Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914F521/21658820C67E11E9AF3BA765C4F9AE02/EC1AEF26FF4F11ECB035C817C4F9AE02.roa
File:                     EC1AEF26FF4F11ECB035C817C4F9AE02.roa (raw, json)
Hash identifier:          7lE7B/85CqFDceEgmJhvffJSUjLuAo5CMN9u+6qhp9E=
Subject key identifier:   2A:2E:18:31:60:B2:30:14:F8:9D:ED:EC:EB:B7:33:4E:CC:F9:E6:CC
Certificate issuer:       /CN=A914F521/serialNumber=2976876753D65562A7CA85E3E9E8DF750797C948
Certificate serial:       0AF9
Authority key identifier: 29:76:87:67:53:D6:55:62:A7:CA:85:E3:E9:E8:DF:75:07:97:C9:48
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KXaHZ1PWVWKnyoXj6ejfdQeXyUg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914F521/21658820C67E11E9AF3BA765C4F9AE02/EC1AEF26FF4F11ECB035C817C4F9AE02.roa
Signing time:             Sat 09 Jul 2022 06:25:27 +0000
ROA not before:           Sat 09 Jul 2022 06:25:27 +0000
ROA not after:            Thu 31 Aug 2023 00:00:00 +0000
asID:                     140616
IP address blocks:        103.115.135.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2809 (0xaf9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914F521/serialNumber=2976876753D65562A7CA85E3E9E8DF750797C948
        Validity
            Not Before: Jul  9 06:25:27 2022 GMT
            Not After : Aug 31 00:00:00 2023 GMT
        Subject: CN=62c91f57-3552
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:b6:7b:28:b0:26:f3:62:ff:d3:43:ab:24:df:
                    c8:f5:c8:8a:03:13:83:5c:4e:9b:6e:c4:09:27:db:
                    3c:7c:35:25:5c:e3:66:35:fb:b0:34:10:75:8b:7c:
                    0a:24:c9:b7:ac:32:ac:d5:d4:62:56:df:ae:53:a6:
                    17:5f:22:61:58:a0:31:60:2c:c6:cb:8c:47:40:e7:
                    5d:e8:bf:77:b6:2d:21:f3:a5:12:42:a8:05:a0:8a:
                    a8:f7:ea:1c:b3:7b:80:64:31:98:66:b4:91:93:b2:
                    f1:32:69:73:05:0a:f3:eb:ca:b6:97:f4:05:8d:68:
                    c0:35:0b:1b:c2:5a:54:e2:23:82:2f:b8:e0:5c:f8:
                    4b:8c:00:7f:67:a5:8f:75:25:99:21:90:4b:2f:ad:
                    cc:a0:ee:d3:00:ae:0f:df:d4:a5:e7:36:26:02:e3:
                    57:50:d5:44:53:18:af:b3:b6:59:31:45:a0:f1:4b:
                    51:9b:a4:5b:70:c8:61:2d:8f:33:62:f1:a1:6c:92:
                    52:df:29:4d:b2:45:52:8b:64:5f:f6:89:67:5b:b4:
                    5e:58:c1:08:62:c2:07:37:71:50:19:f1:8b:60:89:
                    19:a8:fb:fb:34:62:cf:a6:1c:aa:cf:f0:1f:bc:c3:
                    c1:2c:c4:fc:c4:eb:32:18:ff:63:be:e6:bd:fa:d2:
                    c9:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:2E:18:31:60:B2:30:14:F8:9D:ED:EC:EB:B7:33:4E:CC:F9:E6:CC
            X509v3 Authority Key Identifier:
                keyid:29:76:87:67:53:D6:55:62:A7:CA:85:E3:E9:E8:DF:75:07:97:C9:48

