Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913CA4B/DC2F0432BF8011EA96FE4A68C4F9AE02/0EF16654D2AB11EDB1F8C82EC4F9AE02.roa
File:                     0EF16654D2AB11EDB1F8C82EC4F9AE02.roa (raw, json)
Hash identifier:          MoqFna0m/LYuuALlzCJsx7acWrYoYzPPi5saDy1mLZg=
Subject key identifier:   C0:27:1E:96:17:7F:6D:B1:4E:F7:54:84:D0:88:BB:76:1A:8D:50:6C
Certificate issuer:       /CN=A913CA4B/serialNumber=709210CF761EC67FB394EA5896A5C647B305EEF1
Certificate serial:       0719
Authority key identifier: 70:92:10:CF:76:1E:C6:7F:B3:94:EA:58:96:A5:C6:47:B3:05:EE:F1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cJIQz3Yexn-zlOpYlqXGR7MF7vE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913CA4B/DC2F0432BF8011EA96FE4A68C4F9AE02/0EF16654D2AB11EDB1F8C82EC4F9AE02.roa
Signing time:             Tue 04 Apr 2023 05:39:25 +0000
ROA not before:           Tue 04 Apr 2023 05:39:25 +0000
ROA not after:            Sat 30 Dec 2023 00:00:00 +0000
asID:                     55745
IP address blocks:        117.55.192.0/24 maxlen: 24
                          117.55.193.0/24 maxlen: 24
                          117.55.198.0/24 maxlen: 24
                          117.55.199.0/24 maxlen: 24
                          117.55.200.0/22 maxlen: 22
                          117.55.200.0/24 maxlen: 24
                          117.55.201.0/24 maxlen: 24
                          117.55.202.0/24 maxlen: 24
                          117.55.203.0/24 maxlen: 24
                          117.55.204.0/24 maxlen: 24
                          117.55.206.0/24 maxlen: 24
                          117.55.207.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1817 (0x719)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913CA4B/serialNumber=709210CF761EC67FB394EA5896A5C647B305EEF1
        Validity
            Not Before: Apr  4 05:39:25 2023 GMT
            Not After : Dec 30 00:00:00 2023 GMT
        Subject: CN=642bb80d-7441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ed:a8:15:87:43:f5:c8:f4:94:48:d2:1d:b9:
                    c1:c4:ef:07:fd:62:47:98:0b:75:47:81:25:91:23:
                    6f:65:6f:96:7a:e0:58:7f:0f:d5:87:07:78:a7:9f:
                    b6:e0:61:b7:cf:c8:a2:f3:c4:25:c0:ae:cc:55:1f:
                    7c:93:77:da:45:9e:a2:af:30:1b:e9:6b:0b:24:ec:
                    d4:37:94:30:21:a5:5a:0e:61:4a:97:17:9b:89:0f:
                    66:76:10:81:ef:a3:03:9e:51:2d:31:e4:87:0a:b2:
                    e3:99:89:40:8d:ec:95:84:c6:ca:98:48:dc:dd:a9:
                    56:60:8e:fe:3d:90:55:90:2a:79:7c:8f:0a:fd:3a:
                    9b:3a:f0:0b:b7:3a:7a:fa:fa:46:d6:40:f1:85:db:
                    01:da:f8:b0:6f:2d:66:fa:78:08:85:5f:05:79:fc:
                    9a:3d:6c:26:61:7d:e7:25:14:2f:96:a5:7a:59:5e:
                    e9:41:a2:46:02:b9:49:e1:9c:48:1e:44:ae:d9:6e:
                    04:41:25:e9:a1:46:2c:20:f6:d9:b1:93:55:ee:e6:
                    d8:28:4e:92:6d:51:7d:95:bc:5c:eb:1c:38:13:4a:
                    17:13:b5:f0:86:f1:2b:92:f9:ba:32:c1:a3:92:ed:
                    51:34:f7:5e:b6:84:92:89:26:31:d7:e7:c4:cf:c4:
                    20:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:27:1E:96:17:7F:6D:B1:4E:F7:54:84:D0:88:BB:76:1A:8D:50:6C
            X509v3 Authority Key Identifier:
                keyid:70:92:10:CF:76:1E:C6:7F:B3:94:EA:58:96:A5:C6:47:B3:05:EE:F1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913CA4B/DC2F0432BF8011EA96FE4A68C4F9AE02/cJIQz3Yexn-zlOpYlqXGR7MF7vE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cJIQz3Yexn-zlOpYlqXGR7MF7vE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913CA4B/DC2F0432BF8011EA96FE4A68C4F9AE02/0EF16654D2AB11EDB1F8C82EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.55.192.0/23
                  117.55.198.0-117.55.204.255
                  117.55.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:b5:61:00:ee:d3:44:86:11:cb:28:50:46:39:71:20:fc:bc:
         16:a1:ad:5f:77:57:3b:73:44:3b:c2:15:e9:a4:dc:cd:6c:ba:
         27:6b:a0:2c:36:b0:ef:92:f8:9c:26:85:f5:d7:8c:29:fb:43:
         0f:a7:3a:0c:df:d7:73:ef:36:20:1c:9b:d9:53:e0:cf:79:f2:
         d1:40:a8:86:4a:ae:f7:cd:99:2c:1d:45:de:24:14:37:42:8a:
         f7:51:ae:87:71:1f:bf:28:8c:fd:4e:d8:f1:b4:77:ac:55:e1:
         4c:27:a1:86:45:59:87:9d:0a:17:7b:c5:ab:71:d2:89:73:a6:
         2c:2a:11:2d:ff:79:ce:11:f3:86:fc:a7:a4:4e:70:b2:85:d1:
         b6:2f:51:aa:52:f2:f4:83:27:12:97:49:60:7c:0b:ac:af:5f:
         2d:a2:ed:4b:85:19:88:67:9c:41:f2:27:97:1e:cc:77:c4:30:
         05:1b:11:43:3c:8e:fc:72:a7:68:e7:32:c4:f0:a8:b5:0b:0c:
         af:70:b6:28:bb:49:58:1f:17:e2:c2:cd:2c:70:97:10:89:6e:
         e1:70:3b:69:b1:9e:9b:47:b5:fd:30:05:47:07:30:a9:d1:7f:
         d2:de:0d:bc:36:70:b3:41:68:f8:e5:f4:9e:40:f9:64:42:f8:
         f1:1d:a3:20
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICBxkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0NBNEIxMTAvBgNVBAUTKDcwOTIxMENGNzYxRUM2N0ZCMzk0RUE1ODk2QTVDNjQ3
QjMwNUVFRjEwHhcNMjMwNDA0MDUzOTI1WhcNMjMxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDJiYjgwZC03NDQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqu2oFYdD9cj0lEjSHbnBxO8H/WJHmAt1R4ElkSNvZW+WeuBYfw/Vhwd4p5+2
4GG3z8ii88QlwK7MVR98k3faRZ6irzAb6WsLJOzUN5QwIaVaDmFKlxebiQ9mdhCB
76MDnlEtMeSHCrLjmYlAjeyVhMbKmEjc3alWYI7+PZBVkCp5fI8K/TqbOvALtzp6
+vpG1kDxhdsB2viwby1m+ngIhV8FefyaPWwmYX3nJRQvlqV6WV7pQaJGArlJ4ZxI
HkSu2W4EQSXpoUYsIPbZsZNV7ubYKE6SbVF9lbxc6xw4E0oXE7XwhvErkvm6MsGj
ku1RNPdetoSSiSYx1+fEz8QgAQIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFMAnHpYX
f22xTvdUhNCIu3YajVBsMB8GA1UdIwQYMBaAFHCSEM92HsZ/s5TqWJalxkezBe7x
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzQ0E0Qi9EQzJGMDQzMkJG
ODAxMUVBOTZGRTRBNjhDNEY5QUUwMi9jSklRejNZZXhuLXpsT3BZbHFYR1I3TUY3
dkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NKSVF6M1lleG4temxPcFlscVhHUjdNRjd2RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0NBNEIvREMyRjA0MzJCRjgwMTFFQTk2RkU0QTY4QzRGOUFFMDIvMEVGMTY2NTRE
MkFCMTFFREIxRjhDODJFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBoDBAF1N8AwDAMEAXU3xgMEAHU3zAMEAXU3zjANBgkqhkiG9w0B
AQsFAAOCAQEAFbVhAO7TRIYRyyhQRjlxIPy8FqGtX3dXO3NEO8IV6aTczWy6J2ug
LDaw75L4nCaF9deMKftDD6c6DN/Xc+82IByb2VPgz3ny0UCohkqu982ZLB1F3iQU
N0KK91Guh3EfvyiM/U7Y8bR3rFXhTCehhkVZh50KF3vFq3HSiXOmLCoRLf95zhHz
hvynpE5wsoXRti9RqlLy9IMnEpdJYHwLrK9fLaLtS4UZiGecQfInlx7Md8QwBRsR
QzyO/HKnaOcyxPCotQsMr3C2KLtJWB8X4sLNLHCXEIlu4XA7abGem0e1/TAFRwcw
qdF/0t4NvDZws0Fo+OX0nkD5ZEL48R2jIA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:55 2024 by rpki-client on console-ams.rpki-client.org