Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/26976D1A575511EE9DEEAF55C4F9AE02.roa
File:                     26976D1A575511EE9DEEAF55C4F9AE02.roa (raw, json)
Hash identifier:          CKs0T/mITXHk3PxkBMOySkzWu3dI4Ezt1yQUTnP1Nfo=
Subject key identifier:   52:98:A8:42:98:64:94:BE:12:9E:B6:F4:2F:DE:3F:10:6D:82:DA:D0
Certificate issuer:       /CN=A9194C0D/serialNumber=634E28B1002E556E8EB14F953EAD63B6D6775809
Certificate serial:       02
Authority key identifier: 63:4E:28:B1:00:2E:55:6E:8E:B1:4F:95:3E:AD:63:B6:D6:77:58:09
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y04osQAuVW6OsU-VPq1jttZ3WAk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/26976D1A575511EE9DEEAF55C4F9AE02.roa
Signing time:             Wed 20 Sep 2023 01:29:33 +0000
ROA not before:           Wed 20 Sep 2023 01:29:33 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     134090
IP address blocks:        45.249.116.0/22 maxlen: 22
                          45.249.116.0/23 maxlen: 23
                          103.51.112.0/22 maxlen: 23
                          103.85.36.0/22 maxlen: 23
                          103.95.112.0/22 maxlen: 23
                          103.106.88.0/22 maxlen: 23
                          123.253.188.0/22 maxlen: 23
                          202.128.112.0/21 maxlen: 22
                          202.128.120.0/21 maxlen: 22
                          202.179.128.0/22 maxlen: 23
                          2400:a840::/32 maxlen: 34
                          2400:a842::/31 maxlen: 32
                          2400:a844::/31 maxlen: 32
                          2402:2c80::/32 maxlen: 33
                          2402:3fc0::/32 maxlen: 33

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9194C0D/serialNumber=634E28B1002E556E8EB14F953EAD63B6D6775809
        Validity
            Not Before: Sep 20 01:29:33 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=650a4afc-c654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:53:22:da:12:62:0d:f9:3a:6e:0c:e8:89:7d:
                    46:98:68:34:a1:39:ee:bc:d2:53:32:bd:34:6e:cf:
                    c0:53:60:a3:30:26:93:d8:5a:15:fd:e2:10:d4:b5:
                    18:3c:67:ba:5a:af:55:19:a5:1c:00:15:b4:c4:0d:
                    7c:02:76:9d:05:8a:cc:03:d7:1b:e4:68:77:7b:a0:
                    ce:ed:15:47:cd:a8:7a:be:12:46:da:be:a3:65:67:
                    28:0d:98:1c:92:3d:2d:87:b2:0e:39:af:90:83:09:
                    b0:b8:2c:5e:61:37:82:5c:14:81:3f:09:27:fe:dc:
                    56:e5:37:e7:f5:16:cf:6a:49:d2:25:bb:7f:78:ef:
                    33:0f:63:57:04:0e:a1:a1:d8:6b:11:cf:40:42:92:
                    c2:08:0f:af:e9:39:92:6e:7e:4d:85:8e:64:1c:15:
                    c3:2c:83:a7:74:9c:e4:d0:2f:cc:a8:c3:6e:0c:77:
                    0e:8a:4f:f8:44:3a:c8:e2:db:93:13:3d:45:3b:8e:
                    bc:8e:f4:66:a1:25:e3:dc:aa:49:ac:81:11:13:d5:
                    72:d5:c9:d2:c6:16:0c:e8:12:30:8d:34:d6:af:96:
                    a7:4b:7b:b1:f2:d4:7e:28:1a:70:a8:ca:81:d5:46:
                    17:8f:01:fc:64:a4:b9:cf:ea:83:95:57:a5:84:34:
                    e7:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:98:A8:42:98:64:94:BE:12:9E:B6:F4:2F:DE:3F:10:6D:82:DA:D0
            X509v3 Authority Key Identifier:
                keyid:63:4E:28:B1:00:2E:55:6E:8E:B1:4F:95:3E:AD:63:B6:D6:77:58:09

