Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/91747E0CEE1511ECABFE3683C4F9AE02.roa
File:                     91747E0CEE1511ECABFE3683C4F9AE02.roa (raw, json)
Hash identifier:          gpcKjZQWuf1asPQo4soIUTQU/pOWAYpkNMl2oFfgALE=
Subject key identifier:   3F:99:CC:88:9D:F0:92:CE:E9:10:FF:7D:8A:AB:A1:C4:9A:0B:0C:39
Certificate issuer:       /CN=A912BE25/serialNumber=A760ADE0C9D05EE679EC304122BC3350C8D2A439
Certificate serial:       13
Authority key identifier: A7:60:AD:E0:C9:D0:5E:E6:79:EC:30:41:22:BC:33:50:C8:D2:A4:39
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p2Ct4MnQXuZ57DBBIrwzUMjSpDk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/91747E0CEE1511ECABFE3683C4F9AE02.roa
Signing time:             Fri 24 Jun 2022 02:11:11 +0000
ROA not before:           Fri 24 Jun 2022 02:11:11 +0000
ROA not after:            Thu 01 Dec 2022 00:00:00 +0000
asID:                     23887
IP address blocks:        119.63.0.0/20 maxlen: 20
                          119.63.0.0/22 maxlen: 24
                          202.71.176.0/20 maxlen: 20
                          202.71.182.0/24 maxlen: 24
                          202.71.183.0/24 maxlen: 24
                          202.71.190.0/24 maxlen: 24
                          202.71.191.0/24 maxlen: 24
                          2406:2a00::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 19 (0x13)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912BE25/serialNumber=A760ADE0C9D05EE679EC304122BC3350C8D2A439
        Validity
            Not Before: Jun 24 02:11:11 2022 GMT
            Not After : Dec  1 00:00:00 2022 GMT
        Subject: CN=62b51d3f-ed92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:40:d8:49:25:31:66:90:2a:94:0a:a2:0e:85:
                    ee:ff:2e:0f:66:c8:f2:9c:16:86:b1:75:61:12:89:
                    19:ae:4e:a0:7b:65:f7:c2:04:1f:cc:9a:45:e4:c5:
                    8b:12:79:2d:ae:3a:51:4a:8f:e7:50:0e:5f:a2:87:
                    eb:57:6c:c2:ae:e3:74:ed:3c:c4:a7:c9:6a:a7:ad:
                    a3:3b:59:3f:e5:c0:57:61:af:3f:bc:b8:6b:23:c0:
                    39:81:7a:23:88:16:18:97:24:b2:6e:f8:51:45:3d:
                    ab:95:21:7c:8a:55:6e:07:eb:e8:04:92:8c:12:e5:
                    bc:db:c5:8d:63:47:ce:f5:43:1a:a7:de:a4:85:58:
                    67:91:1f:b7:5c:c7:c0:bf:71:e5:6d:4c:2b:76:71:
                    5b:ad:42:8d:a0:7d:c2:e9:4c:66:ba:47:23:9b:a9:
                    12:0a:75:39:3c:93:3a:a0:14:1f:29:13:86:9e:ed:
                    81:c9:9e:5e:77:cf:aa:30:46:0c:ec:81:67:26:f3:
                    67:a4:01:af:5c:65:e2:14:2b:71:60:cd:39:c4:9d:
                    61:6f:d2:7d:53:73:b9:c7:84:50:9f:23:c6:c6:d3:
                    0c:56:90:39:6b:e2:96:9d:e0:61:a0:e5:dc:42:6d:
                    f6:dd:4d:bd:dc:ff:ab:34:49:39:69:a1:c5:3b:db:
                    0d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:99:CC:88:9D:F0:92:CE:E9:10:FF:7D:8A:AB:A1:C4:9A:0B:0C:39
            X509v3 Authority Key Identifier:
                keyid:A7:60:AD:E0:C9:D0:5E:E6:79:EC:30:41:22:BC:33:50:C8:D2:A4:39

