Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/4B207E7CB17C11EC92E57138C4F9AE02.roa
File:                     4B207E7CB17C11EC92E57138C4F9AE02.roa (raw, json)
Hash identifier:          yYrx1pMn30bJf+TPV68NbiDLx1tSFA1Jl0yowo5jmfM=
Subject key identifier:   58:56:44:1F:BD:34:D9:5F:18:AE:CC:90:46:99:30:B4:EA:2E:5B:E0
Certificate issuer:       /CN=A91536B7/serialNumber=981FA227A2A435C2B76E06C9C452D3EC751984D3
Certificate serial:       0383
Authority key identifier: 98:1F:A2:27:A2:A4:35:C2:B7:6E:06:C9:C4:52:D3:EC:75:19:84:D3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/4B207E7CB17C11EC92E57138C4F9AE02.roa
Signing time:             Fri 01 Apr 2022 17:23:45 +0000
ROA not before:           Fri 01 Apr 2022 17:23:45 +0000
ROA not after:            Mon 01 Aug 2022 00:00:00 +0000
asID:                     17830
IP address blocks:        2407:c280:b100::/40 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 899 (0x383)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91536B7/serialNumber=981FA227A2A435C2B76E06C9C452D3EC751984D3
        Validity
            Not Before: Apr  1 17:23:45 2022 GMT
            Not After : Aug  1 00:00:00 2022 GMT
        Subject: CN=62473521-ce78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:70:c4:85:5a:02:52:a9:b8:da:1c:c4:0f:55:
                    5c:91:37:4b:4d:86:c4:3d:c9:b4:f4:a7:14:da:64:
                    7a:04:a9:f6:91:d7:3d:08:25:e2:d8:4d:1a:2e:e1:
                    52:5b:37:4a:8a:dd:c4:c4:f8:3c:47:4c:37:c4:2c:
                    97:33:8a:e0:d3:db:95:a0:e2:be:8e:57:29:fe:f2:
                    40:a5:0a:3e:b1:94:3c:87:bf:af:18:67:61:e6:ec:
                    61:80:9b:7c:f9:cb:ed:83:2a:b2:53:25:e2:39:b3:
                    af:0d:4c:27:84:34:c7:ce:c3:bf:02:2d:57:03:23:
                    e3:0b:63:ca:fc:9c:27:f6:3b:a9:bd:a8:d3:c5:5e:
                    2e:76:b0:82:3d:66:a7:86:63:59:80:05:4d:7c:57:
                    ac:71:c7:9e:61:33:35:b2:c2:60:87:23:61:0d:03:
                    29:f2:49:b4:86:bb:78:a4:2a:51:41:5e:5c:27:e9:
                    20:56:6b:f5:43:ac:9b:a7:3d:cf:bd:8e:b8:2b:9b:
                    16:1d:6f:05:44:0e:45:b1:25:b7:f0:b3:69:fa:c0:
                    68:fa:91:fd:93:d2:02:8e:39:8b:8d:e7:83:21:35:
                    b2:5b:aa:58:a2:32:74:ca:dc:d0:25:c5:71:40:b5:
                    8c:20:86:fe:de:b1:ca:e0:38:08:ca:a3:f4:83:ae:
                    15:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:56:44:1F:BD:34:D9:5F:18:AE:CC:90:46:99:30:B4:EA:2E:5B:E0
            X509v3 Authority Key Identifier:
                keyid:98:1F:A2:27:A2:A4:35:C2:B7:6E:06:C9:C4:52:D3:EC:75:19:84:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/4B207E7CB17C11EC92E57138C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:c280:b100::/40

