Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917B12B/A509EC1EBD9D11E49996554CC4F9AE02/C5B59990759711EC880DD61AC4F9AE02.roa
File:                     C5B59990759711EC880DD61AC4F9AE02.roa (raw, json)
Hash identifier:          gMwtzcXF4KfNpjtsga3tevOv2L5enOAs8u0riJ7jw1Q=
Subject key identifier:   F3:CE:76:7D:74:7A:40:F9:E9:89:E5:23:4E:AB:FF:BA:3D:78:B1:78
Certificate issuer:       /CN=A917B12B/serialNumber=F26923453F0170309FD58BF3B0B5DCE43FF9B41C
Certificate serial:       25E2
Authority key identifier: F2:69:23:45:3F:01:70:30:9F:D5:8B:F3:B0:B5:DC:E4:3F:F9:B4:1C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8mkjRT8BcDCf1YvzsLXc5D_5tBw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917B12B/A509EC1EBD9D11E49996554CC4F9AE02/C5B59990759711EC880DD61AC4F9AE02.roa
Signing time:             Tue 02 May 2023 16:32:34 +0000
ROA not before:           Tue 02 May 2023 16:32:33 +0000
ROA not after:            Tue 30 Jul 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        45.114.220.0/22 maxlen: 22
                          103.19.244.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9698 (0x25e2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917B12B/serialNumber=F26923453F0170309FD58BF3B0B5DCE43FF9B41C
        Validity
            Not Before: May  2 16:32:33 2023 GMT
            Not After : Jul 30 00:00:00 2024 GMT
        Subject: CN=64513b21-6e3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:33:b7:a3:fb:06:a5:d1:f3:a5:dd:a0:e1:9a:
                    5a:ce:d4:db:d9:1e:a9:b0:ea:58:03:7f:d3:68:21:
                    95:3b:93:c1:9e:a3:ad:00:ba:8d:31:cb:9c:9b:6b:
                    68:52:4a:d0:c8:33:66:9d:f6:16:bb:6e:ff:f5:5b:
                    51:dd:66:02:60:e7:d3:eb:0f:54:21:09:87:7f:2d:
                    0e:79:42:77:24:ac:5b:1a:62:c0:7e:b0:70:40:bc:
                    d4:0a:8e:64:83:76:21:0d:db:59:95:3b:d7:02:47:
                    49:5b:97:a9:6e:1c:3d:3f:5d:c6:c6:5c:93:3d:9b:
                    9d:43:48:60:18:5b:58:8a:95:01:15:0e:94:4c:35:
                    64:fb:46:a2:cb:74:d8:18:78:c9:c5:8e:9e:f4:36:
                    f7:14:30:cc:1c:5e:87:bd:7d:b3:52:28:b8:5c:f5:
                    41:40:ae:81:97:29:57:6f:16:7f:91:7f:02:5c:06:
                    1b:00:f0:51:40:9e:2f:1c:cf:55:a2:22:0f:e3:af:
                    78:92:b2:2d:d0:5f:4e:94:ce:6b:35:65:9d:7c:a2:
                    5f:1e:5a:21:ab:ff:da:4b:ca:cf:dd:61:97:5e:3e:
                    84:5a:72:39:1e:18:6d:e8:dd:0d:d7:de:81:ea:30:
                    29:59:d1:db:30:6e:ed:94:66:22:f5:a7:48:bb:a7:
                    2b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:CE:76:7D:74:7A:40:F9:E9:89:E5:23:4E:AB:FF:BA:3D:78:B1:78
            X509v3 Authority Key Identifier:
                keyid:F2:69:23:45:3F:01:70:30:9F:D5:8B:F3:B0:B5:DC:E4:3F:F9:B4:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917B12B/A509EC1EBD9D11E49996554CC4F9AE02/8mkjRT8BcDCf1YvzsLXc5D_5tBw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8mkjRT8BcDCf1YvzsLXc5D_5tBw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917B12B/A509EC1EBD9D11E49996554CC4F9AE02/C5B59990759711EC880DD61AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.114.220.0/22
