Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/146F92BC01F511EE96C2AA4EC4F9AE02.roa
File:                     146F92BC01F511EE96C2AA4EC4F9AE02.roa (raw, json)
Hash identifier:          5zdv4tT1ufaxMlc6pDDyk1omrV1Nl8swzopjapZ0wxk=
Subject key identifier:   6B:F3:4F:F1:BB:CE:49:20:00:3C:3A:FB:CA:4C:79:19:EA:82:40:3D
Certificate issuer:       /CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
Certificate serial:       0C9A
Authority key identifier: C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/146F92BC01F511EE96C2AA4EC4F9AE02.roa
Signing time:             Sat 03 Jun 2023 09:57:42 +0000
ROA not before:           Sat 03 Jun 2023 09:57:42 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     18230
IP address blocks:        59.152.0.0/20 maxlen: 20
                          59.152.0.0/24 maxlen: 24
                          59.152.1.0/24 maxlen: 24
                          59.152.2.0/24 maxlen: 24
                          59.152.4.0/24 maxlen: 24
                          59.152.5.0/24 maxlen: 24
                          59.152.6.0/24 maxlen: 24
                          59.152.8.0/24 maxlen: 24
                          59.152.9.0/24 maxlen: 24
                          59.152.10.0/24 maxlen: 24
                          59.152.12.0/24 maxlen: 24
                          59.152.13.0/24 maxlen: 24
                          59.152.15.0/24 maxlen: 24
                          2404:1b40::/32 maxlen: 32
                          2404:1b40::/48 maxlen: 48
                          2404:1b40:1::/48 maxlen: 48
                          2404:1b40:2::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3226 (0xc9a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
        Validity
            Not Before: Jun  3 09:57:42 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=647b0e96-90e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:64:a6:2d:8b:6b:0b:d9:b8:3d:b8:29:44:54:
                    fd:17:8a:3e:08:7e:e0:e9:7e:3c:3d:15:14:06:f1:
                    7e:ba:a4:9e:87:42:d3:81:64:72:d3:0c:d0:29:8a:
                    ae:92:fa:3c:ad:e0:c3:6e:b1:20:ba:29:e9:04:f2:
                    79:2b:cd:66:63:b1:55:c2:63:a9:17:e9:10:4e:33:
                    9d:b6:b6:30:22:b4:2b:b7:44:85:9d:41:2c:b5:0f:
                    d5:9e:e9:a0:99:e8:76:da:c3:c9:40:e9:8b:a3:3e:
                    01:be:c2:09:fe:da:c5:07:0a:8b:2c:b4:10:5d:12:
                    59:6e:c1:fe:5d:c2:67:5c:d5:bb:0b:86:0d:58:c6:
                    ac:35:cf:eb:d8:6d:2e:51:04:b9:69:56:c5:2b:1d:
                    92:c3:52:b5:88:ea:12:ed:e5:ad:f9:91:b6:f3:26:
                    9e:1c:0d:09:4f:9c:67:5b:2f:c4:6c:72:a4:fa:eb:
                    d7:f7:c7:0c:42:60:2a:16:fe:39:35:45:4e:94:ff:
                    1a:12:67:45:50:7c:3d:57:8e:47:b1:73:3c:a0:57:
                    2c:4e:b9:19:ae:93:87:5c:5f:e4:5f:e9:ef:35:19:
                    a2:51:75:56:82:d5:68:a6:b5:cb:66:78:36:cc:6c:
                    9b:63:47:13:a5:26:f2:ec:82:6b:e3:cc:88:b9:d2:
                    76:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F3:4F:F1:BB:CE:49:20:00:3C:3A:FB:CA:4C:79:19:EA:82:40:3D
