Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/RECTALE/W7c7Oh3Zenaxs5ZWbT-lWdLu-7A.roa
File:                     W7c7Oh3Zenaxs5ZWbT-lWdLu-7A.roa (raw, json)
Hash identifier:          mfccnYb8AOYRrPyIp68YMl/KjqduIB3lYui91IysOUk=
Subject key identifier:   5B:B7:3B:3A:1D:D9:7A:76:B1:B3:96:56:6D:3F:A5:59:D2:EE:FB:B0
Certificate issuer:       /CN=E2AF8CFD95270FCF5C2CA65D87777F6FB7ABFD32
Certificate serial:       97
Authority key identifier: E2:AF:8C:FD:95:27:0F:CF:5C:2C:A6:5D:87:77:7F:6F:B7:AB:FD:32
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/4q-M_ZUnD89cLKZdh3d_b7er_TI.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/RECTALE/W7c7Oh3Zenaxs5ZWbT-lWdLu-7A.roa
Signing time:             Fri 04 Mar 2022 09:21:04 +0000
ROA not before:           Fri 04 Mar 2022 09:21:04 +0000
ROA not after:            Thu 29 Sep 2022 02:36:22 +0000
asID:                     7480
IP address blocks:        103.172.124.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 151 (0x97)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=E2AF8CFD95270FCF5C2CA65D87777F6FB7ABFD32
        Validity
            Not Before: Mar  4 09:21:04 2022 GMT
            Not After : Sep 29 02:36:22 2022 GMT
        Subject: CN=5BB73B3A1DD97A76B1B396566D3FA559D2EEFBB0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:52:28:c6:8d:74:26:40:79:ca:ad:06:99:bb:
                    62:62:b0:f9:33:ed:dc:9d:ce:92:02:a6:5e:ce:25:
                    86:d6:f3:b2:5f:97:5b:ad:88:e2:ee:f5:aa:26:7d:
                    61:76:e1:7b:f0:7d:ce:1c:ff:ff:9f:f0:15:ff:01:
                    af:45:d6:cb:a6:0a:af:14:d2:c7:b0:99:e1:ef:06:
                    82:45:7c:63:34:7f:72:5d:48:b6:5f:3e:61:5b:8b:
                    51:5b:94:56:14:a0:79:7c:0b:5a:f1:71:8b:92:64:
                    ae:7a:35:a2:07:d1:13:be:e6:10:bf:83:3c:64:e7:
                    19:40:20:68:4d:9c:78:b3:2a:3a:0f:14:f6:57:48:
                    dd:69:dc:44:6d:bc:65:b6:cf:8c:12:d3:3f:39:3c:
                    ac:03:43:b7:72:51:82:7d:8f:d3:83:66:7a:30:70:
                    4c:4b:29:c9:9e:61:a9:86:42:24:58:19:c8:9c:2e:
                    a5:0e:a8:ad:f4:41:f4:db:0d:31:85:f8:b4:dc:a1:
                    d6:d1:60:23:97:b5:d0:62:03:de:71:5b:04:44:03:
                    65:b1:0b:f2:62:5e:81:2b:22:db:5c:80:c7:8b:f1:
                    c7:cb:6b:d9:79:f3:9a:9d:b4:22:2d:70:fc:20:a7:
                    ad:7e:f9:ca:39:31:30:d2:65:15:ef:31:f8:a7:95:
                    87:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:B7:3B:3A:1D:D9:7A:76:B1:B3:96:56:6D:3F:A5:59:D2:EE:FB:B0
            X509v3 Authority Key Identifier:
                keyid:E2:AF:8C:FD:95:27:0F:CF:5C:2C:A6:5D:87:77:7F:6F:B7:AB:FD:32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/RECTALE/4q-M_ZUnD89cLKZdh3d_b7er_TI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/4q-M_ZUnD89cLKZdh3d_b7er_TI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/RECTALE/W7c7Oh3Zenaxs5ZWbT-lWdLu-7A.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.172.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:4f:cc:17:09:eb:ee:67:5a:ef:dc:75:f9:6d:f8:13:d6:75:
