Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/70008BCC4DA611ECB7D1A767C4F9AE02.roa
File:                     70008BCC4DA611ECB7D1A767C4F9AE02.roa (raw, json)
Hash identifier:          xIG9v3MUFtYnhPi3ses1pdp/DOt5Ui1FUPNkoqPuNNg=
Subject key identifier:   F4:43:EF:09:DA:AF:D3:E3:3D:94:03:30:B6:87:5F:B4:1C:47:CF:F7
Certificate issuer:       /CN=A918DB4E/serialNumber=42758DE0CC0CF62C2AEEE93E0EEE67903A502CCC
Certificate serial:       0973
Authority key identifier: 42:75:8D:E0:CC:0C:F6:2C:2A:EE:E9:3E:0E:EE:67:90:3A:50:2C:CC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QnWN4MwM9iwq7uk-Du5nkDpQLMw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/70008BCC4DA611ECB7D1A767C4F9AE02.roa
Signing time:             Wed 15 Jun 2022 20:29:59 +0000
ROA not before:           Wed 15 Jun 2022 20:29:59 +0000
ROA not after:            Thu 31 Aug 2023 00:00:00 +0000
asID:                     137883
IP address blocks:        103.116.88.0/22 maxlen: 22
                          103.116.88.0/23 maxlen: 23
                          103.116.88.0/24 maxlen: 24
                          103.116.89.0/24 maxlen: 24
                          103.116.90.0/23 maxlen: 23
                          103.116.90.0/24 maxlen: 24
                          103.116.91.0/24 maxlen: 24
                          2402:f840::/32 maxlen: 32
                          2402:f840:1::/48 maxlen: 48
                          2402:f840:5::/48 maxlen: 48
                          2402:f840:6::/48 maxlen: 48
                          2402:f840:8::/48 maxlen: 48
                          2402:f840:9::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2419 (0x973)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918DB4E/serialNumber=42758DE0CC0CF62C2AEEE93E0EEE67903A502CCC
        Validity
            Not Before: Jun 15 20:29:59 2022 GMT
            Not After : Aug 31 00:00:00 2023 GMT
        Subject: CN=62aa4147-0472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:eb:12:1b:d4:dc:e6:5c:a1:3f:85:b6:3a:3f:
                    56:3f:0b:78:be:f5:46:9a:b2:2d:e7:6a:4e:9d:2f:
                    15:6b:a0:08:d5:ac:42:8c:65:b0:08:0c:76:b9:c7:
                    01:a5:7f:71:22:ac:eb:43:c2:58:1b:c8:91:86:f5:
                    67:8d:48:23:b1:85:a6:33:06:19:3a:01:7f:91:3d:
                    81:96:81:77:cd:22:df:bd:68:7b:c1:b2:c3:d4:3c:
                    5c:45:66:48:94:f5:02:bf:bc:20:fb:ee:bb:11:be:
                    42:49:46:fb:d8:0f:50:46:aa:05:33:ff:33:bf:f3:
                    85:cb:2f:8b:2a:ba:97:b4:51:ff:c3:15:99:b2:bc:
                    40:77:cf:3d:3f:a2:82:f0:ac:ea:bd:81:3a:51:04:
                    6c:50:2c:92:5a:6d:95:fb:97:c6:b8:33:a2:09:46:
                    b6:7d:0c:e2:d7:17:0a:3a:5e:01:83:6b:a7:e6:3d:
                    a3:48:62:ce:79:61:9f:cb:35:f4:08:7a:71:a2:39:
                    f2:fd:ad:86:ab:28:c7:49:4d:1c:2b:f8:49:b6:03:
                    52:07:39:26:8a:9c:95:3c:48:2c:f8:80:e1:40:6d:
                    90:57:9f:dd:b9:36:12:45:4f:e0:7b:90:cb:3c:4c:
                    3c:bd:69:5d:ca:88:67:8c:11:72:26:50:07:fc:76:
                    a0:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:43:EF:09:DA:AF:D3:E3:3D:94:03:30:B6:87:5F:B4:1C:47:CF:F7
