Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/B1394922065511EDB3E94E54C4F9AE02.roa
File:                     B1394922065511EDB3E94E54C4F9AE02.roa (raw, json)
Hash identifier:          D0n+QUaK00ULWSirLqDK5VjVhX6H2Q4yLtYz7XwPBTo=
Subject key identifier:   AE:5F:C7:C2:B4:C2:B5:C5:EA:43:B4:4E:EB:DF:69:6F:74:C3:EA:DE
Certificate issuer:       /CN=A912BE25/serialNumber=A760ADE0C9D05EE679EC304122BC3350C8D2A439
Certificate serial:       54
Authority key identifier: A7:60:AD:E0:C9:D0:5E:E6:79:EC:30:41:22:BC:33:50:C8:D2:A4:39
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p2Ct4MnQXuZ57DBBIrwzUMjSpDk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/B1394922065511EDB3E94E54C4F9AE02.roa
Signing time:             Mon 18 Jul 2022 04:54:23 +0000
ROA not before:           Mon 18 Jul 2022 04:54:23 +0000
ROA not after:            Thu 01 Dec 2022 00:00:00 +0000
asID:                     23887
IP address blocks:        119.63.0.0/20 maxlen: 20
                          119.63.0.0/22 maxlen: 22
                          119.63.0.0/23 maxlen: 23
                          119.63.2.0/24 maxlen: 24
                          202.71.176.0/20 maxlen: 20
                          202.71.176.0/23 maxlen: 24
                          202.71.179.0/24 maxlen: 24
                          202.71.182.0/23 maxlen: 24
                          202.71.186.0/24 maxlen: 24
                          202.71.190.0/24 maxlen: 24
                          202.71.191.0/24 maxlen: 24
                          2406:2a00::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 84 (0x54)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912BE25/serialNumber=A760ADE0C9D05EE679EC304122BC3350C8D2A439
        Validity
            Not Before: Jul 18 04:54:23 2022 GMT
            Not After : Dec  1 00:00:00 2022 GMT
        Subject: CN=62d4e77f-1d04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:2f:cb:9b:35:59:41:dc:df:81:34:a2:62:4c:
                    83:68:f3:87:6e:0e:df:e3:91:19:7c:61:0b:91:da:
                    66:da:a0:38:1d:02:c9:31:f9:a3:50:8f:a3:91:00:
                    dc:3a:69:6c:97:7f:05:a8:c5:70:59:bf:7f:74:b1:
                    a4:69:5a:ff:6b:5b:4e:c4:cc:36:a0:9b:b7:9a:79:
                    23:ac:58:90:d6:ed:a5:71:bd:69:40:5d:f7:e4:fa:
                    3c:10:2a:59:32:45:87:ca:bc:b1:9b:72:31:ad:70:
                    72:77:dc:83:fd:b7:34:d6:f1:ea:03:6c:a7:71:f4:
                    e4:2d:18:12:4b:94:c5:1f:43:33:27:85:ac:1d:e1:
                    19:3a:58:06:c3:1e:77:1c:d0:be:47:9c:0a:b5:a2:
                    51:e7:48:6d:67:d4:71:a5:ee:b6:11:26:15:46:5e:
                    49:ad:fb:6a:fe:74:bd:33:3b:64:2a:69:fd:64:96:
                    6e:ed:bb:c7:1e:98:f4:c1:66:77:98:5d:c1:57:3f:
                    44:49:19:b1:25:d8:93:61:81:53:6a:14:5c:78:10:
                    74:5f:86:39:e7:8b:f5:57:a8:ec:ca:24:cc:11:d4:
                    41:42:60:7c:46:09:ff:29:96:70:f7:64:5f:c8:f2:
                    84:ef:43:f7:3d:9c:12:f2:3a:11:f0:2d:53:ac:6a:
                    af:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:5F:C7:C2:B4:C2:B5:C5:EA:43:B4:4E:EB:DF:69:6F:74:C3:EA:DE
            X509v3 Authority Key Identifier:
                keyid:A7:60:AD:E0:C9:D0:5E:E6:79:EC:30:41:22:BC:33:50:C8:D2:A4:39

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/p2Ct4MnQXuZ57DBBIrwzUMjSpDk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p2Ct4MnQXuZ57DBBIrwzUMjSpDk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/B1394922065511EDB3E94E54C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.63.0.0/20
                  202.71.176.0/20
                IPv6:
                  2406:2a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:8b:12:7b:5e:9d:11:bb:d6:50:dc:d2:cc:2d:56:83:40:0d:
         a5:8c:bd:4c:12:48:a9:a0:a8:4a:4f:35:de:f7:c8:87:2e:6a:
         60:c2:e2:7e:30:9e:4a:83:86:95:9d:2a:ab:32:85:1a:b4:36:
         44:a4:71:57:d6:bd:4d:ee:63:8f:e8:1c:ca:c7:f7:12:32:c3:
         38:e5:da:65:f7:25:ab:2f:2a:76:94:84:f7:92:6c:e5:06:da:
         a8:09:f6:c8:e8:fa:20:81:cf:08:ab:39:93:8b:b2:78:78:de:
         68:6b:ae:e8:6b:4e:34:d4:7c:16:b8:58:ce:f5:e1:8f:ed:51:
         41:ae:62:21:e3:19:ab:4b:57:e4:77:3e:91:db:0e:28:20:1f:
         5d:9a:61:75:27:2d:b5:80:c4:d3:eb:39:dd:d5:0d:88:89:90:
         65:e9:3a:47:bb:1c:14:3d:34:b5:db:19:91:37:33:0a:e1:ba:
         ef:4f:69:de:4d:59:94:e7:76:d7:07:fb:08:f6:ce:87:28:f1:
         06:48:8b:90:41:37:2c:a7:03:a8:36:09:10:83:db:bb:9f:c3:
         e0:83:d4:e2:1e:4b:63:b7:02:6f:1b:a8:aa:39:36:71:f8:96:
         c2:18:2c:48:51:7d:c5:13:a7:b3:f5:8e:23:d6:9f:70:a4:59:
         62:3e:59:72
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgIBVDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEy
QkUyNTExMC8GA1UEBRMoQTc2MEFERTBDOUQwNUVFNjc5RUMzMDQxMjJCQzMzNTBD
OEQyQTQzOTAeFw0yMjA3MTgwNDU0MjNaFw0yMjEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYyZDRlNzdmLTFkMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDfL8ubNVlB3N+BNKJiTINo84duDt/jkRl8YQuR2mbaoDgdAskx+aNQj6ORANw6
aWyXfwWoxXBZv390saRpWv9rW07EzDagm7eaeSOsWJDW7aVxvWlAXffk+jwQKlky
RYfKvLGbcjGtcHJ33IP9tzTW8eoDbKdx9OQtGBJLlMUfQzMnhawd4Rk6WAbDHncc
0L5HnAq1olHnSG1n1HGl7rYRJhVGXkmt+2r+dL0zO2Qqaf1klm7tu8cemPTBZneY
XcFXP0RJGbEl2JNhgVNqFFx4EHRfhjnni/VXqOzKJMwR1EFCYHxGCf8plnD3ZF/I
8oTvQ/c9nBLyOhHwLVOsaq9TAgMBAAGjggKqMIICpjAdBgNVHQ4EFgQUrl/HwrTC
tcXqQ7RO699pb3TD6t4wHwYDVR0jBBgwFoAUp2Ct4MnQXuZ57DBBIrwzUMjSpDkw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTJCRTI1L0Q5MDUyNkU0RUUx
MTExRUM5NTI5OTk4MkM0RjlBRTAyL3AyQ3Q0TW5RWHVaNTdEQkJJcnd6VU1qU3BE
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvcDJDdDRNblFYdVo1N0RCQklyd3pVTWpTcERrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEy
QkUyNS9EOTA1MjZFNEVFMTExMUVDOTUyOTk5ODJDNEY5QUUwMi9CMTM5NDkyMjA2
NTUxMUVEQjNFOTRFNTRDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA0BggrBgEFBQcBBwEB/wQl
MCMwEgQCAAEwDAMEBHc/AAMEBMpHsDANBAIAAjAHAwUAJAYqADANBgkqhkiG9w0B
AQsFAAOCAQEAo4sSe16dEbvWUNzSzC1Wg0ANpYy9TBJIqaCoSk813vfIhy5qYMLi
fjCeSoOGlZ0qqzKFGrQ2RKRxV9a9Te5jj+gcysf3EjLDOOXaZfclqy8qdpSE95Js
5QbaqAn2yOj6IIHPCKs5k4uyeHjeaGuu6GtONNR8FrhYzvXhj+1RQa5iIeMZq0tX
5Hc+kdsOKCAfXZphdScttYDE0+s53dUNiImQZek6R7scFD00tdsZkTczCuG6709p
3k1ZlOd21wf7CPbOhyjxBkiLkEE3LKcDqDYJEIPbu5/D4IPU4h5LY7cCbxuoqjk2
cfiWwhgsSFF9xROns/WOI9afcKRZYj5Zcg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:58 2024 by rpki-client on console-fra.rpki-client.org