Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915059B/74FB42A8227311EA8A0F3822C4F9AE02/FC162108FC2A11EB93C7F37DC4F9AE02.roa
File:                     FC162108FC2A11EB93C7F37DC4F9AE02.roa (raw, json)
Hash identifier:          wHNjZdpkYns3XKkbQ/qNR5MfNDAmTUPdsR1wdLD3Ppk=
Subject key identifier:   4F:AF:00:7E:D4:45:6F:3F:6E:31:B4:0F:FB:A3:0E:33:C7:80:CA:B1
Certificate issuer:       /CN=A915059B/serialNumber=CA877333B712345F05D2DC6706572E1CB6211778
Certificate serial:       02E7
Authority key identifier: CA:87:73:33:B7:12:34:5F:05:D2:DC:67:06:57:2E:1C:B6:21:17:78
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yodzM7cSNF8F0txnBlcuHLYhF3g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915059B/74FB42A8227311EA8A0F3822C4F9AE02/FC162108FC2A11EB93C7F37DC4F9AE02.roa
Signing time:             Fri 13 Aug 2021 11:38:32 +0000
ROA not before:           Fri 13 Aug 2021 11:38:32 +0000
ROA not after:            Sat 28 May 2022 00:00:00 +0000
asID:                     132210
IP address blocks:        137.59.6.0/24 maxlen: 24
                          137.59.7.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 743 (0x2e7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915059B/serialNumber=CA877333B712345F05D2DC6706572E1CB6211778
        Validity
            Not Before: Aug 13 11:38:32 2021 GMT
            Not After : May 28 00:00:00 2022 GMT
        Subject: CN=611659b7-6780
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8b:f2:15:9a:65:87:37:7b:61:35:19:ac:fe:
                    49:f4:6e:38:6b:65:40:53:45:69:33:b2:2c:be:6a:
                    c0:a9:d0:b8:02:ed:de:98:48:ae:d7:67:8b:0a:6d:
                    ab:8d:2e:d3:91:f8:66:05:79:a9:0e:0e:ac:27:a5:
                    7c:a9:d7:53:8e:b1:df:d0:99:99:b5:80:89:04:16:
                    f2:30:eb:45:77:c0:3c:b0:71:1f:3e:a4:bb:1b:df:
                    a7:01:fa:3d:80:47:04:c1:01:9f:8e:c9:a0:19:e6:
                    84:42:e8:81:20:ef:f4:5b:e2:8c:36:94:43:8f:de:
                    7f:c1:5f:0b:01:e0:51:c1:d3:4a:e4:ba:e9:53:47:
                    a6:f5:dd:6f:2a:58:79:b3:f5:f2:5f:af:f6:26:b0:
                    fd:97:7f:09:f8:42:1c:8c:80:d9:df:fc:0c:3e:dd:
                    62:2a:04:e2:1b:a0:1b:35:cd:ca:3a:ba:d7:1c:c5:
                    8e:f9:5f:b9:ed:e0:30:eb:19:fe:9c:ef:a3:09:55:
                    fd:74:26:af:54:1f:0b:40:27:a9:8e:73:85:fe:e8:
                    a6:63:07:4f:8c:5d:4b:44:27:81:cb:3c:fe:58:52:
                    7e:ad:0c:e2:b3:11:c3:f5:4c:eb:18:aa:09:d6:f4:
                    63:a8:be:2d:d5:fe:68:e6:19:9d:3b:a9:6e:ae:66:
                    ad:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:AF:00:7E:D4:45:6F:3F:6E:31:B4:0F:FB:A3:0E:33:C7:80:CA:B1
            X509v3 Authority Key Identifier:
                keyid:CA:87:73:33:B7:12:34:5F:05:D2:DC:67:06:57:2E:1C:B6:21:17:78

