Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/JZyJsBzGkH4hNggUatyB0ixZ8to.roa
File:                     JZyJsBzGkH4hNggUatyB0ixZ8to.roa (raw, json)
Hash identifier:          pxoD8j0WnkBDcKUOhvmon5Nj1pRx1h6mOG32T1ShHSQ=
Subject key identifier:   25:9C:89:B0:1C:C6:90:7E:21:36:08:14:6A:DC:81:D2:2C:59:F2:DA
Certificate issuer:       /CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Certificate serial:       0766
Authority key identifier: 38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/JZyJsBzGkH4hNggUatyB0ixZ8to.roa
Signing time:             Tue 29 Sep 2020 09:58:08 +0000
ROA not before:           Tue 29 Sep 2020 09:58:08 +0000
ROA not after:            Wed 29 Sep 2021 09:51:23 +0000
asID:                     131657
IP address blocks:        103.122.190.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1894 (0x766)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
        Validity
            Not Before: Sep 29 09:58:08 2020 GMT
            Not After : Sep 29 09:51:23 2021 GMT
        Subject: CN=259C89B01CC6907E213608146ADC81D22C59F2DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:80:bf:0e:d6:4e:3f:2d:06:43:a6:1c:cd:47:
                    08:04:58:80:a8:5f:2a:56:93:41:22:7f:02:48:8f:
                    2d:65:73:32:42:33:ca:4a:f2:eb:73:3e:11:09:9e:
                    9e:a0:d3:3d:e6:b2:d4:03:08:cd:85:3d:79:e3:13:
                    d9:87:e6:3b:51:78:26:4d:00:53:81:1b:d2:50:91:
                    d1:af:1c:26:92:fb:84:3a:cc:3e:c6:d4:85:9f:33:
                    ad:ea:be:78:be:7e:25:07:9b:6e:bb:8f:e3:b5:71:
                    d9:08:6e:a9:81:f3:88:c8:f2:0b:0c:9e:38:2c:d8:
                    c2:60:49:71:68:ae:c0:f8:30:02:56:6b:61:f5:74:
                    4b:9c:d8:87:e5:6f:55:16:88:62:89:56:56:a8:70:
                    64:f7:f3:8d:82:1e:e7:cc:40:e2:6d:e3:7d:8b:c4:
                    12:0f:55:01:f4:d2:36:b2:7b:b3:3f:0b:dd:ab:dc:
                    67:23:01:cb:e9:2d:d5:10:80:ed:66:7b:56:1e:4e:
                    9f:f6:96:8b:16:88:c7:49:fd:2a:60:df:00:29:9d:
                    0f:28:d4:c7:b2:77:e8:ac:16:09:7c:e9:c4:41:fe:
                    cc:c7:db:2f:dd:c9:60:17:18:c5:38:0e:1c:5b:0e:
                    ce:ca:6b:4e:c9:02:c6:94:88:30:a4:3c:d4:52:f9:
                    43:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:9C:89:B0:1C:C6:90:7E:21:36:08:14:6A:DC:81:D2:2C:59:F2:DA
            X509v3 Authority Key Identifier:
                keyid:38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/OFcT41n8ucqxLyDbP_GQ_KgeMj4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/JZyJsBzGkH4hNggUatyB0ixZ8to.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.122.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:d8:40:a9:ec:4a:22:68:9f:6e:95:9e:b7:c8:68:2a:ec:ef:
         15:8e:2d:f8:ea:11:d0:1e:46:64:a6:2b:0f:bf:c0:b2:7d:64:
         c4:9f:b6:92:c2:66:f8:f8:e0:9a:85:f5:fc:e5:4e:b6:ec:94:
         93:fa:06:ee:16:9a:20:3a:ec:64:b9:ee:63:62:f0:bc:29:8f:
         d2:8d:19:be:f7:f4:5f:a1:e9:33:47:e4:1d:26:40:25:64:7b:
         1c:3d:40:7c:9a:d8:9e:a2:74:f3:65:3f:e0:bf:ea:db:3b:df:
         15:f4:7a:ff:95:97:83:05:70:3f:83:12:13:ac:1e:92:5f:20:
         8b:07:e9:0d:5e:e5:4f:d3:eb:a9:80:fd:ac:01:f9:7b:42:72:
         02:14:2c:22:f6:fc:63:2f:cc:ba:15:0a:c2:65:85:34:00:37:
         c7:b3:40:da:62:e4:75:7c:cd:53:16:4b:78:91:60:a4:54:41:
         09:d1:0c:3d:87:50:86:37:b3:ae:2d:04:cc:26:5b:09:a1:80:
         a9:0f:50:2b:df:f7:95:98:d8:1f:a8:df:d2:b5:57:a7:b9:d7:
         56:66:d1:fd:ba:16:d4:f4:d1:78:d7:3c:26:5f:35:37:90:b1:
         bf:88:83:21:fa:2c:6f:8e:30:42:f7:ad:b5:50:93:b5:04:00:
         39:b5:12:fb
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgICB2YwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzg1
NzEzRTM1OUZDQjlDQUIxMkYyMERCM0ZGMTkwRkNBODFFMzIzRTAeFw0yMDA5Mjkw
OTU4MDhaFw0yMTA5MjkwOTUxMjNaMDMxMTAvBgNVBAMTKDI1OUM4OUIwMUNDNjkw
N0UyMTM2MDgxNDZBREM4MUQyMkM1OUYyREEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDxgL8O1k4/LQZDphzNRwgEWICoXypWk0EifwJIjy1lczJCM8pK
8utzPhEJnp6g0z3mstQDCM2FPXnjE9mH5jtReCZNAFOBG9JQkdGvHCaS+4Q6zD7G
1IWfM63qvni+fiUHm267j+O1cdkIbqmB84jI8gsMnjgs2MJgSXForsD4MAJWa2H1
dEuc2Iflb1UWiGKJVlaocGT3842CHufMQOJt432LxBIPVQH00jaye7M/C92r3Gcj
AcvpLdUQgO1me1YeTp/2losWiMdJ/Spg3wApnQ8o1Meyd+isFgl86cRB/szH2y/d
yWAXGMU4DhxbDs7Ka07JAsaUiDCkPNRS+UM/AgMBAAGjggHyMIIB7jAdBgNVHQ4E
FgQUJZyJsBzGkH4hNggUatyB0ixZ8towHwYDVR0jBBgwFoAUOFcT41n8ucqxLyDb
P/GQ/KgeMj4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEhSQ09M
VEQvT0ZjVDQxbjh1Y3F4THlEYlBfR1FfS2dlTWo0LmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9PRmNUNDFuOHVjcXhMeURiUF9HUV9LZ2VNajQuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISFJDT0xURC9KWnlKc0J6R2tINGhO
Z2dVYXR5QjBpeFo4dG8ucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQAZ3q+MA0GCSqGSIb3DQEBCwUAA4IBAQBE2ECp7EoiaJ9ulZ63yGgq7O8Vji34
6hHQHkZkpisPv8CyfWTEn7aSwmb4+OCahfX85U627JST+gbuFpogOuxkue5jYvC8
KY/SjRm+9/RfoekzR+QdJkAlZHscPUB8mtieonTzZT/gv+rbO98V9Hr/lZeDBXA/
gxITrB6SXyCLB+kNXuVP0+upgP2sAfl7QnICFCwi9vxjL8y6FQrCZYU0ADfHs0Da
YuR1fM1TFkt4kWCkVEEJ0Qw9h1CGN7OuLQTMJlsJoYCpD1Ar3/eVmNgfqN/StVen
uddWZtH9uhbU9NF41zwmXzU3kLG/iIMh+ixvjjBC9621UJO1BAA5tRL7
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:07 2024 by rpki-client on console-ams.rpki-client.org