Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9197FBC/373083801D9311E28ABE9EF608B02CD2/ACF40BC2112D11EC9289037DC4F9AE02.roa
File:                     ACF40BC2112D11EC9289037DC4F9AE02.roa (raw, json)
Hash identifier:          LCAW/+Onf/f6rDgaMnV+6oTWseM5x/UNgA7di2bUGcQ=
Subject key identifier:   A0:FF:B7:B8:B4:E8:CD:88:37:12:9C:72:69:A2:0B:60:CC:88:10:22
Certificate issuer:       /CN=A9197FBC/serialNumber=5337DCB6A91B41D5211A44C216A963ABACC7E2B0
Certificate serial:       314E
Authority key identifier: 53:37:DC:B6:A9:1B:41:D5:21:1A:44:C2:16:A9:63:AB:AC:C7:E2:B0
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UzfctqkbQdUhGkTCFqljq6zH4rA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9197FBC/373083801D9311E28ABE9EF608B02CD2/ACF40BC2112D11EC9289037DC4F9AE02.roa
Signing time:             Wed 20 Apr 2022 19:00:44 +0000
ROA not before:           Wed 20 Apr 2022 19:00:44 +0000
ROA not after:            Thu 01 Dec 2022 00:00:00 +0000
asID:                     38211
IP address blocks:        119.235.208.0/20 maxlen: 24
                          203.135.176.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12622 (0x314e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9197FBC/serialNumber=5337DCB6A91B41D5211A44C216A963ABACC7E2B0
        Validity
            Not Before: Apr 20 19:00:44 2022 GMT
            Not After : Dec  1 00:00:00 2022 GMT
        Subject: CN=6260585c-a85b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:83:a1:7c:e0:99:b5:19:1e:29:fd:83:3a:4e:
                    eb:6f:c1:7c:50:40:94:4d:86:a1:f1:b4:00:a0:12:
                    c0:d8:bb:9c:fc:80:f2:43:28:46:c1:c0:ba:f6:02:
                    80:f2:44:55:29:db:05:4c:a8:f2:14:f6:2f:3f:b1:
                    57:1b:7a:47:3c:b4:95:c5:1d:9f:d7:90:b5:aa:f3:
                    24:3b:70:31:28:fe:17:52:88:81:d9:97:2a:a9:59:
                    f7:b2:fd:de:3d:c1:7e:85:e7:a7:63:ef:1a:04:d1:
                    d9:3f:a5:cd:a6:d3:6d:1d:b8:ea:6a:92:de:48:07:
                    69:1c:8b:a3:25:b8:7e:81:d8:1f:7a:fd:1b:56:b1:
                    db:0c:3d:3e:11:60:1a:48:13:66:8d:51:a0:69:86:
                    f5:ba:af:29:d9:b2:23:6f:8c:2d:1a:f1:c4:a8:90:
                    df:7e:d7:e5:dc:8d:0b:5d:91:cf:86:c9:bf:8f:cc:
                    87:d4:78:8b:78:58:cf:a2:aa:38:84:e5:1b:30:51:
                    03:cf:c7:f5:64:0f:2c:95:d3:b6:5f:a3:3d:e8:1c:
                    16:18:68:73:59:eb:68:ce:dc:87:21:66:dc:b9:ec:
                    e8:ce:d6:01:1e:ca:9b:d0:1c:d0:1e:ce:da:97:97:
                    56:af:cc:f9:f6:58:fc:e2:33:8d:c8:ce:f5:6a:cf:
                    54:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:FF:B7:B8:B4:E8:CD:88:37:12:9C:72:69:A2:0B:60:CC:88:10:22
            X509v3 Authority Key Identifier:
