Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/TpHNVtnQf6Qxlw9Nry-4CT4TKj0.roa
File:                     TpHNVtnQf6Qxlw9Nry-4CT4TKj0.roa (raw, json)
Hash identifier:          iTudEEr+mkD3Om2A+nFvc1jzN0N6vGq850n4sxCTkk0=
Subject key identifier:   4E:91:CD:56:D9:D0:7F:A4:31:97:0F:4D:AF:2F:B8:09:3E:13:2A:3D
Certificate issuer:       /CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Certificate serial:       0B79
Authority key identifier: 38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/TpHNVtnQf6Qxlw9Nry-4CT4TKj0.roa
Signing time:             Fri 01 Sep 2023 08:56:24 +0000
ROA not before:           Fri 01 Sep 2023 08:56:24 +0000
ROA not after:            Sat 31 Aug 2024 03:10:53 +0000
asID:                     131657
IP address blocks:        103.122.188.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2937 (0xb79)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
        Validity
            Not Before: Sep  1 08:56:24 2023 GMT
            Not After : Aug 31 03:10:53 2024 GMT
        Subject: CN=4E91CD56D9D07FA431970F4DAF2FB8093E132A3D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:69:5d:b4:66:69:71:f0:cd:d8:65:d7:e3:6f:
                    8a:87:e9:08:dc:5f:7a:a6:3b:00:26:b6:3c:c9:1f:
                    f6:11:8a:20:03:7b:71:39:78:23:be:54:63:54:eb:
                    f0:f7:0b:0e:8d:47:e2:98:ef:34:22:ed:9b:8b:79:
                    14:48:42:7d:d2:d8:d2:1c:2d:73:88:8c:3f:4f:1e:
                    32:13:b2:6f:d1:fa:38:4a:c6:a1:42:7f:d2:57:d0:
                    86:c2:8d:c2:c0:fe:b5:00:6a:69:6b:af:61:57:62:
                    33:77:d3:cb:fa:b7:f4:17:59:db:1c:b9:21:4c:01:
                    a0:8f:14:a3:8f:45:f8:1b:25:89:d1:19:4f:79:9a:
                    3a:70:87:00:b2:7e:0a:bb:fc:68:d5:b9:ed:1b:99:
                    58:1c:34:23:df:c0:9f:a4:2b:96:98:7e:a4:4f:22:
                    bd:10:a6:22:12:fb:e3:6b:93:f0:c9:38:95:25:5d:
                    27:6f:62:6f:89:7c:b6:29:20:4b:1c:a0:87:18:ea:
                    e9:1b:7f:88:6b:ba:4f:6a:0d:69:97:17:80:34:9c:
                    27:b6:2d:29:d0:62:76:81:df:cd:3d:62:31:2f:cc:
                    75:17:69:18:4c:85:be:2d:e1:d4:e0:65:65:91:74:
                    bb:a2:ce:5d:e2:02:66:c8:86:8e:ba:5a:3f:da:57:
                    e1:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:91:CD:56:D9:D0:7F:A4:31:97:0F:4D:AF:2F:B8:09:3E:13:2A:3D
            X509v3 Authority Key Identifier:
                keyid:38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/OFcT41n8ucqxLyDbP_GQ_KgeMj4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/TpHNVtnQf6Qxlw9Nry-4CT4TKj0.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.122.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:bf:0a:85:91:a9:11:f5:83:98:f4:8a:be:1b:76:2b:44:46:
