Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/FBBF3DF21F0A11EE996A5147C4F9AE02.roa
File:                     FBBF3DF21F0A11EE996A5147C4F9AE02.roa (raw, json)
Hash identifier:          z6plFuFdfim86qczUH9/Ps1BvRSIKGJ+wYdB68aQgbk=
Subject key identifier:   73:9B:E5:2B:9E:85:15:72:49:7A:E6:46:94:CE:C0:B3:B8:BD:06:AB
Certificate issuer:       /CN=A918DB4E/serialNumber=42758DE0CC0CF62C2AEEE93E0EEE67903A502CCC
Certificate serial:       0AEB
Authority key identifier: 42:75:8D:E0:CC:0C:F6:2C:2A:EE:E9:3E:0E:EE:67:90:3A:50:2C:CC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QnWN4MwM9iwq7uk-Du5nkDpQLMw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/FBBF3DF21F0A11EE996A5147C4F9AE02.roa
Signing time:             Mon 17 Jul 2023 07:50:31 +0000
ROA not before:           Mon 17 Jul 2023 07:50:31 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     137883
IP address blocks:        103.116.88.0/22 maxlen: 22
                          103.116.88.0/23 maxlen: 23
                          103.116.88.0/24 maxlen: 24
                          103.116.89.0/24 maxlen: 24
                          103.116.90.0/23 maxlen: 23
                          103.116.90.0/24 maxlen: 24
                          103.116.91.0/24 maxlen: 24
                          2402:f840::/32 maxlen: 32
                          2402:f840::/48 maxlen: 48
                          2402:f840:1::/48 maxlen: 48
                          2402:f840:2::/48 maxlen: 48
                          2402:f840:3::/48 maxlen: 48
                          2402:f840:4::/48 maxlen: 48
                          2402:f840:5::/48 maxlen: 48
                          2402:f840:6::/48 maxlen: 48
                          2402:f840:7::/48 maxlen: 48
                          2402:f840:8::/48 maxlen: 48
                          2402:f840:9::/48 maxlen: 48
                          2402:f840:a::/48 maxlen: 48
                          2402:f840:b::/48 maxlen: 48
                          2402:f840:c::/48 maxlen: 48
                          2402:f840:d::/48 maxlen: 48
                          2402:f840:e::/48 maxlen: 48
                          2402:f840:f::/48 maxlen: 48
                          2402:f840:10::/48 maxlen: 48
                          2402:f840:11::/48 maxlen: 48
                          2402:f840:12::/48 maxlen: 48
                          2402:f840:13::/48 maxlen: 48
                          2402:f840:14::/48 maxlen: 48
                          2402:f840:15::/48 maxlen: 48
                          2402:f840:16::/48 maxlen: 48
                          2402:f840:17::/48 maxlen: 48
                          2402:f840:18::/48 maxlen: 48
                          2402:f840:19::/48 maxlen: 48
                          2402:f840:1a::/48 maxlen: 48
                          2402:f840:1b::/48 maxlen: 48
                          2402:f840:1c::/48 maxlen: 48
                          2402:f840:1d::/48 maxlen: 48
                          2402:f840:1e::/48 maxlen: 48
                          2402:f840:1f::/48 maxlen: 48
                          2402:f840:20::/48 maxlen: 48
                          2402:f840:21::/48 maxlen: 48
                          2402:f840:22::/48 maxlen: 48
                          2402:f840:23::/48 maxlen: 48
                          2402:f840:24::/48 maxlen: 48
                          2402:f840:25::/48 maxlen: 48
                          2402:f840:26::/48 maxlen: 48
                          2402:f840:27::/48 maxlen: 48
                          2402:f840:28::/48 maxlen: 48
                          2402:f840:29::/48 maxlen: 48
                          2402:f840:2a::/48 maxlen: 48
                          2402:f840:2b::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2795 (0xaeb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918DB4E/serialNumber=42758DE0CC0CF62C2AEEE93E0EEE67903A502CCC
        Validity
            Not Before: Jul 17 07:50:31 2023 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=64b4f2c7-272c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:16:02:a2:78:e2:16:e7:fe:42:65:38:26:38:
                    7f:34:23:73:61:ae:22:4c:21:78:15:78:77:61:56:
                    bb:be:ee:ac:b2:32:b2:fc:88:4e:83:6d:4e:bd:06:
