Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/cgmCNlBYFeOgJaRRHwUtGK4JNss.roa
File:                     cgmCNlBYFeOgJaRRHwUtGK4JNss.roa (raw, json)
Hash identifier:          J5XmdfjZaQH9JMhiCVuAe8I6SgKkYrMPG/yPlomkOJ0=
Subject key identifier:   72:09:82:36:50:58:15:E3:A0:25:A4:51:1F:05:2D:18:AE:09:36:CB
Certificate issuer:       /CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Certificate serial:       08B7
Authority key identifier: 38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/cgmCNlBYFeOgJaRRHwUtGK4JNss.roa
Signing time:             Sun 07 Feb 2021 06:00:46 +0000
ROA not before:           Sun 07 Feb 2021 06:00:46 +0000
ROA not after:            Wed 29 Sep 2021 09:51:23 +0000
asID:                     131657
IP address blocks:        103.122.188.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2231 (0x8b7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
        Validity
            Not Before: Feb  7 06:00:46 2021 GMT
            Not After : Sep 29 09:51:23 2021 GMT
        Subject: CN=72098236505815E3A025A4511F052D18AE0936CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:4c:00:d6:82:0b:47:7c:6c:2c:84:7d:c0:3f:
                    74:c5:11:86:1b:b9:0e:e5:d0:8b:5e:9d:d8:0c:da:
                    d0:12:94:ab:6e:e7:d6:44:8e:ad:5c:15:91:07:0a:
                    8f:36:44:9a:46:2a:e9:b1:8f:d5:e0:5f:b1:c7:2d:
                    27:d0:2c:e8:c3:7e:19:81:e2:12:fd:8d:8b:42:b1:
                    ec:be:de:ce:ca:2c:61:a3:da:e3:26:bc:4c:e3:01:
                    ea:fd:4d:ba:d4:a7:4e:34:54:96:30:a4:43:86:44:
                    54:b0:df:f2:ac:cb:5c:d3:f1:a5:53:3f:f6:81:11:
                    a4:be:54:8e:f5:80:6b:46:15:d4:f9:b6:77:eb:e2:
                    f0:97:43:8a:54:1d:b1:48:db:71:6d:bb:6c:ea:72:
                    e4:65:36:cb:cd:82:fb:5d:4c:c0:1e:30:89:de:da:
                    95:b4:20:72:0a:44:80:3e:93:32:e8:bd:04:69:bd:
                    bf:1e:52:e8:67:9f:db:cd:93:1f:7d:13:44:d4:88:
                    ba:bf:bf:09:45:c4:25:5f:7c:69:dd:15:34:d7:84:
                    55:da:5f:63:27:bd:2b:ba:b0:a2:c4:a8:26:c3:5c:
                    16:05:d8:40:5d:be:e1:ff:f3:a0:3d:7e:68:39:02:
                    13:b8:7e:f3:ad:03:ca:85:34:5f:dd:fc:48:33:ee:
                    ac:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:09:82:36:50:58:15:E3:A0:25:A4:51:1F:05:2D:18:AE:09:36:CB
            X509v3 Authority Key Identifier:
                keyid:38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/OFcT41n8ucqxLyDbP_GQ_KgeMj4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/cgmCNlBYFeOgJaRRHwUtGK4JNss.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.122.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:1b:5e:20:7a:76:5c:ed:ec:b0:e3:78:32:21:a7:96:71:d7:
         a9:68:24:b1:84:2a:d2:d1:85:74:b9:e8:5e:ff:13:7b:2a:4b:
         3c:53:b4:f0:c4:3a:53:de:f6:f6:ec:dd:e1:db:83:51:24:ef:
         57:28:d5:be:a4:4d:92:e9:d8:6d:12:31:a5:d4:3b:6e:db:02:
         b0:71:13:27:a6:f9:70:d0:be:e6:2f:46:94:e5:63:f8:a4:63:
         65:35:ba:85:a9:7c:68:61:c3:f4:b1:74:cc:77:55:52:a5:62:
         65:28:4a:a3:dd:0f:5f:5f:89:eb:6a:1f:89:26:76:e9:1b:88:
         b3:df:7f:a9:fe:c1:1a:bf:e2:7b:23:be:f4:8d:6d:d9:d5:fc:
         4d:1f:ab:81:d0:41:f8:90:e4:32:d3:9d:60:4f:9e:82:7e:ee:
         e8:ec:b8:16:a6:b8:e8:33:2e:3f:53:0c:7b:e4:ce:2a:9a:e8:
         b0:e9:8c:d8:a1:37:e7:82:b7:28:03:ff:70:b4:b6:aa:01:b6:
         85:ba:9e:0f:79:05:e3:48:d0:fb:97:c5:3f:3c:06:41:c3:15:
         93:ef:48:0a:a7:38:3e:11:97:2f:bc:bb:e1:0d:7c:af:2a:4b:
         bc:5b:21:ec:43:12:3b:25:01:6b:b4:05:20:77:95:b6:d4:34:
         58:bf:b5:7b
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgICCLcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzg1
NzEzRTM1OUZDQjlDQUIxMkYyMERCM0ZGMTkwRkNBODFFMzIzRTAeFw0yMTAyMDcw
NjAwNDZaFw0yMTA5MjkwOTUxMjNaMDMxMTAvBgNVBAMTKDcyMDk4MjM2NTA1ODE1
RTNBMDI1QTQ1MTFGMDUyRDE4QUUwOTM2Q0IwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDpTADWggtHfGwshH3AP3TFEYYbuQ7l0ItendgM2tASlKtu59ZE
jq1cFZEHCo82RJpGKumxj9XgX7HHLSfQLOjDfhmB4hL9jYtCsey+3s7KLGGj2uMm
vEzjAer9TbrUp040VJYwpEOGRFSw3/Ksy1zT8aVTP/aBEaS+VI71gGtGFdT5tnfr
4vCXQ4pUHbFI23Ftu2zqcuRlNsvNgvtdTMAeMIne2pW0IHIKRIA+kzLovQRpvb8e
Uuhnn9vNkx99E0TUiLq/vwlFxCVffGndFTTXhFXaX2MnvSu6sKLEqCbDXBYF2EBd
vuH/86A9fmg5AhO4fvOtA8qFNF/d/Egz7qzXAgMBAAGjggHyMIIB7jAdBgNVHQ4E
FgQUcgmCNlBYFeOgJaRRHwUtGK4JNsswHwYDVR0jBBgwFoAUOFcT41n8ucqxLyDb
P/GQ/KgeMj4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEhSQ09M
VEQvT0ZjVDQxbjh1Y3F4THlEYlBfR1FfS2dlTWo0LmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9PRmNUNDFuOHVjcXhMeURiUF9HUV9LZ2VNajQuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISFJDT0xURC9jZ21DTmxCWUZlT2dK
YVJSSHdVdEdLNEpOc3Mucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQCZ3q8MA0GCSqGSIb3DQEBCwUAA4IBAQA8G14genZc7eyw43gyIaeWcdepaCSx
hCrS0YV0uehe/xN7Kks8U7TwxDpT3vb27N3h24NRJO9XKNW+pE2S6dhtEjGl1Dtu
2wKwcRMnpvlw0L7mL0aU5WP4pGNlNbqFqXxoYcP0sXTMd1VSpWJlKEqj3Q9fX4nr
ah+JJnbpG4iz33+p/sEav+J7I770jW3Z1fxNH6uB0EH4kOQy051gT56Cfu7o7LgW
prjoMy4/Uwx75M4qmuiw6YzYoTfngrcoA/9wtLaqAbaFup4PeQXjSND7l8U/PAZB
wxWT70gKpzg+EZcvvLvhDXyvKku8WyHsQxI7JQFrtAUgd5W21DRYv7V7
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:36 2024 by rpki-client on console-fra.rpki-client.org