Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9168BA2/99DF386254C411EA84F4E72DC4F9AE02/9455F2222F1B11ECB0DC527BC4F9AE02.roa
File:                     9455F2222F1B11ECB0DC527BC4F9AE02.roa (raw, json)
Hash identifier:          bQaaid6E2TJ80Mip5/BS0BfHPoTxMCM3Id/8fVDKUhg=
Subject key identifier:   E0:EB:B8:0F:5A:00:D7:C7:69:B3:B9:63:C1:A7:31:EE:AB:91:F5:74
Certificate issuer:       /CN=A9168BA2/serialNumber=CA62E438F98D8518D2F2A5D9F6765651E5ADA60E
Certificate serial:       062E
Authority key identifier: CA:62:E4:38:F9:8D:85:18:D2:F2:A5:D9:F6:76:56:51:E5:AD:A6:0E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ymLkOPmNhRjS8qXZ9nZWUeWtpg4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9168BA2/99DF386254C411EA84F4E72DC4F9AE02/9455F2222F1B11ECB0DC527BC4F9AE02.roa
Signing time:             Sun 31 Oct 2021 22:07:27 +0000
ROA not before:           Sun 31 Oct 2021 22:07:27 +0000
ROA not after:            Fri 30 Dec 2022 00:00:00 +0000
asID:                     399916
IP address blocks:        2407:9740:ba00::/44 maxlen: 44
                          2407:9740:ba10::/44 maxlen: 44

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1582 (0x62e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9168BA2/serialNumber=CA62E438F98D8518D2F2A5D9F6765651E5ADA60E
        Validity
            Not Before: Oct 31 22:07:27 2021 GMT
            Not After : Dec 30 00:00:00 2022 GMT
        Subject: CN=617f139f-9f2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:76:a2:ab:c6:43:3c:bb:d8:c3:12:b7:6a:67:
                    2a:91:4c:5e:fd:f6:76:ac:6e:e8:81:18:ef:de:4c:
                    9f:05:a7:17:3c:dc:dc:bb:f0:26:d5:ae:45:6f:5b:
                    4b:e8:f8:c6:c3:ec:19:fe:1a:5f:14:f2:4a:1d:ef:
                    9f:9d:cb:82:ce:46:79:b0:74:c9:e4:d9:e9:1a:d2:
                    80:d2:31:93:fb:9a:ec:bc:e4:78:c5:8a:83:e1:da:
                    36:c4:98:cf:12:35:7c:22:b9:ae:94:be:5c:6d:d7:
                    dd:49:e1:04:8b:57:e2:f1:47:27:22:d4:e5:66:bd:
                    63:09:5f:ed:7b:4b:93:5a:ce:06:35:c2:30:2e:75:
                    c3:01:41:60:3e:44:91:70:29:64:92:6e:49:df:07:
                    25:33:17:88:43:fc:4b:16:50:4a:13:37:e7:4e:ed:
                    80:4c:32:5a:00:ba:93:dd:43:b4:36:84:6a:64:03:
                    b4:20:f2:56:87:ef:e0:65:d0:a1:5e:56:bc:5a:cc:
                    dc:ce:06:c1:60:26:27:0e:be:1c:84:ce:aa:59:77:
                    25:73:b9:d3:e3:13:5b:ec:93:dc:aa:d3:eb:44:af:
                    f1:a9:38:ac:e4:7e:67:23:dd:54:96:34:32:9e:01:
                    b6:7a:2b:92:c9:4f:56:97:e6:67:db:82:dc:20:6b:
                    1f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:EB:B8:0F:5A:00:D7:C7:69:B3:B9:63:C1:A7:31:EE:AB:91:F5:74
            X509v3 Authority Key Identifier:
                keyid:CA:62:E4:38:F9:8D:85:18:D2:F2:A5:D9:F6:76:56:51:E5:AD:A6:0E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9168BA2/99DF386254C411EA84F4E72DC4F9AE02/ymLkOPmNhRjS8qXZ9nZWUeWtpg4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ymLkOPmNhRjS8qXZ9nZWUeWtpg4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9168BA2/99DF386254C411EA84F4E72DC4F9AE02/9455F2222F1B11ECB0DC527BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:9740:ba00::/43

    Signature Algorithm: sha256WithRSAEncryption
         5f:57:5d:6d:87:5c:67:ca:6c:d4:4d:a1:84:3b:c8:53:0c:39:
         59:84:db:76:fe:38:59:16:56:77:74:3a:ca:1c:e1:92:ad:83:
         f2:6b:38:3f:af:b1:65:ab:fb:ea:a0:1d:34:6f:32:c0:29:67:
         c7:c9:c2:7c:df:26:a4:c1:13:dc:d0:a4:e5:7f:01:8f:69:1f:
         15:ca:89:02:fa:40:58:c5:2d:1b:97:fb:5c:0e:c0:d3:b5:64:
         8b:ce:af:60:a4:8d:62:a0:e4:a2:26:76:80:23:fe:36:9e:3f:
         cb:3e:fd:5e:ef:e8:cf:17:48:21:14:c3:6e:55:ef:b1:fc:05:
         f6:df:7a:35:35:07:e7:fc:16:4b:59:79:2a:13:7c:6c:55:76:
         82:d1:29:c8:b6:ec:4b:5d:57:a4:74:49:98:06:f8:21:68:23:
         a1:87:b9:02:09:44:e0:3c:62:15:21:20:2d:70:68:b9:eb:5e:
         61:e9:d9:d9:df:68:01:f7:58:36:9c:30:ed:68:28:31:a7:8f:
         d8:9e:cb:a4:04:5a:b5:d6:90:35:df:39:73:2d:2f:60:11:ce:
         64:22:d9:45:1f:de:72:15:29:35:40:86:ac:4d:20:74:b2:98:
         16:ad:ad:d1:6f:65:40:45:49:0a:60:c8:ea:90:e7:95:f4:99:
         aa:48:51:da
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICBi4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjhCQTIxMTAvBgNVBAUTKENBNjJFNDM4Rjk4RDg1MThEMkYyQTVEOUY2NzY1NjUx
RTVBREE2MEUwHhcNMjExMDMxMjIwNzI3WhcNMjIxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MTdmMTM5Zi05ZjJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAonaiq8ZDPLvYwxK3amcqkUxe/fZ2rG7ogRjv3kyfBacXPNzcu/Am1a5Fb1tL
6PjGw+wZ/hpfFPJKHe+fncuCzkZ5sHTJ5NnpGtKA0jGT+5rsvOR4xYqD4do2xJjP
EjV8IrmulL5cbdfdSeEEi1fi8UcnItTlZr1jCV/te0uTWs4GNcIwLnXDAUFgPkSR
cClkkm5J3wclMxeIQ/xLFlBKEzfnTu2ATDJaALqT3UO0NoRqZAO0IPJWh+/gZdCh
Xla8WszczgbBYCYnDr4chM6qWXclc7nT4xNb7JPcqtPrRK/xqTis5H5nI91UljQy
ngG2eiuSyU9Wl+Zn24LcIGsfxQIDAQABo4ICmDCCApQwHQYDVR0OBBYEFODruA9a
ANfHabO5Y8GnMe6rkfV0MB8GA1UdIwQYMBaAFMpi5Dj5jYUY0vKl2fZ2VlHlraYO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2OEJBMi85OURGMzg2MjU0
QzQxMUVBODRGNEU3MkRDNEY5QUUwMi95bUxrT1BtTmhSalM4cVhaOW5aV1VlV3Rw
ZzQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ltTGtPUG1OaFJqUzhxWFo5blpXVWVXdHBnNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjhCQTIvOTlERjM4NjI1NEM0MTFFQTg0RjRFNzJEQzRGOUFFMDIvOTQ1NUYyMjIy
RjFCMTFFQ0IwREM1MjdCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwUkB5dAugAwDQYJKoZIhvcNAQELBQADggEBAF9XXW2HXGfK
bNRNoYQ7yFMMOVmE23b+OFkWVnd0Osoc4ZKtg/JrOD+vsWWr++qgHTRvMsApZ8fJ
wnzfJqTBE9zQpOV/AY9pHxXKiQL6QFjFLRuX+1wOwNO1ZIvOr2CkjWKg5KImdoAj
/jaeP8s+/V7v6M8XSCEUw25V77H8BfbfejU1B+f8FktZeSoTfGxVdoLRKci27Etd
V6R0SZgG+CFoI6GHuQIJROA8YhUhIC1waLnrXmHp2dnfaAH3WDacMO1oKDGnj9ie
y6QEWrXWkDXfOXMtL2ARzmQi2UUf3nIVKTVAhqxNIHSymBatrdFvZUBFSQpgyOqQ
55X0mapIUdo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:20 2024 by rpki-client on console-ams.rpki-client.org