Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916D459/99EC89EC422011EAB5302016C4F9AE02/2CAE3E8CDAC011EAB226050DC4F9AE02.roa
File:                     2CAE3E8CDAC011EAB226050DC4F9AE02.roa (raw, json)
Hash identifier:          ovfAauWQ9IhXnDfcON5qpDjK4VYH9CGRIidTaoBXqBo=
Subject key identifier:   9B:37:F5:21:84:13:6B:FB:FA:E8:9A:49:25:96:09:5B:4A:53:61:E9
Certificate issuer:       /CN=A916D459/serialNumber=B5174D8265649CDD27426C927D168775D783D538
Certificate serial:       099D
Authority key identifier: B5:17:4D:82:65:64:9C:DD:27:42:6C:92:7D:16:87:75:D7:83:D5:38
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tRdNgmVknN0nQmySfRaHddeD1Tg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916D459/99EC89EC422011EAB5302016C4F9AE02/2CAE3E8CDAC011EAB226050DC4F9AE02.roa
Signing time:             Tue 20 Jun 2023 20:31:43 +0000
ROA not before:           Tue 20 Jun 2023 20:31:43 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     24459
IP address blocks:        103.248.176.0/24 maxlen: 24
                          103.248.177.0/24 maxlen: 24
                          103.248.178.0/24 maxlen: 24
                          103.248.179.0/24 maxlen: 24
                          2406:fd00:100::/40 maxlen: 40
                          2406:fd00:800::/40 maxlen: 40

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2461 (0x99d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916D459/serialNumber=B5174D8265649CDD27426C927D168775D783D538
        Validity
            Not Before: Jun 20 20:31:43 2023 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=64920caf-818c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:5c:50:13:38:c1:2c:e8:b7:d2:e0:8f:ec:f2:
                    2c:dd:40:be:fd:f4:2a:78:6a:d3:95:86:e8:85:d2:
                    10:03:51:aa:5f:eb:0b:15:2b:a6:cd:f8:52:bc:02:
                    6a:2d:89:17:82:67:60:96:85:7c:91:1a:3c:29:37:
                    5b:d2:5b:9e:58:51:32:4a:5d:6f:e7:78:c8:da:e3:
                    52:1c:a5:b0:e2:16:eb:06:dc:82:a9:ee:d4:ad:11:
                    15:19:84:48:9c:5a:f9:38:0c:31:f7:b5:cc:da:2d:
                    06:51:eb:cf:70:a9:fe:56:ac:71:de:ef:3e:b0:3f:
                    73:75:e3:d1:56:9a:15:2d:c5:b3:02:f4:ba:b1:0c:
                    a6:2c:83:08:61:77:0d:cb:ee:40:dc:dc:3b:50:7f:
                    75:b2:27:21:fd:d1:4b:22:2d:56:12:3e:04:dc:54:
                    6d:c1:51:45:0b:42:2b:94:64:ab:74:11:85:f8:8f:
                    eb:7c:b6:00:83:54:ab:2a:31:63:ec:63:f3:83:52:
                    f7:98:40:1e:65:63:74:7f:68:d8:45:ad:1c:a0:c2:
                    cb:75:ad:bf:5d:0e:ea:a8:2b:58:b2:8b:61:69:c2:
                    b2:78:11:7e:50:c8:29:8d:68:79:31:5b:d6:65:4c:
                    72:7e:60:70:d5:e3:32:11:ea:3b:4d:ea:41:96:06:
                    12:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:37:F5:21:84:13:6B:FB:FA:E8:9A:49:25:96:09:5B:4A:53:61:E9
            X509v3 Authority Key Identifier:
                keyid:B5:17:4D:82:65:64:9C:DD:27:42:6C:92:7D:16:87:75:D7:83:D5:38

