Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914F521/21658820C67E11E9AF3BA765C4F9AE02/94921A564F6811EB8E7B045AC4F9AE02.roa
File:                     94921A564F6811EB8E7B045AC4F9AE02.roa (raw, json)
Hash identifier:          JeYWt9E2qPfLWgmwMf1+kHPUyEzvagQHziWvmUqTFYs=
Subject key identifier:   34:9A:9A:D4:0B:BC:53:42:87:A4:1A:51:C7:10:B1:FD:D4:D8:7F:69
Certificate issuer:       /CN=A914F521/serialNumber=2976876753D65562A7CA85E3E9E8DF750797C948
Certificate serial:       0ABA
Authority key identifier: 29:76:87:67:53:D6:55:62:A7:CA:85:E3:E9:E8:DF:75:07:97:C9:48
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KXaHZ1PWVWKnyoXj6ejfdQeXyUg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914F521/21658820C67E11E9AF3BA765C4F9AE02/94921A564F6811EB8E7B045AC4F9AE02.roa
Signing time:             Sun 12 Jun 2022 11:28:27 +0000
ROA not before:           Sun 12 Jun 2022 11:28:27 +0000
ROA not after:            Thu 31 Aug 2023 00:00:00 +0000
asID:                     137843
IP address blocks:        103.115.132.0/23 maxlen: 23
                          103.115.132.0/24 maxlen: 24
                          103.115.133.0/24 maxlen: 24
                          103.115.134.0/24 maxlen: 24
                          103.115.135.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2746 (0xaba)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914F521/serialNumber=2976876753D65562A7CA85E3E9E8DF750797C948
        Validity
            Not Before: Jun 12 11:28:27 2022 GMT
            Not After : Aug 31 00:00:00 2023 GMT
        Subject: CN=62a5cdda-9d7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3e:aa:07:e0:e5:ef:61:f1:17:aa:fb:bb:f5:
                    1f:7a:9e:3a:6c:6d:9a:b1:67:bd:f8:fc:35:10:18:
                    7e:ea:b8:42:c7:46:3a:82:c6:50:ab:2c:cd:74:17:
                    db:e1:1b:68:4d:7b:5f:3d:8a:b8:66:72:1e:af:58:
                    1d:b8:f1:c5:93:04:35:7c:48:a9:0c:2a:a9:55:54:
                    aa:18:39:2f:27:24:89:58:19:ca:fc:24:63:63:72:
                    d2:38:ff:5b:af:a5:dd:72:bb:c4:4c:40:49:5b:60:
                    a4:08:cf:8d:06:92:95:3a:96:18:2c:c0:61:61:8b:
                    34:bf:be:50:fb:77:1f:a4:a7:06:5d:61:07:ff:7b:
                    14:c2:d1:4e:b8:19:26:2e:a0:7a:6a:26:80:98:5d:
                    c1:fa:1e:08:1b:db:53:e7:ed:08:c9:48:c3:de:ea:
                    de:e3:21:e4:ed:4c:de:8e:f8:b9:5c:07:96:e6:b4:
                    d4:96:c2:20:b4:c8:a9:8e:11:66:a2:cc:67:cb:d7:
                    1e:0b:4f:47:f8:13:00:59:43:38:d1:61:e1:28:e6:
                    98:96:c2:86:f9:fb:64:28:a4:a2:10:55:ca:4b:a7:
                    5a:d0:88:39:e6:51:ec:55:f5:cb:dc:a7:a5:6f:a5:
                    68:01:22:f9:ff:25:87:67:b8:0c:e1:a8:57:fe:09:
                    2a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:9A:9A:D4:0B:BC:53:42:87:A4:1A:51:C7:10:B1:FD:D4:D8:7F:69
            X509v3 Authority Key Identifier:
                keyid:29:76:87:67:53:D6:55:62:A7:CA:85:E3:E9:E8:DF:75:07:97:C9:48