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/Y04osQAuVW6OsU-VPq1jttZ3WAk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y04osQAuVW6OsU-VPq1jttZ3WAk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9194C0D/AD258890575411EE940CD954C4F9AE02/26976D1A575511EE9DEEAF55C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.249.116.0/22
                  103.51.112.0/22
                  103.85.36.0/22
                  103.95.112.0/22
                  103.106.88.0/22
                  123.253.188.0/22
                  202.128.112.0/20
                  202.179.128.0/22
                IPv6:
                  2400:a840::/32
                  2400:a842::-2400:a845:ffff:ffff:ffff:ffff:ffff:ffff
                  2402:2c80::/32
                  2402:3fc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:d9:9e:ae:8d:29:7f:3a:d1:e6:8b:be:e2:ed:b6:0c:b9:27:
         1c:f4:83:82:a4:19:e2:15:e6:e1:c2:f4:8b:3e:36:ff:0e:cb:
         a8:1f:db:14:04:a7:9c:f7:7b:f5:48:af:5a:21:d8:1a:71:bb:
         bb:6d:97:59:68:e5:b3:ec:4e:c8:e3:1b:bc:48:67:37:2a:a2:
         f3:c6:f5:ea:94:16:b9:2e:4f:42:42:ff:5d:60:09:9d:ad:bb:
         36:29:cc:aa:fb:58:52:20:6c:23:8e:c4:52:59:41:9e:35:9b:
         50:22:1d:17:0e:44:4e:bc:1f:d2:6c:87:d4:1a:0b:c0:64:b5:
         44:4c:88:c5:74:c8:6b:39:a5:19:95:c1:4a:5b:5f:4c:68:d8:
         7f:85:93:59:39:28:4a:38:2c:82:0b:10:5a:f8:8c:2b:e3:40:
         88:f3:e0:43:de:d4:af:52:fc:9b:75:7b:b8:dd:5a:1c:af:2c:
         1c:52:a6:90:13:be:2d:6f:91:d3:97:ba:90:c9:a8:a8:62:6d:
         6f:22:0e:44:d1:fc:50:88:3c:3f:40:35:df:5c:e2:91:b6:09:
         91:3f:0a:4b:a3:b8:e1:a1:b5:dc:81:5d:d9:d4:e9:20:48:78:
         e7:7e:81:2b:02:ed:e3:21:8f:66:f4:cd:c0:66:61:78:a0:5a:
         4b:3a:cd:65
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
NEMwRDExMC8GA1UEBRMoNjM0RTI4QjEwMDJFNTU2RThFQjE0Rjk1M0VBRDYzQjZE
Njc3NTgwOTAeFw0yMzA5MjAwMTI5MzNaFw0yNDEyMzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1MGE0YWZjLWM2NTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCxUyLaEmIN+TpuDOiJfUaYaDShOe680lMyvTRuz8BTYKMwJpPYWhX94hDUtRg8
Z7par1UZpRwAFbTEDXwCdp0FiswD1xvkaHd7oM7tFUfNqHq+EkbavqNlZygNmByS
PS2Hsg45r5CDCbC4LF5hN4JcFIE/CSf+3FblN+f1Fs9qSdIlu3947zMPY1cEDqGh
2GsRz0BCksIID6/pOZJufk2FjmQcFcMsg6d0nOTQL8yow24Mdw6KT/hEOsji25MT
PUU7jryO9GahJePcqkmsgRET1XLVydLGFgzoEjCNNNavlqdLe7Hy1H4oGnCoyoHV
RhePAfxkpLnP6oOVV6WENOdzAgMBAAGjggLsMIIC6DAdBgNVHQ4EFgQUUpioQphk
lL4Snrb0L94/EG2C2tAwHwYDVR0jBBgwFoAUY04osQAuVW6OsU+VPq1jttZ3WAkw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTk0QzBEL0FEMjU4ODkwNTc1
NDExRUU5NDBDRDk1NEM0RjlBRTAyL1kwNG9zUUF1Vlc2T3NVLVZQcTFqdHRaM1dB
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvWTA0b3NRQXVWVzZPc1UtVlBxMWp0dFozV0FrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
NEMwRC9BRDI1ODg5MDU3NTQxMUVFOTQwQ0Q5NTRDNEY5QUUwMi8yNjk3NkQxQTU3
NTUxMUVFOURFRUFGNTVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDB2BggrBgEFBQcBBwEB/wRn
MGUwNgQCAAEwMAMEAi35dAMEAmczcAMEAmdVJAMEAmdfcAMEAmdqWAMEAnv9vAME
BMqAcAMEAsqzgDArBAIAAjAlAwUAJACoQDAOAwUBJACoQgMFASQAqEQDBQAkAiyA
AwUAJAI/wDANBgkqhkiG9w0BAQsFAAOCAQEAYtmero0pfzrR5ou+4u22DLknHPSD
gqQZ4hXm4cL0iz42/w7LqB/bFASnnPd79UivWiHYGnG7u22XWWjls+xOyOMbvEhn
Nyqi88b16pQWuS5PQkL/XWAJna27NinMqvtYUiBsI47EUllBnjWbUCIdFw5ETrwf
0myH1BoLwGS1REyIxXTIazmlGZXBSltfTGjYf4WTWTkoSjgsggsQWviMK+NAiPPg
Q97Ur1L8m3V7uN1aHK8sHFKmkBO+LW+R05e6kMmoqGJtbyIORNH8UIg8P0A131zi
kbYJkT8KS6O44aG13IFd2dTpIEh4536BKwLt4yGPZvTNwGZheKBaSzrNZQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:34 2024 by rpki-client on console-fra.rpki-client.org