Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/IDNIC-ID/2/3230332e3137352e382e302f32322d3234203d3e203538343837.roa
File:                     3230332e3137352e382e302f32322d3234203d3e203538343837.roa (raw, json)
Hash identifier:          esQEqje1DrLWhGG/eXzNScEYrFkrIrCZNqE3DqwauBY=
Subject key identifier:   F1:B4:F0:A4:20:F3:53:0B:C0:AC:D2:19:69:17:1A:EB:A6:CC:E3:DE
Certificate issuer:       /CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
Certificate serial:       27A816B4E001C0CC5DE106FABE62E57A35A570B6
Authority key identifier: BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3230332e3137352e382e302f32322d3234203d3e203538343837.roa
Signing time:             Wed 21 Apr 2021 03:16:52 +0000
ROA not before:           Wed 21 Apr 2021 03:11:52 +0000
ROA not after:            Thu 21 Apr 2022 03:16:52 +0000
asID:                     58487
IP address blocks:        203.175.8.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:a8:16:b4:e0:01:c0:cc:5d:e1:06:fa:be:62:e5:7a:35:a5:70:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91862140000/serialNumber=BA8F77D21E58FE9C939A6B70E2585617E183376B
        Validity
            Not Before: Apr 21 03:11:52 2021 GMT
            Not After : Apr 21 03:16:52 2022 GMT
        Subject: CN=3082010A0282010100A71C8FF8B5471EB0627FF7B3B54521BEA36634613592430622635231B5D7C25DAA1A73348284E95747C40708F9C4AAB0782E0D76AEF1FDFFED336470721A1042864EF1694FEE3ADF98C8C8580361095A8C4ACAA30FEF67232296DF76553998CAFE505B28332F90E3024072BCEDE04A672653C637DBFB85D5B17EC65FD2A3E389C90F3F8D47E6BC51F36FE82688969C78E73B3E6BB4D0D20529F8BB6AFAB4D0A5BF6A4B08535360AA73A3474889775997AD415FCDE21CA84347C6A1C673FD372127C5EDE96F9BB28371D54C561E3DED17EB52E721C2BDA3CE0484B42345AEE88C1685FBCDB6D72C0F4C20DBB3A9AE9FD04EAC425323E67C88186D90AB6A864D830203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1c:8f:f8:b5:47:1e:b0:62:7f:f7:b3:b5:45:
                    21:be:a3:66:34:61:35:92:43:06:22:63:52:31:b5:
                    d7:c2:5d:aa:1a:73:34:82:84:e9:57:47:c4:07:08:
                    f9:c4:aa:b0:78:2e:0d:76:ae:f1:fd:ff:ed:33:64:
                    70:72:1a:10:42:86:4e:f1:69:4f:ee:3a:df:98:c8:
                    c8:58:03:61:09:5a:8c:4a:ca:a3:0f:ef:67:23:22:
                    96:df:76:55:39:98:ca:fe:50:5b:28:33:2f:90:e3:
                    02:40:72:bc:ed:e0:4a:67:26:53:c6:37:db:fb:85:
                    d5:b1:7e:c6:5f:d2:a3:e3:89:c9:0f:3f:8d:47:e6:
                    bc:51:f3:6f:e8:26:88:96:9c:78:e7:3b:3e:6b:b4:
                    d0:d2:05:29:f8:bb:6a:fa:b4:d0:a5:bf:6a:4b:08:
                    53:53:60:aa:73:a3:47:48:89:77:59:97:ad:41:5f:
                    cd:e2:1c:a8:43:47:c6:a1:c6:73:fd:37:21:27:c5:
                    ed:e9:6f:9b:b2:83:71:d5:4c:56:1e:3d:ed:17:eb:
                    52:e7:21:c2:bd:a3:ce:04:84:b4:23:45:ae:e8:8c:
                    16:85:fb:cd:b6:d7:2c:0f:4c:20:db:b3:a9:ae:9f:
                    d0:4e:ac:42:53:23:e6:7c:88:18:6d:90:ab:6a:86:
                    4d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:B4:F0:A4:20:F3:53:0B:C0:AC:D2:19:69:17:1A:EB:A6:CC:E3:DE
            X509v3 Authority Key Identifier:
                keyid:BA:8F:77:D2:1E:58:FE:9C:93:9A:6B:70:E2:58:56:17:E1:83:37:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/3230332e3137352e382e302f32322d3234203d3e203538343837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.175.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:51:1b:2c:42:66:26:12:fa:26:01:f7:f4:33:70:db:06:83:
         18:76:66:76:81:9b:e2:83:40:2e:53:b9:8a:d6:aa:6c:ef:c0:
         da:25:24:c8:14:bb:c1:d4:16:1d:61:54:c4:93:94:76:74:76:
         6f:6a:90:89:3d:ad:83:a1:2f:e5:29:c1:22:d9:a5:58:4f:37:
         43:f6:8b:f6:49:10:ee:3c:96:a9:94:cb:5a:45:55:ef:38:47:
         00:c6:00:99:d0:58:24:12:f4:60:3e:45:01:7e:f6:fd:17:ea:
         b9:0e:86:70:48:5f:bb:2a:cd:ee:de:dc:98:df:09:2c:73:df:
         6d:bb:c4:77:ac:8f:a3:d1:db:e3:67:03:71:65:bc:e5:1b:2f:
         ed:7f:6e:5b:54:ae:99:56:74:3b:7d:da:b0:65:67:77:aa:e7:
         f3:ad:eb:a0:fe:29:59:11:e4:07:62:0e:a3:e3:53:f8:bd:cf:
         6e:a1:ae:4e:4b:ec:5a:b2:ce:b5:bb:21:ab:e4:bd:ba:a7:db:
         e2:a4:15:89:55:bf:eb:0f:83:12:e5:f5:a8:63:ab:2b:8e:d8:
         64:c0:6b:2f:6a:26:9c:c6:01:a8:5e:ee:af:6c:c1:2a:ae:24:
         8d:ef:6c:af:f2:60:82:2b:44:64:58:55:f1:7b:4a:b8:20:95:
         bc:2c:b9:d3
-----BEGIN CERTIFICATE-----
MIIHBjCCBe6gAwIBAgIUJ6gWtOABwMxd4Qb6vmLlejWlcLYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODYyMTQwMDAwMTEwLwYDVQQFEyhCQThGNzdEMjFF
NThGRTlDOTM5QTZCNzBFMjU4NTYxN0UxODMzNzZCMB4XDTIxMDQyMTAzMTE1MloX
DTIyMDQyMTAzMTY1MlowggItMYICKTCCAiUGA1UEAxOCAhwzMDgyMDEwQTAyODIw
MTAxMDBBNzFDOEZGOEI1NDcxRUIwNjI3RkY3QjNCNTQ1MjFCRUEzNjYzNDYxMzU5
MjQzMDYyMjYzNTIzMUI1RDdDMjVEQUExQTczMzQ4Mjg0RTk1NzQ3QzQwNzA4RjlD
NEFBQjA3ODJFMEQ3NkFFRjFGREZGRUQzMzY0NzA3MjFBMTA0Mjg2NEVGMTY5NEZF
RTNBREY5OEM4Qzg1ODAzNjEwOTVBOEM0QUNBQTMwRkVGNjcyMzIyOTZERjc2NTUz
OTk4Q0FGRTUwNUIyODMzMkY5MEUzMDI0MDcyQkNFREUwNEE2NzI2NTNDNjM3REJG
Qjg1RDVCMTdFQzY1RkQyQTNFMzg5QzkwRjNGOEQ0N0U2QkM1MUYzNkZFODI2ODg5
NjlDNzhFNzNCM0U2QkI0RDBEMjA1MjlGOEJCNkFGQUI0RDBBNUJGNkE0QjA4NTM1
MzYwQUE3M0EzNDc0ODg5Nzc1OTk3QUQ0MTVGQ0RFMjFDQTg0MzQ3QzZBMUM2NzNG
RDM3MjEyN0M1RURFOTZGOUJCMjgzNzFENTRDNTYxRTNERUQxN0VCNTJFNzIxQzJC
REEzQ0UwNDg0QjQyMzQ1QUVFODhDMTY4NUZCQ0RCNkQ3MkMwRjRDMjBEQkIzQTlB
RTlGRDA0RUFDNDI1MzIzRTY3Qzg4MTg2RDkwQUI2QTg2NEQ4MzAyMDMwMTAwMDEw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnHI/4tUcesGJ/97O1RSG+
o2Y0YTWSQwYiY1IxtdfCXaoaczSChOlXR8QHCPnEqrB4Lg12rvH9/+0zZHByGhBC
hk7xaU/uOt+YyMhYA2EJWoxKyqMP72cjIpbfdlU5mMr+UFsoMy+Q4wJAcrzt4Epn
JlPGN9v7hdWxfsZf0qPjickPP41H5rxR82/oJoiWnHjnOz5rtNDSBSn4u2r6tNCl
v2pLCFNTYKpzo0dIiXdZl61BX83iHKhDR8ahxnP9NyEnxe3pb5uyg3HVTFYePe0X
61LnIcK9o84EhLQjRa7ojBaF+8221ywPTCDbs6mun9BOrEJTI+Z8iBhtkKtqhk2D
AgMBAAGjggH9MIIB+TAdBgNVHQ4EFgQU8bTwpCDzUwvArNIZaRca66bM494wHwYD
VR0jBBgwFoAUuo930h5Y/pyTmmtw4lhWF+GDN2swDgYDVR0PAQH/BAQDAgeAMGkG
A1UdHwRiMGAwXqBcoFqGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvQkE4Rjc3RDIxRTU4RkU5QzkzOUE2QjcwRTI1ODU2MTdFMTgz
Mzc2Qi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jw
a2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdD
NzJGRDFGRjIvdW85MzBoNVlfcHlUbW10dzRsaFdGLUdETjJzLmNlcjCBgAYIKwYB
BQUHAQsEdDByMHAGCCsGAQUFBzALhmRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5u
ZXQvcmVwby9JRE5JQy1JRC8yLzMyMzAzMzJlMzEzNzM1MmUzODJlMzAyZjMyMzIy
ZDMyMzQyMDNkM2UyMDM1MzgzNDM4Mzcucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALLrwgwDQYJKoZIhvcN
AQELBQADggEBABNRGyxCZiYS+iYB9/QzcNsGgxh2ZnaBm+KDQC5TuYrWqmzvwNol
JMgUu8HUFh1hVMSTlHZ0dm9qkIk9rYOhL+UpwSLZpVhPN0P2i/ZJEO48lqmUy1pF
Ve84RwDGAJnQWCQS9GA+RQF+9v0X6rkOhnBIX7sqze7e3JjfCSxz3227xHesj6PR
2+NnA3FlvOUbL+1/bltUrplWdDt92rBlZ3eq5/Ot66D+KVkR5AdiDqPjU/i9z26h
rk5L7FqyzrW7Iavkvbqn2+KkFYlVv+sPgxLl9ahjqyuO2GTAay9qJpzGAahe7q9s
wSquJI3vbK/yYIIrRGRYVfF7SrgglbwsudM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:37:12 2024 by rpki-client on console-fra.rpki-client.org