Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91754CB/53BE4DBEFDD111ED98733067C4F9AE02/D2E4A3A66C2911EE9B851B45C4F9AE02.roa
File:                     D2E4A3A66C2911EE9B851B45C4F9AE02.roa (raw, json)
Hash identifier:          gXAT+uXxMG/F7PoZMRf9j2VwA87i5P+mX2w4VCClWB0=
Subject key identifier:   65:EA:42:DA:BC:23:BC:80:59:4F:7E:80:86:A1:E4:4A:F2:BC:B9:20
Certificate issuer:       /CN=A91754CB/serialNumber=DD02A7E8D7C9757C657BDA6AD9D57F05881FFA57
Certificate serial:       4B
Authority key identifier: DD:02:A7:E8:D7:C9:75:7C:65:7B:DA:6A:D9:D5:7F:05:88:1F:FA:57
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3QKn6NfJdXxle9pq2dV_BYgf-lc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91754CB/53BE4DBEFDD111ED98733067C4F9AE02/D2E4A3A66C2911EE9B851B45C4F9AE02.roa
Signing time:             Mon 16 Oct 2023 13:42:18 +0000
ROA not before:           Mon 16 Oct 2023 13:42:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212517
IP address blocks:        160.238.64.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 75 (0x4b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91754CB/serialNumber=DD02A7E8D7C9757C657BDA6AD9D57F05881FFA57
        Validity
            Not Before: Oct 16 13:42:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=652d3dba-bfe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:21:61:2d:92:ce:95:4f:97:5c:88:1d:9f:aa:
                    e5:10:91:ef:f8:0d:6e:4c:a7:11:b1:24:29:55:92:
                    d3:93:62:0a:7f:7c:ea:45:56:06:4b:95:dc:3f:ee:
                    19:2a:b5:fd:33:78:a9:79:a3:da:a5:ca:a8:07:ee:
                    96:0d:54:b9:ee:93:e6:98:25:21:5d:2c:2d:63:bf:
                    ed:12:9b:87:f7:cb:37:4c:3d:d0:ed:8d:ca:51:f4:
                    fc:eb:36:ba:c7:25:86:83:ed:78:5f:a8:71:7b:3d:
                    ff:42:eb:03:19:30:d2:97:b7:4d:cf:7a:81:aa:1e:
                    49:08:b4:e1:40:7a:66:00:51:21:88:e9:7c:50:dd:
                    95:a0:38:78:ca:58:3c:2b:ca:da:c5:66:61:4f:eb:
                    5a:35:f5:73:01:32:d7:3d:bb:5b:2f:a1:2f:09:c7:
                    57:44:b0:f7:c2:40:a0:8e:46:98:96:35:37:4b:5b:
                    6e:a5:a7:67:2e:b1:bc:70:f9:ef:7a:dd:56:8c:86:
                    69:73:dd:c6:b9:cc:bb:2d:39:8a:60:82:77:21:63:
                    38:4b:ff:f6:35:1c:27:07:18:be:2f:e8:bb:2d:3d:
                    71:16:3e:fe:22:30:64:b7:b9:e2:28:94:5b:d9:ea:
                    7f:25:46:87:0a:5c:cd:88:db:38:a8:51:09:23:50:
                    15:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:EA:42:DA:BC:23:BC:80:59:4F:7E:80:86:A1:E4:4A:F2:BC:B9:20
            X509v3 Authority Key Identifier:
                keyid:DD:02:A7:E8:D7:C9:75:7C:65:7B:DA:6A:D9:D5:7F:05:88:1F:FA:57

