Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/m85x-nOkP9Sblw7XiZynhZXMatY.roa
File:                     m85x-nOkP9Sblw7XiZynhZXMatY.roa (raw, json)
Hash identifier:          Sh0R5/1K6qkuYn5WMh7XIFNgdH4PnzlqlnKMnEbpj5M=
Subject key identifier:   9B:CE:71:FA:73:A4:3F:D4:9B:97:0E:D7:89:9C:A7:85:95:CC:6A:D6
Certificate issuer:       /CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
Certificate serial:       0A68
Authority key identifier: 38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/m85x-nOkP9Sblw7XiZynhZXMatY.roa
Signing time:             Thu 15 Sep 2022 02:47:53 +0000
ROA not before:           Thu 15 Sep 2022 02:47:53 +0000
ROA not after:            Wed 06 Sep 2023 03:00:35 +0000
asID:                     131657
IP address blocks:        103.122.188.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2664 (0xa68)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=385713E359FCB9CAB12F20DB3FF190FCA81E323E
        Validity
            Not Before: Sep 15 02:47:53 2022 GMT
            Not After : Sep  6 03:00:35 2023 GMT
        Subject: CN=9BCE71FA73A43FD49B970ED7899CA78595CC6AD6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2c:00:c1:25:60:f9:ca:72:b0:f2:17:78:af:
                    4a:4b:50:2b:1e:ce:38:27:fc:9b:d3:df:3d:f0:cc:
                    9e:5c:29:26:08:68:ec:5e:d2:fb:07:f3:76:c7:a7:
                    f2:0a:55:b7:33:f2:6f:86:33:c1:d8:1e:dd:19:3e:
                    0a:87:a6:75:1e:43:e5:5f:67:61:0b:f4:ff:8e:7a:
                    d5:35:c2:f9:00:4b:96:a6:56:86:48:0d:f7:68:e7:
                    4b:ef:01:f4:e5:12:60:f4:42:3e:b4:b8:6f:4b:74:
                    1a:f9:06:34:50:d7:29:b6:d3:3f:a8:38:23:c9:d1:
                    9e:ea:70:f5:3e:a0:62:d9:06:f9:b0:5f:3d:60:65:
                    2d:19:55:b4:77:30:a9:ad:69:a3:a5:d1:a0:dc:19:
                    04:4f:4b:48:18:0b:33:72:34:c9:51:38:71:84:75:
                    87:ce:03:52:1d:b1:fd:48:e3:e2:46:a3:55:52:8c:
                    25:00:4e:db:96:38:8c:d1:b3:08:ee:21:fd:60:b9:
                    56:26:ca:a3:01:5d:d0:ab:8e:c0:5e:dc:2c:76:f1:
                    6e:99:23:4b:42:19:cf:3b:55:3c:88:9e:04:11:c7:
                    a7:de:fe:eb:37:70:5d:67:6b:a4:ed:80:a9:5f:2f:
                    07:a1:57:15:2a:64:c1:5c:76:5b:9d:35:16:02:da:
                    82:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:CE:71:FA:73:A4:3F:D4:9B:97:0E:D7:89:9C:A7:85:95:CC:6A:D6
            X509v3 Authority Key Identifier:
                keyid:38:57:13:E3:59:FC:B9:CA:B1:2F:20:DB:3F:F1:90:FC:A8:1E:32:3E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/OFcT41n8ucqxLyDbP_GQ_KgeMj4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/OFcT41n8ucqxLyDbP_GQ_KgeMj4.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/HHRCOLTD/m85x-nOkP9Sblw7XiZynhZXMatY.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.122.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:c2:ea:a7:22:f8:e5:cc:62:76:1e:fe:1c:29:16:83:e0:38:
         16:79:ca:32:ec:87:04:e8:13:b5:3e:68:27:68:a2:c1:30:50:
         cb:cb:f4:ea:75:ec:5d:09:dc:bb:59:06:99:ec:dd:cb:b7:19:
         77:6e:b6:68:dd:d3:e2:1c:59:11:9a:6b:cb:f9:1b:aa:87:c4:
         3d:93:bb:7a:e5:bb:54:d1:e4:d0:83:3e:d7:c5:d4:33:23:e3:
         fb:f3:20:ac:f2:1a:dd:b0:8b:e0:69:5b:64:04:fb:65:1a:b7:
         b8:2c:1e:2b:8d:d6:02:c0:f3:dc:e0:15:35:61:a7:ee:9f:6b:
         c5:56:ec:09:27:66:9e:89:92:78:6e:1c:2e:ec:25:ff:e3:4a:
         e4:07:61:23:bd:ff:4c:ac:3f:48:db:7f:8b:54:93:cf:ba:15:
         b0:d8:56:41:53:0b:33:58:79:c3:5d:79:60:b4:4f:20:75:f2:
         8a:ea:c2:1e:6f:8a:9d:ca:6a:0c:66:b2:46:29:33:f7:98:8d:
         08:52:b5:02:73:17:0e:b9:f9:d3:96:a3:5d:18:94:1f:2d:58:
         6c:a1:34:42:a1:57:81:69:df:bc:e6:9a:b5:6f:91:b8:fe:61:
         24:81:74:cf:c6:76:63:5f:d7:59:94:cf:e5:d4:c7:e7:ca:ff:
         96:ed:36:09
-----BEGIN CERTIFICATE-----
MIIE1jCCA76gAwIBAgICCmgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMzg1
NzEzRTM1OUZDQjlDQUIxMkYyMERCM0ZGMTkwRkNBODFFMzIzRTAeFw0yMjA5MTUw
MjQ3NTNaFw0yMzA5MDYwMzAwMzVaMDMxMTAvBgNVBAMTKDlCQ0U3MUZBNzNBNDNG
RDQ5Qjk3MEVENzg5OUNBNzg1OTVDQzZBRDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCvLADBJWD5ynKw8hd4r0pLUCsezjgn/JvT3z3wzJ5cKSYIaOxe
0vsH83bHp/IKVbcz8m+GM8HYHt0ZPgqHpnUeQ+VfZ2EL9P+OetU1wvkAS5amVoZI
Dfdo50vvAfTlEmD0Qj60uG9LdBr5BjRQ1ym20z+oOCPJ0Z7qcPU+oGLZBvmwXz1g
ZS0ZVbR3MKmtaaOl0aDcGQRPS0gYCzNyNMlROHGEdYfOA1Idsf1I4+JGo1VSjCUA
TtuWOIzRswjuIf1guVYmyqMBXdCrjsBe3Cx28W6ZI0tCGc87VTyIngQRx6fe/us3
cF1na6TtgKlfLwehVxUqZMFcdludNRYC2oK3AgMBAAGjggHyMIIB7jAdBgNVHQ4E
FgQUm85x+nOkP9Sblw7XiZynhZXMatYwHwYDVR0jBBgwFoAUOFcT41n8ucqxLyDb
P/GQ/KgeMj4wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBgNVHR8EVzBVMFOg
UaBPhk1yc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvSEhSQ09M
VEQvT0ZjVDQxbjh1Y3F4THlEYlBfR1FfS2dlTWo0LmNybDBgBggrBgEFBQcBAQRU
MFIwUAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdO
SUNDQS9PRmNUNDFuOHVjcXhMeURiUF9HUV9LZ2VNajQuY2VyMA4GA1UdDwEB/wQE
AwIHgDCBngYIKwYBBQUHAQsEgZEwgY4wWQYIKwYBBQUHMAuGTXJzeW5jOi8vcnBr
aWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9ISFJDT0xURC9tODV4LW5Pa1A5U2Js
dzdYaVp5bmhaWE1hdFkucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHdu
aWMudHcvcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQCZ3q8MA0GCSqGSIb3DQEBCwUAA4IBAQAJwuqnIvjlzGJ2Hv4cKRaD4DgWecoy
7IcE6BO1PmgnaKLBMFDLy/TqdexdCdy7WQaZ7N3Ltxl3brZo3dPiHFkRmmvL+Ruq
h8Q9k7t65btU0eTQgz7XxdQzI+P78yCs8hrdsIvgaVtkBPtlGre4LB4rjdYCwPPc
4BU1Yafun2vFVuwJJ2aeiZJ4bhwu7CX/40rkB2Ejvf9MrD9I23+LVJPPuhWw2FZB
UwszWHnDXXlgtE8gdfKK6sIeb4qdymoMZrJGKTP3mI0IUrUCcxcOufnTlqNdGJQf
LVhsoTRCoVeBad+85pq1b5G4/mEkgXTPxnZjX9dZlM/l1Mfnyv+W7TYJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:07 2024 by rpki-client on console-ams.rpki-client.org