Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912EDB7/46162ADAFED211E987FFC217C4F9AE02/E291D0FCFED311E99371FC19C4F9AE02.roa
File:                     E291D0FCFED311E99371FC19C4F9AE02.roa (raw, json)
Hash identifier:          sELHJCOQxM2owjC5jAbkd7HpdFWFGs1dIphzug4klx8=
Subject key identifier:   97:02:3F:7C:4F:1B:B1:2B:F0:A7:6D:E7:D5:A4:66:DB:01:D1:32:E2
Certificate issuer:       /CN=A912EDB7/serialNumber=93159C9B6133F4806FBB28C6225E943963A6B001
Certificate serial:       0A8E
Authority key identifier: 93:15:9C:9B:61:33:F4:80:6F:BB:28:C6:22:5E:94:39:63:A6:B0:01
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kxWcm2Ez9IBvuyjGIl6UOWOmsAE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912EDB7/46162ADAFED211E987FFC217C4F9AE02/E291D0FCFED311E99371FC19C4F9AE02.roa
Signing time:             Mon 28 Nov 2022 20:06:33 +0000
ROA not before:           Mon 28 Nov 2022 20:06:33 +0000
ROA not after:            Wed 31 Jan 2024 00:00:00 +0000
asID:                     134437
IP address blocks:        103.77.60.0/22 maxlen: 22
                          103.77.60.0/24 maxlen: 24
                          103.77.61.0/24 maxlen: 24
                          103.77.62.0/24 maxlen: 24
                          103.77.63.0/24 maxlen: 24
                          116.206.188.0/22 maxlen: 22
                          116.206.188.0/24 maxlen: 24
                          116.206.189.0/24 maxlen: 24
                          116.206.190.0/24 maxlen: 24
                          116.206.191.0/24 maxlen: 24
                          2407:8a80::/32 maxlen: 32
                          2407:8a80::/48 maxlen: 48
                          2407:8a80:1::/48 maxlen: 48
                          2407:8a80:2::/48 maxlen: 48
                          2407:8a80:3::/48 maxlen: 48
                          2407:8a80:4::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2702 (0xa8e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912EDB7/serialNumber=93159C9B6133F4806FBB28C6225E943963A6B001
        Validity
            Not Before: Nov 28 20:06:33 2022 GMT
            Not After : Jan 31 00:00:00 2024 GMT
        Subject: CN=638514c8-4722
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5a:b5:54:2f:20:e2:4e:b9:b5:5b:57:07:5a:
                    01:66:20:3e:ba:17:4a:bf:c6:05:0e:8b:7c:29:e1:
                    bb:c7:dc:6a:14:17:8f:62:26:9f:ee:c5:79:ce:13:
                    ce:7a:bc:21:15:3e:60:5b:c4:cc:63:bc:21:27:28:
                    c7:bf:ee:0a:c9:4f:43:23:7b:64:01:81:ba:cd:ba:
                    e7:72:6c:ea:b0:a2:67:27:54:82:9d:cd:f7:13:55:
                    66:ed:96:df:b8:77:f4:bd:96:b9:f8:a8:1b:9c:a7:
                    06:c8:93:4a:e5:b7:54:a9:f5:64:3e:ed:11:c0:55:
                    aa:ea:2c:33:d4:ae:db:a3:0b:50:91:99:c7:12:80:
                    c5:c2:0d:d4:b2:62:a9:34:3e:c0:9c:0b:0a:96:85:
                    5f:90:6b:b2:23:03:57:7d:79:6c:2e:35:7f:9a:e7:
                    df:72:aa:be:99:3d:66:15:cd:2c:81:0c:68:0b:51:
                    f1:63:84:d6:ae:8f:d6:57:37:ea:8a:a8:ca:e3:f9:
                    b0:1e:57:88:a1:cb:76:fa:5e:ff:4c:99:96:e5:7b:
                    c0:24:1c:7f:db:40:61:ab:44:17:22:3c:12:ff:ce:
                    c5:51:c6:a0:ba:be:55:33:3f:ee:88:e9:58:fd:ae:
                    dd:b7:ce:fd:e4:00:c2:b7:71:27:5e:f8:12:62:b2:
                    77:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:02:3F:7C:4F:1B:B1:2B:F0:A7:6D:E7:D5:A4:66:DB:01:D1:32:E2
            X509v3 Authority Key Identifier:
                keyid:93:15:9C:9B:61:33:F4:80:6F:BB:28:C6:22:5E:94:39:63:A6:B0:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912EDB7/46162ADAFED211E987FFC217C4F9AE02/kxWcm2Ez9IBvuyjGIl6UOWOmsAE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kxWcm2Ez9IBvuyjGIl6UOWOmsAE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912EDB7/46162ADAFED211E987FFC217C4F9AE02/E291D0FCFED311E99371FC19C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.77.60.0/22
                  116.206.188.0/22
                IPv6:
                  2407:8a80::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:03:c0:3c:58:5d:d7:51:1f:e0:73:5f:e2:f0:c0:dc:4c:fc:
         c1:40:87:5f:69:24:ff:25:2f:ba:8d:bc:b8:f0:2c:72:63:1b:
         7e:9a:77:f6:1f:d9:b9:d8:a6:1f:3c:2e:64:b4:83:ae:ff:21:
         5f:cc:ff:65:0a:84:bd:27:95:f4:85:8e:34:9b:9a:08:d5:f2:
         20:f1:1b:75:ad:dc:49:fb:ad:7e:4e:40:24:85:45:57:b1:67:
         0d:ff:ce:d6:8f:5b:63:39:98:14:67:f2:06:9f:4e:15:16:37:
         ff:39:21:c0:9a:e1:4a:72:ba:a4:17:53:5a:f8:3d:d5:58:d2:
         95:be:53:54:17:2e:86:8d:4c:28:eb:7a:e5:ad:49:6b:a6:a5:
         8e:c2:57:18:46:db:1a:9c:46:6f:c9:4d:db:fe:e3:19:24:a6:
         c9:3e:4a:10:82:e8:30:2c:a4:eb:86:74:26:58:0e:27:3f:5b:
         05:a5:3c:a2:26:8b:77:23:d2:16:89:d9:c7:ed:04:d5:e7:a6:
         d0:13:c1:1a:0c:da:e1:a8:fb:2f:5d:42:a5:dd:74:e6:f6:4e:
         c7:36:b8:31:ae:79:c3:f6:73:cf:7b:81:55:36:24:c2:79:4f:
         38:59:ee:a7:69:48:65:06:77:83:b4:52:3e:64:3d:66:4a:01:
         0d:15:80:d9
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCo4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkVEQjcxMTAvBgNVBAUTKDkzMTU5QzlCNjEzM0Y0ODA2RkJCMjhDNjIyNUU5NDM5
NjNBNkIwMDEwHhcNMjIxMTI4MjAwNjMzWhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Mzg1MTRjOC00NzIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAulq1VC8g4k65tVtXB1oBZiA+uhdKv8YFDot8KeG7x9xqFBePYiaf7sV5zhPO
erwhFT5gW8TMY7whJyjHv+4KyU9DI3tkAYG6zbrncmzqsKJnJ1SCnc33E1Vm7Zbf
uHf0vZa5+KgbnKcGyJNK5bdUqfVkPu0RwFWq6iwz1K7bowtQkZnHEoDFwg3UsmKp
ND7AnAsKloVfkGuyIwNXfXlsLjV/muffcqq+mT1mFc0sgQxoC1HxY4TWro/WVzfq
iqjK4/mwHleIoct2+l7/TJmW5XvAJBx/20Bhq0QXIjwS/87FUcagur5VMz/uiOlY
/a7dt8795ADCt3EnXvgSYrJ3uQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFJcCP3xP
G7Er8Kdt59WkZtsB0TLiMB8GA1UdIwQYMBaAFJMVnJthM/SAb7soxiJelDljprAB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyRURCNy80NjE2MkFEQUZF
RDIxMUU5ODdGRkMyMTdDNEY5QUUwMi9reFdjbTJFejlJQnZ1eWpHSWw2VU9XT21z
QUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2t4V2NtMkV6OUlCdnV5akdJbDZVT1dPbXNBRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkVEQjcvNDYxNjJBREFGRUQyMTFFOTg3RkZDMjE3QzRGOUFFMDIvRTI5MUQwRkNG
RUQzMTFFOTkzNzFGQzE5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJnTTwDBAJ0zrwwDQQCAAIwBwMFACQHioAwDQYJKoZIhvcN
AQELBQADggEBAFwDwDxYXddRH+BzX+LwwNxM/MFAh19pJP8lL7qNvLjwLHJjG36a
d/Yf2bnYph88LmS0g67/IV/M/2UKhL0nlfSFjjSbmgjV8iDxG3Wt3En7rX5OQCSF
RVexZw3/ztaPW2M5mBRn8gafThUWN/85IcCa4UpyuqQXU1r4PdVY0pW+U1QXLoaN
TCjreuWtSWumpY7CVxhG2xqcRm/JTdv+4xkkpsk+ShCC6DAspOuGdCZYDic/WwWl
PKImi3cj0haJ2cftBNXnptATwRoM2uGo+y9dQqXddOb2Tsc2uDGuecP2c897gVU2
JMJ5TzhZ7qdpSGUGd4O0Uj5kPWZKAQ0VgNk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:58 2024 by rpki-client on console-fra.rpki-client.org