Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911E403/A1CCECFEF8BB11EA87B1DE6BC4F9AE02/004BA040777111EEB91CD93BC4F9AE02.roa
File:                     004BA040777111EEB91CD93BC4F9AE02.roa (raw, json)
Hash identifier:          597zCTSt3uCF19d6DmAlkzQQDEtYEeL1ApM2qZTn8Vg=
Subject key identifier:   D7:8C:40:FF:7E:1F:80:B8:B1:89:0D:09:58:50:CF:B5:A5:DF:66:D4
Certificate issuer:       /CN=A911E403/serialNumber=5FE30CAF6F5A32C919D335AA94D0E7333CD05435
Certificate serial:       06B7
Authority key identifier: 5F:E3:0C:AF:6F:5A:32:C9:19:D3:35:AA:94:D0:E7:33:3C:D0:54:35
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/X-MMr29aMskZ0zWqlNDnMzzQVDU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911E403/A1CCECFEF8BB11EA87B1DE6BC4F9AE02/004BA040777111EEB91CD93BC4F9AE02.roa
Signing time:             Mon 30 Oct 2023 22:09:31 +0000
ROA not before:           Mon 30 Oct 2023 22:09:31 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     10080
IP address blocks:        2001:df0:e9c0::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1719 (0x6b7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911E403/serialNumber=5FE30CAF6F5A32C919D335AA94D0E7333CD05435
        Validity
            Not Before: Oct 30 22:09:31 2023 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=6540299b-32d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:58:ff:7e:8b:e9:76:e1:96:c5:bc:b7:70:28:
                    72:7f:fc:9a:9f:5e:bd:d2:c0:a9:90:40:b3:40:2b:
                    83:e6:5b:dd:df:ca:9e:e1:95:2c:41:67:00:6c:89:
                    b7:fd:73:d0:3f:cb:22:06:03:ed:32:a3:e5:bb:35:
                    b9:39:bd:ae:6e:66:a5:12:4e:e3:8f:4f:ae:b3:51:
                    df:e0:06:43:3b:2f:7d:b9:69:0b:ad:25:27:d4:70:
                    72:1e:b0:a0:bf:36:1c:47:d4:28:09:bf:d5:82:5c:
                    12:3f:7e:55:94:de:5a:b9:c9:a5:cf:cd:4b:44:29:
                    48:7f:47:50:a5:4f:76:6f:b4:0b:72:d0:0b:42:4f:
                    b0:19:6c:63:ad:19:2d:b3:a4:6a:62:d8:14:ad:96:
                    af:de:9a:72:1b:e9:e8:e7:2c:ff:9f:bf:ec:6f:bd:
                    3b:7d:db:8b:40:32:c8:d3:39:33:90:91:e1:b7:d2:
                    59:80:fd:3f:90:51:27:3f:f5:0a:44:ff:86:3a:28:
                    f4:a0:1b:c6:25:ba:ba:7a:93:2d:4d:3c:ff:ed:5b:
                    f0:7f:36:26:a9:7d:42:f4:8d:d6:a4:46:42:0f:d6:
                    ae:54:fa:f9:60:7c:40:f1:f2:e4:77:ca:d0:97:d0:
                    79:2f:23:aa:bd:62:9b:4c:ee:1f:6e:7d:95:02:a6:
                    91:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:8C:40:FF:7E:1F:80:B8:B1:89:0D:09:58:50:CF:B5:A5:DF:66:D4
            X509v3 Authority Key Identifier:
                keyid:5F:E3:0C:AF:6F:5A:32:C9:19:D3:35:AA:94:D0:E7:33:3C:D0:54:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911E403/A1CCECFEF8BB11EA87B1DE6BC4F9AE02/X-MMr29aMskZ0zWqlNDnMzzQVDU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/X-MMr29aMskZ0zWqlNDnMzzQVDU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911E403/A1CCECFEF8BB11EA87B1DE6BC4F9AE02/004BA040777111EEB91CD93BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df0:e9c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         db:c2:2a:86:07:ac:64:bd:a9:2d:6d:fc:d8:27:d6:02:e7:60:
         ec:c2:9a:00:ca:27:31:2a:cc:b5:56:9f:a4:7e:74:04:5d:e4:
         b9:af:66:db:0a:33:3f:63:c3:88:c3:76:70:d9:ae:69:ad:43:
         33:6c:c7:a8:42:df:fc:a1:75:21:b8:17:c3:66:8b:b3:17:d2:
         85:08:ec:12:cf:80:26:35:e6:16:6c:95:ca:f0:14:5b:1c:1f:
         d4:67:74:fe:b5:00:5e:8a:73:ef:59:7f:a6:41:7a:4e:bf:e0:
         1d:8a:45:67:ae:c9:7b:bd:f3:04:c7:68:36:f2:83:be:3c:38:
         63:58:dd:66:40:71:26:37:62:22:70:cd:29:91:c4:10:24:db:
         81:6c:85:75:c3:f1:c0:f6:9f:4a:64:fd:d6:91:c4:60:c7:a0:
         ad:51:ee:c2:f1:53:1c:41:f0:b7:8a:b5:d1:e3:df:7a:48:d4:
         92:76:37:23:ea:18:be:85:be:6e:c4:aa:06:f3:ea:fe:57:a0:
         c2:d1:78:6e:e6:28:5a:c8:c9:01:a5:40:ec:a6:ca:6b:3d:44:
         59:df:ca:d0:e5:a7:ae:40:d4:94:c3:3c:a6:b8:91:8b:d1:ce:
         06:c2:bd:80:ed:a0:18:dd:42:86:f0:5a:f8:d2:39:83:de:b8:
         b4:e0:03:99
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICBrcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUU0MDMxMTAvBgNVBAUTKDVGRTMwQ0FGNkY1QTMyQzkxOUQzMzVBQTk0RDBFNzMz
M0NEMDU0MzUwHhcNMjMxMDMwMjIwOTMxWhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTQwMjk5Yi0zMmQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2Fj/fovpduGWxby3cChyf/yan1690sCpkECzQCuD5lvd38qe4ZUsQWcAbIm3
/XPQP8siBgPtMqPluzW5Ob2ubmalEk7jj0+us1Hf4AZDOy99uWkLrSUn1HByHrCg
vzYcR9QoCb/VglwSP35VlN5aucmlz81LRClIf0dQpU92b7QLctALQk+wGWxjrRkt
s6RqYtgUrZav3ppyG+no5yz/n7/sb707fduLQDLI0zkzkJHht9JZgP0/kFEnP/UK
RP+GOij0oBvGJbq6epMtTTz/7VvwfzYmqX1C9I3WpEZCD9auVPr5YHxA8fLkd8rQ
l9B5LyOqvWKbTO4fbn2VAqaRvQIDAQABo4ICmDCCApQwHQYDVR0OBBYEFNeMQP9+
H4C4sYkNCVhQz7Wl32bUMB8GA1UdIwQYMBaAFF/jDK9vWjLJGdM1qpTQ5zM80FQ1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRTQwMy9BMUNDRUNGRUY4
QkIxMUVBODdCMURFNkJDNEY5QUUwMi9YLU1NcjI5YU1za1oweldxbE5Ebk16elFW
RFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1gtTU1yMjlhTXNrWjB6V3FsTkRuTXp6UVZEVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUU0MDMvQTFDQ0VDRkVGOEJCMTFFQTg3QjFERTZCQzRGOUFFMDIvMDA0QkEwNDA3
NzcxMTFFRUI5MUNEOTNCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAgAQ3w6cAwDQYJKoZIhvcNAQELBQADggEBANvCKoYHrGS9
qS1t/Ngn1gLnYOzCmgDKJzEqzLVWn6R+dARd5LmvZtsKMz9jw4jDdnDZrmmtQzNs
x6hC3/yhdSG4F8Nmi7MX0oUI7BLPgCY15hZslcrwFFscH9RndP61AF6Kc+9Zf6ZB
ek6/4B2KRWeuyXu98wTHaDbyg748OGNY3WZAcSY3YiJwzSmRxBAk24FshXXD8cD2
n0pk/daRxGDHoK1R7sLxUxxB8LeKtdHj33pI1JJ2NyPqGL6Fvm7Eqgbz6v5XoMLR
eG7mKFrIyQGlQOymyms9RFnfytDlp65A1JTDPKa4kYvRzgbCvYDtoBjdQobwWvjS
OYPeuLTgA5k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:56 2024 by rpki-client on console-fra.rpki-client.org