Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/07614B7EDFB911E784BF5B76C4F9AE02.roa
File:                     07614B7EDFB911E784BF5B76C4F9AE02.roa (raw, json)
Hash identifier:          hvM7EAqKN4UJKnjHqjOYWYv6UFUTEkwPDyxGiOolN7M=
Subject key identifier:   66:13:42:5A:6A:17:59:90:9D:61:D1:29:7F:10:D2:88:A6:34:D5:AD
Certificate issuer:       /CN=A916B18B/serialNumber=FDE36B6E949398E52D95E89D40BDF60B25DB69B9
Certificate serial:       12E6
Authority key identifier: FD:E3:6B:6E:94:93:98:E5:2D:95:E8:9D:40:BD:F6:0B:25:DB:69:B9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_eNrbpSTmOUtleidQL32CyXbabk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/07614B7EDFB911E784BF5B76C4F9AE02.roa
Signing time:             Wed 24 Nov 2021 05:55:15 +0000
ROA not before:           Wed 24 Nov 2021 05:55:15 +0000
ROA not after:            Tue 31 Jan 2023 00:00:00 +0000
asID:                     17639
IP address blocks:        103.240.120.0/22 maxlen: 22
                          136.158.128.0/17 maxlen: 17
                          136.158.128.0/22 maxlen: 22
                          136.158.132.0/22 maxlen: 22
                          136.158.136.0/22 maxlen: 22
                          136.158.140.0/22 maxlen: 22
                          136.158.144.0/22 maxlen: 22
                          136.158.148.0/22 maxlen: 22
                          136.158.152.0/22 maxlen: 22
                          136.158.156.0/22 maxlen: 22
                          136.158.160.0/22 maxlen: 22
                          136.158.164.0/22 maxlen: 22
                          136.158.168.0/22 maxlen: 22
                          136.158.172.0/22 maxlen: 22
                          136.158.176.0/22 maxlen: 22
                          136.158.180.0/22 maxlen: 22
                          136.158.184.0/22 maxlen: 22
                          136.158.188.0/22 maxlen: 22
                          136.158.192.0/22 maxlen: 22
                          136.158.196.0/22 maxlen: 22
                          136.158.200.0/22 maxlen: 22
                          136.158.204.0/22 maxlen: 22
                          136.158.208.0/22 maxlen: 22
                          136.158.212.0/22 maxlen: 22
                          136.158.216.0/22 maxlen: 22
                          136.158.220.0/22 maxlen: 22
                          136.158.224.0/22 maxlen: 22
                          136.158.228.0/22 maxlen: 22
                          136.158.232.0/22 maxlen: 22
                          136.158.236.0/22 maxlen: 22
                          136.158.240.0/22 maxlen: 22
                          136.158.244.0/22 maxlen: 22
                          136.158.248.0/22 maxlen: 22
                          136.158.252.0/22 maxlen: 22
                          223.130.16.0/22 maxlen: 22
                          2403:4c0::/32 maxlen: 32
                          2403:4c0:7000::/36 maxlen: 36
                          2403:4c0:8000::/34 maxlen: 34
                          2403:4c0:c000::/34 maxlen: 34

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4838 (0x12e6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916B18B/serialNumber=FDE36B6E949398E52D95E89D40BDF60B25DB69B9
        Validity
            Not Before: Nov 24 05:55:15 2021 GMT
            Not After : Jan 31 00:00:00 2023 GMT
        Subject: CN=619dd3c3-0a01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:85:01:d6:00:9e:7f:e3:8f:5a:30:a9:82:fa:
                    aa:46:55:06:15:f1:e2:d2:52:76:a6:d8:7a:fe:7a:
                    b2:f7:36:8b:35:5d:d5:e0:c1:19:6c:f6:ee:9c:56:
                    42:c9:8d:92:3c:1e:59:6c:a3:f1:e1:dc:dc:76:d5:
                    e4:9b:46:a4:f1:e3:74:e5:64:fd:54:b9:15:42:a5:
                    42:a4:8c:6d:b3:b6:4d:15:76:04:5e:ab:74:31:db:
                    82:24:8f:30:69:ba:86:fa:b6:f1:f6:4f:5a:ae:54:
                    b6:db:26:7b:dd:14:da:42:4e:f3:93:45:d1:01:66:
                    c9:7b:a6:40:4b:ff:d6:6d:ff:de:32:57:f8:52:3b:
                    02:e9:b8:96:87:3e:e1:c4:41:04:b9:c7:19:5a:39:
                    1f:43:8d:5b:43:bd:64:f6:02:f5:75:13:c5:fc:3f:
                    70:7c:9d:27:ef:08:6d:2d:93:69:52:17:d0:d9:f9:
                    e3:ec:56:b2:2c:cf:66:40:53:c8:ef:c7:c8:98:56:
                    fb:86:9e:b5:fb:ba:d4:c6:5e:17:6e:db:e6:d6:a5:
                    49:e5:74:4d:e7:a6:5e:9e:dd:aa:c1:03:80:4b:45:
                    d9:49:8d:4f:a7:69:cf:c7:46:5f:01:e3:40:1e:3b:
                    f7:20:9c:6a:6b:57:49:02:c7:7f:52:ca:1c:96:29:
                    42:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:13:42:5A:6A:17:59:90:9D:61:D1:29:7F:10:D2:88:A6:34:D5:AD
            X509v3 Authority Key Identifier:
                keyid:FD:E3:6B:6E:94:93:98:E5:2D:95:E8:9D:40:BD:F6:0B:25:DB:69:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/_eNrbpSTmOUtleidQL32CyXbabk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_eNrbpSTmOUtleidQL32CyXbabk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/07614B7EDFB911E784BF5B76C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.240.120.0/22
                  136.158.128.0/17
                  223.130.16.0/22
                IPv6:
                  2403:4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         71:14:d4:67:db:ac:7b:f9:8e:46:d2:15:5f:23:59:b7:10:8d:
         42:e0:ff:6d:9e:36:a7:9d:00:ae:c5:c9:be:c7:cf:29:b7:36:
         d6:70:71:cb:ee:0f:b0:72:a4:48:72:53:cc:79:86:cf:03:b4:
         b7:15:5a:3e:44:ef:a6:e9:db:4e:06:23:8c:35:8e:2c:a1:0e:
         11:0a:59:85:0d:71:fe:75:08:55:f7:f0:22:73:b6:29:23:13:
         0d:c7:b6:07:99:8a:e0:75:7c:02:4e:ae:23:74:76:bf:70:d9:
         aa:5a:86:a2:7c:e2:4d:d7:2d:a5:91:f5:53:44:65:d5:b1:6a:
         0b:85:28:ea:77:ee:b6:2a:0a:fd:7e:86:49:28:b0:7a:25:70:
         be:d4:91:d5:60:a9:e1:da:ff:8f:6d:e2:31:51:f1:1f:e5:66:
         28:69:55:00:6a:69:1f:a7:3d:92:f4:02:6b:1a:9b:eb:a6:4d:
         59:77:19:63:eb:d8:11:33:a9:8c:b0:d3:60:83:b8:f7:ad:f2:
         01:37:3b:d9:19:b2:f0:3d:4b:0d:39:67:6f:41:ca:85:89:3d:
         a1:91:0e:22:a6:8a:5a:23:94:6c:0f:f2:7a:83:31:f9:62:09:
         25:2b:02:0a:3a:fd:80:ab:ce:2b:8d:e4:7c:52:a8:2f:d0:c3:
         55:60:3c:05
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICEuYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkIxOEIxMTAvBgNVBAUTKEZERTM2QjZFOTQ5Mzk4RTUyRDk1RTg5RDQwQkRGNjBC
MjVEQjY5QjkwHhcNMjExMTI0MDU1NTE1WhcNMjMwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MTlkZDNjMy0wYTAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoIUB1gCef+OPWjCpgvqqRlUGFfHi0lJ2pth6/nqy9zaLNV3V4MEZbPbunFZC
yY2SPB5ZbKPx4dzcdtXkm0ak8eN05WT9VLkVQqVCpIxts7ZNFXYEXqt0MduCJI8w
abqG+rbx9k9arlS22yZ73RTaQk7zk0XRAWbJe6ZAS//Wbf/eMlf4UjsC6biWhz7h
xEEEuccZWjkfQ41bQ71k9gL1dRPF/D9wfJ0n7whtLZNpUhfQ2fnj7FayLM9mQFPI
78fImFb7hp61+7rUxl4Xbtvm1qVJ5XRN56Zent2qwQOAS0XZSY1Pp2nPx0ZfAeNA
Hjv3IJxqa1dJAsd/UsoclilCDQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFGYTQlpq
F1mQnWHRKX8Q0oimNNWtMB8GA1UdIwQYMBaAFP3ja26Uk5jlLZXonUC99gsl22m5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QjE4Qi82MjhERTUwMkRG
MjMxMUU3OTcyMjVEMkVDNEY5QUUwMi9fZU5yYnBTVG1PVXRsZWlkUUwzMkN5WGJh
YmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19lTnJicFNUbU9VdGxlaWRRTDMyQ3lYYmFiay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkIxOEIvNjI4REU1MDJERjIzMTFFNzk3MjI1RDJFQzRGOUFFMDIvMDc2MTRCN0VE
RkI5MTFFNzg0QkY1Qjc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAJn8HgDBAeInoADBALfghAwDQQCAAIwBwMFACQDBMAwDQYJ
KoZIhvcNAQELBQADggEBAHEU1GfbrHv5jkbSFV8jWbcQjULg/22eNqedAK7Fyb7H
zym3NtZwccvuD7BypEhyU8x5hs8DtLcVWj5E76bp204GI4w1jiyhDhEKWYUNcf51
CFX38CJztikjEw3HtgeZiuB1fAJOriN0dr9w2apahqJ84k3XLaWR9VNEZdWxaguF
KOp37rYqCv1+hkkosHolcL7UkdVgqeHa/49t4jFR8R/lZihpVQBqaR+nPZL0Amsa
m+umTVl3GWPr2BEzqYyw02CDuPet8gE3O9kZsvA9Sw05Z29ByoWJPaGRDiKmiloj
lGwP8nqDMfliCSUrAgo6/YCrziuN5HxSqC/Qw1VgPAU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:20 2024 by rpki-client on console-ams.rpki-client.org