Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/B110BE66380011EE957E990DC4F9AE02.roa
File:                     B110BE66380011EE957E990DC4F9AE02.roa (raw, json)
Hash identifier:          wv0eCnt0SvG/W17Au98AG0xz7aTgVXnyng62ngL4uDw=
Subject key identifier:   8F:86:A9:27:85:D2:13:32:82:0A:BE:0A:0C:80:FF:85:C1:9E:AF:F6
Certificate issuer:       /CN=A9159E90/serialNumber=591E2C8973C63F0B50EEFA13446BCB15EC52E51F
Certificate serial:       15
Authority key identifier: 59:1E:2C:89:73:C6:3F:0B:50:EE:FA:13:44:6B:CB:15:EC:52:E5:1F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WR4siXPGPwtQ7voTRGvLFexS5R8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/B110BE66380011EE957E990DC4F9AE02.roa
Signing time:             Fri 11 Aug 2023 04:36:52 +0000
ROA not before:           Fri 11 Aug 2023 04:36:52 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     151493
IP address blocks:        2401:13a0:2::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 21 (0x15)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9159E90/serialNumber=591E2C8973C63F0B50EEFA13446BCB15EC52E51F
        Validity
            Not Before: Aug 11 04:36:52 2023 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=64d5bae3-68e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:48:53:a4:35:d7:ce:4b:87:0f:18:b5:f9:ed:
                    a3:96:88:93:7d:87:c9:d4:de:44:1f:a0:88:40:7e:
                    a9:61:5c:80:9d:01:9a:16:6d:18:68:e4:b4:02:76:
                    10:a6:ce:f1:54:af:59:2b:9f:27:17:6f:17:36:61:
                    9d:f9:73:fe:bf:60:09:81:4c:6e:e4:8e:f0:cd:2b:
                    41:6b:db:55:8e:06:6c:7d:61:fa:0f:1e:e6:de:a6:
                    ef:3d:b6:f4:69:46:e8:d5:96:7f:6b:46:1d:4f:89:
                    c2:94:9b:a7:13:19:16:cd:21:8c:b0:2c:d4:cf:58:
                    48:14:bf:32:05:2d:ec:8d:dd:21:6d:ee:98:32:6e:
                    89:df:7f:1b:d5:4e:9a:f6:63:3d:3d:83:ad:e3:fe:
                    a7:82:21:03:9d:94:f5:e2:7b:a2:7c:4f:ec:1b:17:
                    b0:de:63:75:9a:f2:16:ba:9b:0f:07:1a:44:45:ea:
                    9f:53:76:3a:8d:ad:75:79:6f:1f:79:78:ff:cc:c5:
                    5e:63:8b:b0:67:ef:84:db:f2:39:04:d0:3a:16:c7:
                    95:db:bf:e9:5a:1d:c0:7a:9f:66:56:ba:1c:e8:01:
                    fa:7a:4a:b6:c7:f2:79:4f:db:32:be:d9:85:b4:99:
                    86:8c:ac:f6:8c:2f:85:72:1b:4a:f4:bf:3b:06:4c:
                    ca:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:86:A9:27:85:D2:13:32:82:0A:BE:0A:0C:80:FF:85:C1:9E:AF:F6
            X509v3 Authority Key Identifier:
                keyid:59:1E:2C:89:73:C6:3F:0B:50:EE:FA:13:44:6B:CB:15:EC:52:E5:1F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/WR4siXPGPwtQ7voTRGvLFexS5R8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WR4siXPGPwtQ7voTRGvLFexS5R8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9159E90/A572B67C1F3211EEB364DD53C4F9AE02/B110BE66380011EE957E990DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:13a0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:11:08:e4:3d:c3:f0:7e:62:e9:dd:45:09:16:af:43:55:72:
         c5:5d:3c:14:af:81:dd:7e:0d:17:5c:6d:fd:2e:f7:4d:fa:0d:
         c7:6d:bf:a6:9a:58:2e:e2:4a:ef:c5:f4:74:15:5b:3f:84:92:
         d9:5b:5b:31:63:1d:d8:a4:28:ad:a4:26:fd:26:0c:01:5c:25:
         40:19:85:ab:ed:59:c5:b1:31:56:4c:ed:8d:31:f2:b4:f2:4b:
         0a:07:66:70:65:0a:5a:d5:cf:0e:4a:63:c4:34:3d:f7:38:01:
         ef:6c:2c:b7:14:10:03:30:68:cf:f3:ca:13:40:0e:81:a7:3b:
         85:bc:6a:4e:2e:b1:d6:9d:ac:d0:2a:e0:4b:32:74:a9:31:9a:
         b5:d9:0b:9b:75:5f:ee:dc:23:f7:5a:8f:84:70:e3:84:d5:05:
         3d:4e:ca:5a:c5:1d:27:55:0e:7e:1d:9b:14:c1:a3:d5:b7:2b:
         8a:ee:6f:27:7b:02:3b:dd:ce:e9:e3:53:b8:f3:a1:69:a2:9a:
         0a:66:41:d6:a0:e3:81:a0:44:28:0b:6c:3c:be:cd:8b:53:bd:
         3f:f0:c6:5c:48:20:89:4f:b8:39:67:9c:ec:50:d7:12:4c:ad:
         7e:1f:90:cf:ef:d5:76:e2:1f:ac:0c:14:60:0b:b1:95:e5:83:
         5f:75:d0:c1
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIBFTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE1
OUU5MDExMC8GA1UEBRMoNTkxRTJDODk3M0M2M0YwQjUwRUVGQTEzNDQ2QkNCMTVF
QzUyRTUxRjAeFw0yMzA4MTEwNDM2NTJaFw0yNDEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0ZDViYWUzLTY4ZTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDdSFOkNdfOS4cPGLX57aOWiJN9h8nU3kQfoIhAfqlhXICdAZoWbRho5LQCdhCm
zvFUr1krnycXbxc2YZ35c/6/YAmBTG7kjvDNK0Fr21WOBmx9YfoPHubepu89tvRp
RujVln9rRh1PicKUm6cTGRbNIYywLNTPWEgUvzIFLeyN3SFt7pgybonffxvVTpr2
Yz09g63j/qeCIQOdlPXie6J8T+wbF7DeY3Wa8ha6mw8HGkRF6p9TdjqNrXV5bx95
eP/MxV5ji7Bn74Tb8jkE0DoWx5Xbv+laHcB6n2ZWuhzoAfp6SrbH8nlP2zK+2YW0
mYaMrPaML4VyG0r0vzsGTMqXAgMBAAGjggKYMIIClDAdBgNVHQ4EFgQUj4apJ4XS
EzKCCr4KDID/hcGer/YwHwYDVR0jBBgwFoAUWR4siXPGPwtQ7voTRGvLFexS5R8w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTU5RTkwL0E1NzJCNjdDMUYz
MjExRUVCMzY0REQ1M0M0RjlBRTAyL1dSNHNpWFBHUHd0UTd2b1RSR3ZMRmV4UzVS
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvV1I0c2lYUEdQd3RRN3ZvVFJHdkxGZXhTNVI4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1
OUU5MC9BNTcyQjY3QzFGMzIxMUVFQjM2NERENTNDNEY5QUUwMi9CMTEwQkU2NjM4
MDAxMUVFOTU3RTk5MERDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAiBggrBgEFBQcBBwEB/wQT
MBEwDwQCAAIwCQMHACQBE6AAAjANBgkqhkiG9w0BAQsFAAOCAQEAEBEI5D3D8H5i
6d1FCRavQ1VyxV08FK+B3X4NF1xt/S73TfoNx22/pppYLuJK78X0dBVbP4SS2Vtb
MWMd2KQoraQm/SYMAVwlQBmFq+1ZxbExVkztjTHytPJLCgdmcGUKWtXPDkpjxDQ9
9zgB72wstxQQAzBoz/PKE0AOgac7hbxqTi6x1p2s0CrgSzJ0qTGatdkLm3Vf7twj
91qPhHDjhNUFPU7KWsUdJ1UOfh2bFMGj1bcriu5vJ3sCO93O6eNTuPOhaaKaCmZB
1qDjgaBEKAtsPL7Ni1O9P/DGXEggiU+4OWec7FDXEkytfh+Qz+/VduIfrAwUYAux
leWDX3XQwQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:07 2024 by rpki-client on console-fra.rpki-client.org