Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913CA4B/DC2F0432BF8011EA96FE4A68C4F9AE02/8EAA000847C311EEA7F75B7FC4F9AE02.roa
File:                     8EAA000847C311EEA7F75B7FC4F9AE02.roa (raw, json)
Hash identifier:          DrLMA5cpL0xpKI1dyr3zIWUvuXAJczDnOI3HlZK0wVE=
Subject key identifier:   E2:2F:FE:AE:0C:E9:10:71:A0:94:F1:FA:74:F5:9F:FA:9E:99:38:A4
Certificate issuer:       /CN=A913CA4B/serialNumber=709210CF761EC67FB394EA5896A5C647B305EEF1
Certificate serial:       0776
Authority key identifier: 70:92:10:CF:76:1E:C6:7F:B3:94:EA:58:96:A5:C6:47:B3:05:EE:F1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cJIQz3Yexn-zlOpYlqXGR7MF7vE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913CA4B/DC2F0432BF8011EA96FE4A68C4F9AE02/8EAA000847C311EEA7F75B7FC4F9AE02.roa
Signing time:             Thu 31 Aug 2023 05:59:33 +0000
ROA not before:           Thu 31 Aug 2023 05:59:33 +0000
ROA not after:            Sat 30 Dec 2023 00:00:00 +0000
asID:                     55745
IP address blocks:        117.55.192.0/24 maxlen: 24
                          117.55.193.0/24 maxlen: 24
                          117.55.198.0/24 maxlen: 24
                          117.55.199.0/24 maxlen: 24
                          117.55.202.0/24 maxlen: 24
                          117.55.203.0/24 maxlen: 24
                          2400:5180::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1910 (0x776)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913CA4B/serialNumber=709210CF761EC67FB394EA5896A5C647B305EEF1
        Validity
            Not Before: Aug 31 05:59:33 2023 GMT
            Not After : Dec 30 00:00:00 2023 GMT
        Subject: CN=64f02c45-8524
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:53:90:03:d6:cd:6a:57:7c:91:02:9f:25:3f:
                    da:5e:ca:18:14:08:e9:ee:2c:14:fd:a8:28:15:cb:
                    97:f8:78:b0:cb:f4:4c:9c:33:6a:41:99:42:c5:20:
                    2b:13:06:0a:30:0f:9b:d8:a8:22:fe:fc:ad:c4:32:
                    3e:d7:12:29:7a:ef:86:59:55:72:c3:28:5f:a5:41:
                    06:09:bc:5e:b4:c9:e5:46:13:f1:2a:d4:6e:1a:0b:
                    a6:f8:0a:bc:1d:ba:07:5b:fa:10:b6:fd:0d:6b:b0:
                    64:8a:08:01:3f:7c:69:ee:a7:0f:7f:19:6b:e0:18:
                    90:49:0f:5e:68:e1:94:50:7e:dd:8e:01:45:ec:6f:
                    ba:9c:09:cb:26:dd:0d:2d:cd:4b:1c:93:17:49:a0:
                    26:fb:bc:f7:95:f9:3c:e3:8e:38:07:54:2e:6c:ef:
                    a5:8c:bd:8d:22:a9:13:27:e8:b4:12:b4:d6:4e:e9:
                    2f:4f:aa:6f:0a:5e:98:d3:83:1f:18:6c:3b:a8:48:
                    f9:15:4e:c5:f8:00:b1:b6:64:45:38:cb:13:2c:e8:
                    af:dd:ac:e7:6f:12:cc:f9:28:2d:e0:4e:41:9a:10:
                    37:e0:59:1b:04:0e:eb:37:11:7d:4e:3f:4c:7f:d5:
                    ba:7c:34:f7:5e:a8:50:f8:f0:7d:85:80:f8:02:b9:
                    a9:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:2F:FE:AE:0C:E9:10:71:A0:94:F1:FA:74:F5:9F:FA:9E:99:38:A4
            X509v3 Authority Key Identifier:
                keyid:70:92:10:CF:76:1E:C6:7F:B3:94:EA:58:96:A5:C6:47:B3:05:EE:F1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913CA4B/DC2F0432BF8011EA96FE4A68C4F9AE02/cJIQz3Yexn-zlOpYlqXGR7MF7vE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cJIQz3Yexn-zlOpYlqXGR7MF7vE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913CA4B/DC2F0432BF8011EA96FE4A68C4F9AE02/8EAA000847C311EEA7F75B7FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.55.192.0/23
                  117.55.198.0/23
                  117.55.202.0/23
                IPv6:
                  2400:5180::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:32:6b:1c:a6:d7:ac:1b:df:f7:ca:4a:87:0f:62:be:ca:44:
         f6:63:e6:31:9b:bc:53:d7:1c:e0:3e:07:eb:72:e3:5b:ce:e1:
         a2:c5:af:d6:90:0f:12:ac:6f:15:43:72:a6:70:a8:e9:65:be:
         86:88:de:0a:1e:fe:2c:56:52:ef:eb:5a:76:f3:11:b5:0b:d4:
         ef:37:89:eb:e9:17:b2:c7:bd:a1:8a:88:4a:d8:02:86:0f:c0:
         d2:73:29:c8:ae:0e:1c:ab:de:74:41:0c:2c:03:6a:26:18:a3:
         b8:09:ca:73:a4:0a:73:6e:45:14:6e:6b:a9:12:76:7e:1f:57:
         4a:b0:84:90:2d:4d:00:a9:df:47:ba:2f:de:e2:f2:c3:dc:a1:
         2a:93:a8:b6:c1:74:e4:6b:a3:b0:cb:7e:07:55:10:08:72:fe:
         10:6d:9f:b4:8b:97:9b:34:22:83:08:c6:d0:e6:3a:09:1e:67:
         1a:5b:54:3d:d9:a4:58:00:19:58:79:33:df:b2:35:d4:da:c7:
         3f:28:7d:5e:b1:60:88:09:2c:fc:7a:7a:72:9d:9e:e9:9a:d2:
         27:1a:07:6b:f8:57:ee:cd:4d:11:8a:05:e3:20:e7:c3:74:8a:
         41:40:61:37:58:cc:df:4b:ea:fd:90:44:6f:3f:8a:b8:71:0e:
         8c:70:28:50
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICB3YwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0NBNEIxMTAvBgNVBAUTKDcwOTIxMENGNzYxRUM2N0ZCMzk0RUE1ODk2QTVDNjQ3
QjMwNUVFRjEwHhcNMjMwODMxMDU1OTMzWhcNMjMxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGYwMmM0NS04NTI0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2FOQA9bNald8kQKfJT/aXsoYFAjp7iwU/agoFcuX+Hiwy/RMnDNqQZlCxSAr
EwYKMA+b2Kgi/vytxDI+1xIpeu+GWVVywyhfpUEGCbxetMnlRhPxKtRuGgum+Aq8
HboHW/oQtv0Na7BkiggBP3xp7qcPfxlr4BiQSQ9eaOGUUH7djgFF7G+6nAnLJt0N
Lc1LHJMXSaAm+7z3lfk84444B1QubO+ljL2NIqkTJ+i0ErTWTukvT6pvCl6Y04Mf
GGw7qEj5FU7F+ACxtmRFOMsTLOiv3aznbxLM+Sgt4E5BmhA34FkbBA7rNxF9Tj9M
f9W6fDT3XqhQ+PB9hYD4ArmpUwIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFOIv/q4M
6RBxoJTx+nT1n/qemTikMB8GA1UdIwQYMBaAFHCSEM92HsZ/s5TqWJalxkezBe7x
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzQ0E0Qi9EQzJGMDQzMkJG
ODAxMUVBOTZGRTRBNjhDNEY5QUUwMi9jSklRejNZZXhuLXpsT3BZbHFYR1I3TUY3
dkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NKSVF6M1lleG4temxPcFlscVhHUjdNRjd2RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0NBNEIvREMyRjA0MzJCRjgwMTFFQTk2RkU0QTY4QzRGOUFFMDIvOEVBQTAwMDg0
N0MzMTFFRUE3Rjc1QjdGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAF1N8ADBAF1N8YDBAF1N8owDQQCAAIwBwMFACQAUYAwDQYJ
KoZIhvcNAQELBQADggEBAIUyaxym16wb3/fKSocPYr7KRPZj5jGbvFPXHOA+B+ty
41vO4aLFr9aQDxKsbxVDcqZwqOllvoaI3goe/ixWUu/rWnbzEbUL1O83ievpF7LH
vaGKiErYAoYPwNJzKciuDhyr3nRBDCwDaiYYo7gJynOkCnNuRRRua6kSdn4fV0qw
hJAtTQCp30e6L97i8sPcoSqTqLbBdORro7DLfgdVEAhy/hBtn7SLl5s0IoMIxtDm
OgkeZxpbVD3ZpFgAGVh5M9+yNdTaxz8ofV6xYIgJLPx6enKdnuma0icaB2v4V+7N
TRGKBeMg58N0ikFAYTdYzN9L6v2QRG8/irhxDoxwKFA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:03 2024 by rpki-client on console-fra.rpki-client.org