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915059B/74FB42A8227311EA8A0F3822C4F9AE02/yodzM7cSNF8F0txnBlcuHLYhF3g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yodzM7cSNF8F0txnBlcuHLYhF3g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915059B/74FB42A8227311EA8A0F3822C4F9AE02/FC162108FC2A11EB93C7F37DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.59.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:6d:9d:76:5f:dd:8a:09:75:67:cd:3f:1e:8a:de:da:fb:85:
         f9:7a:3d:d3:27:e0:d6:d7:eb:09:7e:1d:b4:ee:74:ea:5b:3e:
         22:15:7a:4b:b2:5e:35:fa:bf:7e:df:59:d2:f4:59:dc:8d:4f:
         b6:c9:16:22:29:ca:12:73:f4:b0:19:10:05:79:22:aa:88:7a:
         46:b7:f4:89:f3:03:9d:8f:a8:ae:e3:af:f0:2f:28:84:4d:b8:
         64:95:5e:ef:31:3e:9e:cd:45:65:00:ca:b1:42:e4:00:78:f8:
         54:f6:69:0a:9c:49:76:4b:ce:e6:da:0b:b2:0d:9e:30:88:15:
         dd:3e:8e:11:5f:69:71:f6:82:19:4f:a9:ed:da:ac:a6:94:eb:
         97:73:3e:d2:04:e2:a7:e4:24:38:41:d4:6c:39:2f:4e:86:01:
         03:36:24:5f:05:36:d0:03:57:dd:8f:3e:fd:70:55:24:a0:f4:
         6a:35:30:46:20:9b:22:e3:a8:00:04:06:1e:ae:54:0a:9d:08:
         cf:9a:48:f8:85:b4:b1:72:69:d1:b9:e5:41:cb:87:37:59:dd:
         e3:3a:98:b7:d8:3b:a0:4e:73:ef:d2:30:6c:f1:c8:a5:fe:ac:
         06:70:e0:eb:b4:46:05:15:91:9c:d5:d3:0c:4b:54:3a:8f:a0:
         48:86:59:f2
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAucwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTA1OUIxMTAvBgNVBAUTKENBODc3MzMzQjcxMjM0NUYwNUQyREM2NzA2NTcyRTFD
QjYyMTE3NzgwHhcNMjEwODEzMTEzODMyWhcNMjIwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02MTE2NTliNy02NzgwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx4vyFZplhzd7YTUZrP5J9G44a2VAU0VpM7IsvmrAqdC4Au3emEiu12eLCm2r
jS7TkfhmBXmpDg6sJ6V8qddTjrHf0JmZtYCJBBbyMOtFd8A8sHEfPqS7G9+nAfo9
gEcEwQGfjsmgGeaEQuiBIO/0W+KMNpRDj95/wV8LAeBRwdNK5LrpU0em9d1vKlh5
s/XyX6/2JrD9l38J+EIcjIDZ3/wMPt1iKgTiG6AbNc3KOrrXHMWO+V+57eAw6xn+
nO+jCVX9dCavVB8LQCepjnOF/uimYwdPjF1LRCeByzz+WFJ+rQzisxHD9UzrGKoJ
1vRjqL4t1f5o5hmdO6lurmatrQIDAQABo4IClTCCApEwHQYDVR0OBBYEFE+vAH7U
RW8/bjG0D/ujDjPHgMqxMB8GA1UdIwQYMBaAFMqHczO3EjRfBdLcZwZXLhy2IRd4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MDU5Qi83NEZCNDJBODIy
NzMxMUVBOEEwRjM4MjJDNEY5QUUwMi95b2R6TTdjU05GOEYwdHhuQmxjdUhMWWhG
M2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lvZHpNN2NTTkY4RjB0eG5CbGN1SExZaEYzZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTA1OUIvNzRGQjQyQTgyMjczMTFFQThBMEYzODIyQzRGOUFFMDIvRkMxNjIxMDhG
QzJBMTFFQjkzQzdGMzdEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAGJOwYwDQYJKoZIhvcNAQELBQADggEBAC5tnXZf3YoJdWfN
Px6K3tr7hfl6PdMn4NbX6wl+HbTudOpbPiIVekuyXjX6v37fWdL0WdyNT7bJFiIp
yhJz9LAZEAV5IqqIeka39InzA52PqK7jr/AvKIRNuGSVXu8xPp7NRWUAyrFC5AB4
+FT2aQqcSXZLzubaC7INnjCIFd0+jhFfaXH2ghlPqe3arKaU65dzPtIE4qfkJDhB
1Gw5L06GAQM2JF8FNtADV92PPv1wVSSg9Go1MEYgmyLjqAAEBh6uVAqdCM+aSPiF
tLFyadG55UHLhzdZ3eM6mLfYO6BOc+/SMGzxyKX+rAZw4Ou0RgUVkZzV0wxLVDqP
oEiGWfI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:06 2024 by rpki-client on console-fra.rpki-client.org