Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/57F6225EAF0711EC9845FA13C4F9AE02.roa
File:                     57F6225EAF0711EC9845FA13C4F9AE02.roa (raw, json)
Hash identifier:          /HPRl4Zrv8iBVY7hUXCGVFqvicifABn7Fxy6nfrYkPw=
Subject key identifier:   75:EF:1D:CA:F7:AD:B3:1E:A7:DC:76:32:67:1A:67:EB:B4:F9:1D:FD
Certificate issuer:       /CN=A916B18B/serialNumber=FDE36B6E949398E52D95E89D40BDF60B25DB69B9
Certificate serial:       1463
Authority key identifier: FD:E3:6B:6E:94:93:98:E5:2D:95:E8:9D:40:BD:F6:0B:25:DB:69:B9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_eNrbpSTmOUtleidQL32CyXbabk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/57F6225EAF0711EC9845FA13C4F9AE02.roa
Signing time:             Fri 27 May 2022 04:15:43 +0000
ROA not before:           Fri 27 May 2022 04:15:43 +0000
ROA not after:            Tue 31 Jan 2023 00:00:00 +0000
asID:                     17639
IP address blocks:        27.49.0.0/16 maxlen: 16
                          103.240.120.0/22 maxlen: 22
                          113.19.0.0/16 maxlen: 16
                          136.158.128.0/17 maxlen: 17
                          136.158.128.0/22 maxlen: 22
                          136.158.132.0/22 maxlen: 22
                          136.158.136.0/22 maxlen: 22
                          136.158.140.0/22 maxlen: 22
                          136.158.144.0/22 maxlen: 22
                          136.158.148.0/22 maxlen: 22
                          136.158.152.0/22 maxlen: 22
                          136.158.156.0/22 maxlen: 22
                          136.158.160.0/22 maxlen: 22
                          136.158.164.0/22 maxlen: 22
                          136.158.168.0/22 maxlen: 22
                          136.158.172.0/22 maxlen: 22
                          136.158.176.0/22 maxlen: 22
                          136.158.180.0/22 maxlen: 22
                          136.158.184.0/22 maxlen: 22
                          136.158.188.0/22 maxlen: 22
                          136.158.192.0/22 maxlen: 22
                          136.158.196.0/22 maxlen: 22
                          136.158.200.0/22 maxlen: 22
                          136.158.204.0/22 maxlen: 22
                          136.158.208.0/22 maxlen: 22
                          136.158.212.0/22 maxlen: 22
                          136.158.216.0/22 maxlen: 22
                          136.158.220.0/22 maxlen: 22
                          136.158.224.0/22 maxlen: 22
                          136.158.228.0/22 maxlen: 22
                          136.158.232.0/22 maxlen: 22
                          136.158.236.0/22 maxlen: 22
                          136.158.240.0/22 maxlen: 22
                          136.158.244.0/22 maxlen: 22
                          136.158.248.0/22 maxlen: 22
                          136.158.252.0/22 maxlen: 22
                          223.130.16.0/22 maxlen: 22
                          2403:4c0::/32 maxlen: 32
                          2403:4c0:8000::/34 maxlen: 34
                          2403:4c0:c000::/34 maxlen: 34

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5219 (0x1463)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916B18B/serialNumber=FDE36B6E949398E52D95E89D40BDF60B25DB69B9
        Validity
            Not Before: May 27 04:15:43 2022 GMT
            Not After : Jan 31 00:00:00 2023 GMT
        Subject: CN=6290506f-4952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:8a:8d:27:68:be:57:b9:3b:d1:c7:f6:98:40:
                    1d:89:97:02:ee:9b:bc:c3:26:07:6b:b4:6d:ef:67:
                    9c:6e:bf:65:31:d0:3e:dc:3f:7c:a9:1a:65:d3:c3:
                    90:37:c4:4f:1b:fa:bd:22:63:24:ce:58:7d:69:8c:
                    1c:cf:97:23:6e:ad:d6:0f:62:e4:a7:a0:47:65:dd:
                    88:db:89:9c:f8:47:81:45:2a:8d:ff:40:a5:ce:85:
                    25:f4:59:90:8b:d0:d1:5f:36:b5:06:1a:72:2e:80:
                    6a:0c:b0:f4:a9:b0:17:02:f9:6c:27:94:69:64:11:
                    aa:b0:5c:37:c6:e5:d8:cb:29:4d:b6:d8:24:40:ae:
