Route Origin Authorization

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/TWNIC/jLh_ThrUWbuMX5JrbtLJ4ZIOTkg.roa
File:                     jLh_ThrUWbuMX5JrbtLJ4ZIOTkg.roa (raw, json)
Hash identifier:          4xvnEUYKcRA4nY3WcV9g6k9Qck3FlRQhMdFJ/0XOc+Y=
Subject key identifier:   8C:B8:7F:4E:1A:D4:59:BB:8C:5F:92:6B:6E:D2:C9:E1:92:0E:4E:48
Certificate issuer:       /CN=DFA8C454815C3017456EA3B4A7D00213BB85C965
Certificate serial:       121B
Authority key identifier: DF:A8:C4:54:81:5C:30:17:45:6E:A3:B4:A7:D0:02:13:BB:85:C9:65
Authority info access:    rsync://rpkica.twnic.tw/rpki/TWNICCA/36jEVIFcMBdFbqO0p9ACE7uFyWU.cer
Subject info access:      rsync://rpkica.twnic.tw/rpki/TWNICCA/TWNIC/jLh_ThrUWbuMX5JrbtLJ4ZIOTkg.roa
Signing time:             Mon 05 Feb 2024 09:05:39 +0000
ROA not before:           Mon 05 Feb 2024 09:05:39 +0000
ROA not after:            Sat 31 Aug 2024 03:10:53 +0000
asID:                     18180
IP address blocks:        119.75.245.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4635 (0x121b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DFA8C454815C3017456EA3B4A7D00213BB85C965
        Validity
            Not Before: Feb  5 09:05:39 2024 GMT
            Not After : Aug 31 03:10:53 2024 GMT
        Subject: CN=8CB87F4E1AD459BB8C5F926B6ED2C9E1920E4E48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f0:5c:8a:ae:f2:a3:ce:c8:f7:30:fc:dc:9c:
                    1b:b4:69:e3:3a:d8:6f:63:30:56:4f:d1:10:63:63:
                    ec:49:ff:04:51:62:e0:02:0e:27:17:89:76:a7:58:
                    c2:c5:e0:e5:ca:35:47:91:60:a6:4e:2e:89:bb:69:
                    a2:10:c0:af:71:58:05:e2:06:97:41:98:91:33:99:
                    7e:c2:e6:50:e2:93:ac:9e:c1:55:6b:f0:62:db:3f:
                    ad:b6:aa:68:83:13:40:83:83:29:42:89:dd:f0:e4:
                    7b:a5:d5:5b:8b:4b:07:cb:b3:9c:d8:28:5d:0f:ea:
                    b0:4d:da:7e:a9:b4:f1:8a:ea:2c:8c:4b:41:9d:3f:
                    3f:d3:c9:fc:59:46:f5:3c:96:6f:ed:ba:15:7f:3f:
                    62:6b:90:2a:22:87:c2:2d:b5:bb:b1:6d:6a:f7:ed:
                    f6:d3:30:04:82:eb:e3:92:57:84:99:48:56:3b:62:
                    30:72:a3:c9:45:55:64:05:30:05:3b:21:af:dc:b3:
                    6b:1e:7b:98:59:01:e4:87:2c:e0:70:b1:76:e5:d9:
                    2a:8d:75:24:38:a9:4f:3b:f2:4e:16:79:0f:d0:6d:
                    be:16:a1:ef:65:a3:4c:f6:4d:4c:9c:6e:41:ff:88:
                    62:c2:44:c2:cf:2c:44:da:c6:dd:10:71:b8:45:1e:
                    d3:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:B8:7F:4E:1A:D4:59:BB:8C:5F:92:6B:6E:D2:C9:E1:92:0E:4E:48
            X509v3 Authority Key Identifier:
                keyid:DF:A8:C4:54:81:5C:30:17:45:6E:A3:B4:A7:D0:02:13:BB:85:C9:65

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TWNIC/36jEVIFcMBdFbqO0p9ACE7uFyWU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/36jEVIFcMBdFbqO0p9ACE7uFyWU.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TWNIC/jLh_ThrUWbuMX5JrbtLJ4ZIOTkg.roa