         5b:00:59:fd:5d:51:de:d1:0d:65:0d:ac:2e:14:e6:98:a1:55:
         d6:4a:23:ee:f4:28:2f:c9:dd:0d:9f:13:16:83:63:c4:47:57:
         30:18:b9:be:d9:7a:c6:72:80:5a:31:3f:7c:30:be:c3:34:78:
         c7:0b:44:80:6a:d5:83:a4:0a:5c:70:28:ef:2d:a0:e4:8d:6f:
         e7:be:63:52:a7:11:c0:8b:53:62:2e:ea:f0:44:1e:a6:25:be:
         e4:06:a6:e5:52:3c:dc:d6:ec:1b:9b:f6:98:36:41:07:d9:47:
         47:34:00:56:9b:fe:cc:ef:89:ed:28:74:9a:72:2e:09:eb:9d:
         64:f0:dc:e3:36:9c:9d:24:0e:d0:67:f6:1f:ca:30:8d:35:5b:
         5e:ec:54:98:16:04:47:4b:d6:ac:db:6d:5f:67:03:27:4d:f7:
         44:cb:27:b8:05:98:06:7a:4f:69:99:be:1e:4a:15:a0:90:3c:
         86:7a:14:43:06:f3:ff:d7:77:e3:d4:45:70:be:8a:d1:0b:bd:
         83:d4:57:00:31:29:28:08:4c:46:5a:9d:f1:91:20:30:a2:00:
         ff:b2:ab:b6:87:bc:64:4d:88:57:88:41:ea:13:ea:2b:5f:58:
         ec:e2:d0:73
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICAJcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRTJB
RjhDRkQ5NTI3MEZDRjVDMkNBNjVEODc3NzdGNkZCN0FCRkQzMjAeFw0yMjAzMDQw
OTIxMDRaFw0yMjA5MjkwMjM2MjJaMDMxMTAvBgNVBAMTKDVCQjczQjNBMUREOTdB
NzZCMUIzOTY1NjZEM0ZBNTU5RDJFRUZCQjAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8UijGjXQmQHnKrQaZu2JisPkz7dydzpICpl7OJYbW87Jfl1ut
iOLu9aomfWF24Xvwfc4c//+f8BX/Aa9F1sumCq8U0sewmeHvBoJFfGM0f3JdSLZf
PmFbi1FblFYUoHl8C1rxcYuSZK56NaIH0RO+5hC/gzxk5xlAIGhNnHizKjoPFPZX
SN1p3ERtvGW2z4wS0z85PKwDQ7dyUYJ9j9ODZnowcExLKcmeYamGQiRYGcicLqUO
qK30QfTbDTGF+LTcodbRYCOXtdBiA95xWwREA2WxC/JiXoErIttcgMeL8cfLa9l5
85qdtCItcPwgp61++co5MTDSZRXvMfinlYchAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUW7c7Oh3Zenaxs5ZWbT+lWdLu+7AwHwYDVR0jBBgwFoAU4q+M/ZUnD89cLKZd
h3d/b7er/TIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvUkVDVEFM
RS80cS1NX1pVbkQ4OWNMS1pkaDNkX2I3ZXJfVEkuY3JsMGAGCCsGAQUFBwEBBFQw
UjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpY2EudHduaWMudHcvcnBraS9UV05J
Q0NBLzRxLU1fWlVuRDg5Y0xLWmRoM2RfYjdlcl9USS5jZXIwDgYDVR0PAQH/BAQD
AgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9ycGtp
Y2EudHduaWMudHcvcnBraS9UV05JQ0NBL1JFQ1RBTEUvVzdjN09oM1plbmF4czVa
V2JULWxXZEx1LTdBLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycmRwLnR3bmlj
LnR3L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgME
AGesfDANBgkqhkiG9w0BAQsFAAOCAQEAnk/MFwnr7mda79x1+W34E9Z1WwBZ/V1R
3tENZQ2sLhTmmKFV1koj7vQoL8ndDZ8TFoNjxEdXMBi5vtl6xnKAWjE/fDC+wzR4
xwtEgGrVg6QKXHAo7y2g5I1v575jUqcRwItTYi7q8EQepiW+5Aam5VI83NbsG5v2
mDZBB9lHRzQAVpv+zO+J7Sh0mnIuCeudZPDc4zacnSQO0Gf2H8owjTVbXuxUmBYE
R0vWrNttX2cDJ033RMsnuAWYBnpPaZm+HkoVoJA8hnoUQwbz/9d349RFcL6K0Qu9
g9RXADEpKAhMRlqd8ZEgMKIA/7Krtoe8ZE2IV4hB6hPqK19Y7OLQcw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:19 2024 by rpki-client on console-ams.rpki-client.org