Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912442A/E7C4F9DEF62511EE8DAD8E35C4F9AE02/986E1360F8AB11EE92CA8530C4F9AE02.roa
File:                     986E1360F8AB11EE92CA8530C4F9AE02.roa (raw, json)
Hash identifier:          ph5aXyla1hP94DnGsUwmBKiQUVhXThc6BN5obxpC7dQ=
Subject key identifier:   6F:74:C4:7E:9E:77:2B:FB:53:80:6E:1F:91:27:C6:58:00:F1:AA:88
Certificate issuer:       /CN=A912442A/serialNumber=7DE607C4615D7A01FBDD4A86AD5459401A759921
Certificate serial:       88
Authority key identifier: 7D:E6:07:C4:61:5D:7A:01:FB:DD:4A:86:AD:54:59:40:1A:75:99:21
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/feYHxGFdegH73UqGrVRZQBp1mSE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912442A/E7C4F9DEF62511EE8DAD8E35C4F9AE02/986E1360F8AB11EE92CA8530C4F9AE02.roa
Signing time:             Wed 27 Nov 2024 01:34:47 +0000
ROA not before:           Wed 27 Nov 2024 01:34:47 +0000
ROA not after:            Sat 31 Jan 2026 00:00:00 +0000
asID:                     38794
IP address blocks:        85.204.26.0/24 maxlen: 24
                          85.204.243.0/24 maxlen: 24
                          85.204.244.0/24 maxlen: 24
                          85.204.247.0/24 maxlen: 24
                          85.204.250.0/24 maxlen: 24
                          85.204.253.0/24 maxlen: 24
                          86.107.53.0/24 maxlen: 24
                          89.36.199.0/24 maxlen: 24
                          89.38.134.0/24 maxlen: 24
                          89.39.91.0/24 maxlen: 24
                          89.47.94.0/24 maxlen: 24
                          92.114.109.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 136 (0x88)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912442A, serialNumber=7DE607C4615D7A01FBDD4A86AD5459401A759921
        Validity
            Not Before: Nov 27 01:34:47 2024 GMT
            Not After : Jan 31 00:00:00 2026 GMT
        Subject: CN=67467736-ae82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:10:82:7c:3e:3e:da:7e:f0:f1:b2:47:97:07:
                    40:79:02:36:91:39:31:b3:67:6e:8a:a2:24:25:7e:
                    b7:53:db:b6:0b:fe:e2:da:be:30:d7:86:80:cd:f6:
                    e8:28:a2:d0:0d:9c:86:ef:67:44:72:b5:98:13:1d:
                    b9:9f:88:6f:45:c1:0d:ac:7f:84:34:76:4c:7e:76:
                    56:b4:40:b6:67:ff:de:8d:1b:f0:4c:dd:88:77:cd:
                    b3:e8:2d:8b:4a:16:af:f4:ab:74:3a:da:29:ba:a5:
                    a1:56:a9:6c:c4:d5:f4:63:e1:29:05:67:b2:17:c8:
                    5d:12:59:69:e8:36:64:ee:de:55:8c:be:49:f4:39:
                    0a:39:6c:1d:4d:02:c0:c2:da:1a:8f:f9:f6:3e:0c:
                    aa:21:13:29:7a:d8:cb:20:a9:60:b5:fb:a8:56:b9:
                    23:86:f8:f3:9c:e2:ac:1b:12:c5:27:32:21:f1:1d:
                    1f:7a:e0:c0:6e:57:4c:de:88:27:76:eb:3d:43:76:
                    18:23:87:91:ef:e4:78:64:e4:41:4d:e4:1e:35:0e:
                    80:9d:1b:e4:07:97:84:59:06:fa:4c:97:1a:e2:f6:
                    12:8d:41:90:23:5e:9b:de:93:0c:7d:28:04:b3:ce:
                    24:79:a7:2f:d6:c4:45:a7:37:cd:68:ee:44:88:b3:
                    2e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:74:C4:7E:9E:77:2B:FB:53:80:6E:1F:91:27:C6:58:00:F1:AA:88
            X509v3 Authority Key Identifier:
                keyid:7D:E6:07:C4:61:5D:7A:01:FB:DD:4A:86:AD:54:59:40:1A:75:99:21

