Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/RECTALE/mFtmCFhK3tR31vGAPpB00vvxjyc.roa
File:                     mFtmCFhK3tR31vGAPpB00vvxjyc.roa (raw, json)
Hash identifier:          N5AvHejcaRGYQcdHlX+ffoSJGGpfdOrtqnTESpNmWuc=
Subject key identifier:   98:5B:66:08:58:4A:DE:D4:77:D6:F1:80:3E:90:74:D2:FB:F1:8F:27
Certificate issuer:       /CN=E2AF8CFD95270FCF5C2CA65D87777F6FB7ABFD32
Certificate serial:       011F
Authority key identifier: E2:AF:8C:FD:95:27:0F:CF:5C:2C:A6:5D:87:77:7F:6F:B7:AB:FD:32
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/4q-M_ZUnD89cLKZdh3d_b7er_TI.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/RECTALE/mFtmCFhK3tR31vGAPpB00vvxjyc.roa
Signing time:             Thu 15 Sep 2022 02:41:54 +0000
ROA not before:           Thu 15 Sep 2022 02:41:54 +0000
ROA not after:            Wed 06 Sep 2023 03:00:35 +0000
asID:                     212279
IP address blocks:        103.172.124.0/23 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 287 (0x11f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=E2AF8CFD95270FCF5C2CA65D87777F6FB7ABFD32
        Validity
            Not Before: Sep 15 02:41:54 2022 GMT
            Not After : Sep  6 03:00:35 2023 GMT
        Subject: CN=985B6608584ADED477D6F1803E9074D2FBF18F27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:34:ae:6a:c4:71:09:ab:92:39:13:1f:52:f5:
                    30:67:b3:21:4d:33:cd:cf:c0:56:3b:31:c0:6f:0b:
                    d4:77:d3:ca:ec:fa:8f:fa:69:3f:c4:dc:42:63:66:
                    91:dc:5b:35:90:a3:95:8a:d5:d6:0a:10:16:83:60:
                    7e:a2:ae:e0:2f:d1:72:6b:99:68:52:65:e8:2c:57:
                    6b:38:c8:62:c6:c1:7f:2a:2d:00:99:5b:b1:2d:9f:
                    6e:89:82:89:77:92:ec:fb:c2:03:68:2e:29:3c:34:
                    ac:03:c8:bc:0c:da:94:de:27:f3:f6:a7:04:e6:7c:
                    e6:1e:85:4b:4e:50:9f:21:97:6a:25:62:5f:db:34:
                    2f:a9:ae:23:68:7f:db:2f:d3:c4:a7:e0:1e:93:6c:
                    50:2b:9c:b5:af:c7:04:45:9a:17:e3:e7:1f:28:3b:
                    44:d5:da:7b:c5:56:74:1c:0d:e8:94:ca:79:5e:5f:
                    ff:b0:57:41:41:45:3f:07:a1:7c:05:b0:04:f5:a2:
                    93:52:0d:27:9b:33:3a:d6:41:eb:4c:42:1b:d7:64:
                    99:d3:a9:08:59:df:89:43:18:8c:0a:90:74:7e:a5:
                    ff:1e:67:44:df:53:03:d3:fa:73:a4:a9:f6:92:e9:
                    80:32:d9:a5:bc:b8:64:55:c7:4c:93:b4:31:74:52:
                    71:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:5B:66:08:58:4A:DE:D4:77:D6:F1:80:3E:90:74:D2:FB:F1:8F:27
            X509v3 Authority Key Identifier:
                keyid:E2:AF:8C:FD:95:27:0F:CF:5C:2C:A6:5D:87:77:7F:6F:B7:AB:FD:32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/RECTALE/4q-M_ZUnD89cLKZdh3d_b7er_TI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/4q-M_ZUnD89cLKZdh3d_b7er_TI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/RECTALE/mFtmCFhK3tR31vGAPpB00vvxjyc.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.172.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:c1:43:d5:90:7b:76:e7:d5:93:69:37:b7:7b:27:57:b3:f0:
         9c:2b:20:d7:3e:a8:1b:e6:11:ef:0d:d3:3f:34:e0:d3:2d:a4:
         cb:a8:5f:d1:e7:4d:37:4d:6c:cf:73:26:86:54:0a:94:19:eb:
         1f:ff:96:84:1b:10:a5:ff:89:a2:54:c4:50:31:1c:7c:a1:32:
         40:10:22:06:82:68:8f:27:cb:06:1e:c3:a0:75:8e:2c:0f:27:
         06:34:a6:52:be:42:84:ef:3e:7e:6e:0f:c3:55:af:1a:3b:3c:
         8b:65:2d:0c:f2:a7:cd:0e:1b:43:7d:b0:58:e1:b2:e4:49:26:
         66:16:64:f2:9f:db:e1:0e:48:c8:2d:5e:c9:01:cd:10:05:73:
         6c:17:cc:c3:d2:24:97:14:47:dd:eb:6a:5c:12:41:d9:71:97:
         30:eb:3d:a2:a2:b5:7a:93:b0:55:13:d3:ed:b8:35:77:4c:93:
         3f:3c:49:3b:08:8f:19:4e:4f:65:bb:19:60:30:8c:6a:67:29:
         10:e4:47:77:e9:11:98:8e:cb:4f:ce:9b:01:72:7e:42:f8:de:
         7f:9a:99:15:47:e0:2d:7d:6c:2b:0b:09:6c:4b:e0:2c:26:a9:
         0a:e9:f1:d2:5b:28:79:c0:90:16:e9:b7:60:07:93:8a:02:3e:
         b8:21:bd:ea
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICAR8wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRTJB
RjhDRkQ5NTI3MEZDRjVDMkNBNjVEODc3NzdGNkZCN0FCRkQzMjAeFw0yMjA5MTUw
MjQxNTRaFw0yMzA5MDYwMzAwMzVaMDMxMTAvBgNVBAMTKDk4NUI2NjA4NTg0QURF
RDQ3N0Q2RjE4MDNFOTA3NEQyRkJGMThGMjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKNK5qxHEJq5I5Ex9S9TBnsyFNM83PwFY7McBvC9R308rs+o/6
aT/E3EJjZpHcWzWQo5WK1dYKEBaDYH6iruAv0XJrmWhSZegsV2s4yGLGwX8qLQCZ
W7Etn26Jgol3kuz7wgNoLik8NKwDyLwM2pTeJ/P2pwTmfOYehUtOUJ8hl2olYl/b
NC+priNof9sv08Sn4B6TbFArnLWvxwRFmhfj5x8oO0TV2nvFVnQcDeiUynleX/+w
V0FBRT8HoXwFsAT1opNSDSebMzrWQetMQhvXZJnTqQhZ34lDGIwKkHR+pf8eZ0Tf
UwPT+nOkqfaS6YAy2aW8uGRVx0yTtDF0UnGpAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUmFtmCFhK3tR31vGAPpB00vvxjycwHwYDVR0jBBgwFoAU4q+M/ZUnD89cLKZd
h3d/b7er/TIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvUkVDVEFM
RS80cS1NX1pVbkQ4OWNMS1pkaDNkX2I3ZXJfVEkuY3JsMGAGCCsGAQUFBwEBBFQw
UjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpY2EudHduaWMudHcvcnBraS9UV05J
Q0NBLzRxLU1fWlVuRDg5Y0xLWmRoM2RfYjdlcl9USS5jZXIwDgYDVR0PAQH/BAQD
AgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9ycGtp
Y2EudHduaWMudHcvcnBraS9UV05JQ0NBL1JFQ1RBTEUvbUZ0bUNGaEszdFIzMXZH
QVBwQjAwdnZ4anljLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycmRwLnR3bmlj
LnR3L3JyZHAvbm90aWZ5LnhtbDAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgME
AWesfDANBgkqhkiG9w0BAQsFAAOCAQEAmsFD1ZB7dufVk2k3t3snV7PwnCsg1z6o
G+YR7w3TPzTg0y2ky6hf0edNN01sz3MmhlQKlBnrH/+WhBsQpf+JolTEUDEcfKEy
QBAiBoJojyfLBh7DoHWOLA8nBjSmUr5ChO8+fm4Pw1WvGjs8i2UtDPKnzQ4bQ32w
WOGy5EkmZhZk8p/b4Q5IyC1eyQHNEAVzbBfMw9IklxRH3etqXBJB2XGXMOs9oqK1
epOwVRPT7bg1d0yTPzxJOwiPGU5PZbsZYDCMamcpEORHd+kRmI7LT86bAXJ+Qvje
f5qZFUfgLX1sKwsJbEvgLCapCunx0lsoecCQFum3YAeTigI+uCG96g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:44 2024 by rpki-client on console-fra.rpki-client.org