Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914F521/21658820C67E11E9AF3BA765C4F9AE02/1136100C1E5311EDB2A4D934C4F9AE02.roa
File:                     1136100C1E5311EDB2A4D934C4F9AE02.roa (raw, json)
Hash identifier:          Sv2XUyB7qjvV8g91KJ3GkPiPTjvVNTxXdxT7nH7n/To=
Subject key identifier:   31:F9:13:88:E0:13:FC:86:C4:DF:4C:2D:80:AD:67:62:7E:C0:A1:90
Certificate issuer:       /CN=A914F521/serialNumber=2976876753D65562A7CA85E3E9E8DF750797C948
Certificate serial:       0BDB
Authority key identifier: 29:76:87:67:53:D6:55:62:A7:CA:85:E3:E9:E8:DF:75:07:97:C9:48
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KXaHZ1PWVWKnyoXj6ejfdQeXyUg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914F521/21658820C67E11E9AF3BA765C4F9AE02/1136100C1E5311EDB2A4D934C4F9AE02.roa
Signing time:             Thu 29 Dec 2022 21:36:12 +0000
ROA not before:           Thu 29 Dec 2022 21:36:12 +0000
ROA not after:            Thu 31 Aug 2023 00:00:00 +0000
asID:                     137843
IP address blocks:        103.115.132.0/23 maxlen: 23
                          103.115.132.0/24 maxlen: 24
                          103.115.133.0/24 maxlen: 24
                          103.115.134.0/24 maxlen: 24
                          103.115.135.0/24 maxlen: 24
                          2402:e840::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3035 (0xbdb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914F521/serialNumber=2976876753D65562A7CA85E3E9E8DF750797C948
        Validity
            Not Before: Dec 29 21:36:12 2022 GMT
            Not After : Aug 31 00:00:00 2023 GMT
        Subject: CN=63ae084c-c065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:2a:cb:f9:af:0c:9a:49:c8:e5:fe:98:a7:b5:
                    8b:2c:a5:b3:92:33:41:a4:53:a6:c2:25:cc:20:60:
                    37:0d:aa:f9:97:08:80:cd:e4:77:5d:03:dd:64:fa:
                    da:57:d0:a9:6b:e7:af:82:01:c5:97:63:e7:32:97:
                    40:d3:b0:86:b2:94:7d:2e:6d:39:3e:ef:06:fa:ae:
                    9c:23:fe:2c:a1:a6:83:3b:44:63:d7:01:f2:d8:ce:
                    65:cf:07:40:1e:a2:4e:cb:17:50:8c:3c:4e:45:15:
                    86:f5:95:a9:5f:88:23:ed:55:ba:d7:c0:a5:35:73:
                    19:26:e6:85:0a:13:55:34:67:e4:e2:e5:23:de:41:
                    c9:85:43:ca:f9:d5:a6:ed:3f:82:a1:10:a0:12:49:
                    93:4a:1f:a9:9a:3a:45:44:09:de:83:5a:b7:57:8f:
                    73:75:01:07:18:6e:4b:01:77:f5:26:11:a0:f4:1a:
                    6e:d4:dd:f6:a9:3e:5a:fa:0d:14:85:68:55:4b:a7:
                    a9:6a:24:1e:f8:ce:bb:13:bc:f9:61:4d:ff:45:70:
                    f3:df:33:c9:ed:12:8d:c5:a3:a7:e5:02:a7:f0:6f:
                    b7:31:8c:59:5c:d0:d0:70:5f:94:71:80:b4:08:a0:
                    72:7e:8a:63:b0:c4:28:c9:51:0c:31:50:2b:b2:e4:
                    71:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:F9:13:88:E0:13:FC:86:C4:DF:4C:2D:80:AD:67:62:7E:C0:A1:90
            X509v3 Authority Key Identifier:
                keyid:29:76:87:67:53:D6:55:62:A7:CA:85:E3:E9:E8:DF:75:07:97:C9:48

