Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9167CAE/057A25EE953411EC90E97755C4F9AE02/3BBCFDF0953611ECAA862156C4F9AE02.roa
File:                     3BBCFDF0953611ECAA862156C4F9AE02.roa (raw, json)
Hash identifier:          dcDPEzA+MADpTzqMsoYEYNQJdsDOwRC+AzrwKk+CLkI=
Subject key identifier:   87:8F:5F:AB:30:2C:60:19:D7:F2:7A:EF:74:77:41:08:2B:57:21:E7
Certificate issuer:       /CN=A9167CAE/serialNumber=4E4453B2B66A8695A03EEA3A9BE1F85A921A2D09
Certificate serial:       0115
Authority key identifier: 4E:44:53:B2:B6:6A:86:95:A0:3E:EA:3A:9B:E1:F8:5A:92:1A:2D:09
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TkRTsrZqhpWgPuo6m-H4WpIaLQk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9167CAE/057A25EE953411EC90E97755C4F9AE02/3BBCFDF0953611ECAA862156C4F9AE02.roa
Signing time:             Thu 07 Jul 2022 16:13:03 +0000
ROA not before:           Thu 07 Jul 2022 16:13:03 +0000
ROA not after:            Sun 30 Jul 2023 00:00:00 +0000
asID:                     135060
IP address blocks:        103.93.150.0/24 maxlen: 24
                          103.93.151.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 277 (0x115)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9167CAE/serialNumber=4E4453B2B66A8695A03EEA3A9BE1F85A921A2D09
        Validity
            Not Before: Jul  7 16:13:03 2022 GMT
            Not After : Jul 30 00:00:00 2023 GMT
        Subject: CN=62c7060f-1513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f0:92:3b:ba:c0:60:ba:07:eb:b5:df:0d:99:
                    2e:14:84:b0:33:64:6a:42:b6:c5:1c:d8:11:cb:50:
                    d2:f7:9c:a3:17:0e:1e:2c:8c:69:4e:99:c3:c9:09:
                    80:2b:89:b2:ef:ca:34:25:77:4e:6d:91:fa:e4:d9:
                    92:ce:2f:00:e5:0e:0f:80:b9:c6:c5:33:4d:6e:fe:
                    9d:b9:b0:74:7e:76:27:be:f0:dc:8e:76:4e:3b:ab:
                    8e:f8:df:da:3b:51:b1:7c:1d:6a:af:13:f6:72:01:
                    9a:c2:3e:c5:02:a9:7f:d1:35:ed:94:1b:33:3d:55:
                    10:82:da:26:67:1e:ea:bd:32:21:89:ad:e2:f0:92:
                    87:91:1e:5f:45:c8:69:cd:69:99:b5:21:2e:5d:2b:
                    06:dd:3c:7b:36:1f:25:e2:e4:b5:ef:79:57:c4:b7:
                    ce:1b:5d:4f:0b:2d:2e:a7:6e:4a:f7:96:8f:54:a2:
                    5d:66:6d:8e:ae:63:4e:12:61:f5:da:86:c2:fd:c0:
                    72:c4:5f:c5:f5:7f:26:22:c7:dd:fb:a4:ff:b3:8c:
                    6c:90:ba:d7:20:ca:18:2c:f5:f6:b3:7b:a9:aa:59:
                    1e:ba:d6:1c:40:e9:18:fe:1e:9b:39:4e:42:9a:ae:
                    54:a0:be:b0:92:2e:47:fc:e9:d8:25:f2:2f:0f:5d:
                    fd:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:8F:5F:AB:30:2C:60:19:D7:F2:7A:EF:74:77:41:08:2B:57:21:E7
            X509v3 Authority Key Identifier:
                keyid:4E:44:53:B2:B6:6A:86:95:A0:3E:EA:3A:9B:E1:F8:5A:92:1A:2D:09

