Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911E2E0/B3E815DC9E4611E588D46016C4F9AE02/E2D0B146EB0711EC87061A34C4F9AE02.roa
File:                     E2D0B146EB0711EC87061A34C4F9AE02.roa (raw, json)
Hash identifier:          ZpNK+AHpzG9XHnIbZpUVLiiNamSZlcvIkDA6ZBmouIY=
Subject key identifier:   B0:DC:BE:56:ED:C0:75:F8:52:F2:23:58:73:DD:49:B6:14:95:C8:78
Certificate issuer:       /CN=A911E2E0/serialNumber=ED68CA6A2D12A88CC7D296A2BC2BF1519A0B5FF3
Certificate serial:       2043
Authority key identifier: ED:68:CA:6A:2D:12:A8:8C:C7:D2:96:A2:BC:2B:F1:51:9A:0B:5F:F3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7WjKai0SqIzH0paivCvxUZoLX_M.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911E2E0/B3E815DC9E4611E588D46016C4F9AE02/E2D0B146EB0711EC87061A34C4F9AE02.roa
Signing time:             Wed 27 Jul 2022 04:42:34 +0000
ROA not before:           Wed 27 Jul 2022 04:42:34 +0000
ROA not after:            Sat 30 Sep 2023 00:00:00 +0000
asID:                     136408
IP address blocks:        103.120.120.0/22 maxlen: 22
                          103.120.120.0/24 maxlen: 24
                          103.120.121.0/24 maxlen: 24
                          103.120.122.0/24 maxlen: 24
                          103.120.123.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8259 (0x2043)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911E2E0/serialNumber=ED68CA6A2D12A88CC7D296A2BC2BF1519A0B5FF3
        Validity
            Not Before: Jul 27 04:42:34 2022 GMT
            Not After : Sep 30 00:00:00 2023 GMT
        Subject: CN=62e0c23a-404d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:94:1b:2c:5f:c2:e5:49:0c:cf:af:f5:ca:3f:
                    97:79:ab:48:1b:0c:47:cb:8a:df:54:a7:5d:2f:ff:
                    31:e7:82:49:5d:6f:4d:a3:7e:34:e8:da:16:46:5c:
                    49:7b:40:0e:40:37:38:91:42:41:31:b8:ed:cf:7c:
                    ed:1c:88:c3:90:81:eb:d3:70:81:b5:d6:6b:7b:55:
                    df:29:ca:11:9f:12:26:41:71:38:52:c3:96:9e:cd:
                    7b:0e:c5:5d:3d:d9:c1:7c:7c:78:bf:3a:d0:b4:c1:
                    35:a9:c5:be:7f:32:9a:d4:75:65:64:13:8e:be:69:
                    7c:9b:25:11:08:19:1a:29:6c:77:3d:34:f6:8a:a3:
                    4b:8f:20:bb:ef:e0:9a:0f:10:56:97:d3:93:66:b7:
                    5f:99:04:1f:96:50:ab:bc:47:31:a0:d9:00:5e:37:
                    e2:9e:69:47:0e:04:d7:29:b7:5b:76:0f:20:ac:61:
                    55:ee:9d:84:25:d7:af:91:d4:41:4e:3f:d6:cd:fc:
                    f8:ce:d9:0c:90:24:d5:72:f8:f7:f0:0f:c4:a1:b2:
                    7b:6b:bd:cd:1a:23:1f:3e:25:12:ce:e4:d1:ee:35:
                    83:6e:60:f5:cd:ea:a5:dd:5f:7a:ce:cd:dc:fa:7d:
                    c9:73:2f:36:44:0a:f6:ee:6a:cc:7c:4f:4b:f5:8b:
                    f9:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:DC:BE:56:ED:C0:75:F8:52:F2:23:58:73:DD:49:B6:14:95:C8:78
            X509v3 Authority Key Identifier:
                keyid:ED:68:CA:6A:2D:12:A8:8C:C7:D2:96:A2:BC:2B:F1:51:9A:0B:5F:F3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911E2E0/B3E815DC9E4611E588D46016C4F9AE02/7WjKai0SqIzH0paivCvxUZoLX_M.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7WjKai0SqIzH0paivCvxUZoLX_M.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911E2E0/B3E815DC9E4611E588D46016C4F9AE02/E2D0B146EB0711EC87061A34C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.120.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:1b:01:e0:d8:72:35:b1:41:2e:03:3f:64:7e:b5:0c:4c:90:
         53:cf:d0:13:b7:18:ea:8c:53:c3:da:7b:e2:80:fc:c4:bb:8f:
         00:22:b1:74:88:7c:f5:a7:4d:62:ef:61:3c:a1:47:ea:9a:c3:
         93:67:86:e3:3b:05:89:7b:76:a8:69:da:40:07:50:f4:56:35:
         81:9a:b3:3b:5c:3e:f4:32:53:73:ba:6d:bd:3f:db:e2:a2:93:
         c4:63:fd:f9:ca:08:b1:6d:83:90:cc:d5:4e:64:0a:d4:d4:a0:
         cf:58:da:57:44:ea:95:b3:c3:2e:cc:f8:14:b4:23:ce:07:df:
         b5:7d:5e:42:10:d9:6a:c2:9e:86:47:82:f2:eb:e9:c2:c5:e4:
         71:73:de:66:82:21:39:b4:14:dc:9d:02:17:07:5a:e9:94:cc:
         f8:1a:6c:42:cd:52:6f:27:81:a8:f9:61:0d:e1:f4:41:62:e1:
         ad:b8:01:ee:a5:7d:dd:42:3f:e0:ca:14:dc:8a:fa:44:a5:e7:
         d6:9e:2a:5a:33:c6:1d:be:3d:d3:5c:2f:5f:05:f3:e1:b4:26:
         44:9a:3e:f4:1a:28:d7:a5:6c:e1:eb:5a:8e:73:02:bd:83:d3:
         c4:20:94:cb:65:16:31:f8:84:2e:a9:dd:73:7d:26:9c:d3:06:
         8e:fa:fc:50
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICIEMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUUyRTAxMTAvBgNVBAUTKEVENjhDQTZBMkQxMkE4OENDN0QyOTZBMkJDMkJGMTUx
OUEwQjVGRjMwHhcNMjIwNzI3MDQ0MjM0WhcNMjMwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmUwYzIzYS00MDRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu5QbLF/C5UkMz6/1yj+XeatIGwxHy4rfVKddL/8x54JJXW9No3406NoWRlxJ
e0AOQDc4kUJBMbjtz3ztHIjDkIHr03CBtdZre1XfKcoRnxImQXE4UsOWns17DsVd
PdnBfHx4vzrQtME1qcW+fzKa1HVlZBOOvml8myURCBkaKWx3PTT2iqNLjyC77+Ca
DxBWl9OTZrdfmQQfllCrvEcxoNkAXjfinmlHDgTXKbdbdg8grGFV7p2EJdevkdRB
Tj/Wzfz4ztkMkCTVcvj38A/EobJ7a73NGiMfPiUSzuTR7jWDbmD1zeql3V96zs3c
+n3Jcy82RAr27mrMfE9L9Yv5LQIDAQABo4IClTCCApEwHQYDVR0OBBYEFLDcvlbt
wHX4UvIjWHPdSbYUlch4MB8GA1UdIwQYMBaAFO1oymotEqiMx9KWorwr8VGaC1/z
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRTJFMC9CM0U4MTVEQzlF
NDYxMUU1ODhENDYwMTZDNEY5QUUwMi83V2pLYWkwU3FJekgwcGFpdkN2eFVab0xY
X00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdXakthaTBTcUl6SDBwYWl2Q3Z4VVpvTFhfTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUUyRTAvQjNFODE1REM5RTQ2MTFFNTg4RDQ2MDE2QzRGOUFFMDIvRTJEMEIxNDZF
QjA3MTFFQzg3MDYxQTM0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJneHgwDQYJKoZIhvcNAQELBQADggEBAFAbAeDYcjWxQS4D
P2R+tQxMkFPP0BO3GOqMU8Pae+KA/MS7jwAisXSIfPWnTWLvYTyhR+qaw5NnhuM7
BYl7dqhp2kAHUPRWNYGasztcPvQyU3O6bb0/2+Kik8Rj/fnKCLFtg5DM1U5kCtTU
oM9Y2ldE6pWzwy7M+BS0I84H37V9XkIQ2WrCnoZHgvLr6cLF5HFz3maCITm0FNyd
AhcHWumUzPgabELNUm8ngaj5YQ3h9EFi4a24Ae6lfd1CP+DKFNyK+kSl59aeKloz
xh2+PdNcL18F8+G0JkSaPvQaKNelbOHrWo5zAr2D08QglMtlFjH4hC6p3XN9JpzT
Bo76/FA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:47 2024 by rpki-client on console-ams.rpki-client.org