Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/RECTALE/D_zD-3Jkiw-ttvXxo1tK_bKLpSU.roa
File:                     D_zD-3Jkiw-ttvXxo1tK_bKLpSU.roa (raw, json)
Hash identifier:          G3qxnIh/JDRUQZzrXBUyn/fRGVe5PClEilhVIwDObBo=
Subject key identifier:   0F:FC:C3:FB:72:64:8B:0F:AD:B6:F5:F1:A3:5B:4A:FD:B2:8B:A5:25
Certificate issuer:       /CN=E2AF8CFD95270FCF5C2CA65D87777F6FB7ABFD32
Certificate serial:       010A
Authority key identifier: E2:AF:8C:FD:95:27:0F:CF:5C:2C:A6:5D:87:77:7F:6F:B7:AB:FD:32
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/4q-M_ZUnD89cLKZdh3d_b7er_TI.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/RECTALE/D_zD-3Jkiw-ttvXxo1tK_bKLpSU.roa
Signing time:             Tue 16 Aug 2022 03:09:40 +0000
ROA not before:           Tue 16 Aug 2022 03:09:40 +0000
ROA not after:            Thu 29 Sep 2022 02:36:22 +0000
asID:                     24162
IP address blocks:        103.172.124.0/24 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 266 (0x10a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=E2AF8CFD95270FCF5C2CA65D87777F6FB7ABFD32
        Validity
            Not Before: Aug 16 03:09:40 2022 GMT
            Not After : Sep 29 02:36:22 2022 GMT
        Subject: CN=0FFCC3FB72648B0FADB6F5F1A35B4AFDB28BA525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:be:52:c2:df:dc:b5:67:4c:d7:ed:b2:24:a6:
                    76:96:8c:de:65:d5:34:dc:6c:f4:41:0a:f2:72:2b:
                    25:d6:c1:0c:6e:da:5d:d9:62:55:2d:fe:ac:25:ab:
                    53:6f:d1:d7:56:21:8e:85:df:8f:42:b3:6d:9a:e1:
                    f2:d1:77:53:e3:a3:9d:41:b3:03:87:82:17:9c:b7:
                    22:32:fe:37:ab:87:fb:f4:b1:f9:25:d2:41:4a:3c:
                    0c:14:b5:8b:c9:a0:9f:87:7e:85:21:05:ed:ab:4f:
                    5b:83:df:a8:39:59:20:31:a7:64:8e:05:cc:17:14:
                    49:b1:48:28:9f:61:ba:10:2c:be:6d:dd:4d:d1:72:
                    9e:97:ed:b5:9d:d0:c6:e1:de:72:d8:74:42:28:ca:
                    9d:7d:d8:1a:2b:9a:5e:62:cf:23:27:b5:1b:13:32:
                    02:50:90:a6:28:9c:95:6c:af:7c:b1:7f:19:f5:e2:
                    74:30:07:c3:06:05:8a:51:99:39:2b:32:b4:74:8a:
                    d4:d3:ab:04:f8:6b:d0:7b:4d:e6:59:be:48:de:1b:
                    b5:f7:1d:f8:70:69:8c:68:30:eb:9e:6b:98:59:99:
                    f1:2f:d9:b5:73:a9:7c:ec:ef:f2:98:00:7c:6c:5a:
                    4c:7b:5a:65:6b:ff:74:5a:c4:fe:2a:7d:85:63:08:
                    b8:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:FC:C3:FB:72:64:8B:0F:AD:B6:F5:F1:A3:5B:4A:FD:B2:8B:A5:25
            X509v3 Authority Key Identifier:
                keyid:E2:AF:8C:FD:95:27:0F:CF:5C:2C:A6:5D:87:77:7F:6F:B7:AB:FD:32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/RECTALE/4q-M_ZUnD89cLKZdh3d_b7er_TI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/4q-M_ZUnD89cLKZdh3d_b7er_TI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/RECTALE/D_zD-3Jkiw-ttvXxo1tK_bKLpSU.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.172.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:4e:11:4b:b4:85:b1:e8:cd:13:98:25:7d:2b:e5:d7:1b:f9:
         43:66:87:71:99:22:78:2d:de:c4:5c:06:3b:02:62:28:3e:76:
         cc:0d:0d:85:7d:f1:51:ca:91:1c:70:39:d4:65:b5:24:2f:01:
         74:73:01:d4:5f:08:39:00:f3:56:b0:d5:6f:06:a6:8f:c4:f7:
         fc:5c:fd:3b:de:de:6e:2b:2b:5e:35:c5:08:71:f8:3b:e4:9f:
         0b:ca:84:c3:d4:08:0a:4d:16:ae:68:d6:6e:26:6a:fb:f1:09:
         09:9a:07:1f:40:09:81:15:30:4e:a9:a4:35:b2:d0:d7:44:21:
         2a:7a:bb:12:bd:d8:e3:d0:d0:b6:c7:a4:2b:c3:41:87:4a:c9:
         17:78:0a:f5:1a:c3:d8:ab:cd:bf:5d:2d:73:3c:4f:c8:ea:09:
         38:f4:d8:00:1c:c9:2b:35:1a:49:57:35:1d:de:9d:6c:2b:57:
         e3:01:b0:ff:70:04:2f:95:0b:56:be:3c:d6:68:e5:19:5a:ad:
         1c:6d:67:f7:94:22:55:cd:25:85:f0:95:14:15:a3:e6:05:e6:
         b3:12:d1:78:0f:ae:ea:22:1f:82:de:af:43:af:ee:9e:22:78:
         af:72:44:07:89:2c:d7:b4:c7:e4:97:bd:de:8e:90:a6:e3:a6:
         04:36:86:6b
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICAQowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRTJB
RjhDRkQ5NTI3MEZDRjVDMkNBNjVEODc3NzdGNkZCN0FCRkQzMjAeFw0yMjA4MTYw
MzA5NDBaFw0yMjA5MjkwMjM2MjJaMDMxMTAvBgNVBAMTKDBGRkNDM0ZCNzI2NDhC
MEZBREI2RjVGMUEzNUI0QUZEQjI4QkE1MjUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC4vlLC39y1Z0zX7bIkpnaWjN5l1TTcbPRBCvJyKyXWwQxu2l3Z
YlUt/qwlq1Nv0ddWIY6F349Cs22a4fLRd1Pjo51BswOHghectyIy/jerh/v0sfkl
0kFKPAwUtYvJoJ+HfoUhBe2rT1uD36g5WSAxp2SOBcwXFEmxSCifYboQLL5t3U3R
cp6X7bWd0Mbh3nLYdEIoyp192Borml5izyMntRsTMgJQkKYonJVsr3yxfxn14nQw
B8MGBYpRmTkrMrR0itTTqwT4a9B7TeZZvkjeG7X3HfhwaYxoMOuea5hZmfEv2bVz
qXzs7/KYAHxsWkx7WmVr/3RaxP4qfYVjCLj3AgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUD/zD+3Jkiw+ttvXxo1tK/bKLpSUwHwYDVR0jBBgwFoAU4q+M/ZUnD89cLKZd
h3d/b7er/TIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvUkVDVEFM
RS80cS1NX1pVbkQ4OWNMS1pkaDNkX2I3ZXJfVEkuY3JsMGAGCCsGAQUFBwEBBFQw
UjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpY2EudHduaWMudHcvcnBraS9UV05J
Q0NBLzRxLU1fWlVuRDg5Y0xLWmRoM2RfYjdlcl9USS5jZXIwDgYDVR0PAQH/BAQD
AgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9ycGtp
Y2EudHduaWMudHcvcnBraS9UV05JQ0NBL1JFQ1RBTEUvRF96RC0zSmtpdy10dHZY
eG8xdEtfYktMcFNVLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycmRwLnR3bmlj
LnR3L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgME
AGesfDANBgkqhkiG9w0BAQsFAAOCAQEAPk4RS7SFsejNE5glfSvl1xv5Q2aHcZki
eC3exFwGOwJiKD52zA0NhX3xUcqRHHA51GW1JC8BdHMB1F8IOQDzVrDVbwamj8T3
/Fz9O97ebisrXjXFCHH4O+SfC8qEw9QICk0WrmjWbiZq+/EJCZoHH0AJgRUwTqmk
NbLQ10QhKnq7Er3Y49DQtsekK8NBh0rJF3gK9RrD2KvNv10tczxPyOoJOPTYABzJ
KzUaSVc1Hd6dbCtX4wGw/3AEL5ULVr481mjlGVqtHG1n95QiVc0lhfCVFBWj5gXm
sxLReA+u6iIfgt6vQ6/uniJ4r3JEB4ks17TH5Je93o6QpuOmBDaGaw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:44 2024 by rpki-client on console-fra.rpki-client.org