Route Origin Authorization
$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/kTBHmQ_CdUhr__8J-EBTb2U5LRE.roa
File: kTBHmQ_CdUhr__8J-EBTb2U5LRE.roa (raw, json)
Hash identifier: rM9dpoCMs+hd6mJ64z7P4Xr4ka8xtZM4dktXFjEsQyE=
Subject key identifier: 91:30:47:99:0F:C2:75:48:6B:FF:FF:09:F8:40:53:6F:65:39:2D:11
Certificate issuer: /CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Certificate serial: 0B70
Authority key identifier: 38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
Authority info access: rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
Subject info access: rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/kTBHmQ_CdUhr__8J-EBTb2U5LRE.roa
Signing time: Fri 01 Sep 2023 08:56:22 +0000
ROA not before: Fri 01 Sep 2023 08:56:22 +0000
ROA not after: Sat 31 Aug 2024 03:10:53 +0000
asID: 134823
IP address blocks: 103.122.191.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2928 (0xb70)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Validity
Not Before: Sep 1 08:56:22 2023 GMT
Not After : Aug 31 03:10:53 2024 GMT
Subject: CN=913047990FC275486BFFFF09F840536F65392D11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:91:58:3f:6a:cc:72:21:e0:f0:15:92:57:10:
4e:61:b7:37:34:60:eb:cc:9b:81:4f:9a:0c:e5:15:
4c:82:f8:21:f3:bd:ca:14:31:48:46:81:b2:c4:53:
d8:ae:4c:99:d1:54:0e:e2:61:ca:51:da:49:ea:69:
f8:a8:4d:11:9c:05:ba:6e:a5:c0:83:67:7e:1f:be:
48:98:5f:c2:20:d8:61:86:30:cc:df:02:4b:54:a9:
c8:64:8c:1d:41:ac:b6:00:a8:8b:87:76:3a:24:3b:
13:85:57:a8:f4:5e:bd:af:83:4e:7d:4e:c7:2e:5c:
df:63:aa:45:4c:34:f4:9c:67:06:60:b1:cc:de:94:
34:93:a0:c7:58:51:fd:f7:3d:1d:3e:bb:8a:73:f6:
38:e1:df:69:6b:a2:7b:bc:43:5f:ca:60:00:0a:07:
dd:f3:d8:87:fc:b6:52:8a:7c:5b:44:6e:63:d6:ae:
dc:6e:84:97:9e:37:4c:50:76:14:80:34:f4:12:38:
9b:dc:8d:b3:80:6f:af:7d:c3:35:ba:9c:d2:b5:55:
25:0d:0a:18:69:c7:a5:86:78:e3:0d:75:d6:cd:f0:
9d:52:d5:e9:33:f4:4e:5b:57:0f:52:6b:1b:91:70:
4c:0a:e5:e9:e2:7f:e8:92:a5:d8:00:05:78:0d:78:
09:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:30:47:99:0F:C2:75:48:6B:FF:FF:09:F8:40:53:6F:65:39:2D:11
X509v3 Authority Key Identifier:
keyid:38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/OFcT41n8ucqxLyDbP_GQ_KgeMj4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/kTBHmQ_CdUhr__8J-EBTb2U5LRE.roa
RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
103.122.191.0/24
Signature Algorithm: sha256WithRSAEncryption
