Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912383B/F4BD5008E02311EA9922DE42C4F9AE02/E2C49B862A6011EB8DEF2641C4F9AE02.roa
File:                     E2C49B862A6011EB8DEF2641C4F9AE02.roa (raw, json)
Hash identifier:          jMsRGZX6MwXzgOOe/bryzoKRasj8boydZxBDIdbUcmA=
Subject key identifier:   6B:F7:EE:47:8A:2C:86:02:45:A0:4B:B3:05:14:B3:39:4B:6A:5A:29
Certificate issuer:       /CN=A912383B/serialNumber=0727AAC5B8CF7FE68CCD6DE77F6C8B46D574FAA7
Certificate serial:       04BC
Authority key identifier: 07:27:AA:C5:B8:CF:7F:E6:8C:CD:6D:E7:7F:6C:8B:46:D5:74:FA:A7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ByeqxbjPf-aMzW3nf2yLRtV0-qc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912383B/F4BD5008E02311EA9922DE42C4F9AE02/E2C49B862A6011EB8DEF2641C4F9AE02.roa
Signing time:             Fri 25 Mar 2022 11:29:48 +0000
ROA not before:           Fri 25 Mar 2022 11:29:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198949
IP address blocks:        149.234.185.0/24 maxlen: 24
                          149.234.186.0/24 maxlen: 24
                          149.234.187.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1212 (0x4bc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912383B/serialNumber=0727AAC5B8CF7FE68CCD6DE77F6C8B46D574FAA7
        Validity
            Not Before: Mar 25 11:29:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=623da7ac-4549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ad:ce:23:0d:84:77:af:97:27:ff:c8:9c:ff:
                    ac:6b:4c:4b:85:5c:e6:e2:c7:12:06:77:90:79:10:
                    f5:e5:d2:50:73:43:d4:78:4a:d3:79:09:35:44:04:
                    2d:82:1d:b1:9a:50:d3:b0:37:2e:11:65:2e:ab:fe:
                    87:6d:52:72:d3:af:85:ff:55:35:c1:98:9b:4e:75:
                    fd:0c:f8:6a:be:cb:29:a4:d4:1a:a6:a4:77:ba:5c:
                    4c:98:30:3c:da:09:00:54:cb:4b:e0:ab:ba:91:45:
                    f6:e8:8c:96:cd:78:2c:d5:3f:9b:4e:39:44:86:2d:
                    a4:18:1e:75:3f:b7:76:a8:b7:ca:ae:6a:f9:68:13:
                    98:b5:c8:87:44:eb:b4:38:86:04:1d:f9:1a:39:17:
                    4a:7d:e8:74:50:05:d1:1f:97:19:11:1c:77:44:54:
                    0a:61:53:6c:89:88:37:71:16:c0:05:fa:79:09:2e:
                    06:ff:1f:0b:da:71:5b:b0:0a:3f:15:34:9d:0f:2b:
                    fb:54:0e:42:8d:dd:b0:33:37:b1:33:ac:fe:2d:34:
                    ff:eb:d2:4c:c7:28:3c:06:4e:98:16:b4:25:67:1b:
                    20:2e:8b:8b:ef:2d:fb:ed:da:de:f7:3b:9b:12:6d:
                    1e:eb:44:94:8d:e1:40:ac:85:22:be:ae:c1:16:d2:
                    ff:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F7:EE:47:8A:2C:86:02:45:A0:4B:B3:05:14:B3:39:4B:6A:5A:29
            X509v3 Authority Key Identifier:
                keyid:07:27:AA:C5:B8:CF:7F:E6:8C:CD:6D:E7:7F:6C:8B:46:D5:74:FA:A7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912383B/F4BD5008E02311EA9922DE42C4F9AE02/ByeqxbjPf-aMzW3nf2yLRtV0-qc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ByeqxbjPf-aMzW3nf2yLRtV0-qc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912383B/F4BD5008E02311EA9922DE42C4F9AE02/E2C49B862A6011EB8DEF2641C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.234.185.0-149.234.187.255

    Signature Algorithm: sha256WithRSAEncryption
         7e:98:09:3c:fd:67:0a:f9:cd:89:ce:a3:43:66:b0:84:b2:61:
         aa:6b:be:9e:7a:94:99:31:54:32:7f:e4:83:fb:cf:b1:d0:ac:
         68:1a:12:7f:af:1a:e5:69:da:5f:48:5d:2f:ee:d7:5f:c5:49:
         51:d3:5b:57:9a:c0:73:f5:30:75:b9:d3:13:af:5b:44:a9:f0:
         82:5f:82:45:c9:09:d0:e3:6a:6d:2e:25:d9:7e:18:e7:f9:9c:
         18:52:eb:db:29:47:f1:8d:82:2c:8b:0b:d6:4c:84:25:57:36:
         74:6a:bf:32:13:a8:c7:08:97:7e:78:cd:c6:bb:60:af:75:d6:
         f1:da:92:55:45:fc:20:e1:11:f9:53:9a:b9:1d:81:cb:eb:c4:
         dc:46:2b:10:57:52:a1:87:54:b2:87:aa:cd:df:f5:60:c5:06:
         dc:de:e5:60:c6:f0:db:c0:04:18:e7:6d:b7:0e:04:f7:46:43:
         97:76:f9:7c:fc:0a:66:8a:4d:fc:2f:5a:bb:b3:0d:e6:26:01:
         66:3b:6e:3f:da:df:2e:b2:1a:ef:ad:a3:57:9b:c1:2e:10:ed:
         08:92:4f:1e:b5:a6:c5:fc:b7:e7:da:e4:a8:fa:07:65:ba:3a:
         b9:83:87:99:f6:bb:bf:08:a6:51:94:7d:bc:93:d8:bd:ab:eb:
         f4:6a:7c:1d
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICBLwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjM4M0IxMTAvBgNVBAUTKDA3MjdBQUM1QjhDRjdGRTY4Q0NENkRFNzdGNkM4QjQ2
RDU3NEZBQTcwHhcNMjIwMzI1MTEyOTQ4WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjNkYTdhYy00NTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2K3OIw2Ed6+XJ//InP+sa0xLhVzm4scSBneQeRD15dJQc0PUeErTeQk1RAQt
gh2xmlDTsDcuEWUuq/6HbVJy06+F/1U1wZibTnX9DPhqvssppNQapqR3ulxMmDA8
2gkAVMtL4Ku6kUX26IyWzXgs1T+bTjlEhi2kGB51P7d2qLfKrmr5aBOYtciHROu0
OIYEHfkaORdKfeh0UAXRH5cZERx3RFQKYVNsiYg3cRbABfp5CS4G/x8L2nFbsAo/
FTSdDyv7VA5Cjd2wMzexM6z+LTT/69JMxyg8Bk6YFrQlZxsgLouL7y377dre9zub
Em0e60SUjeFArIUivq7BFtL/oQIDAQABo4ICnTCCApkwHQYDVR0OBBYEFGv37keK
LIYCRaBLswUUszlLalopMB8GA1UdIwQYMBaAFAcnqsW4z3/mjM1t539si0bVdPqn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMzgzQi9GNEJENTAwOEUw
MjMxMUVBOTkyMkRFNDJDNEY5QUUwMi9CeWVxeGJqUGYtYU16VzNuZjJ5TFJ0VjAt
cWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0J5ZXF4YmpQZi1hTXpXM25mMnlMUnRWMC1xYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjM4M0IvRjRCRDUwMDhFMDIzMTFFQTk5MjJERTQyQzRGOUFFMDIvRTJDNDlCODYy
QTYwMTFFQjhERUYyNjQxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgABMA4wDAMEAJXquQMEApXquDANBgkqhkiG9w0BAQsFAAOCAQEAfpgJ
PP1nCvnNic6jQ2awhLJhqmu+nnqUmTFUMn/kg/vPsdCsaBoSf68a5WnaX0hdL+7X
X8VJUdNbV5rAc/UwdbnTE69bRKnwgl+CRckJ0ONqbS4l2X4Y5/mcGFLr2ylH8Y2C
LIsL1kyEJVc2dGq/MhOoxwiXfnjNxrtgr3XW8dqSVUX8IOER+VOauR2By+vE3EYr
EFdSoYdUsoeqzd/1YMUG3N7lYMbw28AEGOdttw4E90ZDl3b5fPwKZopN/C9au7MN
5iYBZjtuP9rfLrIa762jV5vBLhDtCJJPHrWmxfy359rkqPoHZbo6uYOHmfa7vwim
UZR9vJPYvavr9Gp8HQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:22:34 2023 by rpki-client on console-ams.rpki-client.org