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916D459/99EC89EC422011EAB5302016C4F9AE02/tRdNgmVknN0nQmySfRaHddeD1Tg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tRdNgmVknN0nQmySfRaHddeD1Tg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916D459/99EC89EC422011EAB5302016C4F9AE02/2CAE3E8CDAC011EAB226050DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.248.176.0/22
                IPv6:
                  2406:fd00:100::/40
                  2406:fd00:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         94:90:2d:4d:29:fc:fc:13:26:62:a6:32:17:b6:07:94:8e:22:
         16:f2:46:1f:25:15:8a:88:3b:99:7a:45:55:23:f4:ba:03:d1:
         19:77:fb:b5:41:37:70:ba:8c:9b:ff:11:5f:10:8c:2c:9e:f0:
         6a:89:83:5d:a0:2f:0e:03:31:02:4e:ce:4c:b9:95:8e:65:b5:
         16:82:49:58:a0:58:58:ba:b2:9d:1c:ba:db:a1:8d:8b:0a:0e:
         2d:d7:7c:05:81:d9:3d:c3:e3:1e:e0:3d:df:38:ab:0c:1c:16:
         a4:d0:4d:9a:3e:ef:25:d9:86:14:3e:82:f6:29:da:49:ea:bb:
         44:be:5b:d4:7d:e3:94:74:7e:1f:47:f1:ff:2e:56:49:dc:ed:
         4d:fd:17:c8:1d:91:b6:77:da:35:90:c2:a1:ec:28:15:c9:08:
         dd:39:67:67:95:67:c8:69:0a:14:38:0b:2e:46:6d:d8:66:d2:
         1b:ee:c0:a3:d2:33:9a:a3:06:a6:ec:73:12:57:c9:73:9b:24:
         ca:8d:c1:9b:e6:68:5c:6f:ba:35:42:e4:7f:91:5d:88:19:75:
         58:37:fe:6e:f7:d1:d3:8f:73:5b:02:f2:43:0e:af:f1:23:43:
         23:30:09:f0:ea:a0:81:44:63:2d:31:bd:07:4d:d8:d6:28:6d:
         8b:77:55:b9
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICCZ0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkQ0NTkxMTAvBgNVBAUTKEI1MTc0RDgyNjU2NDlDREQyNzQyNkM5MjdEMTY4Nzc1
RDc4M0Q1MzgwHhcNMjMwNjIwMjAzMTQzWhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDkyMGNhZi04MThjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyVxQEzjBLOi30uCP7PIs3UC+/fQqeGrTlYbohdIQA1GqX+sLFSumzfhSvAJq
LYkXgmdgloV8kRo8KTdb0lueWFEySl1v53jI2uNSHKWw4hbrBtyCqe7UrREVGYRI
nFr5OAwx97XM2i0GUevPcKn+Vqxx3u8+sD9zdePRVpoVLcWzAvS6sQymLIMIYXcN
y+5A3Nw7UH91sich/dFLIi1WEj4E3FRtwVFFC0IrlGSrdBGF+I/rfLYAg1SrKjFj
7GPzg1L3mEAeZWN0f2jYRa0coMLLda2/XQ7qqCtYsothacKyeBF+UMgpjWh5MVvW
ZUxyfmBw1eMyEeo7TepBlgYSIwIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFJs39SGE
E2v7+uiaSSWWCVtKU2HpMB8GA1UdIwQYMBaAFLUXTYJlZJzdJ0Jskn0Wh3XXg9U4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2RDQ1OS85OUVDODlFQzQy
MjAxMUVBQjUzMDIwMTZDNEY5QUUwMi90UmROZ21Wa25OMG5RbXlTZlJhSGRkZUQx
VGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3RSZE5nbVZrbk4wblFteVNmUmFIZGRlRDFUZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkQ0NTkvOTlFQzg5RUM0MjIwMTFFQUI1MzAyMDE2QzRGOUFFMDIvMkNBRTNFOENE
QUMwMTFFQUIyMjYwNTBEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMAwEAgABMAYDBAJn+LAwFgQCAAIwEAMGACQG/QABAwYAJAb9AAgwDQYJKoZI
hvcNAQELBQADggEBAJSQLU0p/PwTJmKmMhe2B5SOIhbyRh8lFYqIO5l6RVUj9LoD
0Rl3+7VBN3C6jJv/EV8QjCye8GqJg12gLw4DMQJOzky5lY5ltRaCSVigWFi6sp0c
utuhjYsKDi3XfAWB2T3D4x7gPd84qwwcFqTQTZo+7yXZhhQ+gvYp2knqu0S+W9R9
45R0fh9H8f8uVknc7U39F8gdkbZ32jWQwqHsKBXJCN05Z2eVZ8hpChQ4Cy5Gbdhm
0hvuwKPSM5qjBqbscxJXyXObJMqNwZvmaFxvujVC5H+RXYgZdVg3/m730dOPc1sC
8kMOr/EjQyMwCfDqoIFEYy0xvQdN2NYobYt3Vbk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:11 2024 by rpki-client on console-fra.rpki-client.org