                keyid:53:37:DC:B6:A9:1B:41:D5:21:1A:44:C2:16:A9:63:AB:AC:C7:E2:B0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9197FBC/373083801D9311E28ABE9EF608B02CD2/UzfctqkbQdUhGkTCFqljq6zH4rA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UzfctqkbQdUhGkTCFqljq6zH4rA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9197FBC/373083801D9311E28ABE9EF608B02CD2/ACF40BC2112D11EC9289037DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.235.208.0/20
                  203.135.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         57:be:72:1f:a2:df:46:2f:e4:3c:04:90:e5:c5:62:43:cc:5a:
         7f:64:5d:21:32:28:49:fe:34:0d:9a:de:24:06:9b:ff:91:83:
         ec:c7:06:71:71:ba:2d:da:d6:fc:57:bc:72:56:36:27:1b:4c:
         5c:d2:4a:90:1b:a9:82:8c:89:d4:3e:aa:bf:31:b1:58:a2:47:
         49:79:f6:43:fd:56:c7:b0:89:95:3d:2f:f6:ef:38:10:49:57:
         59:f3:2e:ee:c5:0e:d6:86:48:5e:be:00:24:32:8d:a8:f4:be:
         f6:75:5d:ab:c5:df:ea:87:2d:1f:6c:00:1f:10:ae:1b:7e:35:
         3b:d4:48:0c:d8:36:3b:42:3a:e8:81:e3:15:32:72:95:b6:92:
         f2:b3:19:b0:7e:e8:90:72:7d:c0:75:95:b4:2e:24:07:ec:44:
         f7:c7:b6:39:8b:06:0c:db:bd:e7:7d:dc:14:18:46:cd:d4:a8:
         95:b0:83:b6:8a:4e:48:f3:04:8b:0c:78:d9:7c:1b:27:1b:85:
         6a:95:64:4d:48:21:eb:67:a2:96:76:36:6f:27:e3:52:7d:b6:
         95:eb:a7:f1:d7:76:df:d0:b1:9a:ee:18:bc:05:6d:ce:2a:99:
         17:2d:25:f5:8c:00:25:bd:46:64:95:20:1e:76:fb:e9:cc:de:
         ab:ea:21:c5
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICMU4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTdGQkMxMTAvBgNVBAUTKDUzMzdEQ0I2QTkxQjQxRDUyMTFBNDRDMjE2QTk2M0FC
QUNDN0UyQjAwHhcNMjIwNDIwMTkwMDQ0WhcNMjIxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjYwNTg1Yy1hODViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApoOhfOCZtRkeKf2DOk7rb8F8UECUTYah8bQAoBLA2Luc/IDyQyhGwcC69gKA
8kRVKdsFTKjyFPYvP7FXG3pHPLSVxR2f15C1qvMkO3AxKP4XUoiB2ZcqqVn3sv3e
PcF+heenY+8aBNHZP6XNptNtHbjqapLeSAdpHIujJbh+gdgfev0bVrHbDD0+EWAa
SBNmjVGgaYb1uq8p2bIjb4wtGvHEqJDfftfl3I0LXZHPhsm/j8yH1HiLeFjPoqo4
hOUbMFEDz8f1ZA8sldO2X6M96BwWGGhzWetoztyHIWbcuezoztYBHsqb0BzQHs7a
l5dWr8z59lj84jONyM71as9UewIDAQABo4ICmzCCApcwHQYDVR0OBBYEFKD/t7i0
6M2INxKccmmiC2DMiBAiMB8GA1UdIwQYMBaAFFM33LapG0HVIRpEwhapY6usx+Kw
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5N0ZCQy8zNzMwODM4MDFE
OTMxMUUyOEFCRTlFRjYwOEIwMkNEMi9VemZjdHFrYlFkVWhHa1RDRnFsanE2ekg0
ckEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1V6ZmN0cWtiUWRVaEdrVENGcWxqcTZ6SDRyQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTdGQkMvMzczMDgzODAxRDkzMTFFMjhBQkU5RUY2MDhCMDJDRDIvQUNGNDBCQzIx
MTJEMTFFQzkyODkwMzdEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAR369ADBAPLh7AwDQYJKoZIhvcNAQELBQADggEBAFe+ch+i
30Yv5DwEkOXFYkPMWn9kXSEyKEn+NA2a3iQGm/+Rg+zHBnFxui3a1vxXvHJWNicb
TFzSSpAbqYKMidQ+qr8xsViiR0l59kP9VsewiZU9L/bvOBBJV1nzLu7FDtaGSF6+
ACQyjaj0vvZ1XavF3+qHLR9sAB8Qrht+NTvUSAzYNjtCOuiB4xUycpW2kvKzGbB+
6JByfcB1lbQuJAfsRPfHtjmLBgzbved93BQYRs3UqJWwg7aKTkjzBIsMeNl8Gycb
hWqVZE1IIetnopZ2Nm8n41J9tpXrp/HXdt/QsZruGLwFbc4qmRctJfWMACW9RmSV
IB52++nM3qvqIcU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:48 2024 by rpki-client on console-ams.rpki-client.org