Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/218050BE47A811EAB74E6635C4F9AE02.roa
File:                     218050BE47A811EAB74E6635C4F9AE02.roa (raw, json)
Hash identifier:          f083+M4MfnY08h4BUm4ZHI4xhryd1fs0+Ukq/eUymCQ=
Subject key identifier:   18:57:F9:25:74:2C:E3:47:C7:D6:64:39:88:D6:D5:3C:EC:3B:BA:62
Certificate issuer:       /CN=A9152F52/serialNumber=81428A01C51691E7A8C5D843ECB6B1D3D9AE424E
Certificate serial:       0ACB
Authority key identifier: 81:42:8A:01:C5:16:91:E7:A8:C5:D8:43:EC:B6:B1:D3:D9:AE:42:4E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gUKKAcUWkeeoxdhD7Lax09muQk4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/218050BE47A811EAB74E6635C4F9AE02.roa
Signing time:             Mon 31 Jul 2023 19:57:27 +0000
ROA not before:           Mon 31 Jul 2023 19:57:27 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     24557
IP address blocks:        103.7.136.0/24 maxlen: 24
                          103.7.137.0/24 maxlen: 24
                          103.11.76.0/24 maxlen: 24
                          103.11.78.0/24 maxlen: 24
                          113.20.0.0/24 maxlen: 24
                          113.20.1.0/24 maxlen: 24
                          113.20.2.0/24 maxlen: 24
                          113.20.3.0/24 maxlen: 24
                          113.20.4.0/22 maxlen: 22
                          113.20.8.0/21 maxlen: 21
                          117.55.224.0/21 maxlen: 21
                          117.55.232.0/21 maxlen: 21
                          175.107.128.0/20 maxlen: 20
                          175.107.144.0/20 maxlen: 20
                          175.107.172.0/24 maxlen: 24
                          175.107.174.0/24 maxlen: 24
                          175.107.175.0/24 maxlen: 24
                          175.107.177.0/24 maxlen: 24
                          175.107.178.0/24 maxlen: 24
                          175.107.185.0/24 maxlen: 24
                          175.107.188.0/23 maxlen: 23
                          175.107.190.0/24 maxlen: 24
                          2405:5000::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2763 (0xacb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9152F52/serialNumber=81428A01C51691E7A8C5D843ECB6B1D3D9AE424E
        Validity
            Not Before: Jul 31 19:57:27 2023 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=64c81226-3185
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:21:75:11:14:82:c8:47:92:ce:5e:55:7c:fd:
                    ab:85:c6:bd:f4:76:6b:36:ad:0a:bb:b5:5b:62:1c:
                    42:20:3a:d2:bc:38:0c:2e:b3:71:68:b4:aa:58:ce:
                    41:a4:12:99:15:7d:dd:f0:7a:41:33:00:dc:68:8f:
                    f6:c6:7a:a6:37:66:ce:4e:4f:9c:fe:1b:a1:1a:21:
                    f6:66:d1:71:75:40:21:1e:4e:30:8e:32:10:4c:12:
                    5d:1d:f4:31:38:51:28:b9:fb:1d:eb:d0:5a:e5:b1:
                    0c:e2:f2:e4:2c:f9:d3:d8:bf:97:47:45:3a:05:20:
                    80:fc:4d:b3:9f:34:22:3b:86:1d:7a:2c:b4:1d:2a:
                    e9:b3:e2:51:07:6a:7c:bc:53:1c:15:43:c7:dd:9f:
                    08:75:65:53:07:4d:67:f6:4a:2b:2b:66:31:28:80:
                    b2:8e:6f:7e:b6:40:ff:5e:4f:47:ec:a0:5a:84:b3:
                    8a:08:73:57:a5:32:01:16:ac:63:9c:a2:1a:8c:63:
                    a8:77:e9:24:58:24:70:13:0b:c9:08:6d:2f:82:03:
                    77:f2:15:fa:c3:ec:6b:33:6f:5d:b7:bf:c4:a7:50:
                    bd:72:3a:8c:5e:1b:7b:45:15:0b:b3:44:91:c6:5a:
                    2b:65:03:0c:a4:19:4d:4e:90:5c:1c:4b:98:71:be:
                    92:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:57:F9:25:74:2C:E3:47:C7:D6:64:39:88:D6:D5:3C:EC:3B:BA:62