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91754CB/53BE4DBEFDD111ED98733067C4F9AE02/3QKn6NfJdXxle9pq2dV_BYgf-lc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3QKn6NfJdXxle9pq2dV_BYgf-lc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91754CB/53BE4DBEFDD111ED98733067C4F9AE02/D2E4A3A66C2911EE9B851B45C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.238.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:17:5c:d1:bc:13:16:f7:13:80:67:63:c5:5e:59:c7:be:6a:
         7b:f4:3c:d7:a6:f6:99:bc:b2:da:78:46:d3:52:6d:78:f4:b5:
         f1:10:8f:a8:81:7e:50:ea:e1:2e:46:1a:75:d7:bf:4d:0f:64:
         6b:ce:60:c2:25:66:f2:22:53:7c:e1:4e:f5:b6:a7:cf:c7:f9:
         8f:54:03:35:2c:b9:ec:67:c3:68:a9:78:e8:c0:1a:d6:88:dc:
         99:f2:be:e6:01:3d:c7:4f:16:90:c8:ee:3b:c1:05:57:00:34:
         8c:ef:fc:04:78:d7:73:f1:a6:4c:c7:a6:66:f6:d6:c0:14:e7:
         1d:59:6e:3c:44:cf:af:c5:a2:2b:d5:c4:f2:b8:ab:2f:5a:67:
         74:9d:06:cc:ba:a0:98:0e:ba:8b:7b:19:b2:91:2e:14:78:ef:
         ad:0b:e0:bc:59:6c:5e:85:0e:2f:43:5e:56:73:74:3f:30:0a:
         8e:b7:ab:ec:2b:0a:94:e7:14:84:ca:f8:32:1f:06:66:64:a1:
         e7:cd:9c:73:14:40:e5:b2:af:de:ee:19:35:70:0f:6a:2d:6c:
         1e:a2:f2:7e:8f:a9:1f:70:38:a7:4b:df:26:49:52:bb:5e:e1:
         98:8d:00:b2:b1:ae:f2:6c:9f:67:66:7b:a4:be:1b:de:cd:cc:
         cc:14:a6:07
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBSzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
NTRDQjExMC8GA1UEBRMoREQwMkE3RThEN0M5NzU3QzY1N0JEQTZBRDlENTdGMDU4
ODFGRkE1NzAeFw0yMzEwMTYxMzQyMThaFw0yNDA3MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1MmQzZGJhLWJmZTYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCrIWEtks6VT5dciB2fquUQke/4DW5MpxGxJClVktOTYgp/fOpFVgZLldw/7hkq
tf0zeKl5o9qlyqgH7pYNVLnuk+aYJSFdLC1jv+0Sm4f3yzdMPdDtjcpR9PzrNrrH
JYaD7XhfqHF7Pf9C6wMZMNKXt03PeoGqHkkItOFAemYAUSGI6XxQ3ZWgOHjKWDwr
ytrFZmFP61o19XMBMtc9u1svoS8Jx1dEsPfCQKCORpiWNTdLW26lp2cusbxw+e96
3VaMhmlz3ca5zLstOYpggnchYzhL//Y1HCcHGL4v6LstPXEWPv4iMGS3ueIolFvZ
6n8lRocKXM2I2zioUQkjUBXBAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUZepC2rwj
vIBZT36AhqHkSvK8uSAwHwYDVR0jBBgwFoAU3QKn6NfJdXxle9pq2dV/BYgf+lcw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTc1NENCLzUzQkU0REJFRkRE
MTExRUQ5ODczMzA2N0M0RjlBRTAyLzNRS242TmZKZFh4bGU5cHEyZFZfQllnZi1s
Yy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvM1FLbjZOZkpkWHhsZTlwcTJkVl9CWWdmLWxjLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
NTRDQi81M0JFNERCRUZERDExMUVEOTg3MzMwNjdDNEY5QUUwMi9EMkU0QTNBNjZD
MjkxMUVFOUI4NTFCNDVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAKDuQDANBgkqhkiG9w0BAQsFAAOCAQEALxdc0bwTFvcTgGdj
xV5Zx75qe/Q816b2mbyy2nhG01JtePS18RCPqIF+UOrhLkYadde/TQ9ka85gwiVm
8iJTfOFO9banz8f5j1QDNSy57GfDaKl46MAa1ojcmfK+5gE9x08WkMjuO8EFVwA0
jO/8BHjXc/GmTMemZvbWwBTnHVluPETPr8WiK9XE8rirL1pndJ0GzLqgmA66i3sZ
spEuFHjvrQvgvFlsXoUOL0NeVnN0PzAKjrer7CsKlOcUhMr4Mh8GZmSh582ccxRA
5bKv3u4ZNXAPai1sHqLyfo+pH3A4p0vfJklSu17hmI0AsrGu8myfZ2Z7pL4b3s3M
zBSmBw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:12 2024 by rpki-client on console-fra.rpki-client.org