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914F521/21658820C67E11E9AF3BA765C4F9AE02/KXaHZ1PWVWKnyoXj6ejfdQeXyUg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KXaHZ1PWVWKnyoXj6ejfdQeXyUg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914F521/21658820C67E11E9AF3BA765C4F9AE02/94921A564F6811EB8E7B045AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.115.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:1e:99:b9:99:c4:2d:0f:76:8e:44:60:9b:0d:bf:d0:6e:62:
         f4:61:af:68:a1:a7:4c:95:67:6c:35:aa:b0:f4:9e:5d:39:d7:
         ce:16:82:ba:bd:f1:4a:bf:d6:09:30:60:d6:4a:0b:9f:e4:7b:
         26:c7:3b:6c:1d:b1:d4:51:b1:09:78:7f:1c:7e:de:aa:49:79:
         32:53:b4:2c:0a:f4:86:09:d3:18:61:ec:42:a0:c7:c3:a2:27:
         0b:c6:dc:a3:8f:3d:f5:5b:e7:ba:d3:d4:0e:d5:dd:d2:f9:9e:
         d3:3a:19:a0:3d:c6:ca:7a:39:a5:e9:a1:2d:81:03:c6:12:7f:
         b3:6f:2c:ab:a3:22:2b:cc:af:3f:d8:25:ae:b9:c5:58:63:ef:
         a4:39:4f:fd:b3:c1:85:bd:3c:e2:b4:7c:04:8f:f6:5c:90:4a:
         99:f3:0b:18:f4:8d:d9:26:29:f7:bf:9e:2b:85:18:be:f6:73:
         8f:ac:27:fc:37:5c:45:8b:24:9a:a6:50:c0:2b:b5:26:98:3c:
         63:bb:c7:a7:27:5f:d8:f9:1c:6a:0c:5b:a2:57:c8:df:4d:0c:
         6e:a6:60:d4:aa:5f:dd:bd:f2:4c:fa:34:b3:54:d2:9b:80:f9:
         a4:34:51:54:c1:6f:9c:5c:c5:5f:36:e6:d1:36:29:4f:e9:87:
         7c:42:5f:85
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCrowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEY1MjExMTAvBgNVBAUTKDI5NzY4NzY3NTNENjU1NjJBN0NBODVFM0U5RThERjc1
MDc5N0M5NDgwHhcNMjIwNjEyMTEyODI3WhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmE1Y2RkYS05ZDdjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuj6qB+Dl72HxF6r7u/Ufep46bG2asWe9+Pw1EBh+6rhCx0Y6gsZQqyzNdBfb
4RtoTXtfPYq4ZnIer1gduPHFkwQ1fEipDCqpVVSqGDkvJySJWBnK/CRjY3LSOP9b
r6XdcrvETEBJW2CkCM+NBpKVOpYYLMBhYYs0v75Q+3cfpKcGXWEH/3sUwtFOuBkm
LqB6aiaAmF3B+h4IG9tT5+0IyUjD3ure4yHk7Uzejvi5XAeW5rTUlsIgtMipjhFm
osxny9ceC09H+BMAWUM40WHhKOaYlsKG+ftkKKSiEFXKS6da0Ig55lHsVfXL3Kel
b6VoASL5/yWHZ7gM4ahX/gkq4wIDAQABo4IClTCCApEwHQYDVR0OBBYEFDSamtQL
vFNCh6QaUccQsf3U2H9pMB8GA1UdIwQYMBaAFCl2h2dT1lVip8qF4+no33UHl8lI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RjUyMS8yMTY1ODgyMEM2
N0UxMUU5QUYzQkE3NjVDNEY5QUUwMi9LWGFIWjFQV1ZXS255b1hqNmVqZmRRZVh5
VWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tYYUhaMVBXVldLbnlvWGo2ZWpmZFFlWHlVZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEY1MjEvMjE2NTg4MjBDNjdFMTFFOUFGM0JBNzY1QzRGOUFFMDIvOTQ5MjFBNTY0
RjY4MTFFQjhFN0IwNDVBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnc4QwDQYJKoZIhvcNAQELBQADggEBACAembmZxC0Pdo5E
YJsNv9BuYvRhr2ihp0yVZ2w1qrD0nl05184Wgrq98Uq/1gkwYNZKC5/keybHO2wd
sdRRsQl4fxx+3qpJeTJTtCwK9IYJ0xhh7EKgx8OiJwvG3KOPPfVb57rT1A7V3dL5
ntM6GaA9xsp6OaXpoS2BA8YSf7NvLKujIivMrz/YJa65xVhj76Q5T/2zwYW9POK0
fASP9lyQSpnzCxj0jdkmKfe/niuFGL72c4+sJ/w3XEWLJJqmUMArtSaYPGO7x6cn
X9j5HGoMW6JXyN9NDG6mYNSqX9298kz6NLNU0puA+aQ0UVTBb5xcxV825tE2KU/p
h3xCX4U=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:59 2024 by rpki-client on console-ams.rpki-client.org