Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/RECTALE/Fp4u1lCy-jQ0qJjV0LeZx76zHxQ.roa
File:                     Fp4u1lCy-jQ0qJjV0LeZx76zHxQ.roa (raw, json)
Hash identifier:          94AxKhFvURbCKTxPCPWh1X6eXB0Jff2iNLA8X3DKMwk=
Subject key identifier:   16:9E:2E:D6:50:B2:FA:34:34:A8:98:D5:D0:B7:99:C7:BE:B3:1F:14
Certificate issuer:       /CN=E2AF8CFD95270FCF5C2CA65D87777F6FB7ABFD32
Certificate serial:       39
Authority key identifier: E2:AF:8C:FD:95:27:0F:CF:5C:2C:A6:5D:87:77:7F:6F:B7:AB:FD:32
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/4q-M_ZUnD89cLKZdh3d_b7er_TI.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/RECTALE/Fp4u1lCy-jQ0qJjV0LeZx76zHxQ.roa
Signing time:             Fri 29 Oct 2021 17:51:59 +0000
ROA not before:           Fri 29 Oct 2021 17:51:59 +0000
ROA not after:            Thu 29 Sep 2022 02:36:22 +0000
asID:                     210707
IP address blocks:        103.172.124.0/23 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 57 (0x39)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=E2AF8CFD95270FCF5C2CA65D87777F6FB7ABFD32
        Validity
            Not Before: Oct 29 17:51:59 2021 GMT
            Not After : Sep 29 02:36:22 2022 GMT
        Subject: CN=169E2ED650B2FA3434A898D5D0B799C7BEB31F14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:87:d1:67:43:d4:5d:57:d4:98:22:38:4c:ea:
                    5f:6d:3e:99:f7:68:57:b0:61:3f:43:e4:c9:00:00:
                    7e:47:32:e4:37:02:ad:b9:60:4a:59:e0:9d:ef:f6:
                    10:90:75:e4:cc:ca:8f:82:fc:57:e1:7b:1b:69:91:
                    93:7e:0f:ce:f7:e6:29:07:a3:73:15:54:18:9f:46:
                    17:ab:a2:60:63:a7:b4:09:bb:42:fe:47:0e:a8:7e:
                    cd:52:c7:c8:c6:96:7c:e2:3d:df:31:f7:d8:6f:97:
                    6e:7d:a6:f3:9c:ec:54:c7:d2:23:90:d9:f2:52:86:
                    77:a0:21:4a:d6:f3:b9:87:35:7a:80:55:b3:a2:7d:
                    11:0e:16:d6:a7:e1:cd:5e:98:41:41:39:8f:00:75:
                    42:5d:90:02:a8:20:2d:9d:7a:b7:9e:a4:6c:cf:c2:
                    f7:c1:70:09:d3:fe:eb:fb:8d:ee:68:f9:f2:5b:7b:
                    d5:88:83:f3:83:00:e0:df:33:a5:0c:c9:dd:aa:46:
                    66:c9:fb:81:e9:24:70:e5:a5:69:8b:eb:cf:e2:9f:
                    ea:c4:2d:91:5e:3f:23:cc:9f:c7:7e:5f:2a:f2:00:
                    26:2f:7c:5b:32:71:c8:bf:af:a7:a0:52:ff:51:0a:
                    a5:fe:72:91:df:1a:5a:2a:6b:53:d5:b6:72:76:bd:
                    3e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:9E:2E:D6:50:B2:FA:34:34:A8:98:D5:D0:B7:99:C7:BE:B3:1F:14
            X509v3 Authority Key Identifier:
                keyid:E2:AF:8C:FD:95:27:0F:CF:5C:2C:A6:5D:87:77:7F:6F:B7:AB:FD:32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/RECTALE/4q-M_ZUnD89cLKZdh3d_b7er_TI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/4q-M_ZUnD89cLKZdh3d_b7er_TI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/RECTALE/Fp4u1lCy-jQ0qJjV0LeZx76zHxQ.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.172.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ba:94:00:f4:27:98:11:6e:41:4c:59:7a:61:31:d5:93:9f:a7:
         f6:ea:ff:97:ec:d4:e4:e3:90:ac:d2:f5:ab:6a:8d:a8:21:e7:
         91:8f:01:07:c2:fd:8b:f6:b8:3c:c7:92:48:6e:cd:d3:25:ed:
         3f:c9:01:2b:18:e0:40:57:42:4c:b5:74:ac:7d:45:9f:be:93:
         39:83:d5:f8:20:76:ea:e3:82:6c:6e:ad:dc:3d:3e:e8:a2:f8:
         4f:84:78:4e:be:72:f4:a3:df:9c:2f:d9:cb:9e:33:09:bf:08:
         8d:f8:c2:c4:e4:92:70:7c:6c:f9:65:e4:43:e6:12:a2:57:8f:
         0f:df:33:99:1f:2d:36:3d:47:70:c1:27:1e:f3:2d:9a:eb:a9:
         e5:ff:44:e3:4f:6b:c1:82:98:b7:c0:75:d5:46:36:93:c7:c5:
         6f:80:ff:2d:36:17:4e:3e:99:94:53:f1:8e:99:e7:79:84:27:
         37:d2:42:32:e0:4c:8d:22:99:77:d9:07:cb:5e:32:5e:ca:30:
         ec:ff:8b:03:62:fd:f5:e4:a5:dc:c9:27:c0:08:0c:a8:52:2b:
         cf:b6:c3:d7:a1:b6:bb:48:df:35:62:32:5e:ff:5f:69:fc:33:
         b4:bd:eb:07:39:3d:5d:de:d8:6d:9c:ed:d2:d7:fa:4b:f5:a3:
         f1:d9:16:58
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIBOTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhFMkFG
OENGRDk1MjcwRkNGNUMyQ0E2NUQ4Nzc3N0Y2RkI3QUJGRDMyMB4XDTIxMTAyOTE3
NTE1OVoXDTIyMDkyOTAyMzYyMlowMzExMC8GA1UEAxMoMTY5RTJFRDY1MEIyRkEz
NDM0QTg5OEQ1RDBCNzk5QzdCRUIzMUYxNDCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMGH0WdD1F1X1JgiOEzqX20+mfdoV7BhP0PkyQAAfkcy5DcCrblg
Slngne/2EJB15MzKj4L8V+F7G2mRk34PzvfmKQejcxVUGJ9GF6uiYGOntAm7Qv5H
Dqh+zVLHyMaWfOI93zH32G+Xbn2m85zsVMfSI5DZ8lKGd6AhStbzuYc1eoBVs6J9
EQ4W1qfhzV6YQUE5jwB1Ql2QAqggLZ16t56kbM/C98FwCdP+6/uN7mj58lt71YiD
84MA4N8zpQzJ3apGZsn7gekkcOWlaYvrz+Kf6sQtkV4/I8yfx35fKvIAJi98WzJx
yL+vp6BS/1EKpf5ykd8aWiprU9W2cna9PlcCAwEAAaOCAfAwggHsMB0GA1UdDgQW
BBQWni7WULL6NDSomNXQt5nHvrMfFDAfBgNVHSMEGDAWgBTir4z9lScPz1wspl2H
d39vt6v9MjAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF0GA1UdHwRWMFQwUqBQ
oE6GTHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9SRUNUQUxF
LzRxLU1fWlVuRDg5Y0xLWmRoM2RfYjdlcl9USS5jcmwwYAYIKwYBBQUHAQEEVDBS
MFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklD
Q0EvNHEtTV9aVW5EODljTEtaZGgzZF9iN2VyX1RJLmNlcjAOBgNVHQ8BAf8EBAMC
B4AwgZ0GCCsGAQUFBwELBIGQMIGNMFgGCCsGAQUFBzALhkxyc3luYzovL3Jwa2lj
YS50d25pYy50dy9ycGtpL1RXTklDQ0EvUkVDVEFMRS9GcDR1MWxDeS1qUTBxSmpW
MExlWng3NnpIeFEucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMu
dHcvcnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB
Z6x8MA0GCSqGSIb3DQEBCwUAA4IBAQC6lAD0J5gRbkFMWXphMdWTn6f26v+X7NTk
45Cs0vWrao2oIeeRjwEHwv2L9rg8x5JIbs3TJe0/yQErGOBAV0JMtXSsfUWfvpM5
g9X4IHbq44Jsbq3cPT7oovhPhHhOvnL0o9+cL9nLnjMJvwiN+MLE5JJwfGz5ZeRD
5hKiV48P3zOZHy02PUdwwSce8y2a66nl/0TjT2vBgpi3wHXVRjaTx8VvgP8tNhdO
PpmUU/GOmed5hCc30kIy4EyNIpl32QfLXjJeyjDs/4sDYv315KXcySfACAyoUivP
tsPXoba7SN81YjJe/19p/DO0vesHOT1d3thtnO3S1/pL9aPx2RZY
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:19 2024 by rpki-client on console-ams.rpki-client.org