Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/D1E76A3AF67711EB8CC7DB73C4F9AE02.roa
File:                     D1E76A3AF67711EB8CC7DB73C4F9AE02.roa (raw, json)
Hash identifier:          8WJsQy2ka9zA5N4t/IPam44taBDBzlnVFr26bnTzhp8=
Subject key identifier:   F8:12:0E:22:5D:83:DD:51:F4:01:54:83:D7:4E:2E:E1:5A:9D:E3:9C
Certificate issuer:       /CN=A91536B7/serialNumber=981FA227A2A435C2B76E06C9C452D3EC751984D3
Certificate serial:       02B0
Authority key identifier: 98:1F:A2:27:A2:A4:35:C2:B7:6E:06:C9:C4:52:D3:EC:75:19:84:D3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/D1E76A3AF67711EB8CC7DB73C4F9AE02.roa
Signing time:             Fri 31 Dec 2021 17:33:18 +0000
ROA not before:           Fri 31 Dec 2021 17:33:18 +0000
ROA not after:            Sun 01 May 2022 00:00:00 +0000
asID:                     138510
IP address blocks:        2407:c280:da02::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 688 (0x2b0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91536B7/serialNumber=981FA227A2A435C2B76E06C9C452D3EC751984D3
        Validity
            Not Before: Dec 31 17:33:18 2021 GMT
            Not After : May  1 00:00:00 2022 GMT
        Subject: CN=61cf3edd-b2dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f6:08:3f:72:e0:78:24:b6:a9:67:66:3e:22:
                    28:03:83:d6:42:4d:c8:d5:08:22:26:9b:df:e8:91:
                    5c:86:04:25:69:de:8c:57:3c:4e:be:bc:78:62:63:
                    9f:7b:80:83:60:98:a7:75:a7:a5:3b:5d:91:07:ad:
                    62:f6:42:20:15:da:70:a2:0e:f3:13:b6:0c:62:ac:
                    1f:e2:78:d5:c7:3d:37:f8:ec:e6:e4:59:f0:c9:04:
                    92:45:dd:ef:d4:94:a6:66:8d:ea:4e:3c:66:87:eb:
                    5b:6b:1a:45:2a:46:58:49:9d:43:dc:11:5f:24:e6:
                    8c:fd:ab:28:0d:cb:80:e8:fc:d7:6d:00:2a:86:bd:
                    e8:e6:c3:f0:07:ef:77:01:c8:ce:83:c5:64:9c:8b:
                    cd:11:c4:b4:18:9b:4d:f0:02:93:f2:ff:51:8a:7c:
                    6b:75:ba:01:f4:76:96:40:1f:66:0b:2d:e2:f6:2b:
                    43:1b:1e:77:e5:b3:c6:a8:d7:a6:ed:33:5d:4a:4b:
                    ab:17:56:63:08:dc:b3:a6:b0:1b:9e:c2:f7:37:ed:
                    dc:75:58:60:0f:4c:47:f0:ff:92:cf:96:03:92:dd:
                    96:d8:88:83:0a:06:d0:21:0a:a5:87:b1:5f:3c:64:
                    45:96:24:57:6c:c0:e7:9e:a9:b9:45:0b:88:24:39:
                    f2:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:12:0E:22:5D:83:DD:51:F4:01:54:83:D7:4E:2E:E1:5A:9D:E3:9C
            X509v3 Authority Key Identifier:
                keyid:98:1F:A2:27:A2:A4:35:C2:B7:6E:06:C9:C4:52:D3:EC:75:19:84:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/D1E76A3AF67711EB8CC7DB73C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:c280:da02::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:38:5d:6f:1e:55:88:e5:8d:07:7e:03:4a:c1:5d:af:88:25:
         80:15:47:e4:49:f8:7a:91:17:b9:e7:23:88:76:fc:af:08:ca:
         41:52:e4:6c:cf:05:58:7a:89:b4:fc:48:c6:7b:98:cb:76:d7:
         ac:df:99:04:72:71:cb:da:62:6e:b8:3b:58:68:8d:16:03:ee:
         a6:61:50:32:39:9c:01:3a:f4:0c:69:ae:c3:5d:e8:c9:78:92:
         77:02:c5:28:45:b2:91:57:fa:05:99:bc:6b:f1:62:e9:9c:4a:
         4b:d8:d6:88:2f:cf:5e:51:ee:52:04:fb:92:e8:a9:97:a6:c7:
         a2:3a:af:3d:43:62:a0:09:c2:8a:f9:3f:f2:c6:65:b6:00:d9:
         aa:ed:3c:5e:b4:c4:19:ec:de:e9:ab:ad:92:6c:76:2e:36:7f:
         c2:91:0a:9f:e0:2c:cb:5a:d9:7f:0e:b2:e9:ae:2f:d1:f0:1a:
         e4:d4:58:96:11:7f:26:a3:78:1f:0c:44:38:fd:4c:12:0c:79:
         80:22:3b:0a:f1:5a:28:77:a9:9b:17:3a:0d:a8:21:3f:7f:4c:
         f9:6d:6d:12:26:55:2d:9f:14:ee:7d:53:16:18:c7:77:3c:96:
         1f:16:7e:69:8e:80:40:a9:9b:2b:2a:8c:fa:ae:7b:67:f4:a8:
         af:8e:54:2a
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICArAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTM2QjcxMTAvBgNVBAUTKDk4MUZBMjI3QTJBNDM1QzJCNzZFMDZDOUM0NTJEM0VD
NzUxOTg0RDMwHhcNMjExMjMxMTczMzE4WhcNMjIwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWNmM2VkZC1iMmRjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz/YIP3LgeCS2qWdmPiIoA4PWQk3I1QgiJpvf6JFchgQlad6MVzxOvrx4YmOf
e4CDYJindaelO12RB61i9kIgFdpwog7zE7YMYqwf4njVxz03+Ozm5FnwyQSSRd3v
1JSmZo3qTjxmh+tbaxpFKkZYSZ1D3BFfJOaM/asoDcuA6PzXbQAqhr3o5sPwB+93
AcjOg8VknIvNEcS0GJtN8AKT8v9RinxrdboB9HaWQB9mCy3i9itDGx535bPGqNem
7TNdSkurF1ZjCNyzprAbnsL3N+3cdVhgD0xH8P+Sz5YDkt2W2IiDCgbQIQqlh7Ff
PGRFliRXbMDnnqm5RQuIJDnyyQIDAQABo4ICmDCCApQwHQYDVR0OBBYEFPgSDiJd
g91R9AFUg9dOLuFaneOcMB8GA1UdIwQYMBaAFJgfoieipDXCt24GycRS0+x1GYTT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MzZCNy9GMUNEMjdCNDcz
QUQxMUU3QUNCRDAyNUVDNEY5QUUwMi9tQi1pSjZLa05jSzNiZ2JKeEZMVDdIVVpo
Tk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21CLWlKNktrTmNLM2JnYkp4RkxUN0hVWmhOTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTM2QjcvRjFDRDI3QjQ3M0FEMTFFN0FDQkQwMjVFQzRGOUFFMDIvRDFFNzZBM0FG
Njc3MTFFQjhDQzdEQjczQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAkB8KA2gIwDQYJKoZIhvcNAQELBQADggEBAKw4XW8eVYjl
jQd+A0rBXa+IJYAVR+RJ+HqRF7nnI4h2/K8IykFS5GzPBVh6ibT8SMZ7mMt216zf
mQRyccvaYm64O1hojRYD7qZhUDI5nAE69AxprsNd6Ml4kncCxShFspFX+gWZvGvx
YumcSkvY1ogvz15R7lIE+5LoqZemx6I6rz1DYqAJwor5P/LGZbYA2artPF60xBns
3umrrZJsdi42f8KRCp/gLMta2X8OsumuL9HwGuTUWJYRfyajeB8MRDj9TBIMeYAi
OwrxWih3qZsXOg2oIT9/TPltbRImVS2fFO59UxYYx3c8lh8WfmmOgECpmysqjPqu
e2f0qK+OVCo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:06 2024 by rpki-client on console-fra.rpki-client.org