Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9120B99/D3F9051C1D8311E2B4ED5CD908B02CD2/A8A3A742E0DA11EEA156885AC4F9AE02.roa
File:                     A8A3A742E0DA11EEA156885AC4F9AE02.roa (raw, json)
Hash identifier:          is2MR5FQkCFLoEtx2XBiz8q+3zrRcZ6lbMmboMRNs3g=
Subject key identifier:   B0:B2:A8:74:35:1D:54:40:E4:D5:44:E0:0E:DE:1E:41:56:88:7B:8B
Certificate issuer:       /CN=A9120B99/serialNumber=86C7946946B2A57B056F02B279340D30C2CE49B4
Certificate serial:       33CA
Authority key identifier: 86:C7:94:69:46:B2:A5:7B:05:6F:02:B2:79:34:0D:30:C2:CE:49:B4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hseUaUaypXsFbwKyeTQNMMLOSbQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9120B99/D3F9051C1D8311E2B4ED5CD908B02CD2/A8A3A742E0DA11EEA156885AC4F9AE02.roa
Signing time:             Wed 13 Mar 2024 01:40:23 +0000
ROA not before:           Wed 13 Mar 2024 01:40:23 +0000
ROA not after:            Tue 30 Jul 2024 00:00:00 +0000
asID:                     7540
IP address blocks:        117.18.96.0/24 maxlen: 24
                          117.18.98.0/24 maxlen: 24
                          117.18.101.0/24 maxlen: 24
                          117.18.102.0/24 maxlen: 24
                          117.18.103.0/24 maxlen: 24
                          117.18.105.0/24 maxlen: 24
                          117.18.106.0/24 maxlen: 24
                          117.18.107.0/24 maxlen: 24
                          117.18.108.0/24 maxlen: 24
                          117.18.110.0/24 maxlen: 24
                          117.18.112.0/24 maxlen: 24
                          117.18.113.0/24 maxlen: 24
                          117.18.114.0/24 maxlen: 24
                          117.18.115.0/24 maxlen: 24
                          117.18.116.0/24 maxlen: 24
                          117.18.119.0/24 maxlen: 24
                          117.18.120.0/24 maxlen: 24
                          117.18.121.0/24 maxlen: 24
                          117.18.124.0/24 maxlen: 24
                          117.18.125.0/24 maxlen: 24
                          117.18.126.0/24 maxlen: 24
                          202.181.137.0/24 maxlen: 24
                          202.181.138.0/24 maxlen: 24
                          202.181.140.0/24 maxlen: 24
                          202.181.141.0/24 maxlen: 24
                          202.181.142.0/24 maxlen: 24
                          202.181.143.0/24 maxlen: 24
                          202.181.148.0/24 maxlen: 24
                          202.181.150.0/24 maxlen: 24
                          202.181.152.0/24 maxlen: 24
                          202.181.154.0/24 maxlen: 24
                          202.181.156.0/24 maxlen: 24
                          202.181.157.0/24 maxlen: 24
                          202.181.158.0/24 maxlen: 24
                          202.181.159.0/24 maxlen: 24
                          202.181.160.0/24 maxlen: 24
                          202.181.161.0/24 maxlen: 24
                          202.181.162.0/24 maxlen: 24
                          202.181.163.0/24 maxlen: 24
                          202.181.164.0/24 maxlen: 24
                          202.181.165.0/24 maxlen: 24
                          202.181.166.0/24 maxlen: 24
                          202.181.167.0/24 maxlen: 24
                          202.181.168.0/24 maxlen: 24
