Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/921E4B5001A511EDA86DD226C4F9AE02.roa
File:                     921E4B5001A511EDA86DD226C4F9AE02.roa (raw, json)
Hash identifier:          jciEODCbChmNfXhq2YEDGQu98slLod5syuJRjmTLPUM=
Subject key identifier:   53:A1:4F:7F:6B:22:39:6E:6B:6B:12:89:D5:36:69:25:54:E4:01:DF
Certificate issuer:       /CN=A91536B7/serialNumber=981FA227A2A435C2B76E06C9C452D3EC751984D3
Certificate serial:       0548
Authority key identifier: 98:1F:A2:27:A2:A4:35:C2:B7:6E:06:C9:C4:52:D3:EC:75:19:84:D3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/921E4B5001A511EDA86DD226C4F9AE02.roa
Signing time:             Tue 06 Dec 2022 17:23:50 +0000
ROA not before:           Tue 06 Dec 2022 17:23:50 +0000
ROA not after:            Mon 01 May 2023 00:00:00 +0000
asID:                     24381
IP address blocks:        2407:c280:ee::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1352 (0x548)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91536B7/serialNumber=981FA227A2A435C2B76E06C9C452D3EC751984D3
        Validity
            Not Before: Dec  6 17:23:50 2022 GMT
            Not After : May  1 00:00:00 2023 GMT
        Subject: CN=638f7aa5-d5e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:56:c1:7c:15:0a:21:81:a0:52:20:5d:d7:19:
                    97:1f:3d:d5:0c:00:6d:ed:d2:0d:a6:16:80:b7:52:
                    b2:60:1e:dc:dc:37:f6:92:5c:c4:8c:7f:d4:cb:6f:
                    0c:5c:4f:05:c3:b1:9e:ba:8a:3c:ce:32:81:1c:f3:
                    74:8e:fc:44:94:37:fb:f6:b2:93:c7:18:4e:6d:1c:
                    6b:e6:fe:dc:2f:04:9b:dd:c6:af:04:41:31:29:a0:
                    65:8e:ed:4c:64:c0:13:7f:b7:f9:f3:4d:1d:a1:2c:
                    09:40:d6:70:ef:66:24:98:52:a3:b5:34:17:99:b1:
                    b9:8d:3d:ff:24:8b:e6:94:6b:e0:61:bc:c9:ef:a6:
                    34:d8:6c:bc:ee:94:d1:f8:65:64:fb:86:7c:63:09:
                    87:ef:ff:a1:2f:b1:56:99:71:42:a1:2c:ee:24:e6:
                    a2:07:9b:10:74:fc:2d:95:8d:de:0d:b6:6d:56:44:
                    dc:39:c1:0f:2f:57:d7:5d:1a:1c:8e:9f:3f:1c:4f:
                    d0:34:6b:fb:ca:ec:5d:5f:b7:13:36:c3:dc:cc:76:
                    0a:c3:3f:4b:9e:69:b2:06:71:05:87:a4:f1:aa:bc:
                    80:1a:ed:4a:07:7b:5f:92:61:f5:ff:dd:75:e8:5d:
                    e4:7b:a7:ae:1a:ac:33:fb:0e:45:fb:b3:f9:33:38:
                    5c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:A1:4F:7F:6B:22:39:6E:6B:6B:12:89:D5:36:69:25:54:E4:01:DF
            X509v3 Authority Key Identifier:
                keyid:98:1F:A2:27:A2:A4:35:C2:B7:6E:06:C9:C4:52:D3:EC:75:19:84:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/921E4B5001A511EDA86DD226C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:c280:ee::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:97:c8:79:0d:5f:b4:b4:87:63:89:96:dd:c3:5f:9e:43:95:
         0e:92:14:37:45:fb:64:d9:ff:6f:7d:e8:9c:9e:3e:35:a4:c2:
         24:0e:0d:6d:ec:c3:2c:46:69:9a:c2:39:2e:73:ea:c8:d1:ac:
         d7:ff:42:2a:ea:71:8a:32:5e:7f:25:1a:a3:ea:81:a8:e1:98:
         12:ff:96:4c:1a:13:42:c6:8a:8f:cd:a4:ba:fb:df:b3:4e:7b:
         69:78:32:ff:ac:8c:13:e2:63:88:b1:6a:a8:6d:54:24:c2:f5:
         12:11:25:f9:60:47:38:f7:b1:94:ca:59:13:4a:85:58:22:12:
         02:d5:27:34:ec:91:15:df:5c:05:2d:cd:2f:6a:97:0d:40:f6:
         8c:ce:57:ee:e0:8b:f6:89:5f:db:3e:02:c7:d9:c2:4d:cc:2e:
         0c:b8:6a:f5:dd:49:1c:55:6c:dc:ca:40:d0:a4:53:0b:59:62:
         60:bc:88:85:e8:f4:ce:a1:37:90:75:8f:5e:8a:fc:35:a8:0d:
         8e:8a:1a:7e:3b:ec:7a:64:56:80:22:f9:6c:21:3a:39:68:fd:
         f3:d4:ba:ec:7a:ca:d7:2c:37:46:07:20:87:1d:e4:7e:c9:89:
         e2:2f:da:d4:48:21:c8:bc:dc:1a:e5:5b:20:93:74:11:12:49:
         14:14:12:1b
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICBUgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTM2QjcxMTAvBgNVBAUTKDk4MUZBMjI3QTJBNDM1QzJCNzZFMDZDOUM0NTJEM0VD
NzUxOTg0RDMwHhcNMjIxMjA2MTcyMzUwWhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzhmN2FhNS1kNWU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApFbBfBUKIYGgUiBd1xmXHz3VDABt7dINphaAt1KyYB7c3Df2klzEjH/Uy28M
XE8Fw7Geuoo8zjKBHPN0jvxElDf79rKTxxhObRxr5v7cLwSb3cavBEExKaBlju1M
ZMATf7f5800doSwJQNZw72YkmFKjtTQXmbG5jT3/JIvmlGvgYbzJ76Y02Gy87pTR
+GVk+4Z8YwmH7/+hL7FWmXFCoSzuJOaiB5sQdPwtlY3eDbZtVkTcOcEPL1fXXRoc
jp8/HE/QNGv7yuxdX7cTNsPczHYKwz9LnmmyBnEFh6TxqryAGu1KB3tfkmH1/911
6F3ke6euGqwz+w5F+7P5MzhcKQIDAQABo4ICmDCCApQwHQYDVR0OBBYEFFOhT39r
Ijlua2sSidU2aSVU5AHfMB8GA1UdIwQYMBaAFJgfoieipDXCt24GycRS0+x1GYTT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MzZCNy9GMUNEMjdCNDcz
QUQxMUU3QUNCRDAyNUVDNEY5QUUwMi9tQi1pSjZLa05jSzNiZ2JKeEZMVDdIVVpo
Tk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21CLWlKNktrTmNLM2JnYkp4RkxUN0hVWmhOTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTM2QjcvRjFDRDI3QjQ3M0FEMTFFN0FDQkQwMjVFQzRGOUFFMDIvOTIxRTRCNTAw
MUE1MTFFREE4NkREMjI2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAkB8KAAO4wDQYJKoZIhvcNAQELBQADggEBABGXyHkNX7S0
h2OJlt3DX55DlQ6SFDdF+2TZ/2996JyePjWkwiQODW3swyxGaZrCOS5z6sjRrNf/
QirqcYoyXn8lGqPqgajhmBL/lkwaE0LGio/NpLr737NOe2l4Mv+sjBPiY4ixaqht
VCTC9RIRJflgRzj3sZTKWRNKhVgiEgLVJzTskRXfXAUtzS9qlw1A9ozOV+7gi/aJ
X9s+AsfZwk3MLgy4avXdSRxVbNzKQNCkUwtZYmC8iIXo9M6hN5B1j16K/DWoDY6K
Gn477HpkVoAi+WwhOjlo/fPUuux6ytcsN0YHIIcd5H7JieIv2tRIIci83BrlWyCT
dBESSRQUEhs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:06 2024 by rpki-client on console-fra.rpki-client.org