Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/cscG9jO-S4DDcap6J9IGpdmLTYk.roa
File:                     cscG9jO-S4DDcap6J9IGpdmLTYk.roa (raw, json)
Hash identifier:          EJZwiDiRH1/G5wiA0Z3kfLpdgBT2Fe/PZVBK8bjhLWE=
Subject key identifier:   72:C7:06:F6:33:BE:4B:80:C3:71:AA:7A:27:D2:06:A5:D9:8B:4D:89
Certificate issuer:       /CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Certificate serial:       0769
Authority key identifier: 38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/cscG9jO-S4DDcap6J9IGpdmLTYk.roa
Signing time:             Tue 29 Sep 2020 09:58:09 +0000
ROA not before:           Tue 29 Sep 2020 09:58:09 +0000
ROA not after:            Wed 29 Sep 2021 09:51:23 +0000
asID:                     131657
IP address blocks:        2403:9340::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1897 (0x769)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
        Validity
            Not Before: Sep 29 09:58:09 2020 GMT
            Not After : Sep 29 09:51:23 2021 GMT
        Subject: CN=72C706F633BE4B80C371AA7A27D206A5D98B4D89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:2d:f7:59:06:b5:cf:35:35:9a:df:0a:d1:28:
                    29:25:e8:ee:d4:ae:bc:9d:75:7d:96:36:8e:eb:f2:
                    ec:d1:b5:98:64:67:cc:a3:db:3e:81:6c:f7:5c:a9:
                    dd:6e:29:2e:eb:45:19:21:4e:5b:d3:62:57:2c:a1:
                    da:eb:fb:09:7b:43:f9:71:94:08:e1:7b:83:e2:95:
                    36:55:26:6b:5f:16:60:6e:2a:f5:b6:13:30:61:01:
                    cf:b6:67:b7:d8:68:b3:eb:34:26:d5:46:a6:b6:32:
                    8b:e1:63:bc:55:c5:c4:74:70:c8:cc:dc:86:63:b6:
                    5a:dc:82:dc:c0:41:59:29:35:10:ad:be:7e:3a:cb:
                    0c:83:35:da:8a:50:24:22:45:82:0f:b9:ed:1d:e7:
                    2d:2a:bf:13:36:68:8f:c9:3e:f0:ab:4f:f3:db:4e:
                    c7:3d:f3:17:67:e6:d5:d1:f4:ce:42:a0:f8:b3:e2:
                    7b:c0:61:66:11:ea:bf:2c:2c:11:95:16:04:fb:d4:
                    8d:2e:ae:56:f4:1c:4c:9a:69:d3:b2:0e:fb:3e:0b:
                    43:a1:7d:81:ec:7d:4c:8d:3e:f8:46:63:15:7f:d5:
                    24:d2:3e:f2:12:1c:9d:ed:7e:14:d3:aa:c2:65:a7:
                    8d:60:d1:9f:87:d3:f6:86:1b:22:2b:1a:37:4e:02:
                    10:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:C7:06:F6:33:BE:4B:80:C3:71:AA:7A:27:D2:06:A5:D9:8B:4D:89
            X509v3 Authority Key Identifier:
                keyid:38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/OFcT41n8ucqxLyDbP_GQ_KgeMj4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/cscG9jO-S4DDcap6J9IGpdmLTYk.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:9340::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:5a:c9:44:35:f4:89:8d:88:a5:0d:24:20:6e:8d:28:53:8e:
         aa:3b:a9:8c:14:a2:1e:31:13:ca:e4:5b:a0:98:3b:15:75:3e:
         0d:42:e5:d6:61:c0:6d:10:10:2b:d5:fb:9a:c0:82:b5:8d:dc:
         36:7a:91:b9:54:1e:9c:c3:e5:07:6e:e2:20:c7:ba:61:44:27:
         09:60:73:03:16:ca:e2:31:1f:1b:65:8a:1b:03:84:d7:59:ca:
         ec:40:a4:ab:f5:04:3b:5a:35:aa:be:9a:2c:be:71:44:35:50:
         06:90:86:62:4c:bf:46:0a:bf:aa:45:77:0a:5e:6e:29:2f:43:
         2e:14:4e:b1:4f:da:ad:e9:a9:ac:f2:1b:1e:f6:b6:ab:7e:99:
         89:f4:d9:b1:fc:34:37:ce:98:fc:80:28:f6:a5:e4:2b:30:3e:
         11:ba:e1:4d:41:2d:b6:b8:a6:9f:cd:db:c8:b4:0e:b3:d8:13:
         79:ef:70:f5:84:60:af:cd:81:2b:4c:b4:8b:34:6f:e3:7c:90:
         c5:8f:12:8d:4b:77:48:60:af:0f:9b:29:9d:a9:e7:74:92:6c:
         b1:46:86:5d:2e:6c:7e:25:33:b3:ca:3a:9e:14:a0:16:7b:8b:
         65:7b:d0:94:ef:12:3b:1d:38:e1:0d:f9:a5:e6:ad:1c:1d:ac:
         a4:89:af:be
-----BEGIN CERTIFICATE-----
MIIE2TCCA8GgAwIBAgICB2kwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzg1
NzEzRTM1OUZDQjlDQUIxMkYyMERCM0ZGMTkwRkNBODFFMzIzRTAeFw0yMDA5Mjkw
OTU4MDlaFw0yMTA5MjkwOTUxMjNaMDMxMTAvBgNVBAMTKDcyQzcwNkY2MzNCRTRC
ODBDMzcxQUE3QTI3RDIwNkE1RDk4QjREODkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDrLfdZBrXPNTWa3wrRKCkl6O7UrryddX2WNo7r8uzRtZhkZ8yj
2z6BbPdcqd1uKS7rRRkhTlvTYlcsodrr+wl7Q/lxlAjhe4PilTZVJmtfFmBuKvW2
EzBhAc+2Z7fYaLPrNCbVRqa2MovhY7xVxcR0cMjM3IZjtlrcgtzAQVkpNRCtvn46
ywyDNdqKUCQiRYIPue0d5y0qvxM2aI/JPvCrT/PbTsc98xdn5tXR9M5CoPiz4nvA
YWYR6r8sLBGVFgT71I0urlb0HEyaadOyDvs+C0OhfYHsfUyNPvhGYxV/1STSPvIS
HJ3tfhTTqsJlp41g0Z+H0/aGGyIrGjdOAhAZAgMBAAGjggH1MIIB8TAdBgNVHQ4E
FgQUcscG9jO+S4DDcap6J9IGpdmLTYkwHwYDVR0jBBgwFoAUOFcT41n8ucqxLyDb
P/GQ/KgeMj4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEhSQ09M
VEQvT0ZjVDQxbjh1Y3F4THlEYlBfR1FfS2dlTWo0LmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9PRmNUNDFuOHVjcXhMeURiUF9HUV9LZ2VNajQuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISFJDT0xURC9jc2NHOWpPLVM0RERj
YXA2SjlJR3BkbUxUWWsucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJ
AwcAJAOTQAAAMA0GCSqGSIb3DQEBCwUAA4IBAQB3WslENfSJjYilDSQgbo0oU46q
O6mMFKIeMRPK5FugmDsVdT4NQuXWYcBtEBAr1fuawIK1jdw2epG5VB6cw+UHbuIg
x7phRCcJYHMDFsriMR8bZYobA4TXWcrsQKSr9QQ7WjWqvposvnFENVAGkIZiTL9G
Cr+qRXcKXm4pL0MuFE6xT9qt6ams8hse9rarfpmJ9Nmx/DQ3zpj8gCj2peQrMD4R
uuFNQS22uKafzdvItA6z2BN573D1hGCvzYErTLSLNG/jfJDFjxKNS3dIYK8Pmymd
qed0kmyxRoZdLmx+JTOzyjqeFKAWe4tle9CU7xI7HTjhDfml5q0cHaykia++
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:07 2024 by rpki-client on console-ams.rpki-client.org