                          202.181.169.0/24 maxlen: 24
                          202.181.170.0/24 maxlen: 24
                          202.181.171.0/24 maxlen: 24
                          202.181.172.0/24 maxlen: 24
                          202.181.173.0/24 maxlen: 24
                          202.181.174.0/24 maxlen: 24
                          202.181.175.0/24 maxlen: 24
                          202.181.176.0/24 maxlen: 24
                          202.181.178.0/24 maxlen: 24
                          202.181.179.0/24 maxlen: 24
                          202.181.180.0/24 maxlen: 24
                          202.181.181.0/24 maxlen: 24
                          202.181.182.0/24 maxlen: 24
                          202.181.183.0/24 maxlen: 24
                          202.181.184.0/24 maxlen: 24
                          202.181.185.0/24 maxlen: 24
                          202.181.186.0/24 maxlen: 24
                          202.181.187.0/24 maxlen: 24
                          202.181.189.0/24 maxlen: 24
                          202.181.190.0/24 maxlen: 24
                          202.181.191.0/24 maxlen: 24
                          202.181.192.0/24 maxlen: 24
                          202.181.193.0/24 maxlen: 24
                          202.181.194.0/24 maxlen: 24
                          202.181.195.0/24 maxlen: 24
                          202.181.196.0/24 maxlen: 24
                          202.181.197.0/24 maxlen: 24
                          202.181.198.0/24 maxlen: 24
                          202.181.199.0/24 maxlen: 24
                          202.181.200.0/24 maxlen: 24
                          202.181.201.0/24 maxlen: 24
                          202.181.202.0/24 maxlen: 24
                          202.181.203.0/24 maxlen: 24
                          202.181.205.0/24 maxlen: 24
                          202.181.206.0/24 maxlen: 24
                          202.181.207.0/24 maxlen: 24
                          202.181.208.0/24 maxlen: 24
                          202.181.209.0/24 maxlen: 24
                          202.181.210.0/24 maxlen: 24
                          202.181.211.0/24 maxlen: 24
                          202.181.212.0/24 maxlen: 24
                          202.181.213.0/24 maxlen: 24
                          202.181.214.0/24 maxlen: 24
                          202.181.215.0/24 maxlen: 24
                          202.181.216.0/24 maxlen: 24
                          202.181.217.0/24 maxlen: 24
                          202.181.219.0/24 maxlen: 24
                          202.181.220.0/24 maxlen: 24
                          202.181.221.0/24 maxlen: 24
                          202.181.222.0/24 maxlen: 24
                          202.181.223.0/24 maxlen: 24
                          202.181.224.0/24 maxlen: 24
                          202.181.225.0/24 maxlen: 24
                          202.181.226.0/24 maxlen: 24
                          202.181.227.0/24 maxlen: 24
                          202.181.228.0/24 maxlen: 24
                          202.181.229.0/24 maxlen: 24
                          202.181.230.0/24 maxlen: 24
                          202.181.231.0/24 maxlen: 24
                          202.181.233.0/24 maxlen: 24
                          202.181.234.0/24 maxlen: 24
                          202.181.235.0/24 maxlen: 24
