Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9120B99/D3F9051C1D8311E2B4ED5CD908B02CD2/651AF25268D311EEA093467CC4F9AE02.roa
File:                     651AF25268D311EEA093467CC4F9AE02.roa (raw, json)
Hash identifier:          xafNHd6Blio3RSY3Q3TZHqLNG0ZFFcxKmgjGgFuGiJ8=
Subject key identifier:   05:E3:63:45:97:75:50:02:C9:07:B1:A2:2B:25:58:B2:46:17:CB:15
Certificate issuer:       /CN=A9120B99/serialNumber=86C7946946B2A57B056F02B279340D30C2CE49B4
Certificate serial:       335D
Authority key identifier: 86:C7:94:69:46:B2:A5:7B:05:6F:02:B2:79:34:0D:30:C2:CE:49:B4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hseUaUaypXsFbwKyeTQNMMLOSbQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9120B99/D3F9051C1D8311E2B4ED5CD908B02CD2/651AF25268D311EEA093467CC4F9AE02.roa
Signing time:             Thu 12 Oct 2023 07:46:04 +0000
ROA not before:           Thu 12 Oct 2023 07:46:04 +0000
ROA not after:            Tue 30 Jul 2024 00:00:00 +0000
asID:                     7540
IP address blocks:        117.18.96.0/24 maxlen: 24
                          117.18.98.0/24 maxlen: 24
                          117.18.101.0/24 maxlen: 24
                          117.18.102.0/24 maxlen: 24
                          117.18.103.0/24 maxlen: 24
                          117.18.104.0/24 maxlen: 24
                          117.18.105.0/24 maxlen: 24
                          117.18.106.0/24 maxlen: 24
                          117.18.107.0/24 maxlen: 24
                          117.18.108.0/24 maxlen: 24
                          117.18.110.0/24 maxlen: 24
                          117.18.112.0/24 maxlen: 24
                          117.18.113.0/24 maxlen: 24
                          117.18.114.0/24 maxlen: 24
                          117.18.115.0/24 maxlen: 24
                          117.18.116.0/24 maxlen: 24
                          117.18.117.0/24 maxlen: 24
                          117.18.119.0/24 maxlen: 24
                          117.18.120.0/24 maxlen: 24
                          117.18.121.0/24 maxlen: 24
                          117.18.124.0/24 maxlen: 24
                          117.18.125.0/24 maxlen: 24
                          117.18.126.0/24 maxlen: 24
                          202.181.137.0/24 maxlen: 24
                          202.181.138.0/24 maxlen: 24
                          202.181.139.0/24 maxlen: 24
                          202.181.140.0/24 maxlen: 24
                          202.181.141.0/24 maxlen: 24
                          202.181.142.0/24 maxlen: 24
                          202.181.143.0/24 maxlen: 24
                          202.181.148.0/24 maxlen: 24
                          202.181.150.0/24 maxlen: 24
                          202.181.151.0/24 maxlen: 24
                          202.181.152.0/24 maxlen: 24
                          202.181.153.0/24 maxlen: 24
                          202.181.154.0/24 maxlen: 24
                          202.181.156.0/24 maxlen: 24
                          202.181.157.0/24 maxlen: 24
                          202.181.158.0/24 maxlen: 24
                          202.181.159.0/24 maxlen: 24
                          202.181.160.0/24 maxlen: 24
                          202.181.161.0/24 maxlen: 24
                          202.181.162.0/24 maxlen: 24
                          202.181.163.0/24 maxlen: 24
                          202.181.164.0/24 maxlen: 24
