Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912A517/2B19FFB8F50011E8A93A8E63C4F9AE02/4C4BAAA2E3DD11E99E316860C4F9AE02.roa
File:                     4C4BAAA2E3DD11E99E316860C4F9AE02.roa (raw, json)
Hash identifier:          S6LNUe5gQ/UvlTtmpIzgsGvFBbLILpC8FTJEbO/M0Ck=
Subject key identifier:   93:9E:15:53:78:FE:21:E0:25:3E:B6:DC:CE:C9:C5:49:B7:B5:4D:07
Certificate issuer:       /CN=A912A517/serialNumber=104113CE8F5E01751AF4D0F24968D83924A6C807
Certificate serial:       0D9D
Authority key identifier: 10:41:13:CE:8F:5E:01:75:1A:F4:D0:F2:49:68:D8:39:24:A6:C8:07
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EEETzo9eAXUa9NDySWjYOSSmyAc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912A517/2B19FFB8F50011E8A93A8E63C4F9AE02/4C4BAAA2E3DD11E99E316860C4F9AE02.roa
Signing time:             Tue 21 Dec 2021 06:35:52 +0000
ROA not before:           Tue 21 Dec 2021 06:35:52 +0000
ROA not after:            Thu 02 Mar 2023 00:00:00 +0000
asID:                     55850
IP address blocks:        14.137.0.0/19 maxlen: 19
                          101.53.192.0/19 maxlen: 19
                          101.53.217.0/24 maxlen: 24
                          101.53.220.0/22 maxlen: 22
                          103.26.202.0/24 maxlen: 24
                          103.26.203.0/24 maxlen: 24
                          103.241.56.0/22 maxlen: 22
                          115.69.160.0/19 maxlen: 19
                          116.251.128.0/18 maxlen: 18
                          116.251.192.0/21 maxlen: 21
                          116.251.200.0/22 maxlen: 22
                          150.107.172.0/22 maxlen: 22
                          180.148.96.0/19 maxlen: 19
                          202.74.33.0/24 maxlen: 24
                          203.94.32.0/19 maxlen: 19
                          2406:5a00::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3485 (0xd9d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912A517/serialNumber=104113CE8F5E01751AF4D0F24968D83924A6C807
        Validity
            Not Before: Dec 21 06:35:52 2021 GMT
            Not After : Mar  2 00:00:00 2023 GMT
        Subject: CN=61c175c8-34b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7d:98:96:2c:78:18:b0:03:7f:76:38:75:c7:
                    59:75:ac:0f:69:f5:c4:a5:76:f9:93:3c:18:59:4a:
                    b2:d7:c4:a7:1d:9b:8f:2e:82:63:4d:aa:ee:7f:f4:
                    34:df:f6:67:03:e8:4b:91:4c:5c:92:5f:14:90:ad:
                    6b:95:ab:06:11:6e:df:01:d1:ac:d7:86:d3:e8:0f:
                    f1:cb:04:59:73:77:45:9e:b7:33:3b:52:02:2f:cf:
                    d3:f7:97:40:cd:6c:64:9d:27:bc:6b:2b:b3:a0:80:
                    9a:14:61:a5:2e:cf:99:2a:28:46:08:22:ab:9f:31:
                    87:5c:c4:29:e8:d1:36:1b:66:62:9f:2f:92:44:6f:
                    76:d0:83:6d:d8:c1:01:24:1e:81:13:b8:b7:17:1b:
                    a9:01:bc:ab:41:ec:c2:f0:03:ca:d2:84:62:c2:d6:
                    5c:0f:3b:8c:60:3e:49:9c:65:f8:67:40:f6:b3:0c:
                    fb:33:ba:6c:8d:0e:37:4a:07:fd:d1:f2:d1:00:00:
                    5a:d5:00:d2:e9:b5:80:72:9e:77:7f:15:7f:ba:16:
                    77:aa:60:99:13:b8:ef:c0:d2:82:d7:f8:84:0b:b5:
                    49:61:36:fe:43:a7:32:77:ae:5e:0d:0c:71:e9:1c:
                    ef:e3:c8:d7:9e:4f:c1:35:7e:05:c5:ab:ed:99:82:
                    33:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:9E:15:53:78:FE:21:E0:25:3E:B6:DC:CE:C9:C5:49:B7:B5:4D:07
            X509v3 Authority Key Identifier:
                keyid:10:41:13:CE:8F:5E:01:75:1A:F4:D0:F2:49:68:D8:39:24:A6:C8:07