                          202.181.236.0/24 maxlen: 24
                          202.181.237.0/24 maxlen: 24
                          202.181.238.0/24 maxlen: 24
                          202.181.239.0/24 maxlen: 24
                          202.181.240.0/24 maxlen: 24
                          202.181.241.0/24 maxlen: 24
                          202.181.242.0/24 maxlen: 24
                          202.181.243.0/24 maxlen: 24
                          202.181.244.0/24 maxlen: 24
                          202.181.245.0/24 maxlen: 24
                          202.181.246.0/24 maxlen: 24
                          202.181.247.0/24 maxlen: 24
                          202.181.248.0/23 maxlen: 24
                          2405:5d00::/64 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13258 (0x33ca)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9120B99/serialNumber=86C7946946B2A57B056F02B279340D30C2CE49B4
        Validity
            Not Before: Mar 13 01:40:23 2024 GMT
            Not After : Jul 30 00:00:00 2024 GMT
        Subject: CN=65f10407-620c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:71:22:17:f7:71:c6:e0:aa:4a:0e:b8:ee:af:
                    ef:88:cd:aa:8b:3e:b1:3d:11:ad:a5:0c:20:02:c1:
                    96:2e:17:72:53:fe:44:c1:5c:ab:90:5d:09:a1:1c:
                    70:a3:83:82:1e:54:b2:56:3a:04:68:81:71:e8:94:
                    48:37:8f:ab:4b:05:07:1c:f9:51:1e:cd:90:e9:7e:
                    cf:ff:14:7b:f6:cb:4c:1f:2e:0b:5e:45:f5:11:13:
                    7f:3c:a4:79:d7:32:77:ea:53:62:09:7c:e8:ff:3c:
                    1b:05:59:43:d8:6c:69:ec:77:d4:f7:f9:44:d4:8f:
                    5f:a4:cd:7b:d8:c1:ab:6a:96:ca:d3:1d:81:6e:c9:
                    e4:63:e9:30:67:6b:9f:e2:b3:09:34:30:6a:c6:f0:
                    95:d5:ab:a8:41:db:ea:8b:26:b3:cb:4b:84:96:9a:
                    4c:28:a8:1e:13:a0:c1:9c:66:7e:f0:e9:22:bc:5e:
                    98:ce:9b:5e:5d:38:9f:37:b7:1f:c3:a8:e6:b2:21:
                    55:ed:06:e9:29:0c:63:63:f3:3e:72:ef:6d:9c:1a:
                    0e:cd:50:91:ad:c3:4b:50:3f:47:cb:e1:37:95:75:
                    85:55:88:c0:12:6a:2b:88:fa:90:e3:30:9b:b7:49:
                    74:57:16:79:f2:4c:1e:d6:25:b9:f6:2d:e4:f5:f2:
                    a9:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:B2:A8:74:35:1D:54:40:E4:D5:44:E0:0E:DE:1E:41:56:88:7B:8B
            X509v3 Authority Key Identifier:
                keyid:86:C7:94:69:46:B2:A5:7B:05:6F:02:B2:79:34:0D:30:C2:CE:49:B4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9120B99/D3F9051C1D8311E2B4ED5CD908B02CD2/hseUaUaypXsFbwKyeTQNMMLOSbQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hseUaUaypXsFbwKyeTQNMMLOSbQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9120B99/D3F9051C1D8311E2B4ED5CD908B02CD2/A8A3A742E0DA11EEA156885AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.18.96.0/24
                  117.18.98.0/24
                  117.18.101.0-117.18.103.255
                  117.18.105.0-117.18.108.255
                  117.18.110.0/24
                  117.18.112.0-117.18.116.255
                  117.18.119.0-117.18.121.255
                  117.18.124.0-117.18.126.255
                  202.181.137.0-202.181.138.255
                  202.181.140.0/22
                  202.181.148.0/24
                  202.181.150.0/24
                  202.181.152.0/24
                  202.181.154.0/24