    Signature Algorithm: sha256WithRSAEncryption
         15:58:69:54:aa:96:ae:d6:23:d4:00:89:b8:94:8b:28:de:70:
         d0:70:34:f1:fb:ac:54:85:ce:bc:47:ea:de:d5:78:0f:07:a5:
         4b:31:39:f7:b7:5b:65:57:bf:a2:5e:f4:ed:b6:18:d5:23:e8:
         bb:33:de:36:ab:86:a1:cf:27:b6:4a:6a:e2:7b:f7:b1:1b:6f:
         05:d2:6f:b3:25:c5:a7:1f:3e:6a:a0:8e:7f:9c:e7:ba:1c:18:
         dc:3f:1a:ab:67:4a:ef:78:64:da:cc:dd:18:48:97:56:2e:01:
         6b:06:9b:37:0c:b9:de:36:e7:8b:23:3c:ec:f7:0d:39:97:e2:
         0e:79:d7:60:cc:b8:c5:03:4b:02:c0:d0:df:73:68:ec:82:17:
         0c:dc:e4:fc:1c:7b:f6:d0:ee:73:d9:0a:e2:0c:53:db:b6:59:
         6a:17:01:de:96:f7:27:2c:67:98:c0:e1:ee:bf:05:a9:99:cc:
         eb:7e:7b:ec:92:47:cf:91:9c:fe:8f:c1:7e:56:39:17:8d:81:
         4e:db:3d:df:55:09:98:af:3b:99:dc:3b:d7:d7:4e:99:e0:0b:
         6f:58:9c:3d:2b:16:a8:50:9f:c4:ad:f9:6b:79:b5:e5:15:3d:
         33:45:8d:80:6b:1f:96:12:b5:d3:c8:4f:5b:1d:f1:5d:2e:a5:
         01:f0:b9:28
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgICA4MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTM2QjcxMTAvBgNVBAUTKDk4MUZBMjI3QTJBNDM1QzJCNzZFMDZDOUM0NTJEM0VD
NzUxOTg0RDMwHhcNMjIwNDAxMTcyMzQ1WhcNMjIwODAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjQ3MzUyMS1jZTc4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvXDEhVoCUqm42hzED1VckTdLTYbEPcm09KcU2mR6BKn2kdc9CCXi2E0aLuFS
WzdKit3ExPg8R0w3xCyXM4rg09uVoOK+jlcp/vJApQo+sZQ8h7+vGGdh5uxhgJt8
+cvtgyqyUyXiObOvDUwnhDTHzsO/Ai1XAyPjC2PK/Jwn9jupvajTxV4udrCCPWan
hmNZgAVNfFescceeYTM1ssJghyNhDQMp8km0hrt4pCpRQV5cJ+kgVmv1Q6ybpz3P
vY64K5sWHW8FRA5FsSW38LNp+sBo+pH9k9ICjjmLjeeDITWyW6pYojJ0ytzQJcVx
QLWMIIb+3rHK4DgIyqP0g64VuQIDAQABo4IClzCCApMwHQYDVR0OBBYEFFhWRB+9
NNlfGK7MkEaZMLTqLlvgMB8GA1UdIwQYMBaAFJgfoieipDXCt24GycRS0+x1GYTT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MzZCNy9GMUNEMjdCNDcz
QUQxMUU3QUNCRDAyNUVDNEY5QUUwMi9tQi1pSjZLa05jSzNiZ2JKeEZMVDdIVVpo
Tk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21CLWlKNktrTmNLM2JnYkp4RkxUN0hVWmhOTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTM2QjcvRjFDRDI3QjQ3M0FEMTFFN0FDQkQwMjVFQzRGOUFFMDIvNEIyMDdFN0NC
MTdDMTFFQzkyRTU3MTM4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAkB8KAsTANBgkqhkiG9w0BAQsFAAOCAQEAFVhpVKqWrtYj
1ACJuJSLKN5w0HA08fusVIXOvEfq3tV4DwelSzE597dbZVe/ol707bYY1SPouzPe
NquGoc8ntkpq4nv3sRtvBdJvsyXFpx8+aqCOf5znuhwY3D8aq2dK73hk2szdGEiX
Vi4BawabNwy53jbniyM87PcNOZfiDnnXYMy4xQNLAsDQ33No7IIXDNzk/Bx79tDu
c9kK4gxT27ZZahcB3pb3JyxnmMDh7r8FqZnM63577JJHz5Gc/o/BflY5F42BTts9
31UJmK87mdw719dOmeALb1icPSsWqFCfxK35a3m15RU9M0WNgGsflhK108hPWx3x
XS6lAfC5KA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:06 2024 by rpki-client on console-ams.rpki-client.org