Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/E3167E7AD5A311EC98764D51C4F9AE02.roa
File:                     E3167E7AD5A311EC98764D51C4F9AE02.roa (raw, json)
Hash identifier:          czP9jfz2kXD/Wsfja+I7z+XZCE8sDZy6rZwMtKO7KXA=
Subject key identifier:   53:FD:30:B2:B8:06:7D:4B:E4:82:92:03:B7:2C:F8:BE:E8:B5:6A:9F
Certificate issuer:       /CN=A91536B7/serialNumber=981FA227A2A435C2B76E06C9C452D3EC751984D3
Certificate serial:       0450
Authority key identifier: 98:1F:A2:27:A2:A4:35:C2:B7:6E:06:C9:C4:52:D3:EC:75:19:84:D3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/E3167E7AD5A311EC98764D51C4F9AE02.roa
Signing time:             Wed 29 Jun 2022 05:35:12 +0000
ROA not before:           Wed 29 Jun 2022 05:35:12 +0000
ROA not after:            Mon 31 Oct 2022 00:00:00 +0000
asID:                     17830
IP address blocks:        2407:c280:b100::/40 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1104 (0x450)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91536B7/serialNumber=981FA227A2A435C2B76E06C9C452D3EC751984D3
        Validity
            Not Before: Jun 29 05:35:12 2022 GMT
            Not After : Oct 31 00:00:00 2022 GMT
        Subject: CN=62bbe490-9c7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7e:c4:4d:ee:b0:f0:87:0c:d1:92:4b:6e:ce:
                    c1:6b:7a:c8:e0:d5:69:42:0b:10:c3:7b:f9:d9:07:
                    7a:c8:8d:eb:80:ea:cc:7a:dd:f5:07:27:36:4f:fe:
                    07:8b:a0:d1:73:a2:c5:ea:bb:45:4f:66:bc:53:00:
                    f6:14:22:de:d8:51:47:ea:6c:5e:4b:29:3b:60:1f:
                    5b:a0:52:a7:3a:6b:d3:a7:75:59:64:cb:22:b9:63:
                    43:7e:7a:0b:84:9d:cd:9a:2c:d7:92:47:65:c5:5f:
                    cc:31:af:cb:59:54:ca:69:b0:58:60:09:c9:0a:2d:
                    75:df:29:0e:38:5c:89:8e:34:69:98:31:03:23:0e:
                    23:17:b3:78:7a:03:c5:1c:a9:33:55:92:32:bf:dd:
                    81:72:32:63:47:df:75:a4:47:cf:2a:64:d5:12:a8:
                    9f:0a:47:d8:f2:8c:3f:ff:a9:f0:0a:2d:0b:eb:59:
                    4f:62:ac:f2:1c:e8:84:dc:89:f8:2a:68:2d:a3:1e:
                    69:e2:f8:79:7f:d7:1a:72:1a:52:27:cb:0c:d5:27:
                    fd:a7:1c:c0:e1:bb:91:d1:09:08:73:01:0c:d1:99:
                    ed:52:e8:ce:10:ba:4f:7e:dd:fc:18:e4:2f:e5:50:
                    08:19:f0:0b:46:62:aa:b4:d3:7d:00:34:ca:dc:34:
                    97:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:FD:30:B2:B8:06:7D:4B:E4:82:92:03:B7:2C:F8:BE:E8:B5:6A:9F
            X509v3 Authority Key Identifier:
                keyid:98:1F:A2:27:A2:A4:35:C2:B7:6E:06:C9:C4:52:D3:EC:75:19:84:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mB-iJ6KkNcK3bgbJxFLT7HUZhNM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91536B7/F1CD27B473AD11E7ACBD025EC4F9AE02/E3167E7AD5A311EC98764D51C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:c280:b100::/40