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/p2Ct4MnQXuZ57DBBIrwzUMjSpDk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p2Ct4MnQXuZ57DBBIrwzUMjSpDk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/91747E0CEE1511ECABFE3683C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.63.0.0/20
                  202.71.176.0/20
                IPv6:
                  2406:2a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:1a:37:97:4f:a3:86:0e:61:c3:e0:1a:9f:a9:0c:9f:f4:e2:
         26:eb:e2:94:5e:e2:47:ae:38:05:40:4b:a6:b7:3f:a1:24:67:
         a3:d6:51:83:4c:49:69:9e:c6:b4:4e:18:1a:95:da:a1:aa:a0:
         d4:7d:0c:35:65:01:ad:29:2c:45:e8:9e:a6:e6:d1:44:c3:48:
         da:2d:f7:48:76:4e:fa:e5:78:4f:3f:fe:46:65:bf:eb:5a:5b:
         d8:c0:35:e5:e6:10:8a:30:e1:cb:57:7c:ed:f0:fa:59:f6:70:
         66:96:60:01:5c:c6:1e:26:d5:17:75:00:b7:e2:74:82:b3:2b:
         35:fe:7c:57:2e:31:bf:a7:1f:8e:9b:6f:29:39:31:3d:83:22:
         30:76:7b:1a:43:ef:0b:81:61:54:9f:6f:ea:e7:ea:9d:50:58:
         8e:0c:6e:dd:ca:bb:d3:49:4c:1a:51:c1:48:dd:dd:87:ff:22:
         6b:3e:3d:c6:be:19:e3:75:97:9a:3f:ff:a6:7a:77:d3:59:94:
         19:e2:18:68:4b:a3:2a:45:65:03:e3:d9:6a:09:62:38:8f:5e:
         87:ae:43:6b:66:d2:b2:ec:f3:94:66:31:fc:cb:b3:c0:8e:8d:
         a6:82:a4:ae:bf:64:86:ff:1c:80:73:49:7a:49:2c:4c:ae:50:
         fd:c1:23:9a
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgIBEzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEy
QkUyNTExMC8GA1UEBRMoQTc2MEFERTBDOUQwNUVFNjc5RUMzMDQxMjJCQzMzNTBD
OEQyQTQzOTAeFw0yMjA2MjQwMjExMTFaFw0yMjEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYyYjUxZDNmLWVkOTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDPQNhJJTFmkCqUCqIOhe7/Lg9myPKcFoaxdWESiRmuTqB7ZffCBB/MmkXkxYsS
eS2uOlFKj+dQDl+ih+tXbMKu43TtPMSnyWqnraM7WT/lwFdhrz+8uGsjwDmBeiOI
FhiXJLJu+FFFPauVIXyKVW4H6+gEkowS5bzbxY1jR871Qxqn3qSFWGeRH7dcx8C/
ceVtTCt2cVutQo2gfcLpTGa6RyObqRIKdTk8kzqgFB8pE4ae7YHJnl53z6owRgzs
gWcm82ekAa9cZeIUK3FgzTnEnWFv0n1Tc7nHhFCfI8bG0wxWkDlr4pad4GGg5dxC
bfbdTb3c/6s0STlpocU72w3ZAgMBAAGjggKqMIICpjAdBgNVHQ4EFgQUP5nMiJ3w
ks7pEP99iquhxJoLDDkwHwYDVR0jBBgwFoAUp2Ct4MnQXuZ57DBBIrwzUMjSpDkw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTJCRTI1L0Q5MDUyNkU0RUUx
MTExRUM5NTI5OTk4MkM0RjlBRTAyL3AyQ3Q0TW5RWHVaNTdEQkJJcnd6VU1qU3BE
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvcDJDdDRNblFYdVo1N0RCQklyd3pVTWpTcERrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEy
QkUyNS9EOTA1MjZFNEVFMTExMUVDOTUyOTk5ODJDNEY5QUUwMi85MTc0N0UwQ0VF
MTUxMUVDQUJGRTM2ODNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA0BggrBgEFBQcBBwEB/wQl
MCMwEgQCAAEwDAMEBHc/AAMEBMpHsDANBAIAAjAHAwUAJAYqADANBgkqhkiG9w0B
AQsFAAOCAQEAPho3l0+jhg5hw+Aan6kMn/TiJuvilF7iR644BUBLprc/oSRno9ZR
g0xJaZ7GtE4YGpXaoaqg1H0MNWUBrSksReiepubRRMNI2i33SHZO+uV4Tz/+RmW/
61pb2MA15eYQijDhy1d87fD6WfZwZpZgAVzGHibVF3UAt+J0grMrNf58Vy4xv6cf
jptvKTkxPYMiMHZ7GkPvC4FhVJ9v6ufqnVBYjgxu3cq700lMGlHBSN3dh/8iaz49
xr4Z43WXmj//pnp301mUGeIYaEujKkVlA+PZagliOI9eh65Da2bSsuzzlGYx/Muz
wI6NpoKkrr9khv8cgHNJekksTK5Q/cEjmg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:58 2024 by rpki-client on console-fra.rpki-client.org