                          202.181.165.0/24 maxlen: 24
                          202.181.166.0/24 maxlen: 24
                          202.181.167.0/24 maxlen: 24
                          202.181.168.0/24 maxlen: 24
                          202.181.169.0/24 maxlen: 24
                          202.181.170.0/24 maxlen: 24
                          202.181.171.0/24 maxlen: 24
                          202.181.172.0/24 maxlen: 24
                          202.181.173.0/24 maxlen: 24
                          202.181.174.0/24 maxlen: 24
                          202.181.175.0/24 maxlen: 24
                          202.181.176.0/24 maxlen: 24
                          202.181.177.0/24 maxlen: 24
                          202.181.178.0/24 maxlen: 24
                          202.181.179.0/24 maxlen: 24
                          202.181.180.0/24 maxlen: 24
                          202.181.181.0/24 maxlen: 24
                          202.181.182.0/24 maxlen: 24
                          202.181.183.0/24 maxlen: 24
                          202.181.184.0/24 maxlen: 24
                          202.181.185.0/24 maxlen: 24
                          202.181.186.0/24 maxlen: 24
                          202.181.187.0/24 maxlen: 24
                          202.181.188.0/24 maxlen: 24
                          202.181.189.0/24 maxlen: 24
                          202.181.190.0/24 maxlen: 24
                          202.181.191.0/24 maxlen: 24
                          202.181.192.0/24 maxlen: 24
                          202.181.193.0/24 maxlen: 24
                          202.181.194.0/24 maxlen: 24
                          202.181.195.0/24 maxlen: 24
                          202.181.196.0/24 maxlen: 24
                          202.181.197.0/24 maxlen: 24
                          202.181.198.0/24 maxlen: 24
                          202.181.199.0/24 maxlen: 24
                          202.181.200.0/24 maxlen: 24
                          202.181.201.0/24 maxlen: 24
                          202.181.202.0/24 maxlen: 24
                          202.181.203.0/24 maxlen: 24
                          202.181.204.0/24 maxlen: 24
                          202.181.205.0/24 maxlen: 24
                          202.181.206.0/24 maxlen: 24
                          202.181.207.0/24 maxlen: 24
                          202.181.208.0/24 maxlen: 24
                          202.181.209.0/24 maxlen: 24
                          202.181.210.0/24 maxlen: 24
                          202.181.211.0/24 maxlen: 24
                          202.181.212.0/24 maxlen: 24
                          202.181.213.0/24 maxlen: 24
                          202.181.214.0/24 maxlen: 24
                          202.181.215.0/24 maxlen: 24
                          202.181.216.0/24 maxlen: 24
                          202.181.217.0/24 maxlen: 24
                          202.181.219.0/24 maxlen: 24
                          202.181.220.0/24 maxlen: 24
                          202.181.221.0/24 maxlen: 24
                          202.181.222.0/24 maxlen: 24
                          202.181.223.0/24 maxlen: 24
                          202.181.224.0/24 maxlen: 24
                          202.181.225.0/24 maxlen: 24
                          202.181.226.0/24 maxlen: 24
                          202.181.227.0/24 maxlen: 24