            X509v3 Authority Key Identifier:
                keyid:C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/yDSTwCl8y1jSg3lG1gY_FKfe6YY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/146F92BC01F511EE96C2AA4EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  59.152.0.0/20
                IPv6:
                  2404:1b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:35:67:bc:4d:30:e9:27:c1:4f:65:da:46:06:bf:34:38:d1:
         46:92:6c:19:0b:6c:a3:bd:d8:c7:04:88:41:ee:4b:bc:b0:25:
         ad:bc:cc:51:1b:49:d9:78:ef:db:0a:bc:ed:fc:43:fc:87:9b:
         1e:44:9b:7d:c7:e1:d6:8c:3b:9e:8d:29:cc:26:6d:e6:1d:d6:
         ea:56:e8:11:60:62:7b:8b:cf:8a:89:0d:92:5c:ab:50:fc:52:
         54:2c:7e:94:29:8d:4a:1b:00:11:cd:ee:8b:ce:cb:18:8a:d8:
         02:9d:9d:83:0f:79:f0:ce:b1:e8:b0:05:b2:f3:77:db:2e:cb:
         6f:67:19:71:8a:72:ac:ee:d9:d1:5f:b8:32:ad:88:be:3e:37:
         7f:81:09:90:48:29:d3:cf:7f:31:62:67:49:70:22:1e:df:c8:
         54:3b:4b:c8:5a:0d:08:e8:52:29:fc:ad:39:4b:c7:7d:dd:6f:
         45:00:64:7b:cc:b0:03:c3:f4:6d:9f:1f:6b:29:53:cf:9e:1f:
         d7:be:79:53:fc:c6:82:05:05:63:e7:ac:35:aa:13:5f:55:c6:
         b1:38:b8:8c:b1:b1:4e:37:de:31:7f:e1:a0:70:32:32:02:3d:
         0b:35:c2:3a:de:1b:5e:84:d3:9c:d5:3c:27:d0:8b:6e:e9:ff:
         6a:bc:3b:e1
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICDJowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUIwNkMxMTAvBgNVBAUTKEM4MzQ5M0MwMjk3Q0NCNThEMjgzNzk0NkQ2MDYzRjE0
QTdERUU5ODYwHhcNMjMwNjAzMDk1NzQyWhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NDdiMGU5Ni05MGU2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA72SmLYtrC9m4PbgpRFT9F4o+CH7g6X48PRUUBvF+uqSeh0LTgWRy0wzQKYqu
kvo8reDDbrEguinpBPJ5K81mY7FVwmOpF+kQTjOdtrYwIrQrt0SFnUEstQ/Vnumg
meh22sPJQOmLoz4BvsIJ/trFBwqLLLQQXRJZbsH+XcJnXNW7C4YNWMasNc/r2G0u
UQS5aVbFKx2Sw1K1iOoS7eWt+ZG28yaeHA0JT5xnWy/EbHKk+uvX98cMQmAqFv45
NUVOlP8aEmdFUHw9V45HsXM8oFcsTrkZrpOHXF/kX+nvNRmiUXVWgtVoprXLZng2
zGybY0cTpSby7IJr48yIudJ2fQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFGvzT/G7
zkkgADw6+8pMeRnqgkA9MB8GA1UdIwQYMBaAFMg0k8ApfMtY0oN5RtYGPxSn3umG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QjA2Qy9FOUQ2MkU3NEZF
QUUxMUU4OTEwRDRENjZDNEY5QUUwMi95RFNUd0NsOHkxalNnM2xHMWdZX0ZLZmU2
WVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lEU1R3Q2w4eTFqU2czbEcxZ1lfRktmZTZZWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUIwNkMvRTlENjJFNzRGRUFFMTFFODkxMEQ0RDY2QzRGOUFFMDIvMTQ2RjkyQkMw
MUY1MTFFRTk2QzJBQTRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAQ7mAAwDQQCAAIwBwMFACQEG0AwDQYJKoZIhvcNAQELBQAD
ggEBAKc1Z7xNMOknwU9l2kYGvzQ40UaSbBkLbKO92McEiEHuS7ywJa28zFEbSdl4
79sKvO38Q/yHmx5Em33H4daMO56NKcwmbeYd1upW6BFgYnuLz4qJDZJcq1D8UlQs
fpQpjUobABHN7ovOyxiK2AKdnYMPefDOseiwBbLzd9suy29nGXGKcqzu2dFfuDKt
iL4+N3+BCZBIKdPPfzFiZ0lwIh7fyFQ7S8haDQjoUin8rTlLx33db0UAZHvMsAPD
9G2fH2spU8+eH9e+eVP8xoIFBWPnrDWqE19VxrE4uIyxsU433jF/4aBwMjICPQs1
wjreG16E05zVPCfQi27p/2q8O+E=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:34 2024 by rpki-client on console-fra.rpki-client.org