            X509v3 Authority Key Identifier:
                keyid:42:75:8D:E0:CC:0C:F6:2C:2A:EE:E9:3E:0E:EE:67:90:3A:50:2C:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/QnWN4MwM9iwq7uk-Du5nkDpQLMw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QnWN4MwM9iwq7uk-Du5nkDpQLMw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/70008BCC4DA611ECB7D1A767C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.116.88.0/22
                IPv6:
                  2402:f840::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:0e:fa:16:4d:09:47:21:23:eb:71:b0:51:42:5d:8c:37:d7:
         c1:e9:18:c4:7a:bd:6c:89:af:31:d4:7f:6f:7a:74:f6:95:2e:
         59:48:2e:f6:3c:21:35:4f:bf:00:b3:44:87:0f:23:99:ba:63:
         fe:1f:e8:d4:46:ae:ff:79:38:be:0a:86:d7:c6:eb:aa:71:9b:
         d0:88:7d:98:24:98:6c:f0:dc:66:12:0b:bc:ba:da:41:1c:60:
         22:52:09:93:6f:e2:da:54:b0:f3:fe:c0:66:14:6c:03:26:ea:
         f3:ee:3e:ba:a9:bf:83:0a:6d:6c:c6:c4:61:79:1b:56:90:c3:
         5c:de:3a:15:e4:cd:2f:37:ba:1f:03:16:71:7b:0b:9f:cd:75:
         47:e6:12:48:a6:14:23:9e:f0:c1:94:0f:e7:e2:84:42:12:b5:
         83:25:0b:bd:2f:47:d0:40:4c:cc:92:74:4c:38:ad:17:1a:5c:
         cb:3d:21:54:d2:d3:91:1f:53:0a:a0:78:ad:a0:a1:e2:41:82:
         dd:f4:bc:11:b2:61:51:71:20:fc:51:a1:66:27:8c:d8:2c:49:
         55:92:88:80:24:e3:ea:50:f3:89:6f:14:a8:1b:58:39:e3:dd:
         e9:be:44:57:51:d8:ff:83:07:86:4a:b6:4c:84:64:5d:64:26:
         39:1e:0a:81
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCXMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OERCNEUxMTAvBgNVBAUTKDQyNzU4REUwQ0MwQ0Y2MkMyQUVFRTkzRTBFRUU2Nzkw
M0E1MDJDQ0MwHhcNMjIwNjE1MjAyOTU5WhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmFhNDE0Ny0wNDcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8OsSG9Tc5lyhP4W2Oj9WPwt4vvVGmrIt52pOnS8Va6AI1axCjGWwCAx2uccB
pX9xIqzrQ8JYG8iRhvVnjUgjsYWmMwYZOgF/kT2BloF3zSLfvWh7wbLD1DxcRWZI
lPUCv7wg++67Eb5CSUb72A9QRqoFM/8zv/OFyy+LKrqXtFH/wxWZsrxAd889P6KC
8KzqvYE6UQRsUCySWm2V+5fGuDOiCUa2fQzi1xcKOl4Bg2un5j2jSGLOeWGfyzX0
CHpxojny/a2GqyjHSU0cK/hJtgNSBzkmipyVPEgs+IDhQG2QV5/duTYSRU/ge5DL
PEw8vWldyohnjBFyJlAH/HagIwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFPRD7wna
r9PjPZQDMLaHX7QcR8/3MB8GA1UdIwQYMBaAFEJ1jeDMDPYsKu7pPg7uZ5A6UCzM
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4REI0RS83N0U3RjlBMDBD
RTUxMUVBQTIwREREODJDNEY5QUUwMi9RbldONE13TTlpd3E3dWstRHU1bmtEcFFM
TXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FuV040TXdNOWl3cTd1ay1EdTVua0RwUUxNdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OERCNEUvNzdFN0Y5QTAwQ0U1MTFFQUEyMERERDgyQzRGOUFFMDIvNzAwMDhCQ0M0
REE2MTFFQ0I3RDFBNzY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJndFgwDQQCAAIwBwMFACQC+EAwDQYJKoZIhvcNAQELBQAD
ggEBAGsO+hZNCUchI+txsFFCXYw318HpGMR6vWyJrzHUf296dPaVLllILvY8ITVP
vwCzRIcPI5m6Y/4f6NRGrv95OL4KhtfG66pxm9CIfZgkmGzw3GYSC7y62kEcYCJS
CZNv4tpUsPP+wGYUbAMm6vPuPrqpv4MKbWzGxGF5G1aQw1zeOhXkzS83uh8DFnF7
C5/NdUfmEkimFCOe8MGUD+fihEIStYMlC70vR9BATMySdEw4rRcaXMs9IVTS05Ef
UwqgeK2goeJBgt30vBGyYVFxIPxRoWYnjNgsSVWSiIAk4+pQ84lvFKgbWDnj3em+
RFdR2P+DB4ZKtkyEZF1kJjkeCoE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:26 2024 by rpki-client on console-ams.rpki-client.org