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912A517/2B19FFB8F50011E8A93A8E63C4F9AE02/EEETzo9eAXUa9NDySWjYOSSmyAc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/EEETzo9eAXUa9NDySWjYOSSmyAc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912A517/2B19FFB8F50011E8A93A8E63C4F9AE02/4C4BAAA2E3DD11E99E316860C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.137.0.0/19
                  101.53.192.0/19
                  103.26.202.0/23
                  103.241.56.0/22
                  115.69.160.0/19
                  116.251.128.0-116.251.203.255
                  150.107.172.0/22
                  180.148.96.0/19
                  202.74.33.0/24
                  203.94.32.0/19
                IPv6:
                  2406:5a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         b1:7f:1b:5b:d1:2c:55:b6:7d:53:7b:d0:ac:d9:f4:dd:14:8b:
         97:32:87:3c:51:86:ab:a0:a5:b1:88:02:ff:61:42:a3:a8:3f:
         8c:4b:b4:f6:4e:aa:bb:4a:98:6d:f9:f0:7d:34:26:a3:48:14:
         38:2f:74:93:02:1b:bd:18:33:32:5f:4c:69:f3:b3:b7:9f:45:
         83:ad:f6:fa:8b:db:f6:f1:e3:31:22:37:e0:71:4b:64:e5:f4:
         37:26:d3:bb:eb:15:b6:32:d2:be:bd:c1:96:dd:ab:06:f1:cb:
         04:6e:5a:3e:10:f5:5e:00:82:78:47:87:04:4b:f3:c5:7f:4e:
         03:ba:cf:6e:4f:7e:ae:c3:d5:3c:81:59:a6:e6:16:31:a3:45:
         50:2a:20:ae:1d:06:8c:76:60:b3:dc:2b:28:d2:66:3b:7e:58:
         d5:0f:da:e1:4a:c2:a8:67:60:7d:49:f9:0b:5b:64:f4:85:5e:
         2e:e2:1f:69:a1:f6:21:97:4c:4d:78:6a:40:d1:82:98:dd:e1:
         c3:14:61:3b:b3:ac:09:a3:c3:01:58:6c:1b:be:d9:1f:db:ca:
         d5:04:b9:57:ab:69:e4:6f:8c:b1:ba:2a:00:6a:62:6a:32:c4:
         c8:8e:b0:58:26:98:71:24:7d:66:55:5a:62:94:33:78:bb:18:
         b0:99:e8:a3
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgICDZ0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkE1MTcxMTAvBgNVBAUTKDEwNDExM0NFOEY1RTAxNzUxQUY0RDBGMjQ5NjhEODM5
MjRBNkM4MDcwHhcNMjExMjIxMDYzNTUyWhcNMjMwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWMxNzVjOC0zNGI4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw32Ylix4GLADf3Y4dcdZdawPafXEpXb5kzwYWUqy18SnHZuPLoJjTaruf/Q0
3/ZnA+hLkUxckl8UkK1rlasGEW7fAdGs14bT6A/xywRZc3dFnrczO1ICL8/T95dA
zWxknSe8ayuzoICaFGGlLs+ZKihGCCKrnzGHXMQp6NE2G2Ziny+SRG920INt2MEB
JB6BE7i3FxupAbyrQezC8APK0oRiwtZcDzuMYD5JnGX4Z0D2swz7M7psjQ43Sgf9
0fLRAABa1QDS6bWAcp53fxV/uhZ3qmCZE7jvwNKC1/iEC7VJYTb+Q6cyd65eDQxx
6Rzv48jXnk/BNX4FxavtmYIzLwIDAQABo4IC4jCCAt4wHQYDVR0OBBYEFJOeFVN4
/iHgJT623M7JxUm3tU0HMB8GA1UdIwQYMBaAFBBBE86PXgF1GvTQ8klo2DkkpsgH
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyQTUxNy8yQjE5RkZCOEY1
MDAxMUU4QTkzQThFNjNDNEY5QUUwMi9FRUVUem85ZUFYVWE5TkR5U1dqWU9TU215
QWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0VFRVR6bzllQVhVYTlORHlTV2pZT1NTbXlBYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkE1MTcvMkIxOUZGQjhGNTAwMTFFOEE5M0E4RTYzQzRGOUFFMDIvNEM0QkFBQTJF
M0REMTFFOTlFMzE2ODYwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbAYIKwYBBQUHAQcBAf8E
XTBbMEoEAgABMEQDBAUOiQADBAVlNcADBAFnGsoDBAJn8TgDBAVzRaAwDAMEB3T7
gAMEAnT7yAMEApZrrAMEBbSUYAMEAMpKIQMEBcteIDANBAIAAjAHAwUAJAZaADAN
BgkqhkiG9w0BAQsFAAOCAQEAsX8bW9EsVbZ9U3vQrNn03RSLlzKHPFGGq6ClsYgC
/2FCo6g/jEu09k6qu0qYbfnwfTQmo0gUOC90kwIbvRgzMl9MafOzt59Fg632+ovb
9vHjMSI34HFLZOX0NybTu+sVtjLSvr3Blt2rBvHLBG5aPhD1XgCCeEeHBEvzxX9O
A7rPbk9+rsPVPIFZpuYWMaNFUCogrh0GjHZgs9wrKNJmO35Y1Q/a4UrCqGdgfUn5
C1tk9IVeLuIfaaH2IZdMTXhqQNGCmN3hwxRhO7OsCaPDAVhsG77ZH9vK1QS5V6tp
5G+MsboqAGpiajLEyI6wWCaYcSR9ZlVaYpQzeLsYsJnoow==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:57 2024 by rpki-client on console-fra.rpki-client.org