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.75.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:19:46:de:d2:8b:9b:67:3f:81:0d:39:19:5e:ff:18:78:ce:
         c6:d7:d5:c3:21:72:7a:b7:38:fd:c0:e5:79:c6:48:13:3f:09:
         d5:49:8d:2b:b1:82:2e:fd:9b:e4:08:6a:ce:8c:ef:8f:48:f8:
         49:9d:fe:fd:2b:da:59:94:32:92:be:44:00:8e:d4:73:a5:03:
         7b:a5:a4:40:37:e5:4f:54:6f:21:a9:df:ed:47:d1:ce:a7:6e:
         8f:d1:1f:e2:c5:80:87:48:64:30:9f:4f:5e:85:33:f9:01:ff:
         b5:d0:03:a7:65:9e:05:e0:0d:a1:42:f7:3c:57:37:7d:05:79:
         be:c1:f5:2e:e9:63:a1:91:68:a0:f3:02:04:f7:fd:34:9a:8e:
         5c:57:91:a2:38:e1:f9:ee:0c:9e:7d:86:46:93:a0:5a:7e:9d:
         e6:59:95:43:da:82:65:85:7e:5a:e2:2e:56:0d:98:fa:28:50:
         5b:f6:50:d6:71:74:18:95:49:90:55:b7:44:db:67:27:3d:0d:
         fe:0b:5b:7b:1a:06:5d:10:f0:7f:e6:1f:e8:d5:17:6a:d9:81:
         6b:03:2c:d6:79:71:5d:cf:91:27:b8:f6:6c:e0:76:23:6d:e0:
         23:b3:87:b6:65:ea:9d:59:69:15:2d:36:6a:ab:e5:22:58:65:
         d6:d8:f2:79
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgICEhswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoREZB
OEM0NTQ4MTVDMzAxNzQ1NkVBM0I0QTdEMDAyMTNCQjg1Qzk2NTAeFw0yNDAyMDUw
OTA1MzlaFw0yNDA4MzEwMzEwNTNaMDMxMTAvBgNVBAMTKDhDQjg3RjRFMUFENDU5
QkI4QzVGOTI2QjZFRDJDOUUxOTIwRTRFNDgwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCo8FyKrvKjzsj3MPzcnBu0aeM62G9jMFZP0RBjY+xJ/wRRYuAC
DicXiXanWMLF4OXKNUeRYKZOLom7aaIQwK9xWAXiBpdBmJEzmX7C5lDik6yewVVr
8GLbP622qmiDE0CDgylCid3w5Hul1VuLSwfLs5zYKF0P6rBN2n6ptPGK6iyMS0Gd
Pz/TyfxZRvU8lm/tuhV/P2JrkCoih8IttbuxbWr37fbTMASC6+OSV4SZSFY7YjBy
o8lFVWQFMAU7Ia/cs2see5hZAeSHLOBwsXbl2SqNdSQ4qU878k4WeQ/Qbb4Woe9l
o0z2TUycbkH/iGLCRMLPLETaxt0QcbhFHtMXAgMBAAGjggHsMIIB6DAdBgNVHQ4E
FgQUjLh/ThrUWbuMX5JrbtLJ4ZIOTkgwHwYDVR0jBBgwFoAU36jEVIFcMBdFbqO0
p9ACE7uFyWUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvVFdOSUMv
MzZqRVZJRmNNQmRGYnFPMHA5QUNFN3VGeVdVLmNybDBgBggrBgEFBQcBAQRUMFIw
UAYIKwYBBQUHMAKGRHJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUND
QS8zNmpFVklGY01CZEZicU8wcDlBQ0U3dUZ5V1UuY2VyMA4GA1UdDwEB/wQEAwIH
gDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBraWNh
LnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9UV05JQy9qTGhfVGhyVVdidU1YNUpyYnRM
SjRaSU9Ua2cucm9hMDEGCCsGAQUFBzANhiVodHRwczovL3JyZHAudHduaWMudHcv
cnJkcC9ub3RpZnkueG1sMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAd0v1
MA0GCSqGSIb3DQEBCwUAA4IBAQAqGUbe0oubZz+BDTkZXv8YeM7G19XDIXJ6tzj9
wOV5xkgTPwnVSY0rsYIu/ZvkCGrOjO+PSPhJnf79K9pZlDKSvkQAjtRzpQN7paRA
N+VPVG8hqd/tR9HOp26P0R/ixYCHSGQwn09ehTP5Af+10AOnZZ4F4A2hQvc8Vzd9
BXm+wfUu6WOhkWig8wIE9/00mo5cV5GiOOH57gyefYZGk6Bafp3mWZVD2oJlhX5a
4i5WDZj6KFBb9lDWcXQYlUmQVbdE22cnPQ3+C1t7GgZdEPB/5h/o1Rdq2YFrAyzW
eXFdz5EnuPZs4HYjbeAjs4e2ZeqdWWkVLTZqq+UiWGXW2PJ5
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:44 2024 by rpki-client on console-ams.rpki-client.org