Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/D4ADF734F7BD11EA89C8F85CC4F9AE02.roa
File:                     D4ADF734F7BD11EA89C8F85CC4F9AE02.roa (raw, json)
Hash identifier:          On5UqHhe/DkMX7XmDUB9WLgJVjxIeKckW8LgvNHOXno=
Subject key identifier:   BA:CC:FD:5C:54:B9:D0:3F:7E:D1:AF:B0:B7:38:74:AE:21:E1:A8:48
Certificate issuer:       /CN=A916B18B/serialNumber=FDE36B6E949398E52D95E89D40BDF60B25DB69B9
Certificate serial:       1529
Authority key identifier: FD:E3:6B:6E:94:93:98:E5:2D:95:E8:9D:40:BD:F6:0B:25:DB:69:B9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_eNrbpSTmOUtleidQL32CyXbabk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/D4ADF734F7BD11EA89C8F85CC4F9AE02.roa
Signing time:             Mon 22 Aug 2022 06:55:37 +0000
ROA not before:           Mon 22 Aug 2022 06:55:37 +0000
ROA not after:            Tue 31 Jan 2023 00:00:00 +0000
asID:                     18190
IP address blocks:        136.158.132.0/24 maxlen: 24
                          136.158.133.0/24 maxlen: 24
                          136.158.134.0/24 maxlen: 24
                          136.158.135.0/24 maxlen: 24
                          136.158.136.0/24 maxlen: 24
                          136.158.137.0/24 maxlen: 24
                          136.158.138.0/24 maxlen: 24
                          136.158.169.0/24 maxlen: 24
                          136.158.170.0/24 maxlen: 24
                          136.158.171.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5417 (0x1529)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916B18B/serialNumber=FDE36B6E949398E52D95E89D40BDF60B25DB69B9
        Validity
            Not Before: Aug 22 06:55:37 2022 GMT
            Not After : Jan 31 00:00:00 2023 GMT
        Subject: CN=63032869-1903
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:51:bc:f6:06:bd:da:e1:15:fe:59:d5:8d:fe:
                    48:c0:bb:ac:c2:9b:14:8b:f6:d3:34:09:62:42:67:
                    ff:29:80:c2:42:d9:81:77:79:a7:38:a6:87:fe:66:
                    93:0a:e0:c7:73:27:f7:db:bc:23:c5:69:8b:2a:f4:
                    d4:15:e8:b8:67:02:bc:43:8c:c4:89:03:12:b8:55:
                    55:c6:6d:f4:60:f6:f1:31:d6:ad:62:d0:0a:e1:8c:
                    a1:cf:68:50:44:c2:c3:49:9b:a7:55:fe:e3:86:18:
                    43:ee:99:ba:4b:70:2b:2c:9b:5a:44:ce:c8:50:bb:
                    a0:9f:c9:39:cd:6c:2a:48:e4:66:e8:7b:5e:b6:15:
                    8d:3c:75:2f:34:52:b1:63:45:29:2c:0c:eb:1a:ec:
                    96:00:cf:e0:10:5f:ce:fc:1d:74:3d:18:fe:61:62:
                    18:c9:cd:6d:54:ff:78:bb:3d:9d:e3:51:b5:4f:67:
                    e0:22:b2:f5:86:d6:78:dc:df:d3:22:d7:58:a1:ad:
                    c0:19:b0:e8:14:66:f6:2c:3b:2e:61:02:4c:73:b2:
                    46:44:2d:70:d7:1a:f0:74:ec:7d:33:b6:f4:74:af:
                    bd:b6:70:6a:3d:b9:ba:a5:bc:14:fd:7f:81:49:e8:
                    df:7c:fa:67:2b:7d:4f:20:13:9c:00:6e:d7:a0:be:
                    66:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:CC:FD:5C:54:B9:D0:3F:7E:D1:AF:B0:B7:38:74:AE:21:E1:A8:48
            X509v3 Authority Key Identifier:
                keyid:FD:E3:6B:6E:94:93:98:E5:2D:95:E8:9D:40:BD:F6:0B:25:DB:69:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/_eNrbpSTmOUtleidQL32CyXbabk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_eNrbpSTmOUtleidQL32CyXbabk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/D4ADF734F7BD11EA89C8F85CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.158.132.0-136.158.138.255
                  136.158.169.0-136.158.171.255

    Signature Algorithm: sha256WithRSAEncryption
         6d:0e:fd:51:d0:c8:58:8f:14:fe:6a:a1:b9:c0:37:74:31:14:
         47:e4:69:48:b9:36:57:ec:87:49:4b:3a:79:c5:a0:86:9d:6b:
         e7:73:df:dd:80:33:62:d4:ec:46:08:56:dd:22:b7:d6:83:80:
         34:1a:0b:87:6f:51:59:d8:85:67:df:85:5a:7e:ed:90:b3:d8:
         2c:a0:1b:1c:07:d7:b6:30:52:69:b0:41:cd:56:7b:ea:3e:b3:
         2b:23:7a:a5:10:1d:e3:58:e6:ad:88:c9:ff:83:94:32:40:cd:
         f6:bf:b4:72:71:72:e9:a3:77:5c:26:61:51:10:3b:e1:f6:f1:
         b7:b5:8c:e4:a9:d8:70:ef:d2:c1:0e:6a:39:77:ff:93:20:1e:
         ba:f2:72:75:b8:e4:aa:84:ad:15:32:4c:82:05:ca:a3:b0:96:
         ac:4f:b5:83:cc:ef:35:b2:53:b3:3c:87:6a:4a:3d:ca:94:e3:
         de:54:df:25:44:e3:15:b9:04:a5:88:b1:bd:90:8f:62:e3:ce:
         c3:b7:e5:70:80:bc:ac:4c:3e:39:b8:53:08:37:35:4f:7e:8b:
         ec:8c:23:ee:fb:03:25:c4:ab:1f:41:a2:42:be:6a:67:65:a0:
         f8:ed:90:40:94:3f:44:2b:f2:90:38:dc:bd:16:73:2a:7b:69:
         a8:ea:c6:cb
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgICFSkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkIxOEIxMTAvBgNVBAUTKEZERTM2QjZFOTQ5Mzk4RTUyRDk1RTg5RDQwQkRGNjBC
MjVEQjY5QjkwHhcNMjIwODIyMDY1NTM3WhcNMjMwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzAzMjg2OS0xOTAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7VG89ga92uEV/lnVjf5IwLuswpsUi/bTNAliQmf/KYDCQtmBd3mnOKaH/maT
CuDHcyf327wjxWmLKvTUFei4ZwK8Q4zEiQMSuFVVxm30YPbxMdatYtAK4Yyhz2hQ
RMLDSZunVf7jhhhD7pm6S3ArLJtaRM7IULugn8k5zWwqSORm6HtethWNPHUvNFKx
Y0UpLAzrGuyWAM/gEF/O/B10PRj+YWIYyc1tVP94uz2d41G1T2fgIrL1htZ43N/T
ItdYoa3AGbDoFGb2LDsuYQJMc7JGRC1w1xrwdOx9M7b0dK+9tnBqPbm6pbwU/X+B
SejffPpnK31PIBOcAG7XoL5mrQIDAQABo4ICqzCCAqcwHQYDVR0OBBYEFLrM/VxU
udA/ftGvsLc4dK4h4ahIMB8GA1UdIwQYMBaAFP3ja26Uk5jlLZXonUC99gsl22m5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QjE4Qi82MjhERTUwMkRG
MjMxMUU3OTcyMjVEMkVDNEY5QUUwMi9fZU5yYnBTVG1PVXRsZWlkUUwzMkN5WGJh
YmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19lTnJicFNUbU9VdGxlaWRRTDMyQ3lYYmFiay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkIxOEIvNjI4REU1MDJERjIzMTFFNzk3MjI1RDJFQzRGOUFFMDIvRDRBREY3MzRG
N0JEMTFFQTg5QzhGODVDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNQYIKwYBBQUHAQcBAf8E
JjAkMCIEAgABMBwwDAMEAoiehAMEAIieijAMAwQAiJ6pAwQCiJ6oMA0GCSqGSIb3
DQEBCwUAA4IBAQBtDv1R0MhYjxT+aqG5wDd0MRRH5GlIuTZX7IdJSzp5xaCGnWvn
c9/dgDNi1OxGCFbdIrfWg4A0GguHb1FZ2IVn34Vafu2Qs9gsoBscB9e2MFJpsEHN
VnvqPrMrI3qlEB3jWOatiMn/g5QyQM32v7RycXLpo3dcJmFREDvh9vG3tYzkqdhw
79LBDmo5d/+TIB668nJ1uOSqhK0VMkyCBcqjsJasT7WDzO81slOzPIdqSj3KlOPe
VN8lROMVuQSliLG9kI9i487Dt+VwgLysTD45uFMINzVPfovsjCPu+wMlxKsfQaJC
vmpnZaD47ZBAlD9EK/KQONy9FnMqe2mo6sbL
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:10 2024 by rpki-client on console-fra.rpki-client.org