                    70:ce:ad:a7:58:2b:21:96:7a:89:3f:af:a5:f4:f1:
                    c9:6b:c8:81:27:ed:da:00:1b:86:73:a3:a4:2d:c8:
                    1f:76:a1:72:95:1b:33:c0:92:9e:22:0c:97:34:e3:
                    d6:e0:a9:65:05:a1:95:7c:27:94:db:6b:68:06:59:
                    3c:c4:4c:82:9c:e8:36:1e:59:5e:a0:57:dd:31:a3:
                    82:a4:25:11:34:06:fe:43:c6:ca:10:d0:aa:e9:51:
                    0d:5e:97:74:03:e8:94:4d:d3:b8:0f:27:fd:5b:7e:
                    3c:65:fd:b3:a5:81:76:93:dc:23:33:21:79:ed:ce:
                    46:6e:98:63:c6:dc:39:bd:f8:7b:ad:95:28:96:75:
                    62:04:46:a9:81:93:57:e5:31:97:1a:3a:78:d6:a0:
                    f9:61:7f:41:97:a8:84:d2:bb:d7:4a:3c:e0:fa:9e:
                    97:0b:43:1a:3d:46:fd:70:95:d0:82:66:91:aa:58:
                    18:c0:06:9a:f7:b0:f3:4a:ad:d8:f6:b3:26:d9:be:
                    e2:30:a3:69:de:1e:22:4c:12:34:b0:31:86:a7:c8:
                    0e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:9B:E5:2B:9E:85:15:72:49:7A:E6:46:94:CE:C0:B3:B8:BD:06:AB
            X509v3 Authority Key Identifier:
                keyid:42:75:8D:E0:CC:0C:F6:2C:2A:EE:E9:3E:0E:EE:67:90:3A:50:2C:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/QnWN4MwM9iwq7uk-Du5nkDpQLMw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QnWN4MwM9iwq7uk-Du5nkDpQLMw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/FBBF3DF21F0A11EE996A5147C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.116.88.0/22
                IPv6:
                  2402:f840::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:a2:20:93:36:69:42:86:74:80:49:5c:6d:5b:41:61:c6:32:
         cc:cb:0b:3e:f2:e7:a4:5b:9c:90:9a:5b:cc:46:36:f6:8d:2b:
         e7:e4:61:b0:b6:9d:13:46:ac:d4:3c:a0:f5:59:f4:49:d6:9e:
         7b:96:e9:49:b9:15:05:0c:77:f3:2f:28:b1:40:82:de:b2:ea:
         74:18:59:13:31:eb:ec:c2:f3:14:c2:a8:ab:94:8e:2a:e1:f3:
         34:06:74:f2:9b:84:f6:c2:f5:ad:99:ce:9b:b1:63:c4:36:06:
         26:b9:28:85:3b:6c:bb:81:4c:65:1d:de:6e:ed:81:cb:0c:af:
         1e:62:e7:42:fa:af:c6:e7:47:1e:81:e4:2d:8a:20:09:d7:73:
         d2:70:0c:d5:4b:3a:a7:24:d2:5d:a3:66:21:47:1f:e4:8f:3d:
         4d:65:e0:75:50:81:49:b0:b1:17:c6:84:16:98:a4:f1:1d:a7:
         a6:a5:cc:ff:4f:72:e5:17:d2:dd:9d:fa:54:1e:b1:de:fa:ff:
         c7:34:0e:4c:fa:f5:27:89:47:19:e0:58:5f:de:38:34:76:00:
         d5:b7:7a:b0:60:da:6b:4b:78:f3:01:48:30:64:d7:33:ff:e4:
         0b:d3:32:b5:10:d2:69:93:4d:96:e6:0d:1f:72:5f:92:66:fd:
         63:7d:a3:d2
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCuswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OERCNEUxMTAvBgNVBAUTKDQyNzU4REUwQ0MwQ0Y2MkMyQUVFRTkzRTBFRUU2Nzkw
M0E1MDJDQ0MwHhcNMjMwNzE3MDc1MDMxWhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGI0ZjJjNy0yNzJjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4BYConjiFuf+QmU4Jjh/NCNzYa4iTCF4FXh3YVa7vu6ssjKy/IhOg21OvQZw
zq2nWCshlnqJP6+l9PHJa8iBJ+3aABuGc6OkLcgfdqFylRszwJKeIgyXNOPW4Kll
BaGVfCeU22toBlk8xEyCnOg2HlleoFfdMaOCpCURNAb+Q8bKENCq6VENXpd0A+iU
TdO4Dyf9W348Zf2zpYF2k9wjMyF57c5Gbphjxtw5vfh7rZUolnViBEapgZNX5TGX
Gjp41qD5YX9Bl6iE0rvXSjzg+p6XC0MaPUb9cJXQgmaRqlgYwAaa97DzSq3Y9rMm
2b7iMKNp3h4iTBI0sDGGp8gOyQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFHOb5Sue
hRVySXrmRpTOwLO4vQarMB8GA1UdIwQYMBaAFEJ1jeDMDPYsKu7pPg7uZ5A6UCzM
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4REI0RS83N0U3RjlBMDBD
RTUxMUVBQTIwREREODJDNEY5QUUwMi9RbldONE13TTlpd3E3dWstRHU1bmtEcFFM
TXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FuV040TXdNOWl3cTd1ay1EdTVua0RwUUxNdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OERCNEUvNzdFN0Y5QTAwQ0U1MTFFQUEyMERERDgyQzRGOUFFMDIvRkJCRjNERjIx
RjBBMTFFRTk5NkE1MTQ3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJndFgwDQQCAAIwBwMFACQC+EAwDQYJKoZIhvcNAQELBQAD
ggEBADSiIJM2aUKGdIBJXG1bQWHGMszLCz7y56RbnJCaW8xGNvaNK+fkYbC2nRNG
rNQ8oPVZ9EnWnnuW6Um5FQUMd/MvKLFAgt6y6nQYWRMx6+zC8xTCqKuUjirh8zQG
dPKbhPbC9a2ZzpuxY8Q2Bia5KIU7bLuBTGUd3m7tgcsMrx5i50L6r8bnRx6B5C2K
IAnXc9JwDNVLOqck0l2jZiFHH+SPPU1l4HVQgUmwsRfGhBaYpPEdp6alzP9PcuUX
0t2d+lQesd76/8c0Dkz69SeJRxngWF/eODR2ANW3erBg2mtLePMBSDBk1zP/5AvT
MrUQ0mmTTZbmDR9yX5Jm/WN9o9I=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:15 2024 by rpki-client on console-fra.rpki-client.org