    Signature Algorithm: sha256WithRSAEncryption
         b2:9e:38:fd:dc:27:fc:c4:c7:bb:2f:0c:9d:5d:e0:5c:de:b3:
         0c:d5:91:c6:a7:c0:30:0f:82:6f:eb:af:2a:89:77:90:5a:09:
         71:a3:85:54:b8:98:37:9c:68:7a:b9:74:32:c5:8b:09:8b:9b:
         2f:52:ba:93:85:d7:71:7a:87:8b:9d:f4:ef:7c:2c:14:cb:4c:
         0f:7b:58:d4:ca:e7:59:58:a0:9e:90:9d:b5:dd:54:17:7d:37:
         70:9e:2d:31:e2:46:4f:01:2f:9c:11:5a:02:7d:e8:b4:76:9d:
         b3:4e:5c:00:42:68:66:99:38:e7:f3:34:66:ba:0b:02:16:48:
         68:cd:c9:5f:f6:fb:76:e1:3a:36:64:0a:6b:d4:ad:62:98:be:
         32:98:68:21:93:6c:74:30:b3:73:06:ed:b0:5e:56:36:d6:5d:
         ba:a2:8a:db:19:9d:9d:c8:7e:f2:53:4d:92:57:7a:5f:1a:f2:
         38:9a:13:bc:f6:2d:89:60:b4:1f:0d:f8:33:a8:b5:fe:83:92:
         de:e1:e7:35:93:ee:80:bb:c6:a3:ee:6c:fe:63:5b:f6:ff:15:
         33:df:45:48:5e:e8:4e:58:cf:4f:1a:bc:5d:9a:d9:f1:60:1c:
         8d:6d:1d:74:f3:50:80:6e:3d:79:92:28:e9:65:a8:f8:26:ef:
         00:28:da:39
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgICBFAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTM2QjcxMTAvBgNVBAUTKDk4MUZBMjI3QTJBNDM1QzJCNzZFMDZDOUM0NTJEM0VD
NzUxOTg0RDMwHhcNMjIwNjI5MDUzNTEyWhcNMjIxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmJiZTQ5MC05YzdmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxH7ETe6w8IcM0ZJLbs7Ba3rI4NVpQgsQw3v52Qd6yI3rgOrMet31Byc2T/4H
i6DRc6LF6rtFT2a8UwD2FCLe2FFH6mxeSyk7YB9boFKnOmvTp3VZZMsiuWNDfnoL
hJ3NmizXkkdlxV/MMa/LWVTKabBYYAnJCi113ykOOFyJjjRpmDEDIw4jF7N4egPF
HKkzVZIyv92BcjJjR991pEfPKmTVEqifCkfY8ow//6nwCi0L61lPYqzyHOiE3In4
Kmgtox5p4vh5f9cachpSJ8sM1Sf9pxzA4buR0QkIcwEM0ZntUujOELpPft38GOQv
5VAIGfALRmKqtNN9ADTK3DSXBQIDAQABo4IClzCCApMwHQYDVR0OBBYEFFP9MLK4
Bn1L5IKSA7cs+L7otWqfMB8GA1UdIwQYMBaAFJgfoieipDXCt24GycRS0+x1GYTT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MzZCNy9GMUNEMjdCNDcz
QUQxMUU3QUNCRDAyNUVDNEY5QUUwMi9tQi1pSjZLa05jSzNiZ2JKeEZMVDdIVVpo
Tk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21CLWlKNktrTmNLM2JnYkp4RkxUN0hVWmhOTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTM2QjcvRjFDRDI3QjQ3M0FEMTFFN0FDQkQwMjVFQzRGOUFFMDIvRTMxNjdFN0FE
NUEzMTFFQzk4NzY0RDUxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAkB8KAsTANBgkqhkiG9w0BAQsFAAOCAQEAsp44/dwn/MTH
uy8MnV3gXN6zDNWRxqfAMA+Cb+uvKol3kFoJcaOFVLiYN5xoerl0MsWLCYubL1K6
k4XXcXqHi53073wsFMtMD3tY1MrnWVignpCdtd1UF303cJ4tMeJGTwEvnBFaAn3o
tHads05cAEJoZpk45/M0ZroLAhZIaM3JX/b7duE6NmQKa9StYpi+MphoIZNsdDCz
cwbtsF5WNtZduqKK2xmdnch+8lNNkld6XxryOJoTvPYtiWC0Hw34M6i1/oOS3uHn
NZPugLvGo+5s/mNb9v8VM99FSF7oTljPTxq8XZrZ8WAcjW0ddPNQgG49eZIo6WWo
+CbvACjaOQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:06 2024 by rpki-client on console-fra.rpki-client.org