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9167CAE/057A25EE953411EC90E97755C4F9AE02/TkRTsrZqhpWgPuo6m-H4WpIaLQk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TkRTsrZqhpWgPuo6m-H4WpIaLQk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9167CAE/057A25EE953411EC90E97755C4F9AE02/3BBCFDF0953611ECAA862156C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.93.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:4a:22:7a:75:b4:0e:75:e7:eb:51:7d:c8:09:6a:a6:a9:fb:
         6b:e7:00:5d:84:f0:87:4d:01:07:83:16:c2:e7:8f:7a:5e:56:
         79:0b:7c:38:21:54:65:40:7d:ff:b7:5e:4a:17:77:6b:7d:fd:
         f6:d8:4f:8b:4f:fa:e6:ec:c1:9e:41:ca:d6:88:b3:cd:eb:a3:
         88:a3:53:f6:77:52:58:04:fa:39:08:69:6f:a0:98:e9:93:de:
         78:12:d8:8c:b4:ac:b6:ac:fe:33:1f:4b:06:c5:69:c8:0b:cf:
         e9:1a:8d:e7:1f:93:2b:34:72:e0:d6:99:dd:07:12:dd:5f:5f:
         d5:c3:b1:77:45:97:ae:40:83:97:f7:61:1d:d2:79:87:64:02:
         cb:81:e6:9f:11:bd:0f:65:b9:4d:f6:94:8f:2a:cf:32:85:d4:
         6d:55:b3:7c:94:44:01:f4:87:20:22:b1:1b:57:79:d4:6a:33:
         7d:8e:76:01:29:a7:83:50:77:38:9a:ac:70:08:7e:1b:a1:4a:
         98:7f:43:6b:cf:f1:41:c0:28:65:9c:54:99:4a:32:c6:44:9a:
         59:7e:dd:2e:f5:e6:d5:bd:46:f9:aa:a0:7e:47:03:65:3e:46:
         70:25:81:51:a7:b4:fa:2e:06:9f:bd:6b:c5:0d:86:d8:87:07:
         78:e0:54:56
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICARUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjdDQUUxMTAvBgNVBAUTKDRFNDQ1M0IyQjY2QTg2OTVBMDNFRUEzQTlCRTFGODVB
OTIxQTJEMDkwHhcNMjIwNzA3MTYxMzAzWhcNMjMwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmM3MDYwZi0xNTEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4PCSO7rAYLoH67XfDZkuFISwM2RqQrbFHNgRy1DS95yjFw4eLIxpTpnDyQmA
K4my78o0JXdObZH65NmSzi8A5Q4PgLnGxTNNbv6dubB0fnYnvvDcjnZOO6uO+N/a
O1GxfB1qrxP2cgGawj7FAql/0TXtlBszPVUQgtomZx7qvTIhia3i8JKHkR5fRchp
zWmZtSEuXSsG3Tx7Nh8l4uS173lXxLfOG11PCy0up25K95aPVKJdZm2OrmNOEmH1
2obC/cByxF/F9X8mIsfd+6T/s4xskLrXIMoYLPX2s3upqlkeutYcQOkY/h6bOU5C
mq5UoL6wki5H/OnYJfIvD139iQIDAQABo4IClTCCApEwHQYDVR0OBBYEFIePX6sw
LGAZ1/J673R3QQgrVyHnMB8GA1UdIwQYMBaAFE5EU7K2aoaVoD7qOpvh+FqSGi0J
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2N0NBRS8wNTdBMjVFRTk1
MzQxMUVDOTBFOTc3NTVDNEY5QUUwMi9Ua1JUc3JacWhwV2dQdW82bS1INFdwSWFM
UWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1RrUlRzclpxaHBXZ1B1bzZtLUg0V3BJYUxRay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjdDQUUvMDU3QTI1RUU5NTM0MTFFQzkwRTk3NzU1QzRGOUFFMDIvM0JCQ0ZERjA5
NTM2MTFFQ0FBODYyMTU2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnXZYwDQYJKoZIhvcNAQELBQADggEBACFKInp1tA515+tR
fcgJaqap+2vnAF2E8IdNAQeDFsLnj3peVnkLfDghVGVAff+3XkoXd2t9/fbYT4tP
+ubswZ5BytaIs83ro4ijU/Z3UlgE+jkIaW+gmOmT3ngS2Iy0rLas/jMfSwbFacgL
z+kajecfkys0cuDWmd0HEt1fX9XDsXdFl65Ag5f3YR3SeYdkAsuB5p8RvQ9luU32
lI8qzzKF1G1Vs3yURAH0hyAisRtXedRqM32OdgEpp4NQdziarHAIfhuhSph/Q2vP
8UHAKGWcVJlKMsZEmll+3S715tW9RvmqoH5HA2U+RnAlgVGntPouBp+9a8UNhtiH
B3jgVFY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:10 2024 by rpki-client on console-fra.rpki-client.org