Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917B12B/A509EC1EBD9D11E49996554CC4F9AE02/FFEAA8B8798D11EC9D3F6948C4F9AE02.roa
File:                     FFEAA8B8798D11EC9D3F6948C4F9AE02.roa (raw, json)
Hash identifier:          YUxodhvsLpw+M/Tzi+jm2Bu5FYi+KFL+heZuqz6AYMQ=
Subject key identifier:   C8:63:DD:B0:A6:C3:26:FE:C6:40:FE:3B:86:BE:10:A2:A2:1F:AB:8F
Certificate issuer:       /CN=A917B12B/serialNumber=F26923453F0170309FD58BF3B0B5DCE43FF9B41C
Certificate serial:       25E1
Authority key identifier: F2:69:23:45:3F:01:70:30:9F:D5:8B:F3:B0:B5:DC:E4:3F:F9:B4:1C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8mkjRT8BcDCf1YvzsLXc5D_5tBw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917B12B/A509EC1EBD9D11E49996554CC4F9AE02/FFEAA8B8798D11EC9D3F6948C4F9AE02.roa
Signing time:             Tue 02 May 2023 16:32:33 +0000
ROA not before:           Tue 02 May 2023 16:32:32 +0000
ROA not after:            Tue 30 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        45.114.220.0/22 maxlen: 22
                          103.19.244.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9697 (0x25e1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917B12B/serialNumber=F26923453F0170309FD58BF3B0B5DCE43FF9B41C
        Validity
            Not Before: May  2 16:32:32 2023 GMT
            Not After : Jul 30 00:00:00 2024 GMT
        Subject: CN=64513b20-8266
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:89:3b:68:cb:76:de:87:d7:06:3c:1c:2f:62:
                    b4:76:f2:27:81:42:a3:09:b7:58:0b:e8:7f:62:fd:
                    1f:11:76:b8:cc:c6:7c:6d:d9:70:c1:79:4a:bc:72:
                    1f:32:4c:6d:cf:95:9d:a9:13:17:3b:45:d3:e3:a2:
                    a7:31:93:b1:14:b3:0c:b3:23:20:ce:f9:99:86:7d:
                    88:ee:9b:47:20:97:d0:b4:65:f6:9f:68:a2:f9:99:
                    1d:3b:cd:98:f6:7d:53:df:2a:cc:b6:76:69:eb:ac:
                    eb:52:a4:8e:ae:5d:90:9e:95:06:33:53:15:a4:7d:
                    dc:24:65:b4:db:24:8a:26:45:7a:bc:de:6f:a1:ab:
                    77:8b:08:14:6a:1d:ce:e5:78:b6:c1:1f:66:b7:d2:
                    f6:50:1c:e1:a5:85:26:62:dc:06:ac:71:68:7b:3d:
                    7b:71:e6:56:95:47:06:7e:78:bf:52:fe:d5:f4:4d:
                    e1:6d:79:93:d8:e6:28:58:d2:57:ac:a5:e0:0e:c9:
                    94:c7:46:1d:49:31:30:03:cf:0e:d5:de:46:c9:bf:
                    cd:5d:24:c6:e6:e1:45:07:3b:50:d1:71:36:64:b4:
                    79:ea:71:a7:50:fb:f0:30:9a:7c:b8:84:58:03:c7:
                    ff:ea:9e:0b:10:78:c0:bf:79:c3:a0:63:e0:f1:6e:
                    1f:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:63:DD:B0:A6:C3:26:FE:C6:40:FE:3B:86:BE:10:A2:A2:1F:AB:8F
            X509v3 Authority Key Identifier:
                keyid:F2:69:23:45:3F:01:70:30:9F:D5:8B:F3:B0:B5:DC:E4:3F:F9:B4:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917B12B/A509EC1EBD9D11E49996554CC4F9AE02/8mkjRT8BcDCf1YvzsLXc5D_5tBw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/8mkjRT8BcDCf1YvzsLXc5D_5tBw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917B12B/A509EC1EBD9D11E49996554CC4F9AE02/FFEAA8B8798D11EC9D3F6948C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.114.220.0/22
                  103.19.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:fd:df:bd:2b:6c:e0:a3:5a:3d:e2:41:1c:ad:7d:c5:06:92:
         ed:8f:0a:8c:b4:95:7d:05:cf:fe:f6:e9:c0:6a:ca:c9:06:16:
         2a:18:3d:dc:98:32:0b:e6:57:dd:18:0a:d4:b5:47:0f:46:31:
         42:ae:76:50:dc:c5:d9:f8:d2:a3:60:9e:5a:15:78:43:69:24:
         4d:90:df:0f:1b:c1:4b:70:b8:ea:fa:10:d1:8d:d9:b0:86:4f:
         8c:57:36:dc:82:ac:91:b2:8c:45:51:13:cd:eb:ac:81:05:84:
         d4:31:73:6d:b2:de:39:85:8f:39:22:28:df:e7:f8:75:16:b2:
         11:84:32:bf:c0:6c:74:d4:a0:30:f0:a3:bc:c3:01:9d:01:ab:
         e6:c0:ad:ef:0c:e5:4c:58:c7:bb:aa:81:00:09:c9:58:3f:1d:
         54:25:0f:77:aa:fb:89:75:c0:89:f7:27:e8:bd:6a:e1:86:24:
         3d:9a:52:b8:51:06:c8:42:84:ac:95:4c:fa:5f:12:6d:7b:fb:
         bc:33:64:c2:65:85:64:b9:92:54:99:b5:10:0f:ff:ff:ad:2f:
         e6:62:dc:f1:5f:57:ff:f5:c5:80:72:45:10:de:fc:b6:69:a1:
         d2:bc:02:22:88:24:41:e1:13:48:14:85:b2:03:91:a1:9c:73:
         77:56:05:4b
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICJeEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0IxMkIxMTAvBgNVBAUTKEYyNjkyMzQ1M0YwMTcwMzA5RkQ1OEJGM0IwQjVEQ0U0
M0ZGOUI0MUMwHhcNMjMwNTAyMTYzMjMyWhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDUxM2IyMC04MjY2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0Ik7aMt23ofXBjwcL2K0dvIngUKjCbdYC+h/Yv0fEXa4zMZ8bdlwwXlKvHIf
Mkxtz5WdqRMXO0XT46KnMZOxFLMMsyMgzvmZhn2I7ptHIJfQtGX2n2ii+ZkdO82Y
9n1T3yrMtnZp66zrUqSOrl2QnpUGM1MVpH3cJGW02ySKJkV6vN5voat3iwgUah3O
5Xi2wR9mt9L2UBzhpYUmYtwGrHFoez17ceZWlUcGfni/Uv7V9E3hbXmT2OYoWNJX
rKXgDsmUx0YdSTEwA88O1d5Gyb/NXSTG5uFFBztQ0XE2ZLR56nGnUPvwMJp8uIRY
A8f/6p4LEHjAv3nDoGPg8W4fKwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFMhj3bCm
wyb+xkD+O4a+EKKiH6uPMB8GA1UdIwQYMBaAFPJpI0U/AXAwn9WL87C13OQ/+bQc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QjEyQi9BNTA5RUMxRUJE
OUQxMUU0OTk5NjU1NENDNEY5QUUwMi84bWtqUlQ4QmNEQ2YxWXZ6c0xYYzVEXzV0
QncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzhta2pSVDhCY0RDZjFZdnpzTFhjNURfNXRCdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0IxMkIvQTUwOUVDMUVCRDlEMTFFNDk5OTY1NTRDQzRGOUFFMDIvRkZFQUE4Qjg3
OThEMTFFQzlEM0Y2OTQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAItctwDBAJnE/QwDQYJKoZIhvcNAQELBQADggEBAJr9370r
bOCjWj3iQRytfcUGku2PCoy0lX0Fz/726cBqyskGFioYPdyYMgvmV90YCtS1Rw9G
MUKudlDcxdn40qNgnloVeENpJE2Q3w8bwUtwuOr6ENGN2bCGT4xXNtyCrJGyjEVR
E83rrIEFhNQxc22y3jmFjzkiKN/n+HUWshGEMr/AbHTUoDDwo7zDAZ0Bq+bAre8M
5UxYx7uqgQAJyVg/HVQlD3eq+4l1wIn3J+i9auGGJD2aUrhRBshChKyVTPpfEm17
+7wzZMJlhWS5klSZtRAP//+tL+Zi3PFfV//1xYByRRDe/LZpodK8AiKIJEHhE0gU
hbIDkaGcc3dWBUs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:22 2024 by rpki-client on console-ams.rpki-client.org