Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/EAB33872BFAE11ECB6FA9509C4F9AE02.roa
File:                     EAB33872BFAE11ECB6FA9509C4F9AE02.roa (raw, json)
Hash identifier:          cg1WutYSXkn4xenDgYvfGVjEep4/bHy2ISMnxFHZmWY=
Subject key identifier:   39:99:D4:68:A2:CD:78:BD:09:07:AB:70:89:52:CA:90:B3:67:BB:0F
Certificate issuer:       /CN=A916B18B/serialNumber=FDE36B6E949398E52D95E89D40BDF60B25DB69B9
Certificate serial:       1414
Authority key identifier: FD:E3:6B:6E:94:93:98:E5:2D:95:E8:9D:40:BD:F6:0B:25:DB:69:B9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_eNrbpSTmOUtleidQL32CyXbabk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/EAB33872BFAE11ECB6FA9509C4F9AE02.roa
Signing time:             Tue 19 Apr 2022 07:04:13 +0000
ROA not before:           Tue 19 Apr 2022 07:04:13 +0000
ROA not after:            Tue 31 Jan 2023 00:00:00 +0000
asID:                     23689
IP address blocks:        136.158.164.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5140 (0x1414)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916B18B/serialNumber=FDE36B6E949398E52D95E89D40BDF60B25DB69B9
        Validity
            Not Before: Apr 19 07:04:13 2022 GMT
            Not After : Jan 31 00:00:00 2023 GMT
        Subject: CN=625e5eec-c986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:59:05:43:ed:82:5c:35:0c:07:d6:32:9c:2f:
                    bd:10:59:eb:90:e2:2d:10:bd:c8:aa:19:85:43:6e:
                    82:4c:6a:a7:35:04:4e:97:61:2e:a1:d9:79:c9:36:
                    0f:2e:40:57:c2:04:ce:02:06:41:93:9c:83:8e:a1:
                    00:33:53:42:04:05:5b:2c:49:bf:7f:7e:05:bf:d4:
                    b5:f4:2b:17:6a:c9:b2:fd:00:7b:e4:99:0a:34:95:
                    61:4f:42:a2:81:72:30:30:90:57:e5:94:b0:f2:12:
                    9d:db:77:6d:83:48:a2:35:2e:48:d9:0e:e3:b0:68:
                    8b:99:7f:e8:65:df:35:84:b8:c6:61:ef:9f:cb:12:
                    cc:89:02:af:f6:ae:3f:76:4f:47:b4:94:26:ef:6d:
                    d3:b4:43:ec:8a:22:95:f9:e9:bb:c2:18:9c:01:a2:
                    82:ce:fb:a0:29:da:28:65:6f:68:8c:c2:6c:c3:c9:
                    d9:c8:d4:60:f2:11:06:97:58:50:03:ef:d9:d1:2e:
                    9c:0b:cc:93:87:80:9c:f3:d8:4a:f8:da:8f:9b:c4:
                    d1:ea:57:43:cd:66:e0:30:3a:3c:88:5b:2b:38:1c:
                    51:0b:1e:df:46:dd:e4:95:29:32:b0:f3:79:6b:76:
                    ba:66:35:6c:25:4d:2e:8e:a6:9a:29:e1:66:8a:a6:
                    df:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:99:D4:68:A2:CD:78:BD:09:07:AB:70:89:52:CA:90:B3:67:BB:0F
            X509v3 Authority Key Identifier:
                keyid:FD:E3:6B:6E:94:93:98:E5:2D:95:E8:9D:40:BD:F6:0B:25:DB:69:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/_eNrbpSTmOUtleidQL32CyXbabk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_eNrbpSTmOUtleidQL32CyXbabk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916B18B/628DE502DF2311E797225D2EC4F9AE02/EAB33872BFAE11ECB6FA9509C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.158.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:5b:f9:0b:3c:0a:1a:0b:ee:6f:fc:d1:28:73:97:f4:b4:d4:
         29:cd:5c:c0:d0:4f:39:ab:41:68:62:9a:58:0d:99:1f:e3:14:
         17:d4:35:e1:6e:4d:10:05:a1:37:b6:72:45:f1:d2:e1:2c:33:
         47:a4:b6:84:53:51:01:b3:83:3b:dd:d3:29:67:13:e2:53:25:
         e8:ec:e8:cd:81:da:96:fb:4c:87:8e:6f:13:5f:67:1c:77:c3:
         53:c2:f3:22:55:2a:89:c3:bf:63:b3:fd:0b:8e:88:8e:b5:69:
         38:5c:b4:2f:16:d9:ab:49:07:10:37:ea:75:1f:9d:93:eb:d9:
         69:9c:f4:21:37:76:60:f3:92:c5:86:e2:4b:da:be:08:93:05:
         fd:cd:33:46:fc:65:04:42:42:52:05:21:19:1c:87:aa:76:8a:
         b3:ef:e2:79:8f:98:b7:76:18:72:a6:d3:71:30:56:da:a3:8b:
         87:c7:4b:d0:53:1b:63:73:2b:4f:0e:f7:b2:88:a6:bb:b7:19:
         87:54:84:7c:ba:4f:91:cc:12:cf:13:72:a3:e5:53:f0:63:92:
         5f:6a:bb:71:ea:2f:26:b3:77:e0:7b:e6:d1:69:d6:c4:ef:7c:
         f3:20:67:a1:4e:45:e1:17:aa:5d:bf:86:67:a4:a6:90:6c:f4:
         96:a6:33:c7
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICFBQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkIxOEIxMTAvBgNVBAUTKEZERTM2QjZFOTQ5Mzk4RTUyRDk1RTg5RDQwQkRGNjBC
MjVEQjY5QjkwHhcNMjIwNDE5MDcwNDEzWhcNMjMwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjVlNWVlYy1jOTg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv1kFQ+2CXDUMB9YynC+9EFnrkOItEL3IqhmFQ26CTGqnNQROl2Euodl5yTYP
LkBXwgTOAgZBk5yDjqEAM1NCBAVbLEm/f34Fv9S19CsXasmy/QB75JkKNJVhT0Ki
gXIwMJBX5ZSw8hKd23dtg0iiNS5I2Q7jsGiLmX/oZd81hLjGYe+fyxLMiQKv9q4/
dk9HtJQm723TtEPsiiKV+em7whicAaKCzvugKdooZW9ojMJsw8nZyNRg8hEGl1hQ
A+/Z0S6cC8yTh4Cc89hK+NqPm8TR6ldDzWbgMDo8iFsrOBxRCx7fRt3klSkysPN5
a3a6ZjVsJU0ujqaaKeFmiqbfXQIDAQABo4IClTCCApEwHQYDVR0OBBYEFDmZ1Gii
zXi9CQercIlSypCzZ7sPMB8GA1UdIwQYMBaAFP3ja26Uk5jlLZXonUC99gsl22m5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QjE4Qi82MjhERTUwMkRG
MjMxMUU3OTcyMjVEMkVDNEY5QUUwMi9fZU5yYnBTVG1PVXRsZWlkUUwzMkN5WGJh
YmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19lTnJicFNUbU9VdGxlaWRRTDMyQ3lYYmFiay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkIxOEIvNjI4REU1MDJERjIzMTFFNzk3MjI1RDJFQzRGOUFFMDIvRUFCMzM4NzJC
RkFFMTFFQ0I2RkE5NTA5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBACInqQwDQYJKoZIhvcNAQELBQADggEBAE1b+Qs8ChoL7m/8
0Shzl/S01CnNXMDQTzmrQWhimlgNmR/jFBfUNeFuTRAFoTe2ckXx0uEsM0ektoRT
UQGzgzvd0ylnE+JTJejs6M2B2pb7TIeObxNfZxx3w1PC8yJVKonDv2Oz/QuOiI61
aThctC8W2atJBxA36nUfnZPr2Wmc9CE3dmDzksWG4kvavgiTBf3NM0b8ZQRCQlIF
IRkch6p2irPv4nmPmLd2GHKm03EwVtqji4fHS9BTG2NzK08O97KIpru3GYdUhHy6
T5HMEs8TcqPlU/Bjkl9qu3HqLyazd+B75tFp1sTvfPMgZ6FOReEXql2/hmekppBs
9JamM8c=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:20 2024 by rpki-client on console-ams.rpki-client.org