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914F521/21658820C67E11E9AF3BA765C4F9AE02/KXaHZ1PWVWKnyoXj6ejfdQeXyUg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KXaHZ1PWVWKnyoXj6ejfdQeXyUg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914F521/21658820C67E11E9AF3BA765C4F9AE02/1136100C1E5311EDB2A4D934C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.115.132.0/22
                IPv6:
                  2402:e840::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:55:5d:28:36:9c:be:55:6b:f9:ca:8f:68:d1:79:fe:c0:4a:
         c7:c2:cd:92:80:76:92:b9:ce:46:5a:73:9c:78:21:b3:54:45:
         cd:74:cf:ab:e0:67:7b:74:74:cd:3a:0b:cc:9c:bd:40:e4:da:
         c1:46:c2:72:c5:61:27:c9:10:b9:bd:73:44:c9:a1:0b:58:cf:
         47:1e:45:dc:ee:60:1f:52:3c:6e:0c:b0:db:09:69:94:e9:2c:
         de:88:c4:b8:25:12:9f:2e:c0:f2:d0:53:8d:9b:9b:97:f2:2a:
         d7:ab:a9:6b:d4:1c:c6:ed:4b:bc:49:7f:55:8f:b5:3b:5a:7d:
         98:c9:86:91:7f:d6:16:85:e7:68:5c:1c:ea:95:4c:f3:af:8f:
         66:db:f6:fa:e9:5a:eb:19:fd:6b:d8:99:63:9f:0c:c6:47:ed:
         a3:c1:11:07:41:d3:1c:44:b3:5e:a6:12:eb:b0:fc:fe:e2:41:
         da:5c:b5:26:e0:46:db:89:13:f7:ad:9c:15:d3:25:5c:4e:d4:
         53:58:54:59:36:6b:c2:6f:41:37:67:d4:fc:17:13:bc:df:1a:
         91:00:d2:1e:1d:70:b6:9f:0e:ad:51:53:3e:68:98:2b:11:30:
         75:2f:2f:6e:05:6c:75:f2:16:20:bf:e7:3e:f5:b8:c8:cf:09:
         fe:02:5c:7c
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICC9swDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEY1MjExMTAvBgNVBAUTKDI5NzY4NzY3NTNENjU1NjJBN0NBODVFM0U5RThERjc1
MDc5N0M5NDgwHhcNMjIxMjI5MjEzNjEyWhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2FlMDg0Yy1jMDY1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0CrL+a8MmknI5f6Yp7WLLKWzkjNBpFOmwiXMIGA3Dar5lwiAzeR3XQPdZPra
V9Cpa+evggHFl2PnMpdA07CGspR9Lm05Pu8G+q6cI/4soaaDO0Rj1wHy2M5lzwdA
HqJOyxdQjDxORRWG9ZWpX4gj7VW618ClNXMZJuaFChNVNGfk4uUj3kHJhUPK+dWm
7T+CoRCgEkmTSh+pmjpFRAneg1q3V49zdQEHGG5LAXf1JhGg9Bpu1N32qT5a+g0U
hWhVS6epaiQe+M67E7z5YU3/RXDz3zPJ7RKNxaOn5QKn8G+3MYxZXNDQcF+UcYC0
CKByfopjsMQoyVEMMVArsuRxrwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFDH5E4jg
E/yGxN9MLYCtZ2J+wKGQMB8GA1UdIwQYMBaAFCl2h2dT1lVip8qF4+no33UHl8lI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RjUyMS8yMTY1ODgyMEM2
N0UxMUU5QUYzQkE3NjVDNEY5QUUwMi9LWGFIWjFQV1ZXS255b1hqNmVqZmRRZVh5
VWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tYYUhaMVBXVldLbnlvWGo2ZWpmZFFlWHlVZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEY1MjEvMjE2NTg4MjBDNjdFMTFFOUFGM0JBNzY1QzRGOUFFMDIvMTEzNjEwMEMx
RTUzMTFFREIyQTREOTM0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJnc4QwDQQCAAIwBwMFACQC6EAwDQYJKoZIhvcNAQELBQAD
ggEBAF1VXSg2nL5Va/nKj2jRef7ASsfCzZKAdpK5zkZac5x4IbNURc10z6vgZ3t0
dM06C8ycvUDk2sFGwnLFYSfJELm9c0TJoQtYz0ceRdzuYB9SPG4MsNsJaZTpLN6I
xLglEp8uwPLQU42bm5fyKterqWvUHMbtS7xJf1WPtTtafZjJhpF/1haF52hcHOqV
TPOvj2bb9vrpWusZ/WvYmWOfDMZH7aPBEQdB0xxEs16mEuuw/P7iQdpctSbgRtuJ
E/etnBXTJVxO1FNYVFk2a8JvQTdn1PwXE7zfGpEA0h4dcLafDq1RUz5omCsRMHUv
L24FbHXyFiC/5z71uMjPCf4CXHw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:59 2024 by rpki-client on console-ams.rpki-client.org