Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/02A33D9AE09011EC81186451C4F9AE02.roa
File:                     02A33D9AE09011EC81186451C4F9AE02.roa (raw, json)
Hash identifier:          ONgMhl59LmP/CFJwIfTC9QthOl6p+5AIqq6uW4kIGug=
Subject key identifier:   A3:2B:5E:0F:E6:EE:3C:65:75:EB:B3:9D:42:0F:EF:CD:C6:D9:03:0C
Certificate issuer:       /CN=A916B18B/serialNumber=FDE36B6E949398E52D95E89D40BDF60B25DB69B9
Certificate serial:       1472
Authority key identifier: FD:E3:6B:6E:94:93:98:E5:2D:95:E8:9D:40:BD:F6:0B:25:DB:69:B9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_eNrbpSTmOUtleidQL32CyXbabk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/02A33D9AE09011EC81186451C4F9AE02.roa
Signing time:             Tue 31 May 2022 03:45:50 +0000
ROA not before:           Tue 31 May 2022 03:45:50 +0000
ROA not after:            Tue 31 Jan 2023 00:00:00 +0000
asID:                     17639
IP address blocks:        27.49.0.0/16 maxlen: 22
                          103.240.120.0/22 maxlen: 22
                          113.19.0.0/16 maxlen: 22
                          136.158.128.0/17 maxlen: 17
                          136.158.128.0/22 maxlen: 22
                          136.158.132.0/22 maxlen: 22
                          136.158.136.0/22 maxlen: 22
                          136.158.140.0/22 maxlen: 22
                          136.158.144.0/22 maxlen: 22
                          136.158.148.0/22 maxlen: 22
                          136.158.152.0/22 maxlen: 22
                          136.158.156.0/22 maxlen: 22
                          136.158.160.0/22 maxlen: 22
                          136.158.164.0/22 maxlen: 22
                          136.158.168.0/22 maxlen: 22
                          136.158.172.0/22 maxlen: 22
                          136.158.176.0/22 maxlen: 22
                          136.158.180.0/22 maxlen: 22
                          136.158.184.0/22 maxlen: 22
                          136.158.188.0/22 maxlen: 22
                          136.158.192.0/22 maxlen: 22
                          136.158.196.0/22 maxlen: 22
                          136.158.200.0/22 maxlen: 22
                          136.158.204.0/22 maxlen: 22
                          136.158.208.0/22 maxlen: 22
                          136.158.212.0/22 maxlen: 22
                          136.158.216.0/22 maxlen: 22
                          136.158.220.0/22 maxlen: 22
                          136.158.224.0/22 maxlen: 22
                          136.158.228.0/22 maxlen: 22
                          136.158.232.0/22 maxlen: 22
                          136.158.236.0/22 maxlen: 22
                          136.158.240.0/22 maxlen: 22
                          136.158.244.0/22 maxlen: 22
                          136.158.248.0/22 maxlen: 22
                          136.158.252.0/22 maxlen: 22
                          223.130.16.0/22 maxlen: 22
                          2403:4c0::/32 maxlen: 32
                          2403:4c0:8000::/34 maxlen: 34
                          2403:4c0:c000::/34 maxlen: 34

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5234 (0x1472)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916B18B/serialNumber=FDE36B6E949398E52D95E89D40BDF60B25DB69B9
        Validity
            Not Before: May 31 03:45:50 2022 GMT
            Not After : Jan 31 00:00:00 2023 GMT
        Subject: CN=62958f6e-b8f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:95:78:fd:0a:28:df:1f:57:aa:11:04:d6:cc:
                    c5:51:a8:e9:7c:c6:5d:9b:48:20:c7:53:84:c7:3e:
                    6b:de:10:a2:8e:85:fd:2c:d0:d8:9f:07:f9:35:f1:
                    49:e3:ea:2e:d6:33:11:9f:d3:a0:6c:6d:12:02:1f:
                    82:9e:3a:7e:5c:30:79:c5:c8:e6:dd:e5:1b:2e:00:
                    e7:e7:7f:b8:44:37:c9:99:99:6c:a6:01:69:bf:68:
                    c8:a1:85:76:cc:8c:ca:88:52:4e:10:74:92:ac:57:
                    d9:43:3b:91:a9:7a:26:b2:d0:16:c9:82:07:bc:dd:
                    3b:9a:b4:c9:2e:50:9a:7b:ca:26:44:d4:58:4c:cc:
                    fc:0e:06:2b:c7:34:e6:3f:44:1c:ac:cc:c3:e9:b4:
                    0e:11:0d:79:9c:59:ac:91:17:70:d3:cc:1b:a5:e5:
                    2d:e5:5d:0d:f2:63:df:91:cc:8a:12:c8:3e:6e:b6:
                    dc:78:84:2e:d6:c2:48:68:33:aa:9e:64:89:8a:d1:
                    7a:62:4b:36:27:ec:d4:5e:25:5a:ab:50:24:5c:2a:
                    dd:f0:02:4c:23:e5:e1:49:86:b5:14:67:06:72:94:
                    22:3a:0d:05:ee:43:70:f9:b0:f1:b6:91:d5:a2:5a:
                    cc:1e:76:ed:ac:be:96:b9:5d:61:5c:4e:8a:1b:30:
                    d9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:2B:5E:0F:E6:EE:3C:65:75:EB:B3:9D:42:0F:EF:CD:C6:D9:03:0C
            X509v3 Authority Key Identifier:
                keyid:FD:E3:6B:6E:94:93:98:E5:2D:95:E8:9D:40:BD:F6:0B:25:DB:69:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/_eNrbpSTmOUtleidQL32CyXbabk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_eNrbpSTmOUtleidQL32CyXbabk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/02A33D9AE09011EC81186451C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.49.0.0/16
                  103.240.120.0/22
                  113.19.0.0/16
                  136.158.128.0/17
                  223.130.16.0/22
                IPv6:
                  2403:4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:89:3e:3b:20:c3:4f:6a:42:cf:d3:16:36:ff:7a:96:7a:c2:
         71:9f:63:51:ae:65:a3:18:c5:67:db:dd:ce:a9:70:7c:fa:5b:
         b8:81:32:ea:25:b9:fe:76:75:2c:63:08:fa:44:2e:ad:7d:18:
         b3:54:53:0f:16:2e:36:bb:7c:ac:78:06:db:61:3e:5d:2c:32:
         12:d1:37:bd:15:a8:ee:ae:87:a4:1d:20:7b:46:00:a2:01:72:
         5e:c4:af:53:d6:e4:80:a9:cd:12:be:c9:0b:49:2a:26:5b:4c:
         23:d5:30:dd:6b:59:e3:6d:a3:e2:ef:3c:10:2d:ff:ba:ce:e9:
         5b:16:80:6b:48:95:7e:3b:12:4f:9f:29:57:3a:b9:8a:db:c4:
         82:73:8f:9b:76:0c:23:84:a1:7d:e0:c7:b6:db:03:a4:22:d7:
         dd:19:80:d7:68:fc:ed:89:f4:74:a5:ab:8a:61:08:e4:23:c4:
         71:f4:6e:03:dc:82:5a:64:bf:ae:00:db:9e:26:c8:7a:6b:1e:
         a7:bf:da:0a:34:f7:f7:d2:1d:33:af:9c:36:b9:f1:37:29:56:
         36:11:8e:0b:86:a5:ea:33:7a:7d:bf:31:78:2f:0c:86:ce:69:
         35:70:c9:99:a8:af:97:59:a4:38:f9:7f:a4:c1:08:c4:e3:27:
         32:69:03:c1
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgICFHIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkIxOEIxMTAvBgNVBAUTKEZERTM2QjZFOTQ5Mzk4RTUyRDk1RTg5RDQwQkRGNjBC
MjVEQjY5QjkwHhcNMjIwNTMxMDM0NTUwWhcNMjMwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Mjk1OGY2ZS1iOGYxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA15V4/Qoo3x9XqhEE1szFUajpfMZdm0ggx1OExz5r3hCijoX9LNDYnwf5NfFJ
4+ou1jMRn9OgbG0SAh+Cnjp+XDB5xcjm3eUbLgDn53+4RDfJmZlspgFpv2jIoYV2
zIzKiFJOEHSSrFfZQzuRqXomstAWyYIHvN07mrTJLlCae8omRNRYTMz8DgYrxzTm
P0QcrMzD6bQOEQ15nFmskRdw08wbpeUt5V0N8mPfkcyKEsg+brbceIQu1sJIaDOq
nmSJitF6Yks2J+zUXiVaq1AkXCrd8AJMI+XhSYa1FGcGcpQiOg0F7kNw+bDxtpHV
olrMHnbtrL6WuV1hXE6KGzDZRQIDAQABo4ICujCCArYwHQYDVR0OBBYEFKMrXg/m
7jxldeuznUIP783G2QMMMB8GA1UdIwQYMBaAFP3ja26Uk5jlLZXonUC99gsl22m5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QjE4Qi82MjhERTUwMkRG
MjMxMUU3OTcyMjVEMkVDNEY5QUUwMi9fZU5yYnBTVG1PVXRsZWlkUUwzMkN5WGJh
YmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19lTnJicFNUbU9VdGxlaWRRTDMyQ3lYYmFiay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkIxOEIvNjI4REU1MDJERjIzMTFFNzk3MjI1RDJFQzRGOUFFMDIvMDJBMzNEOUFF
MDkwMTFFQzgxMTg2NDUxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRAYIKwYBBQUHAQcBAf8E
NTAzMCIEAgABMBwDAwAbMQMEAmfweAMDAHETAwQHiJ6AAwQC34IQMA0EAgACMAcD
BQAkAwTAMA0GCSqGSIb3DQEBCwUAA4IBAQAjiT47IMNPakLP0xY2/3qWesJxn2NR
rmWjGMVn293OqXB8+lu4gTLqJbn+dnUsYwj6RC6tfRizVFMPFi42u3yseAbbYT5d
LDIS0Te9FajuroekHSB7RgCiAXJexK9T1uSAqc0SvskLSSomW0wj1TDda1njbaPi
7zwQLf+6zulbFoBrSJV+OxJPnylXOrmK28SCc4+bdgwjhKF94Me22wOkItfdGYDX
aPztifR0pauKYQjkI8Rx9G4D3IJaZL+uANueJsh6ax6nv9oKNPf30h0zr5w2ufE3
KVY2EY4LhqXqM3p9vzF4LwyGzmk1cMmZqK+XWaQ4+X+kwQjE4ycyaQPB
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:20 2024 by rpki-client on console-ams.rpki-client.org