Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914A947/2EFC7994826711EABBD3080AC4F9AE02/406EFBE4AA5111EBBB92D325C4F9AE02.roa
File:                     406EFBE4AA5111EBBB92D325C4F9AE02.roa (raw, json)
Hash identifier:          6KmjnfNVYDkOsi8s0bur8ZnB1XNuMSqgNNSXWcH6A1g=
Subject key identifier:   02:C4:5D:D2:3A:DB:1E:EF:BF:D9:E1:75:E2:F7:CD:78:B7:15:A9:2A
Certificate issuer:       /CN=A914A947/serialNumber=D959B492D953B38DCB9C2A78FB42B7F85DF86E13
Certificate serial:       08A6
Authority key identifier: D9:59:B4:92:D9:53:B3:8D:CB:9C:2A:78:FB:42:B7:F8:5D:F8:6E:13
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2Vm0ktlTs43LnCp4-0K3-F34bhM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914A947/2EFC7994826711EABBD3080AC4F9AE02/406EFBE4AA5111EBBB92D325C4F9AE02.roa
Signing time:             Fri 28 Jul 2023 20:57:49 +0000
ROA not before:           Fri 28 Jul 2023 20:57:49 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     138024
IP address blocks:        103.120.36.0/24 maxlen: 24
                          103.120.37.0/24 maxlen: 24
                          103.120.38.0/24 maxlen: 24
                          103.120.39.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2214 (0x8a6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914A947/serialNumber=D959B492D953B38DCB9C2A78FB42B7F85DF86E13
        Validity
            Not Before: Jul 28 20:57:49 2023 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=64c42bcd-dbb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:56:de:af:03:40:e6:6d:c3:83:11:c6:1d:50:
                    e3:4e:2f:a3:e7:55:e1:d8:48:4a:0a:d5:b8:94:23:
                    ae:03:22:2c:1c:9c:6e:0d:c9:ba:4a:0f:9e:75:ff:
                    dc:b6:48:eb:83:7e:e0:d4:26:b0:e4:83:e0:56:aa:
                    dd:e1:1d:ad:a8:79:ab:41:ac:31:53:59:33:c9:86:
                    69:f9:66:d2:0f:ae:15:8a:cb:36:17:bc:cd:a7:8e:
                    46:1f:50:33:3b:02:71:55:d2:cb:cc:4a:61:f4:12:
                    8f:79:c2:2f:a3:91:e9:9c:9a:aa:48:a8:90:76:53:
                    5c:5c:be:fd:79:f1:4e:3c:47:18:38:96:3f:b8:fd:
                    b2:b8:ad:3d:f0:8f:0d:03:5e:d8:21:7e:a5:b0:4d:
                    16:62:96:9e:0d:b3:ae:98:c6:f8:88:ef:29:72:5d:
                    10:07:9d:57:1d:be:c7:60:0f:03:70:4a:79:42:22:
                    8c:2f:e8:be:6d:09:80:49:0a:44:66:9c:cc:15:66:
                    50:c4:71:34:49:17:da:68:60:50:29:ec:77:57:9a:
                    55:4f:9f:7b:41:63:4e:0b:42:f1:69:a7:c7:73:8f:
                    2c:3c:3e:51:2d:c1:2e:2a:43:02:8b:1c:bf:82:4e:
                    60:fc:a9:84:cc:aa:70:c9:44:7d:7f:da:97:fe:0e:
                    d1:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:C4:5D:D2:3A:DB:1E:EF:BF:D9:E1:75:E2:F7:CD:78:B7:15:A9:2A
            X509v3 Authority Key Identifier:
                keyid:D9:59:B4:92:D9:53:B3:8D:CB:9C:2A:78:FB:42:B7:F8:5D:F8:6E:13