                  103.19.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         be:96:66:e9:c2:9f:1e:13:36:d0:04:6e:b8:b5:05:73:83:81:
         b2:7e:9b:8b:61:85:88:a3:e7:63:a2:fe:6f:19:56:ca:8e:f5:
         a6:7e:10:64:c9:70:3e:d2:1e:c0:3b:7e:68:00:7d:86:9c:91:
         f8:fd:e0:41:90:31:b4:4c:1c:45:96:a1:18:c1:c1:e6:75:49:
         75:4d:8d:da:67:13:a9:cf:2f:c9:2e:4a:9e:2c:f4:3c:01:8a:
         8f:8e:ab:7d:21:10:f8:d4:b7:0a:0f:e2:15:b1:23:30:94:c5:
         7d:fb:bb:de:20:98:f5:a9:39:d8:b4:95:74:af:6c:c5:c6:f2:
         de:93:66:bb:4e:d3:02:40:0b:45:1e:9c:e1:20:aa:10:50:0a:
         b5:c8:64:54:28:fd:4f:80:da:e4:d2:76:1c:b7:48:f2:de:dd:
         eb:3a:81:92:05:f8:a1:7d:70:8c:62:ed:29:0c:af:83:13:cb:
         ee:34:e6:56:ee:b8:c1:5d:a0:b3:ad:e6:1f:f1:f5:ca:36:3b:
         b2:42:68:ec:84:8c:22:7d:15:12:37:83:e8:9e:d4:30:7e:10:
         70:4f:d8:51:de:f4:90:1e:48:6b:41:56:e5:3f:61:ff:c7:a4:
         09:17:4c:97:d3:43:f8:45:30:2a:ca:38:0f:1a:c5:37:ce:5f:
         74:4c:d3:af
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICJeIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0IxMkIxMTAvBgNVBAUTKEYyNjkyMzQ1M0YwMTcwMzA5RkQ1OEJGM0IwQjVEQ0U0
M0ZGOUI0MUMwHhcNMjMwNTAyMTYzMjMzWhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDUxM2IyMS02ZTNiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA9jO3o/sGpdHzpd2g4ZpaztTb2R6psOpYA3/TaCGVO5PBnqOtALqNMcucm2to
UkrQyDNmnfYWu27/9VtR3WYCYOfT6w9UIQmHfy0OeUJ3JKxbGmLAfrBwQLzUCo5k
g3YhDdtZlTvXAkdJW5epbhw9P13GxlyTPZudQ0hgGFtYipUBFQ6UTDVk+0aiy3TY
GHjJxY6e9Db3FDDMHF6HvX2zUii4XPVBQK6BlylXbxZ/kX8CXAYbAPBRQJ4vHM9V
oiIP4694krIt0F9OlM5rNWWdfKJfHlohq//aS8rP3WGXXj6EWnI5Hhht6N0N196B
6jApWdHbMG7tlGYi9adIu6crgQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFPPOdn10
ekD56YnlI06r/7o9eLF4MB8GA1UdIwQYMBaAFPJpI0U/AXAwn9WL87C13OQ/+bQc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QjEyQi9BNTA5RUMxRUJE
OUQxMUU0OTk5NjU1NENDNEY5QUUwMi84bWtqUlQ4QmNEQ2YxWXZ6c0xYYzVEXzV0
QncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzhta2pSVDhCY0RDZjFZdnpzTFhjNURfNXRCdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0IxMkIvQTUwOUVDMUVCRDlEMTFFNDk5OTY1NTRDQzRGOUFFMDIvQzVCNTk5OTA3
NTk3MTFFQzg4MERENjFBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAItctwDBAJnE/QwDQYJKoZIhvcNAQELBQADggEBAL6WZunC
nx4TNtAEbri1BXODgbJ+m4thhYij52Oi/m8ZVsqO9aZ+EGTJcD7SHsA7fmgAfYac
kfj94EGQMbRMHEWWoRjBweZ1SXVNjdpnE6nPL8kuSp4s9DwBio+Oq30hEPjUtwoP
4hWxIzCUxX37u94gmPWpOdi0lXSvbMXG8t6TZrtO0wJAC0UenOEgqhBQCrXIZFQo
/U+A2uTSdhy3SPLe3es6gZIF+KF9cIxi7SkMr4MTy+405lbuuMFdoLOt5h/x9co2
O7JCaOyEjCJ9FRI3g+ie1DB+EHBP2FHe9JAeSGtBVuU/Yf/HpAkXTJfTQ/hFMCrK
OA8axTfOX3RM068=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:12 2024 by rpki-client on console-fra.rpki-client.org