Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/R-brw2e0uWHs7Cec3Dw0Sm77sYc.roa
File:                     R-brw2e0uWHs7Cec3Dw0Sm77sYc.roa (raw, json)
Hash identifier:          0kc02i6VatO1wBBXaJPt6HjLmQ9EUzwfNS+ESYL0rMk=
Subject key identifier:   47:E6:EB:C3:67:B4:B9:61:EC:EC:27:9C:DC:3C:34:4A:6E:FB:B1:87
Certificate issuer:       /CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Certificate serial:       076C
Authority key identifier: 38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/R-brw2e0uWHs7Cec3Dw0Sm77sYc.roa
Signing time:             Tue 29 Sep 2020 09:58:10 +0000
ROA not before:           Tue 29 Sep 2020 09:58:10 +0000
ROA not after:            Wed 29 Sep 2021 09:51:23 +0000
asID:                     134823
IP address blocks:        103.122.188.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1900 (0x76c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
        Validity
            Not Before: Sep 29 09:58:10 2020 GMT
            Not After : Sep 29 09:51:23 2021 GMT
        Subject: CN=47E6EBC367B4B961ECEC279CDC3C344A6EFBB187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:df:6f:52:29:c2:7e:2c:f4:c4:b5:e7:eb:0b:
                    b7:ea:04:46:7a:ab:49:06:2e:47:ac:02:1d:b2:7a:
                    c4:81:36:28:6b:3a:9e:17:02:84:39:e6:ef:cf:7e:
                    88:15:6c:d4:25:44:a7:10:1d:4c:a7:ea:06:3a:26:
                    8e:43:71:0a:13:55:cf:0c:cd:42:8f:e6:b6:4f:ac:
                    11:de:52:11:55:ca:40:4b:d4:34:48:02:d2:80:8b:
                    fe:d0:59:db:b5:ac:4c:2f:bc:fc:52:5d:c1:ff:2f:
                    9b:a8:a1:89:fa:72:82:6a:38:08:71:18:d0:bc:64:
                    7d:a1:85:06:7a:1f:21:e1:40:bf:6e:c5:e9:7a:b3:
                    a0:97:cf:64:ae:54:f0:86:10:bc:10:03:61:41:e4:
                    59:9e:d9:b5:f7:1e:16:8d:e8:ef:4b:d2:2d:c0:f8:
                    ff:b5:b9:c0:0a:c6:9f:27:cf:04:5a:6b:c3:23:b6:
                    b3:c9:a1:07:50:1e:0e:13:07:87:c8:4a:b4:a8:1e:
                    9b:f4:07:26:c1:9a:dd:4e:76:e7:af:40:58:38:49:
                    56:cf:4c:59:f4:27:cf:41:be:af:45:74:86:29:2e:
                    ce:fa:ea:63:8c:79:8a:6c:6f:7d:cc:8c:9a:73:4d:
                    f6:e6:ef:82:7c:38:0b:64:99:56:0d:a0:ac:fe:6b:
                    77:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:E6:EB:C3:67:B4:B9:61:EC:EC:27:9C:DC:3C:34:4A:6E:FB:B1:87
            X509v3 Authority Key Identifier:
                keyid:38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/OFcT41n8ucqxLyDbP_GQ_KgeMj4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/R-brw2e0uWHs7Cec3Dw0Sm77sYc.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.122.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:d5:12:b6:9a:7d:b9:ef:c1:50:9b:4b:77:7c:e4:bd:17:19:
