Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/hHWFjjwCCYYpoH6ajz76RmXFPFQ.roa
File:                     hHWFjjwCCYYpoH6ajz76RmXFPFQ.roa (raw, json)
Hash identifier:          DVIUZls1CJJGgIwkkQ0Rw1imAu9YeVTB03vvgGei+g0=
Subject key identifier:   84:75:85:8E:3C:02:09:86:29:A0:7E:9A:8F:3E:FA:46:65:C5:3C:54
Certificate issuer:       /CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Certificate serial:       0768
Authority key identifier: 38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/hHWFjjwCCYYpoH6ajz76RmXFPFQ.roa
Signing time:             Tue 29 Sep 2020 09:58:09 +0000
ROA not before:           Tue 29 Sep 2020 09:58:09 +0000
ROA not after:            Wed 29 Sep 2021 09:51:23 +0000
asID:                     131657
IP address blocks:        2403:9340::/64 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1896 (0x768)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
        Validity
            Not Before: Sep 29 09:58:09 2020 GMT
            Not After : Sep 29 09:51:23 2021 GMT
        Subject: CN=8475858E3C02098629A07E9A8F3EFA4665C53C54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:55:7e:ca:c4:69:37:d1:31:ce:91:bf:67:d6:
                    c7:6b:8d:0f:e5:1b:2e:43:d2:dc:b5:87:73:b5:c9:
                    28:ac:41:d4:75:a5:fb:5b:24:a8:9d:84:18:5e:84:
                    7b:6f:e1:7c:4b:41:e1:94:c2:9b:ed:ff:0e:54:12:
                    b4:db:40:a0:d8:38:f2:b0:13:cd:69:72:90:32:a2:
                    e7:fa:41:b0:c5:18:2c:f6:7e:d2:f3:c7:b8:b7:ca:
                    82:68:79:0a:01:41:e5:97:db:08:a9:b5:62:21:40:
                    62:a5:6d:b8:c4:ad:3f:9f:88:dc:7e:bc:16:35:c5:
                    30:08:f9:25:bb:51:a6:c1:b0:86:eb:ca:ac:e5:46:
                    41:af:a4:7c:2a:6c:5d:88:b2:ac:ea:cc:21:e9:f3:
                    f5:00:cf:2c:49:89:f8:b6:8e:61:01:54:5d:70:67:
                    1f:ec:fa:0f:aa:db:a9:10:08:65:ee:61:66:e6:2f:
                    b5:a9:78:41:4b:a4:d8:98:5e:80:9a:31:2e:c4:a5:
                    b4:89:73:45:b2:93:f5:41:cf:12:1d:72:0b:3d:63:
                    50:6a:a2:63:fa:be:9f:f0:68:26:ed:62:80:0b:b0:
                    10:26:88:8b:4d:ca:a9:76:01:c4:7e:a4:cd:3e:2e:
                    32:c5:d0:0a:d0:7c:51:10:8f:a6:d9:5d:9e:88:9a:
                    b0:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:75:85:8E:3C:02:09:86:29:A0:7E:9A:8F:3E:FA:46:65:C5:3C:54
            X509v3 Authority Key Identifier:
                keyid:38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/OFcT41n8ucqxLyDbP_GQ_KgeMj4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/hHWFjjwCCYYpoH6ajz76RmXFPFQ.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:9340::/64

