Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/ZVBHqxWse42Y4giWLUCP_JUUogQ.roa
File:                     ZVBHqxWse42Y4giWLUCP_JUUogQ.roa (raw, json)
Hash identifier:          ZwrQI6N1cm3+aWg5FMXgeewueIEXISsqJ/wEbpDulpE=
Subject key identifier:   65:50:47:AB:15:AC:7B:8D:98:E2:08:96:2D:40:8F:FC:95:14:A2:04
Certificate issuer:       /CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Certificate serial:       0A8E
Authority key identifier: 38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/ZVBHqxWse42Y4giWLUCP_JUUogQ.roa
Signing time:             Sun 06 Nov 2022 13:14:16 +0000
ROA not before:           Sun 06 Nov 2022 13:14:16 +0000
ROA not after:            Wed 06 Sep 2023 03:00:35 +0000
asID:                     134823
IP address blocks:        103.122.188.0/22 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2702 (0xa8e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
        Validity
            Not Before: Nov  6 13:14:16 2022 GMT
            Not After : Sep  6 03:00:35 2023 GMT
        Subject: CN=655047AB15AC7B8D98E208962D408FFC9514A204
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7a:cd:43:50:75:79:21:01:e9:71:99:02:7e:
                    b3:55:33:8e:ea:5f:7d:cf:c6:22:51:51:74:9e:eb:
                    4f:ae:61:c3:88:11:c8:ea:93:c2:ec:4d:2a:40:0e:
                    e9:28:e7:eb:7e:65:5b:d7:29:e7:27:39:aa:48:7b:
                    15:fb:7e:7b:e2:d5:c2:7c:7d:c2:cd:42:03:fb:a3:
                    5f:26:9e:1a:cf:31:c8:52:18:a1:ec:18:b6:3f:cb:
                    72:aa:8f:33:61:79:94:dd:be:3f:65:e3:b1:0a:d3:
                    9a:45:b2:53:54:8e:74:8f:d7:ed:e2:50:dd:df:40:
                    93:aa:63:93:92:97:5e:13:67:03:75:59:64:c9:04:
                    5f:ca:80:13:b1:d1:70:f8:4d:b3:b9:34:82:06:cd:
                    46:7a:38:5b:f0:b3:56:32:70:aa:b5:53:de:fb:b4:
                    76:e3:b6:f9:f7:1f:08:0c:15:bc:b6:5b:6e:55:92:
                    f0:7b:2e:7b:4b:0c:a8:8d:ac:83:27:24:24:0d:fb:
                    7c:df:b8:d0:65:99:d3:d9:3b:c4:06:86:bf:97:8a:
                    b3:ba:71:b5:50:1d:91:df:58:22:98:fc:f3:8d:f4:
                    da:79:c6:ea:78:9f:31:39:5d:3a:da:cb:14:a9:cc:
                    66:5f:1c:31:af:51:1f:0b:16:86:19:06:31:f6:a4:
                    13:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:50:47:AB:15:AC:7B:8D:98:E2:08:96:2D:40:8F:FC:95:14:A2:04
            X509v3 Authority Key Identifier:
                keyid:38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/OFcT41n8ucqxLyDbP_GQ_KgeMj4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/ZVBHqxWse42Y4giWLUCP_JUUogQ.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.122.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:55:02:59:d4:47:16:ea:f4:2d:a9:a7:df:36:3d:5c:e8:68:
         71:e5:ec:4a:22:f6:de:ec:ca:9f:a7:ed:3e:90:02:f2:f4:5c:
         6e:9e:fb:4c:5a:3d:2c:ee:90:32:77:41:02:99:98:11:b5:f6:
         3e:95:0b:70:ce:33:74:93:17:0a:7b:75:cd:5a:1c:50:75:f2:
         d8:a3:b7:82:55:c2:32:bc:05:f1:16:cd:49:4b:b9:ba:42:7c:
         51:83:b5:74:4c:9f:2b:46:45:11:2a:8b:a1:03:4d:58:97:99:
         2e:2e:c7:8a:dd:85:da:47:38:95:c9:06:a1:de:94:6f:e7:ee:
         64:1a:42:0b:42:a4:1a:74:58:9a:9a:d1:e1:17:53:74:a2:0a:
         70:13:9c:e0:27:34:80:f5:ed:2f:4e:92:b7:9a:65:cc:9b:c0:
         4a:bb:cd:2b:d6:f8:43:8e:93:7e:da:5e:52:bd:49:6a:7a:b3:
         36:42:16:9c:ea:99:16:0b:61:cb:71:77:d6:63:43:2f:e8:6c:
         2a:37:a1:16:61:c9:15:1f:22:0b:0e:e8:d6:43:c1:a6:2c:26:
         38:bf:27:4f:67:e4:69:64:9c:e7:82:91:68:20:f7:26:d1:f5:
         2f:dc:7c:b5:26:c8:58:67:c4:66:4b:2f:17:95:81:13:0f:4b:
         39:46:34:de
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgICCo4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzg1
NzEzRTM1OUZDQjlDQUIxMkYyMERCM0ZGMTkwRkNBODFFMzIzRTAeFw0yMjExMDYx
MzE0MTZaFw0yMzA5MDYwMzAwMzVaMDMxMTAvBgNVBAMTKDY1NTA0N0FCMTVBQzdC
OEQ5OEUyMDg5NjJENDA4RkZDOTUxNEEyMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCles1DUHV5IQHpcZkCfrNVM47qX33PxiJRUXSe60+uYcOIEcjq
k8LsTSpADuko5+t+ZVvXKecnOapIexX7fnvi1cJ8fcLNQgP7o18mnhrPMchSGKHs
GLY/y3KqjzNheZTdvj9l47EK05pFslNUjnSP1+3iUN3fQJOqY5OSl14TZwN1WWTJ
BF/KgBOx0XD4TbO5NIIGzUZ6OFvws1YycKq1U977tHbjtvn3HwgMFby2W25VkvB7
LntLDKiNrIMnJCQN+3zfuNBlmdPZO8QGhr+XirO6cbVQHZHfWCKY/PON9Np5xup4
nzE5XTrayxSpzGZfHDGvUR8LFoYZBjH2pBNNAgMBAAGjggHyMIIB7jAdBgNVHQ4E
FgQUZVBHqxWse42Y4giWLUCP/JUUogQwHwYDVR0jBBgwFoAUOFcT41n8ucqxLyDb
P/GQ/KgeMj4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEhSQ09M
VEQvT0ZjVDQxbjh1Y3F4THlEYlBfR1FfS2dlTWo0LmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9PRmNUNDFuOHVjcXhMeURiUF9HUV9LZ2VNajQuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISFJDT0xURC9aVkJIcXhXc2U0Mlk0
Z2lXTFVDUF9KVVVvZ1Eucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQCZ3q8MA0GCSqGSIb3DQEBCwUAA4IBAQBNVQJZ1EcW6vQtqaffNj1c6Ghx5exK
Ivbe7Mqfp+0+kALy9FxunvtMWj0s7pAyd0ECmZgRtfY+lQtwzjN0kxcKe3XNWhxQ
dfLYo7eCVcIyvAXxFs1JS7m6QnxRg7V0TJ8rRkURKouhA01Yl5kuLseK3YXaRziV
yQah3pRv5+5kGkILQqQadFiamtHhF1N0ogpwE5zgJzSA9e0vTpK3mmXMm8BKu80r
1vhDjpN+2l5SvUlqerM2Qhac6pkWC2HLcXfWY0Mv6GwqN6EWYckVHyILDujWQ8Gm
LCY4vydPZ+RpZJzngpFoIPcm0fUv3Hy1JshYZ8RmSy8XlYETD0s5RjTe
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:07 2024 by rpki-client on console-ams.rpki-client.org