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914F521/21658820C67E11E9AF3BA765C4F9AE02/KXaHZ1PWVWKnyoXj6ejfdQeXyUg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KXaHZ1PWVWKnyoXj6ejfdQeXyUg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914F521/21658820C67E11E9AF3BA765C4F9AE02/EC1AEF26FF4F11ECB035C817C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.115.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:ad:78:65:9e:51:50:6c:09:7f:e4:2c:a0:7a:80:1f:da:09:
         64:db:0a:be:12:bc:fc:8a:0f:e0:d5:9b:d5:67:a5:a3:3b:bf:
         06:cb:e0:d9:bf:13:03:22:bc:6e:30:65:0a:83:bd:a8:ba:a2:
         fa:3d:18:7a:b4:63:e7:68:6b:bd:bb:7a:7a:4f:96:45:6e:de:
         5f:74:48:9a:7e:ee:ab:b5:aa:01:3b:32:4f:8e:10:04:b7:12:
         b8:53:f2:58:ed:fb:ce:81:cd:38:88:fd:9b:11:f4:a8:6e:2a:
         44:1f:4a:6b:8b:bf:5b:d5:7e:60:75:51:d3:c2:cb:2a:d2:4b:
         2a:a5:3a:21:df:4b:13:2c:fa:a0:8b:90:03:dd:c1:03:2c:9d:
         7f:b5:03:b4:e3:54:b9:58:93:d8:79:84:c4:fd:98:a6:bf:39:
         20:d6:9f:71:28:db:a7:46:04:62:c6:91:f9:e0:5d:ed:1f:7b:
         c8:12:83:39:2b:9e:37:fb:dc:14:49:48:76:75:ce:d5:34:2c:
         49:97:6e:a4:5f:b8:2c:99:d5:1a:4d:f9:a6:86:03:23:dc:55:
         b6:2b:53:a6:0b:ef:24:e3:07:2c:d6:96:cd:84:09:dc:1c:4e:
         b7:1f:c8:8c:bd:0e:79:c8:fe:12:be:54:97:64:ea:22:67:dc:
         75:c1:0b:19
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCvkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEY1MjExMTAvBgNVBAUTKDI5NzY4NzY3NTNENjU1NjJBN0NBODVFM0U5RThERjc1
MDc5N0M5NDgwHhcNMjIwNzA5MDYyNTI3WhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmM5MWY1Ny0zNTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA27Z7KLAm82L/00OrJN/I9ciKAxODXE6bbsQJJ9s8fDUlXONmNfuwNBB1i3wK
JMm3rDKs1dRiVt+uU6YXXyJhWKAxYCzGy4xHQOdd6L93ti0h86USQqgFoIqo9+oc
s3uAZDGYZrSRk7LxMmlzBQrz68q2l/QFjWjANQsbwlpU4iOCL7jgXPhLjAB/Z6WP
dSWZIZBLL63MoO7TAK4P39Sl5zYmAuNXUNVEUxivs7ZZMUWg8UtRm6RbcMhhLY8z
YvGhbJJS3ylNskVSi2Rf9olnW7ReWMEIYsIHN3FQGfGLYIkZqPv7NGLPphyqz/Af
vMPBLMT8xOsyGP9jvua9+tLJpwIDAQABo4IClTCCApEwHQYDVR0OBBYEFCouGDFg
sjAU+J3t7Ou3M07M+ebMMB8GA1UdIwQYMBaAFCl2h2dT1lVip8qF4+no33UHl8lI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RjUyMS8yMTY1ODgyMEM2
N0UxMUU5QUYzQkE3NjVDNEY5QUUwMi9LWGFIWjFQV1ZXS255b1hqNmVqZmRRZVh5
VWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tYYUhaMVBXVldLbnlvWGo2ZWpmZFFlWHlVZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEY1MjEvMjE2NTg4MjBDNjdFMTFFOUFGM0JBNzY1QzRGOUFFMDIvRUMxQUVGMjZG
RjRGMTFFQ0IwMzVDODE3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnc4cwDQYJKoZIhvcNAQELBQADggEBADGteGWeUVBsCX/k
LKB6gB/aCWTbCr4SvPyKD+DVm9VnpaM7vwbL4Nm/EwMivG4wZQqDvai6ovo9GHq0
Y+doa727enpPlkVu3l90SJp+7qu1qgE7Mk+OEAS3ErhT8ljt+86BzTiI/ZsR9Khu
KkQfSmuLv1vVfmB1UdPCyyrSSyqlOiHfSxMs+qCLkAPdwQMsnX+1A7TjVLlYk9h5
hMT9mKa/OSDWn3Eo26dGBGLGkfngXe0fe8gSgzkrnjf73BRJSHZ1ztU0LEmXbqRf
uCyZ1RpN+aaGAyPcVbYrU6YL7yTjByzWls2ECdwcTrcfyIy9DnnI/hK+VJdk6iJn
3HXBCxk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:59 2024 by rpki-client on console-ams.rpki-client.org