26:85:93:15:bb:c1:e3:3a:20:f4:8c:7f:03:1a:fb:05:cb:2a:
33:0b:dc:16:60:42:d3:12:f6:55:a8:24:26:55:30:16:bf:8b:
36:d2:7c:87:41:47:04:e1:4b:0e:a4:fe:8e:47:3a:43:8c:ad:
b9:45:86:c9:68:c3:20:ef:fa:fc:f9:e1:0e:d6:f4:31:a6:69:
f6:7c:aa:0b:2b:3c:f4:f9:ef:ec:91:59:8f:0a:bc:e2:dc:be:
9b:d3:cb:5e:52:6e:6c:cc:47:09:52:c7:91:ca:94:86:5d:14:
db:d4:40:83:26:9b:34:9c:b9:e6:b7:d5:f1:30:cb:ab:99:11:
6a:49:70:a0:c2:84:f2:69:51:17:79:01:af:77:31:0c:c9:08:
de:25:f0:23:ce:bf:40:08:bb:85:98:61:c1:3e:25:5e:70:ba:
85:0f:a2:4a:7e:27:66:f5:3b:85:85:39:66:f4:57:b7:4e:f3:
ee:ae:74:08:9e:01:e7:ec:73:b1:e4:d5:1e:1c:91:24:63:7c:
80:3b:cf:bd:50:08:5f:42:b7:3e:b2:80:ff:bf:f0:b1:bc:49:
62:0f:8d:7f:ae:89:2f:06:9f:19:a8:46:06:92:c8:82:2d:db:
cb:28:ae:ef:a2:3c:90:95:f6:50:70:e6:ca:4e:b4:45:83:98:
d4:fa:17:a2
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgICC3AwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzg1
NzEzRTM1OUZDQjlDQUIxMkYyMERCM0ZGMTkwRkNBODFFMzIzRTAeFw0yMzA5MDEw
ODU2MjJaFw0yNDA4MzEwMzEwNTNaMDMxMTAvBgNVBAMTKDkxMzA0Nzk5MEZDMjc1
NDg2QkZGRkYwOUY4NDA1MzZGNjUzOTJEMTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC7kVg/asxyIeDwFZJXEE5htzc0YOvMm4FPmgzlFUyC+CHzvcoU
MUhGgbLEU9iuTJnRVA7iYcpR2knqafioTRGcBbpupcCDZ34fvkiYX8Ig2GGGMMzf
AktUqchkjB1BrLYAqIuHdjokOxOFV6j0Xr2vg059TscuXN9jqkVMNPScZwZgscze
lDSToMdYUf33PR0+u4pz9jjh32lronu8Q1/KYAAKB93z2If8tlKKfFtEbmPWrtxu
hJeeN0xQdhSANPQSOJvcjbOAb699wzW6nNK1VSUNChhpx6WGeOMNddbN8J1S1ekz
9E5bVw9SaxuRcEwK5enif+iSpdgABXgNeAmjAgMBAAGjggHyMIIB7jAdBgNVHQ4E
FgQUkTBHmQ/CdUhr//8J+EBTb2U5LREwHwYDVR0jBBgwFoAUOFcT41n8ucqxLyDb
P/GQ/KgeMj4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEhSQ09M
VEQvT0ZjVDQxbjh1Y3F4THlEYlBfR1FfS2dlTWo0LmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9PRmNUNDFuOHVjcXhMeURiUF9HUV9LZ2VNajQuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISFJDT0xURC9rVEJIbVFfQ2RVaHJf
XzhKLUVCVGIyVTVMUkUucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQAZ3q/MA0GCSqGSIb3DQEBCwUAA4IBAQAmhZMVu8HjOiD0jH8DGvsFyyozC9wW
YELTEvZVqCQmVTAWv4s20nyHQUcE4UsOpP6ORzpDjK25RYbJaMMg7/r8+eEO1vQx
pmn2fKoLKzz0+e/skVmPCrzi3L6b08teUm5szEcJUseRypSGXRTb1ECDJps0nLnm
t9XxMMurmRFqSXCgwoTyaVEXeQGvdzEMyQjeJfAjzr9ACLuFmGHBPiVecLqFD6JK
fidm9TuFhTlm9Fe3TvPurnQIngHn7HOx5NUeHJEkY3yAO8+9UAhfQrc+soD/v/Cx
vEliD41/rokvBp8ZqEYGksiCLdvLKK7vojyQlfZQcObKTrRFg5jU+hei
-----END CERTIFICATE-----
Generated at Thu Oct 12 08:45:26 2023 by rpki-client on console-ams.rpki-client.org