         cc:fc:0e:38:ad:15:3d:62:4f:41:6b:1e:db:ce:43:f2:0f:28:
         4a:46:45:ce:b2:34:33:e6:ce:b4:e0:89:84:f4:90:43:d4:95:
         2f:23:9d:46:3c:13:52:22:b5:0a:31:64:02:ab:86:ad:af:14:
         9a:b5:38:a6:ab:81:3a:88:f0:24:4d:c5:07:8d:9e:51:ba:d3:
         6f:8d:32:da:d7:74:09:38:cc:b8:77:e3:dc:c7:a2:a8:8f:cd:
         af:53:64:77:0b:dd:ec:ab:83:79:36:29:00:d8:b3:db:81:ad:
         21:d1:a2:be:67:95:9c:48:67:b7:a1:d2:7d:28:62:df:fd:a3:
         8c:4d:40:61:43:e0:25:c8:a0:06:b0:75:b6:e7:e9:68:79:5d:
         27:ce:26:0f:29:66:f4:be:d0:b2:9f:e3:b1:77:d0:bb:7e:53:
         d8:e6:d3:2a:b1:a5:9e:7d:15:72:0c:7d:c0:2c:69:fc:9a:40:
         43:62:d6:78:44:38:e1:b2:2f:69:f7:8f:22:2f:67:22:12:25:
         90:1c:8b:35:91:d9:4e:40:2c:98:22:f9:5b:41:e2:90:3a:c1:
         26:bf:18:4c:f1:2a:a4:02:62:46:b7:21:08:d8:ea:45:b5:1d:
         11:9f:ef:2a
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgICC3kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzg1
NzEzRTM1OUZDQjlDQUIxMkYyMERCM0ZGMTkwRkNBODFFMzIzRTAeFw0yMzA5MDEw
ODU2MjRaFw0yNDA4MzEwMzEwNTNaMDMxMTAvBgNVBAMTKDRFOTFDRDU2RDlEMDdG
QTQzMTk3MEY0REFGMkZCODA5M0UxMzJBM0QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUaV20Zmlx8M3YZdfjb4qH6QjcX3qmOwAmtjzJH/YRiiADe3E5
eCO+VGNU6/D3Cw6NR+KY7zQi7ZuLeRRIQn3S2NIcLXOIjD9PHjITsm/R+jhKxqFC
f9JX0IbCjcLA/rUAamlrr2FXYjN308v6t/QXWdscuSFMAaCPFKOPRfgbJYnRGU95
mjpwhwCyfgq7/GjVue0bmVgcNCPfwJ+kK5aYfqRPIr0QpiIS++Nrk/DJOJUlXSdv
Ym+JfLYpIEscoIcY6ukbf4hruk9qDWmXF4A0nCe2LSnQYnaB3809YjEvzHUXaRhM
hb4t4dTgZWWRdLuizl3iAmbIho66Wj/aV+FzAgMBAAGjggHyMIIB7jAdBgNVHQ4E
FgQUTpHNVtnQf6Qxlw9Nry+4CT4TKj0wHwYDVR0jBBgwFoAUOFcT41n8ucqxLyDb
P/GQ/KgeMj4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEhSQ09M
VEQvT0ZjVDQxbjh1Y3F4THlEYlBfR1FfS2dlTWo0LmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9PRmNUNDFuOHVjcXhMeURiUF9HUV9LZ2VNajQuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISFJDT0xURC9UcEhOVnRuUWY2UXhs
dzlOcnktNENUNFRLajAucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQCZ3q8MA0GCSqGSIb3DQEBCwUAA4IBAQCTvwqFkakR9YOY9Iq+G3YrREbM/A44
rRU9Yk9Bax7bzkPyDyhKRkXOsjQz5s604ImE9JBD1JUvI51GPBNSIrUKMWQCq4at
rxSatTimq4E6iPAkTcUHjZ5RutNvjTLa13QJOMy4d+Pcx6Koj82vU2R3C93sq4N5
NikA2LPbga0h0aK+Z5WcSGe3odJ9KGLf/aOMTUBhQ+AlyKAGsHW25+loeV0nziYP
KWb0vtCyn+Oxd9C7flPY5tMqsaWefRVyDH3ALGn8mkBDYtZ4RDjhsi9p948iL2ci
EiWQHIs1kdlOQCyYIvlbQeKQOsEmvxhM8SqkAmJGtyEI2OpFtR0Rn+8q
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:36 2024 by rpki-client on console-fra.rpki-client.org