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912442A/E7C4F9DEF62511EE8DAD8E35C4F9AE02/feYHxGFdegH73UqGrVRZQBp1mSE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/feYHxGFdegH73UqGrVRZQBp1mSE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912442A/E7C4F9DEF62511EE8DAD8E35C4F9AE02/986E1360F8AB11EE92CA8530C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.26.0/24
                  85.204.243.0-85.204.244.255
                  85.204.247.0/24
                  85.204.250.0/24
                  85.204.253.0/24
                  86.107.53.0/24
                  89.36.199.0/24
                  89.38.134.0/24
                  89.39.91.0/24
                  89.47.94.0/24
                  92.114.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:44:56:45:42:3d:18:f1:53:46:46:70:d7:52:9b:94:15:35:
         d3:28:76:5a:ee:cf:56:e6:51:34:40:c1:05:46:4d:91:50:19:
         fa:70:be:24:b3:12:33:ab:c8:83:c6:46:b1:de:6a:7d:b3:2b:
         da:f8:1d:a4:c8:d8:b8:71:95:fa:02:58:4f:a7:6a:20:93:56:
         59:79:d5:24:66:51:d9:09:20:28:d7:20:7d:32:5b:16:f0:ca:
         31:a4:ea:21:b7:78:69:d4:bf:b6:86:c3:33:e4:1e:80:1a:58:
         21:82:22:5a:8e:33:f4:30:f2:7f:df:0d:ef:fd:90:fe:a4:6e:
         28:2c:c7:df:a4:2b:38:84:57:d5:eb:bf:5e:06:37:bf:dd:dd:
         68:b9:01:b6:a5:22:6e:73:4c:25:64:26:e6:e6:5e:69:d5:23:
         d9:fa:6c:02:31:b6:b4:bd:9e:f9:28:30:db:5b:ae:42:fa:7a:
         66:ae:8e:4c:c8:cd:54:1c:1d:cb:20:dc:8b:9d:ec:a3:7c:83:
         b7:4f:67:05:19:02:58:1f:33:26:e2:f8:3d:ca:48:9f:7c:1b:
         74:91:ae:10:0f:a7:26:ab:6b:e6:33:80:20:1a:fb:15:56:da:
         7d:3f:58:1a:56:87:ba:f3:24:b1:e4:45:08:3d:06:88:c9:c5:
         a2:06:db:eb
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgICAIgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjQ0MkExMTAvBgNVBAUTKDdERTYwN0M0NjE1RDdBMDFGQkRENEE4NkFENTQ1OTQw
MUE3NTk5MjEwHhcNMjQxMTI3MDEzNDQ3WhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzQ2NzczNi1hZTgyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnBCCfD4+2n7w8bJHlwdAeQI2kTkxs2duiqIkJX63U9u2C/7i2r4w14aAzfbo
KKLQDZyG72dEcrWYEx25n4hvRcENrH+ENHZMfnZWtEC2Z//ejRvwTN2Id82z6C2L
Shav9Kt0OtopuqWhVqlsxNX0Y+EpBWeyF8hdEllp6DZk7t5VjL5J9DkKOWwdTQLA
wtoaj/n2PgyqIRMpetjLIKlgtfuoVrkjhvjznOKsGxLFJzIh8R0feuDAbldM3ogn
dus9Q3YYI4eR7+R4ZORBTeQeNQ6AnRvkB5eEWQb6TJca4vYSjUGQI16b3pMMfSgE
s84keacv1sRFpzfNaO5EiLMulwIDAQABo4IC2TCCAtUwHQYDVR0OBBYEFG90xH6e
dyv7U4BuH5EnxlgA8aqIMB8GA1UdIwQYMBaAFH3mB8RhXXoB+91Khq1UWUAadZkh
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNDQyQS9FN0M0RjlERUY2
MjUxMUVFOERBRDhFMzVDNEY5QUUwMi9mZVlIeEdGZGVnSDczVXFHclZSWlFCcDFt
U0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL2ZlWUh4R0ZkZWdINzNVcUdyVlJaUUJwMW1TRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjQ0MkEvRTdDNEY5REVGNjI1MTFFRThEQUQ4RTM1QzRGOUFFMDIvOTg2RTEzNjBG
OEFCMTFFRTkyQ0E4NTMwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYwYIKwYBBQUHAQcBAf8E
VDBSMFAEAgABMEoDBABVzBowDAMEAFXM8wMEAFXM9AMEAFXM9wMEAFXM+gMEAFXM
/QMEAFZrNQMEAFkkxwMEAFkmhgMEAFknWwMEAFkvXgMEAFxybTANBgkqhkiG9w0B
AQsFAAOCAQEADkRWRUI9GPFTRkZw11KblBU10yh2Wu7PVuZRNEDBBUZNkVAZ+nC+
JLMSM6vIg8ZGsd5qfbMr2vgdpMjYuHGV+gJYT6dqIJNWWXnVJGZR2QkgKNcgfTJb
FvDKMaTqIbd4adS/tobDM+QegBpYIYIiWo4z9DDyf98N7/2Q/qRuKCzH36QrOIRX
1eu/XgY3v93daLkBtqUibnNMJWQm5uZeadUj2fpsAjG2tL2e+Sgw21uuQvp6Zq6O
TMjNVBwdyyDci53so3yDt09nBRkCWB8zJuL4PcpIn3wbdJGuEA+nJqtr5jOAIBr7
FVbafT9YGlaHuvMkseRFCD0GiMnFogbb6w==
-----END CERTIFICATE-----