                          202.181.228.0/24 maxlen: 24
                          202.181.229.0/24 maxlen: 24
                          202.181.230.0/24 maxlen: 24
                          202.181.231.0/24 maxlen: 24
                          202.181.233.0/24 maxlen: 24
                          202.181.234.0/24 maxlen: 24
                          202.181.235.0/24 maxlen: 24
                          202.181.236.0/24 maxlen: 24
                          202.181.237.0/24 maxlen: 24
                          202.181.238.0/24 maxlen: 24
                          202.181.239.0/24 maxlen: 24
                          202.181.240.0/24 maxlen: 24
                          202.181.241.0/24 maxlen: 24
                          202.181.242.0/24 maxlen: 24
                          202.181.243.0/24 maxlen: 24
                          202.181.244.0/24 maxlen: 24
                          202.181.245.0/24 maxlen: 24
                          202.181.246.0/24 maxlen: 24
                          202.181.247.0/24 maxlen: 24
                          202.181.248.0/23 maxlen: 24
                          2405:5d00::/64 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13149 (0x335d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9120B99/serialNumber=86C7946946B2A57B056F02B279340D30C2CE49B4
        Validity
            Not Before: Oct 12 07:46:04 2023 GMT
            Not After : Jul 30 00:00:00 2024 GMT
        Subject: CN=6527a43c-68cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9f:86:fd:3b:95:65:fa:c7:fe:7d:28:f8:10:
                    5c:c9:b0:3e:21:60:ba:76:79:a2:a8:74:0f:91:d4:
                    ce:de:4f:07:38:3c:ee:99:3c:d0:da:36:0d:ae:96:
                    3e:06:63:05:bd:2d:1b:fc:50:cc:15:5c:47:f2:3a:
                    48:84:bc:3e:3a:c2:de:fb:9c:4c:39:ab:46:39:73:
                    e5:98:28:e3:be:db:c5:e1:77:12:21:6b:dd:75:71:
                    9d:10:c7:c3:5a:54:cb:b0:10:2a:d9:1d:3f:e4:69:
                    ae:c3:5c:53:1d:37:15:23:1a:c7:b3:3d:7d:dd:09:
                    08:2e:5e:5d:9d:58:57:cf:a2:85:4c:4a:50:69:91:
                    eb:9b:94:3e:86:a1:51:e9:94:ce:ae:9c:e3:4a:9c:
                    5b:88:2a:94:80:de:72:80:cc:83:b9:e3:ba:ab:a2:
                    3d:80:13:7b:79:80:84:91:bb:de:54:a3:e9:d9:5a:
                    70:8b:9f:df:25:1a:8e:15:51:96:3d:34:bb:0a:1f:
                    5b:33:60:4e:95:ea:f8:3d:f5:db:ad:12:57:14:43:
                    98:6c:e7:80:b8:d7:9c:9f:1f:5f:41:ad:f7:14:4a:
                    74:2c:3c:b1:91:7d:7b:b3:ad:e8:c5:21:c1:f6:34:
                    58:7e:8a:15:41:39:fc:b6:7c:80:0a:46:26:72:70:
                    79:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:E3:63:45:97:75:50:02:C9:07:B1:A2:2B:25:58:B2:46:17:CB:15
            X509v3 Authority Key Identifier:
                keyid:86:C7:94:69:46:B2:A5:7B:05:6F:02:B2:79:34:0D:30:C2:CE:49:B4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9120B99/D3F9051C1D8311E2B4ED5CD908B02CD2/hseUaUaypXsFbwKyeTQNMMLOSbQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hseUaUaypXsFbwKyeTQNMMLOSbQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9120B99/D3F9051C1D8311E2B4ED5CD908B02CD2/651AF25268D311EEA093467CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.18.96.0/24
                  117.18.98.0/24
                  117.18.101.0-117.18.108.255
                  117.18.110.0/24