            X509v3 Authority Key Identifier:
                keyid:81:42:8A:01:C5:16:91:E7:A8:C5:D8:43:EC:B6:B1:D3:D9:AE:42:4E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/gUKKAcUWkeeoxdhD7Lax09muQk4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gUKKAcUWkeeoxdhD7Lax09muQk4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9152F52/88EBCFDC1D4911EAAE775B34C4F9AE02/218050BE47A811EAB74E6635C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.7.136.0/23
                  103.11.76.0/24
                  103.11.78.0/24
                  113.20.0.0/20
                  117.55.224.0/20
                  175.107.128.0/19
                  175.107.172.0/24
                  175.107.174.0/23
                  175.107.177.0-175.107.178.255
                  175.107.185.0/24
                  175.107.188.0-175.107.190.255
                IPv6:
                  2405:5000::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:fb:63:c5:2b:0d:7b:31:43:1a:47:9f:8b:87:e1:84:d3:7f:
         b2:fc:a1:53:1e:b2:c4:5b:c4:7f:09:2f:53:d1:25:b8:c3:98:
         26:e4:0b:65:74:57:47:f1:53:61:06:c9:3f:52:15:a6:b3:c1:
         72:1a:88:93:7a:0a:5c:49:dc:06:29:77:bd:41:52:f7:21:89:
         aa:c9:09:15:1e:6e:a7:0c:2d:69:a0:59:c9:64:16:f7:db:fb:
         1c:87:61:3f:08:ab:0e:db:16:fc:0d:f4:b4:4a:be:fc:08:62:
         3e:e5:6d:38:10:06:36:6a:63:b5:ca:17:c3:87:1b:44:be:f4:
         cf:d4:2f:27:3c:03:64:bf:e1:a4:e4:bd:d2:a4:88:90:05:d8:
         c5:70:96:a3:70:b2:7f:c9:f4:31:66:5d:cd:b5:16:48:28:45:
         2c:d8:1c:35:94:1d:73:df:fe:09:7e:c7:92:16:cd:e2:f9:5f:
         c5:a1:2a:8a:93:18:20:b2:20:c2:bc:0f:7f:38:65:65:73:0d:
         f2:75:6c:eb:c6:5c:5c:19:a3:01:ba:04:75:67:e7:ec:31:56:
         a2:72:95:cf:29:2f:4c:5c:6d:ef:1f:e5:74:02:92:ff:64:65:
         9b:ec:05:c9:5f:af:7c:50:b3:e4:ce:31:d7:47:a6:f1:06:c6:
         79:d6:67:ee
-----BEGIN CERTIFICATE-----
MIIFzDCCBLSgAwIBAgICCsswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTJGNTIxMTAvBgNVBAUTKDgxNDI4QTAxQzUxNjkxRTdBOEM1RDg0M0VDQjZCMUQz
RDlBRTQyNEUwHhcNMjMwNzMxMTk1NzI3WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGM4MTIyNi0zMTg1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3yF1ERSCyEeSzl5VfP2rhca99HZrNq0Ku7VbYhxCIDrSvDgMLrNxaLSqWM5B
pBKZFX3d8HpBMwDcaI/2xnqmN2bOTk+c/huhGiH2ZtFxdUAhHk4wjjIQTBJdHfQx
OFEoufsd69Ba5bEM4vLkLPnT2L+XR0U6BSCA/E2znzQiO4Ydeiy0HSrps+JRB2p8
vFMcFUPH3Z8IdWVTB01n9korK2YxKICyjm9+tkD/Xk9H7KBahLOKCHNXpTIBFqxj
nKIajGOod+kkWCRwEwvJCG0vggN38hX6w+xrM29dt7/Ep1C9cjqMXht7RRULs0SR
xlorZQMMpBlNTpBcHEuYcb6SKwIDAQABo4IC8DCCAuwwHQYDVR0OBBYEFBhX+SV0
LONHx9ZkOYjW1TzsO7piMB8GA1UdIwQYMBaAFIFCigHFFpHnqMXYQ+y2sdPZrkJO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MkY1Mi84OEVCQ0ZEQzFE
NDkxMUVBQUU3NzVCMzRDNEY5QUUwMi9nVUtLQWNVV2tlZW94ZGhEN0xheDA5bXVR
azQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2dVS0tBY1VXa2Vlb3hkaEQ3TGF4MDltdVFrNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTJGNTIvODhFQkNGREMxRDQ5MTFFQUFFNzc1QjM0QzRGOUFFMDIvMjE4MDUwQkU0
N0E4MTFFQUI3NEU2NjM1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwegYIKwYBBQUHAQcBAf8E
azBpMFgEAgABMFIDBAFnB4gDBABnC0wDBABnC04DBARxFAADBAR1N+ADBAWva4AD
BACva6wDBAGva64wDAMEAK9rsQMEAK9rsgMEAK9ruTAMAwQCr2u8AwQAr2u+MA0E
AgACMAcDBQAkBVAAMA0GCSqGSIb3DQEBCwUAA4IBAQBt+2PFKw17MUMaR5+Lh+GE
03+y/KFTHrLEW8R/CS9T0SW4w5gm5AtldFdH8VNhBsk/UhWms8FyGoiTegpcSdwG
KXe9QVL3IYmqyQkVHm6nDC1poFnJZBb32/sch2E/CKsO2xb8DfS0Sr78CGI+5W04
EAY2amO1yhfDhxtEvvTP1C8nPANkv+Gk5L3SpIiQBdjFcJajcLJ/yfQxZl3NtRZI
KEUs2Bw1lB1z3/4JfseSFs3i+V/FoSqKkxggsiDCvA9/OGVlcw3ydWzrxlxcGaMB
ugR1Z+fsMVaicpXPKS9MXG3vH+V0ApL/ZGWb7AXJX698ULPkzjHXR6bxBsZ51mfu
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:06 2024 by rpki-client on console-fra.rpki-client.org