Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9148EFA/E0C951CE306911EABF0D942EC4F9AE02/61D17760306A11EAA983B72EC4F9AE02.roa
File:                     61D17760306A11EAA983B72EC4F9AE02.roa (raw, json)
Hash identifier:          4AqnccyuoXYNb75GrnOm5jH2C01tXyTKia0zyWRALrs=
Subject key identifier:   3B:E1:DD:7D:22:50:F1:B6:A1:34:68:26:09:82:5D:61:5B:08:65:E4
Certificate issuer:       /CN=A9148EFA/serialNumber=948FF87689FA949116F5F7C800EB1D701E65E37B
Certificate serial:       0817
Authority key identifier: 94:8F:F8:76:89:FA:94:91:16:F5:F7:C8:00:EB:1D:70:1E:65:E3:7B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lI_4don6lJEW9ffIAOsdcB5l43s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9148EFA/E0C951CE306911EABF0D942EC4F9AE02/61D17760306A11EAA983B72EC4F9AE02.roa
Signing time:             Mon 11 Apr 2022 08:47:15 +0000
ROA not before:           Mon 11 Apr 2022 08:47:15 +0000
ROA not after:            Sun 28 May 2023 00:00:00 +0000
asID:                     10137
IP address blocks:        103.86.146.0/24 maxlen: 24
                          103.86.147.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2071 (0x817)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9148EFA/serialNumber=948FF87689FA949116F5F7C800EB1D701E65E37B
        Validity
            Not Before: Apr 11 08:47:15 2022 GMT
            Not After : May 28 00:00:00 2023 GMT
        Subject: CN=6253eb12-3ccb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:95:f2:f1:ec:20:1b:d8:f8:12:e5:bb:32:1e:
                    77:08:1c:68:e7:93:ab:04:66:a6:2a:2c:fc:a9:eb:
                    94:f4:48:89:52:31:a7:0c:03:82:6f:d9:49:26:a7:
                    2e:7c:78:8f:b7:7a:14:c8:83:61:98:f0:47:d6:50:
                    81:a1:22:e4:b3:37:33:bb:b5:d7:f4:71:d1:18:8f:
                    60:81:56:66:b0:41:45:b0:5c:db:8d:48:c5:1f:a5:
                    12:f0:5c:15:78:c2:fb:27:c0:50:6c:0e:94:6a:cd:
                    a0:34:d7:d6:f5:af:aa:50:61:68:96:42:d2:3a:dd:
                    53:e7:b9:0f:65:e6:41:46:2b:cd:c7:c0:83:29:bc:
                    09:56:d0:ad:5e:a0:5e:69:8a:0c:78:23:b9:e4:1c:
                    57:2a:2b:24:54:ab:a4:67:1d:3e:62:ce:52:6e:78:
                    58:f8:56:ca:ea:ae:3a:4b:f6:ca:da:04:4c:88:3f:
                    92:c7:08:e0:33:df:e8:60:0d:a0:3e:55:3c:db:8e:
                    ec:41:4f:bd:f7:9e:41:44:d1:69:47:15:4a:25:e9:
                    fa:31:38:14:42:c0:b5:92:82:c4:f5:ff:45:0e:39:
                    74:92:c2:52:37:60:0d:64:38:62:e7:17:f2:73:d9:
                    27:c3:66:23:07:e7:30:6a:88:97:1e:de:30:c2:c6:
                    77:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:E1:DD:7D:22:50:F1:B6:A1:34:68:26:09:82:5D:61:5B:08:65:E4
            X509v3 Authority Key Identifier:
                keyid:94:8F:F8:76:89:FA:94:91:16:F5:F7:C8:00:EB:1D:70:1E:65:E3:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9148EFA/E0C951CE306911EABF0D942EC4F9AE02/lI_4don6lJEW9ffIAOsdcB5l43s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lI_4don6lJEW9ffIAOsdcB5l43s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148EFA/E0C951CE306911EABF0D942EC4F9AE02/61D17760306A11EAA983B72EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.86.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:84:5c:8b:53:72:63:75:be:0d:da:25:a7:98:08:5a:75:6a:
         76:c2:ea:03:78:fe:5a:24:82:ed:4f:79:1e:51:c3:2d:6f:8e:
         8a:d9:59:e8:22:64:3d:8d:09:99:be:b2:24:30:5a:e8:99:65:
         32:df:c1:a8:ff:f0:64:ff:13:16:19:73:99:ab:6d:66:cb:fa:
         38:db:71:e2:3d:55:e0:dd:75:24:5b:a4:24:dd:ab:7f:4e:6e:
         e1:6a:e3:3c:58:c4:d9:ec:1c:bf:81:f4:bd:df:69:05:5a:61:
         af:ff:67:53:cd:e6:1b:a4:f4:de:c9:49:9a:18:20:01:9f:64:
         01:b5:de:dc:82:da:89:1e:71:f4:a3:03:f7:c4:89:0a:8a:ae:
         e5:57:26:38:df:f6:77:c8:7e:b4:f3:0f:45:ca:93:78:ba:3a:
         68:dc:ba:9a:59:51:08:92:b3:33:43:5f:c3:36:ee:e5:45:15:
         d5:ed:65:68:69:51:4c:50:7b:53:4c:5c:58:2a:54:c9:7b:b5:
         fc:59:12:be:75:25:8f:b4:5d:69:a9:7e:4c:8f:02:65:4d:21:
         1c:34:bf:95:0a:7b:93:d3:ea:f0:99:2e:e9:b0:97:0d:01:a2:
         0c:01:b3:04:6f:c8:38:db:ee:43:21:f8:e2:d7:99:b4:c2:df:
         57:98:0b:cc
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCBcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhFRkExMTAvBgNVBAUTKDk0OEZGODc2ODlGQTk0OTExNkY1RjdDODAwRUIxRDcw
MUU2NUUzN0IwHhcNMjIwNDExMDg0NzE1WhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02MjUzZWIxMi0zY2NiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoZXy8ewgG9j4EuW7Mh53CBxo55OrBGamKiz8qeuU9EiJUjGnDAOCb9lJJqcu
fHiPt3oUyINhmPBH1lCBoSLkszczu7XX9HHRGI9ggVZmsEFFsFzbjUjFH6US8FwV
eML7J8BQbA6Uas2gNNfW9a+qUGFolkLSOt1T57kPZeZBRivNx8CDKbwJVtCtXqBe
aYoMeCO55BxXKiskVKukZx0+Ys5SbnhY+FbK6q46S/bK2gRMiD+SxwjgM9/oYA2g
PlU8247sQU+9955BRNFpRxVKJen6MTgUQsC1koLE9f9FDjl0ksJSN2ANZDhi5xfy
c9knw2YjB+cwaoiXHt4wwsZ3OQIDAQABo4IClTCCApEwHQYDVR0OBBYEFDvh3X0i
UPG2oTRoJgmCXWFbCGXkMB8GA1UdIwQYMBaAFJSP+HaJ+pSRFvX3yADrHXAeZeN7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEVGQS9FMEM5NTFDRTMw
NjkxMUVBQkYwRDk0MkVDNEY5QUUwMi9sSV80ZG9uNmxKRVc5ZmZJQU9zZGNCNWw0
M3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2xJXzRkb242bEpFVzlmZklBT3NkY0I1bDQzcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhFRkEvRTBDOTUxQ0UzMDY5MTFFQUJGMEQ5NDJFQzRGOUFFMDIvNjFEMTc3NjAz
MDZBMTFFQUE5ODNCNzJFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnVpIwDQYJKoZIhvcNAQELBQADggEBAEqEXItTcmN1vg3a
JaeYCFp1anbC6gN4/lokgu1PeR5Rwy1vjorZWegiZD2NCZm+siQwWuiZZTLfwaj/
8GT/ExYZc5mrbWbL+jjbceI9VeDddSRbpCTdq39ObuFq4zxYxNnsHL+B9L3faQVa
Ya//Z1PN5huk9N7JSZoYIAGfZAG13tyC2okecfSjA/fEiQqKruVXJjjf9nfIfrTz
D0XKk3i6OmjcuppZUQiSszNDX8M27uVFFdXtZWhpUUxQe1NMXFgqVMl7tfxZEr51
JY+0XWmpfkyPAmVNIRw0v5UKe5PT6vCZLumwlw0BogwBswRvyDjb7kMh+OLXmbTC
31eYC8w=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:05 2024 by rpki-client on console-fra.rpki-client.org