                  202.181.156.0-202.181.176.255
                  202.181.178.0-202.181.187.255
                  202.181.189.0-202.181.203.255
                  202.181.205.0-202.181.217.255
                  202.181.219.0-202.181.231.255
                  202.181.233.0-202.181.249.255
                IPv6:
                  2405:5d00::/64

    Signature Algorithm: sha256WithRSAEncryption
         7c:07:60:3d:3a:14:bc:10:50:1d:04:15:8f:9a:90:38:15:27:
         d0:a1:c1:24:c2:84:bd:96:d1:6f:66:de:87:76:26:22:3e:60:
         34:20:25:46:71:aa:54:78:52:ae:3b:4c:74:a5:ed:ac:0f:6d:
         42:79:ca:ac:2a:56:4c:4c:f8:42:7b:7e:f6:17:a3:36:d7:6c:
         bd:55:98:ef:5b:56:3a:62:3e:95:b3:01:9c:79:72:b9:02:71:
         f2:b3:3e:5a:4b:d9:fc:53:29:59:61:87:26:6c:4a:55:36:13:
         7c:1d:70:f6:e7:ec:f5:8e:ff:4e:8e:d6:00:6c:34:ed:b3:b5:
         52:bf:d7:44:d1:3c:ff:48:89:f1:32:bc:aa:bc:01:bd:0a:16:
         02:cc:fd:1c:fe:73:a3:e7:ce:3d:0f:82:10:66:e5:c9:e7:43:
         9b:53:0a:7b:26:fe:f7:1b:95:c3:fc:07:38:ec:53:6a:86:57:
         b4:c4:0b:b3:47:6b:7e:75:2b:af:28:96:95:12:2c:46:17:54:
         f9:bd:93:ba:ed:1f:70:e9:52:38:f0:26:07:86:b6:93:70:9b:
         67:83:d4:35:49:35:2f:95:fd:64:74:d6:e8:df:49:7a:90:29:
         16:19:b1:4d:83:3f:b4:a8:28:d9:c4:23:7a:fc:b4:39:5f:2d:
         af:a6:90:98
-----BEGIN CERTIFICATE-----
MIIGXDCCBUSgAwIBAgICM8owDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjBCOTkxMTAvBgNVBAUTKDg2Qzc5NDY5NDZCMkE1N0IwNTZGMDJCMjc5MzQwRDMw
QzJDRTQ5QjQwHhcNMjQwMzEzMDE0MDIzWhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWYxMDQwNy02MjBjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAynEiF/dxxuCqSg647q/viM2qiz6xPRGtpQwgAsGWLhdyU/5EwVyrkF0JoRxw
o4OCHlSyVjoEaIFx6JRIN4+rSwUHHPlRHs2Q6X7P/xR79stMHy4LXkX1ERN/PKR5
1zJ36lNiCXzo/zwbBVlD2Gxp7HfU9/lE1I9fpM172MGrapbK0x2BbsnkY+kwZ2uf
4rMJNDBqxvCV1auoQdvqiyazy0uElppMKKgeE6DBnGZ+8OkivF6YzpteXTifN7cf
w6jmsiFV7QbpKQxjY/M+cu9tnBoOzVCRrcNLUD9Hy+E3lXWFVYjAEmoriPqQ4zCb
t0l0VxZ58kwe1iW59i3k9fKpnQIDAQABo4IDgDCCA3wwHQYDVR0OBBYEFLCyqHQ1
HVRA5NVE4A7eHkFWiHuLMB8GA1UdIwQYMBaAFIbHlGlGsqV7BW8Csnk0DTDCzkm0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMEI5OS9EM0Y5MDUxQzFE
ODMxMUUyQjRFRDVDRDkwOEIwMkNEMi9oc2VVYVVheXBYc0Zid0t5ZVRRTk1NTE9T
YlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2hzZVVhVWF5cFhzRmJ3S3llVFFOTU1MT1NiUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjBCOTkvRDNGOTA1MUMxRDgzMTFFMkI0RUQ1Q0Q5MDhCMDJDRDIvQThBM0E3NDJF
MERBMTFFRUExNTY4ODVBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggEIBggrBgEFBQcBBwEB
/wSB+DCB9TCB3wQCAAEwgdgDBAB1EmADBAB1EmIwDAMEAHUSZQMEA3USYDAMAwQA
dRJpAwQAdRJsAwQAdRJuMAwDBAR1EnADBAB1EnQwDAMEAHUSdwMEAXUSeDAMAwQC
dRJ8AwQAdRJ+MAwDBADKtYkDBADKtYoDBALKtYwDBADKtZQDBADKtZYDBADKtZgD
BADKtZowDAMEAsq1nAMEAMq1sDAMAwQByrWyAwQCyrW4MAwDBADKtb0DBALKtcgw
DAMEAMq1zQMEAcq12DAMAwQAyrXbAwQDyrXgMAwDBADKtekDBAHKtfgwEQQCAAIw
CwMJACQFXQAAAAAAMA0GCSqGSIb3DQEBCwUAA4IBAQB8B2A9OhS8EFAdBBWPmpA4
FSfQocEkwoS9ltFvZt6HdiYiPmA0ICVGcapUeFKuO0x0pe2sD21CecqsKlZMTPhC
e372F6M212y9VZjvW1Y6Yj6VswGceXK5AnHysz5aS9n8UylZYYcmbEpVNhN8HXD2
5+z1jv9OjtYAbDTts7VSv9dE0Tz/SInxMryqvAG9ChYCzP0c/nOj5849D4IQZuXJ
50ObUwp7Jv73G5XD/Ac47FNqhle0xAuzR2t+dSuvKJaVEixGF1T5vZO67R9w6VI4
8CYHhraTcJtng9Q1STUvlf1kdNbo30l6kCkWGbFNgz+0qCjZxCN6/LQ5Xy2vppCY
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:56 2024 by rpki-client on console-fra.rpki-client.org