                    e2:d2:93:68:66:7a:1c:df:1e:94:4d:5f:0b:6d:c8:
                    51:a8:b1:ce:1c:cb:74:91:17:45:6e:23:41:31:6b:
                    09:a5:b3:13:5b:f3:c0:99:bf:ba:73:af:e0:02:c1:
                    04:4e:bb:cb:b1:08:64:90:79:e5:b8:dd:54:4f:7d:
                    2b:55:6e:c4:dd:59:23:c4:71:5c:bf:ec:0b:cf:43:
                    5d:c0:7b:28:d3:fc:3d:6b:d3:58:12:90:a4:e8:d5:
                    00:bc:46:db:77:70:26:29:ec:5b:be:ab:50:e4:1e:
                    b5:45:a7:d2:e1:08:56:54:10:f5:08:bc:28:54:da:
                    fa:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:EF:1D:CA:F7:AD:B3:1E:A7:DC:76:32:67:1A:67:EB:B4:F9:1D:FD
            X509v3 Authority Key Identifier:
                keyid:FD:E3:6B:6E:94:93:98:E5:2D:95:E8:9D:40:BD:F6:0B:25:DB:69:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/_eNrbpSTmOUtleidQL32CyXbabk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_eNrbpSTmOUtleidQL32CyXbabk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/57F6225EAF0711EC9845FA13C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.49.0.0/16
                  103.240.120.0/22
                  113.19.0.0/16
                  136.158.128.0/17
                  223.130.16.0/22
                IPv6:
                  2403:4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:01:38:e7:6e:29:f3:06:51:98:08:62:ba:23:9e:7b:55:a4:
         c9:b0:c8:fa:0f:43:98:b9:a2:5d:44:26:59:c4:7d:de:9f:b6:
         37:54:9c:53:d5:80:84:f8:5a:de:f1:0c:78:a3:62:98:18:12:
         d4:b4:91:63:f3:72:bb:e6:3e:fe:b2:24:90:7f:81:cd:6c:e5:
         75:5f:f2:b2:e2:8e:e3:2e:7d:1a:b4:72:e0:60:25:37:b4:aa:
         3a:65:2b:94:5d:83:5a:f8:47:9a:7d:ba:63:23:ae:a3:5e:82:
         4e:22:3b:56:d0:4b:03:24:1e:f0:19:e4:d5:48:ba:f2:61:c7:
         ac:60:a6:e1:fe:ce:66:a6:72:a0:9b:41:de:ab:83:fe:3b:f0:
         c5:46:8d:d0:2e:9b:73:37:d5:5c:53:a3:c7:68:8d:ee:2d:1a:
         9c:1c:63:4d:40:43:d0:4e:8a:93:35:7e:51:03:64:66:21:f1:
         d7:8c:ed:98:5e:0c:c0:03:91:d1:70:c2:96:39:4e:2d:13:14:
         ed:dc:01:f8:6c:06:7f:08:fd:ca:e7:3f:15:59:83:15:04:8c:
         78:c9:c6:7f:3d:42:8a:e0:58:28:78:e4:22:37:28:37:4b:48:
         85:00:7a:12:52:75:03:9c:51:2c:6a:01:30:7f:d7:d2:d2:ba:
         25:ff:25:08
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgICFGMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkIxOEIxMTAvBgNVBAUTKEZERTM2QjZFOTQ5Mzk4RTUyRDk1RTg5RDQwQkRGNjBC
MjVEQjY5QjkwHhcNMjIwNTI3MDQxNTQzWhcNMjMwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjkwNTA2Zi00OTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6YqNJ2i+V7k70cf2mEAdiZcC7pu8wyYHa7Rt72ecbr9lMdA+3D98qRpl08OQ
N8RPG/q9ImMkzlh9aYwcz5cjbq3WD2Lkp6BHZd2I24mc+EeBRSqN/0ClzoUl9FmQ
i9DRXza1BhpyLoBqDLD0qbAXAvlsJ5RpZBGqsFw3xuXYyylNttgkQK7i0pNoZnoc
3x6UTV8LbchRqLHOHMt0kRdFbiNBMWsJpbMTW/PAmb+6c6/gAsEETrvLsQhkkHnl
uN1UT30rVW7E3VkjxHFcv+wLz0NdwHso0/w9a9NYEpCk6NUAvEbbd3AmKexbvqtQ
5B61RafS4QhWVBD1CLwoVNr6EwIDAQABo4ICujCCArYwHQYDVR0OBBYEFHXvHcr3
rbMep9x2MmcaZ+u0+R39MB8GA1UdIwQYMBaAFP3ja26Uk5jlLZXonUC99gsl22m5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QjE4Qi82MjhERTUwMkRG
MjMxMUU3OTcyMjVEMkVDNEY5QUUwMi9fZU5yYnBTVG1PVXRsZWlkUUwzMkN5WGJh
YmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19lTnJicFNUbU9VdGxlaWRRTDMyQ3lYYmFiay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkIxOEIvNjI4REU1MDJERjIzMTFFNzk3MjI1RDJFQzRGOUFFMDIvNTdGNjIyNUVB
RjA3MTFFQzk4NDVGQTEzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRAYIKwYBBQUHAQcBAf8E
NTAzMCIEAgABMBwDAwAbMQMEAmfweAMDAHETAwQHiJ6AAwQC34IQMA0EAgACMAcD
BQAkAwTAMA0GCSqGSIb3DQEBCwUAA4IBAQCbATjnbinzBlGYCGK6I557VaTJsMj6
D0OYuaJdRCZZxH3en7Y3VJxT1YCE+Fre8Qx4o2KYGBLUtJFj83K75j7+siSQf4HN
bOV1X/Ky4o7jLn0atHLgYCU3tKo6ZSuUXYNa+EeafbpjI66jXoJOIjtW0EsDJB7w
GeTVSLryYcesYKbh/s5mpnKgm0Heq4P+O/DFRo3QLptzN9VcU6PHaI3uLRqcHGNN
QEPQToqTNX5RA2RmIfHXjO2YXgzAA5HRcMKWOU4tExTt3AH4bAZ/CP3K5z8VWYMV
BIx4ycZ/PUKK4FgoeOQiNyg3S0iFAHoSUnUDnFEsagEwf9fS0rol/yUI
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:10 2024 by rpki-client on console-fra.rpki-client.org