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914A947/2EFC7994826711EABBD3080AC4F9AE02/2Vm0ktlTs43LnCp4-0K3-F34bhM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2Vm0ktlTs43LnCp4-0K3-F34bhM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914A947/2EFC7994826711EABBD3080AC4F9AE02/406EFBE4AA5111EBBB92D325C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.120.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:35:99:57:09:e2:d0:9b:c0:16:c8:c8:64:d2:2f:bc:ed:05:
         f6:0b:8a:9d:06:54:af:b5:8e:ba:28:16:76:7e:bf:97:04:25:
         25:ae:71:30:8d:2d:e9:81:0f:6e:e4:27:11:3b:2d:4b:f0:e4:
         e7:a9:7c:56:46:68:dc:bc:9c:d7:c5:79:ed:9b:16:34:52:6e:
         83:4b:5a:58:ca:84:18:b4:a3:b7:df:3b:ca:e6:37:5e:06:18:
         24:96:07:5a:23:52:46:15:4a:7c:e9:8b:04:de:eb:77:f2:23:
         88:8e:34:bc:ce:6e:33:53:2b:0d:77:8b:b0:46:b6:7b:f8:2a:
         0c:67:d1:19:14:e0:da:a3:8d:c6:2b:6f:6c:4c:a6:b0:50:bf:
         bf:cb:3e:19:ef:cb:59:00:a0:94:5f:37:09:e6:ee:1d:6d:7e:
         2c:75:c5:07:0d:d0:58:6d:58:6f:5f:f7:c8:32:95:b2:85:96:
         50:0b:73:dc:27:29:a9:3f:72:e1:2e:52:21:39:d5:31:68:5f:
         86:f0:4a:ba:3e:c7:c8:b0:b8:af:28:10:2e:2e:3a:98:72:5d:
         c4:e3:53:ed:b7:3b:92:e5:7e:ce:98:64:35:11:28:eb:ff:1d:
         95:55:12:27:e8:5d:52:4c:68:3e:e7:f7:90:38:d4:25:22:2e:
         00:84:80:0c
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCKYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEE5NDcxMTAvBgNVBAUTKEQ5NTlCNDkyRDk1M0IzOERDQjlDMkE3OEZCNDJCN0Y4
NURGODZFMTMwHhcNMjMwNzI4MjA1NzQ5WhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGM0MmJjZC1kYmIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtlberwNA5m3DgxHGHVDjTi+j51Xh2EhKCtW4lCOuAyIsHJxuDcm6Sg+edf/c
tkjrg37g1Caw5IPgVqrd4R2tqHmrQawxU1kzyYZp+WbSD64Viss2F7zNp45GH1Az
OwJxVdLLzEph9BKPecIvo5HpnJqqSKiQdlNcXL79efFOPEcYOJY/uP2yuK098I8N
A17YIX6lsE0WYpaeDbOumMb4iO8pcl0QB51XHb7HYA8DcEp5QiKML+i+bQmASQpE
ZpzMFWZQxHE0SRfaaGBQKex3V5pVT597QWNOC0LxaafHc48sPD5RLcEuKkMCixy/
gk5g/KmEzKpwyUR9f9qX/g7RgwIDAQABo4IClTCCApEwHQYDVR0OBBYEFALEXdI6
2x7vv9nhdeL3zXi3FakqMB8GA1UdIwQYMBaAFNlZtJLZU7ONy5wqePtCt/hd+G4T
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QTk0Ny8yRUZDNzk5NDgy
NjcxMUVBQkJEMzA4MEFDNEY5QUUwMi8yVm0wa3RsVHM0M0xuQ3A0LTBLMy1GMzRi
aE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzJWbTBrdGxUczQzTG5DcDQtMEszLUYzNGJoTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEE5NDcvMkVGQzc5OTQ4MjY3MTFFQUJCRDMwODBBQzRGOUFFMDIvNDA2RUZCRTRB
QTUxMTFFQkJCOTJEMzI1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJneCQwDQYJKoZIhvcNAQELBQADggEBADM1mVcJ4tCbwBbI
yGTSL7ztBfYLip0GVK+1jrooFnZ+v5cEJSWucTCNLemBD27kJxE7LUvw5OepfFZG
aNy8nNfFee2bFjRSboNLWljKhBi0o7ffO8rmN14GGCSWB1ojUkYVSnzpiwTe63fy
I4iONLzObjNTKw13i7BGtnv4Kgxn0RkU4NqjjcYrb2xMprBQv7/LPhnvy1kAoJRf
Nwnm7h1tfix1xQcN0FhtWG9f98gylbKFllALc9wnKak/cuEuUiE51TFoX4bwSro+
x8iwuK8oEC4uOphyXcTjU+23O5Llfs6YZDURKOv/HZVVEifoXVJMaD7n95A41CUi
LgCEgAw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:58 2024 by rpki-client on console-ams.rpki-client.org