2eLvUzfUh68J1QccQFm0VTzu2QCLCfeO85
Q2PeTMMUVsh4rTcAvqWf46+hgH6QZj3g+XVYghjn7d2pE0DtjvYXfiDBkegK5lCq
K9NYdP4hax0n6pvvPN4wAcqhLjjzB/RDOMjUi2sI2ge4D7RlBObqO5+0gbJKNOEn
FbtGnBYMohKxSQXlpCqf3S5gK/fTc3e8I0jaCUp4hwaSiVZq8q+16+on
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:07 2024 by rpki-client on console-ams.rpki-client.org