    Signature Algorithm: sha256WithRSAEncryption
         04:6d:ad:af:90:c8:fe:a3:7c:91:b8:5a:1f:5c:e5:2a:1f:6f:
         b3:82:93:11:69:f7:5b:8f:72:98:1e:b8:71:d8:55:9f:81:88:
         f9:2a:54:77:a7:8d:d4:50:fd:86:c4:ed:6f:3c:50:d7:2e:3f:
         26:0f:8b:5d:e9:17:de:45:72:5e:02:74:72:f5:2d:72:3e:6e:
         4d:b4:78:ed:61:ea:ac:0b:c0:99:05:bf:0b:48:75:89:08:80:
         76:77:37:d9:9d:e1:84:4e:0b:d1:40:20:ae:e4:d3:3e:5b:05:
         30:82:0e:98:de:66:8e:72:5d:66:0e:38:3f:76:93:9c:ef:59:
         4c:e5:6f:c7:13:51:bb:d6:64:b1:db:b5:f8:81:23:cd:75:45:
         21:43:cf:09:48:5c:4e:d5:c2:ad:84:e8:33:a3:8d:bf:05:10:
         5c:c3:ea:52:3d:54:ad:03:2c:df:7b:58:4c:63:6c:e8:af:98:
         96:aa:35:de:94:d3:cf:3e:66:8f:af:a4:8e:f6:84:b5:33:ff:
         2d:42:0e:ca:8e:13:70:83:33:47:cf:e4:4a:f6:6e:bb:a2:b7:
         8a:76:ad:78:37:04:0f:ab:f0:cd:26:ac:c7:f9:7f:6b:2d:02:
         f5:d1:9f:f4:ab:76:de:c8:23:75:60:71:9a:95:44:97:4e:ea:
         a6:fb:2a:36
-----BEGIN CERTIFICATE-----
MIIE2zCCA8OgAwIBAgICB2gwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzg1
NzEzRTM1OUZDQjlDQUIxMkYyMERCM0ZGMTkwRkNBODFFMzIzRTAeFw0yMDA5Mjkw
OTU4MDlaFw0yMTA5MjkwOTUxMjNaMDMxMTAvBgNVBAMTKDg0NzU4NThFM0MwMjA5
ODYyOUEwN0U5QThGM0VGQTQ2NjVDNTNDNTQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDpVX7KxGk30THOkb9n1sdrjQ/lGy5D0ty1h3O1ySisQdR1pftb
JKidhBhehHtv4XxLQeGUwpvt/w5UErTbQKDYOPKwE81pcpAyouf6QbDFGCz2ftLz
x7i3yoJoeQoBQeWX2wiptWIhQGKlbbjErT+fiNx+vBY1xTAI+SW7UabBsIbryqzl
RkGvpHwqbF2IsqzqzCHp8/UAzyxJifi2jmEBVF1wZx/s+g+q26kQCGXuYWbmL7Wp
eEFLpNiYXoCaMS7EpbSJc0Wyk/VBzxIdcgs9Y1BqomP6vp/waCbtYoALsBAmiItN
yql2AcR+pM0+LjLF0ArQfFEQj6bZXZ6ImrDfAgMBAAGjggH3MIIB8zAdBgNVHQ4E
FgQUhHWFjjwCCYYpoH6ajz76RmXFPFQwHwYDVR0jBBgwFoAUOFcT41n8ucqxLyDb
P/GQ/KgeMj4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEhSQ09M
VEQvT0ZjVDQxbjh1Y3F4THlEYlBfR1FfS2dlTWo0LmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9PRmNUNDFuOHVjcXhMeURiUF9HUV9LZ2VNajQuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISFJDT0xURC9oSFdGamp3Q0NZWXBv
SDZhano3NlJtWEZQRlEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAAjAL
AwkAJAOTQAAAAAAwDQYJKoZIhvcNAQELBQADggEBAARtra+QyP6jfJG4Wh9c5Sof
b7OCkxFp91uPcpgeuHHYVZ+BiPkqVHenjdRQ/YbE7W88UNcuPyYPi13pF95Fcl4C
dHL1LXI+bk20eO1h6qwLwJkFvwtIdYkIgHZ3N9md4YROC9FAIK7k0z5bBTCCDpje
Zo5yXWYOOD92k5zvWUzlb8cTUbvWZLHbtfiBI811RSFDzwlIXE7Vwq2E6DOjjb8F
EFzD6lI9VK0DLN97WExjbOivmJaqNd6U088+Zo+vpI72hLUz/y1CDsqOE3CDM0fP
5Er2bruit4p2rXg3BA+r8M0mrMf5f2stAvXRn/Srdt7II3VgcZqVRJdO6qb7KjY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:36 2024 by rpki-client on console-fra.rpki-client.org