         d0:e4:37:52:67:50:38:73:08:d9:3f:c4:d7:b1:cf:0e:dd:1f:
         a6:31:4f:66:57:0d:b3:cc:0e:e5:db:93:1c:df:50:4e:64:93:
         d7:29:a2:c0:64:71:5d:d9:06:d5:7c:67:a8:2b:04:f6:04:06:
         cf:ef:13:fe:fa:1c:35:03:f0:b9:31:ee:3d:e5:62:a1:e9:12:
         f2:a2:65:6b:28:0d:f3:50:77:fd:bf:80:cb:c7:67:c9:49:e7:
         66:4d:f4:b5:10:31:4a:e8:58:fb:b0:4b:5f:fc:92:b2:e3:d0:
         51:1f:46:68:72:a8:d0:47:ed:af:a9:e8:37:83:c4:90:b1:a2:
         b5:4c:c0:3c:de:f3:dd:1c:cb:6f:e9:29:5e:51:3e:fa:07:3e:
         fa:8d:dd:ef:70:3e:0d:68:7d:06:98:5f:ca:f7:89:76:51:6d:
         ba:af:32:07:e1:0b:4f:b9:f7:71:51:dc:e5:5d:98:56:d1:7d:
         de:76:b9:70:49:bf:ae:62:bf:c2:6f:7e:fc:59:76:97:e2:42:
         59:de:52:64:b5:91:f9:e8:8e:b4:73:ad:99:c2:77:ae:72:96:
         7c:30:89:d3:b5:94:14:d3:84:7d:26:62:42:60:74:27:07:12:
         96:9e:d8:7e
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgICB2wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzg1
NzEzRTM1OUZDQjlDQUIxMkYyMERCM0ZGMTkwRkNBODFFMzIzRTAeFw0yMDA5Mjkw
OTU4MTBaFw0yMTA5MjkwOTUxMjNaMDMxMTAvBgNVBAMTKDQ3RTZFQkMzNjdCNEI5
NjFFQ0VDMjc5Q0RDM0MzNDRBNkVGQkIxODcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDQ329SKcJ+LPTEtefrC7fqBEZ6q0kGLkesAh2yesSBNihrOp4X
AoQ55u/PfogVbNQlRKcQHUyn6gY6Jo5DcQoTVc8MzUKP5rZPrBHeUhFVykBL1DRI
AtKAi/7QWdu1rEwvvPxSXcH/L5uooYn6coJqOAhxGNC8ZH2hhQZ6HyHhQL9uxel6
s6CXz2SuVPCGELwQA2FB5Fme2bX3HhaN6O9L0i3A+P+1ucAKxp8nzwRaa8MjtrPJ
oQdQHg4TB4fISrSoHpv0BybBmt1OduevQFg4SVbPTFn0J89Bvq9FdIYpLs766mOM
eYpsb33MjJpzTfbm74J8OAtkmVYNoKz+a3eVAgMBAAGjggHyMIIB7jAdBgNVHQ4E
FgQUR+brw2e0uWHs7Cec3Dw0Sm77sYcwHwYDVR0jBBgwFoAUOFcT41n8ucqxLyDb
P/GQ/KgeMj4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEhSQ09M
VEQvT0ZjVDQxbjh1Y3F4THlEYlBfR1FfS2dlTWo0LmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9PRmNUNDFuOHVjcXhMeURiUF9HUV9LZ2VNajQuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISFJDT0xURC9SLWJydzJlMHVXSHM3
Q2VjM0R3MFNtNzdzWWMucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQAZ3q8MA0GCSqGSIb3DQEBCwUAA4IBAQCQ1RK2mn2578FQm0t3fOS9FxnQ5DdS
Z1A4cwjZP8TXsc8O3R+mMU9mVw2zzA7l25Mc31BOZJPXKaLAZHFd2QbVfGeoKwT2
BAbP7xP++hw1A/C5Me495WKh6RLyomVrKA3zUHf9v4DLx2fJSedmTfS1EDFK6Fj7
sEtf/JKy49BRH0ZocqjQR+2vqeg3g8SQsaK1TMA83vPdHMtv6SleUT76Bz76jd3v
cD4NaH0GmF/K94l2UW26rzIH4QtPufdxUdzlXZhW0X3edrlwSb+uYr/Cb378WXaX
4kJZ3lJktZH56I60c62ZwneucpZ8MInTtZQU04R9JmJCYHQnBxKWnth+
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:36 2024 by rpki-client on console-fra.rpki-client.org