                  117.18.112.0-117.18.117.255
                  117.18.119.0-117.18.121.255
                  117.18.124.0-117.18.126.255
                  202.181.137.0-202.181.143.255
                  202.181.148.0/24
                  202.181.150.0-202.181.154.255
                  202.181.156.0-202.181.217.255
                  202.181.219.0-202.181.231.255
                  202.181.233.0-202.181.249.255
                IPv6:
                  2405:5d00::/64

    Signature Algorithm: sha256WithRSAEncryption
         3b:2f:6f:6e:a2:2c:5b:02:40:41:ae:eb:51:66:43:fe:48:f6:
         cc:84:52:22:73:12:1d:f1:bb:b5:42:c8:b7:19:57:84:43:44:
         ac:ac:f3:78:78:9e:a6:58:dd:fa:b1:86:0a:f3:a2:d7:66:e5:
         b0:11:7b:30:57:97:f9:9d:20:1b:96:68:9a:cb:9f:52:f9:36:
         70:5e:e7:cb:03:c7:70:d9:1b:1f:26:2e:73:eb:73:7a:af:5c:
         ac:47:46:79:d4:b4:65:b7:62:2d:ab:8b:a2:d0:45:09:93:0a:
         7a:75:02:df:d9:27:bf:d7:aa:c0:08:ae:81:8a:60:3b:80:80:
         be:d9:2e:c3:58:b3:3e:f1:dd:77:80:02:a3:e2:2c:9c:fb:ab:
         fb:85:4e:a4:96:a6:b7:81:e9:6e:0f:c1:e9:23:f4:57:f4:d3:
         7d:b6:2c:16:7b:de:b0:5e:43:cf:c8:db:06:ea:9b:ec:13:fb:
         53:d0:2b:68:3d:01:87:4f:08:4a:85:70:d1:aa:2c:f7:a3:37:
         c7:af:e6:e1:e6:e8:87:1e:70:37:05:48:2d:f5:7a:ea:e1:61:
         dc:a7:ef:fa:4f:22:0b:91:6e:7e:de:02:ae:56:68:d6:56:45:
         81:0a:b1:29:9e:ec:58:31:71:4d:c2:6c:68:1a:39:bc:4b:c2:
         12:40:0e:d6
-----BEGIN CERTIFICATE-----
MIIGGTCCBQGgAwIBAgICM10wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjBCOTkxMTAvBgNVBAUTKDg2Qzc5NDY5NDZCMkE1N0IwNTZGMDJCMjc5MzQwRDMw
QzJDRTQ5QjQwHhcNMjMxMDEyMDc0NjA0WhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTI3YTQzYy02OGNjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAl5+G/TuVZfrH/n0o+BBcybA+IWC6dnmiqHQPkdTO3k8HODzumTzQ2jYNrpY+
BmMFvS0b/FDMFVxH8jpIhLw+OsLe+5xMOatGOXPlmCjjvtvF4XcSIWvddXGdEMfD
WlTLsBAq2R0/5Gmuw1xTHTcVIxrHsz193QkILl5dnVhXz6KFTEpQaZHrm5Q+hqFR
6ZTOrpzjSpxbiCqUgN5ygMyDueO6q6I9gBN7eYCEkbveVKPp2Vpwi5/fJRqOFVGW
PTS7Ch9bM2BOler4PfXbrRJXFEOYbOeAuNecnx9fQa33FEp0LDyxkX17s63oxSHB
9jRYfooVQTn8tnyACkYmcnB5mwIDAQABo4IDPTCCAzkwHQYDVR0OBBYEFAXjY0WX
dVACyQexoislWLJGF8sVMB8GA1UdIwQYMBaAFIbHlGlGsqV7BW8Csnk0DTDCzkm0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMEI5OS9EM0Y5MDUxQzFE
ODMxMUUyQjRFRDVDRDkwOEIwMkNEMi9oc2VVYVVheXBYc0Zid0t5ZVRRTk1NTE9T
YlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2hzZVVhVWF5cFhzRmJ3S3llVFFOTU1MT1NiUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjBCOTkvRDNGOTA1MUMxRDgzMTFFMkI0RUQ1Q0Q5MDhCMDJDRDIvNjUxQUYyNTI2
OEQzMTFFRUEwOTM0NjdDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgcYGCCsGAQUFBwEHAQH/
BIG2MIGzMIGdBAIAATCBlgMEAHUSYAMEAHUSYjAMAwQAdRJlAwQAdRJsAwQAdRJu
MAwDBAR1EnADBAF1EnQwDAMEAHUSdwMEAXUSeDAMAwQCdRJ8AwQAdRJ+MAwDBADK
tYkDBATKtYADBADKtZQwDAMEAcq1lgMEAMq1mjAMAwQCyrWcAwQByrXYMAwDBADK
tdsDBAPKteAwDAMEAMq16QMEAcq1+DARBAIAAjALAwkAJAVdAAAAAAAwDQYJKoZI
hvcNAQELBQADggEBADsvb26iLFsCQEGu61FmQ/5I9syEUiJzEh3xu7VCyLcZV4RD
RKys83h4nqZY3fqxhgrzotdm5bARezBXl/mdIBuWaJrLn1L5NnBe58sDx3DZGx8m
LnPrc3qvXKxHRnnUtGW3Yi2ri6LQRQmTCnp1At/ZJ7/XqsAIroGKYDuAgL7ZLsNY
sz7x3XeAAqPiLJz7q/uFTqSWpreB6W4Pwekj9Ff00322LBZ73rBeQ8/I2wbqm+wT
+1PQK2g9AYdPCEqFcNGqLPejN8ev5uHm6IcecDcFSC31eurhYdyn7/pPIguRbn7e
Aq5WaNZWRYEKsSme7FgxcU3CbGgaObxLwhJADtY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:47 2024 by rpki-client on console-ams.rpki-client.org