Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/501D5C12F0F811EDAE504410C4F9AE02.roa
File:                     501D5C12F0F811EDAE504410C4F9AE02.roa (raw, json)
Hash identifier:          2V8LmGfEijF6o1bNlG7LBSmQ9+vATy7AAaOo2YiqfJ8=
Subject key identifier:   AE:0B:7B:4A:89:65:BF:6E:D5:35:5C:70:AE:30:01:0C:9C:B0:A0:EC
Certificate issuer:       /CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
Certificate serial:       0C8B
Authority key identifier: C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/501D5C12F0F811EDAE504410C4F9AE02.roa
Signing time:             Fri 12 May 2023 19:08:01 +0000
ROA not before:           Fri 12 May 2023 19:08:01 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     18230
IP address blocks:        59.152.0.0/20 maxlen: 20
                          59.152.0.0/24 maxlen: 24
                          59.152.1.0/24 maxlen: 24
                          59.152.2.0/24 maxlen: 24
                          59.152.4.0/24 maxlen: 24
                          59.152.5.0/24 maxlen: 24
                          59.152.6.0/24 maxlen: 24
                          59.152.7.0/24 maxlen: 24
                          59.152.8.0/24 maxlen: 24
                          59.152.9.0/24 maxlen: 24
                          59.152.10.0/24 maxlen: 24
                          59.152.12.0/24 maxlen: 24
                          59.152.13.0/24 maxlen: 24
                          59.152.15.0/24 maxlen: 24
                          2404:1b40::/32 maxlen: 32
                          2404:1b40::/48 maxlen: 48
                          2404:1b40:1::/48 maxlen: 48
                          2404:1b40:2::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3211 (0xc8b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
        Validity
            Not Before: May 12 19:08:01 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=645e8e90-c9b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:2d:97:05:31:d3:bc:33:ce:48:de:81:2f:5e:
                    d5:77:39:a1:4f:54:ae:9d:7e:75:5f:53:6b:3f:56:
                    d2:7e:b0:ca:e1:ce:1b:09:1d:d7:7c:0e:1c:0d:b9:
                    3f:62:16:81:fa:f2:b4:42:fe:fc:8d:63:da:e9:00:
                    a6:06:5f:e7:de:e8:e9:01:c5:a1:c0:51:f5:3a:c8:
                    b9:59:72:85:cc:6a:a6:7f:ca:ea:4c:aa:73:c8:66:
                    ce:f8:f4:15:92:1f:de:32:7e:7b:d9:3d:7d:5d:5f:
                    dd:27:5d:8c:5f:bc:4f:ef:fc:15:db:77:e8:98:be:
                    da:1c:0c:14:27:0f:f3:89:3f:5d:88:58:c8:54:ac:
                    18:90:9f:dc:72:bd:98:d8:06:1f:5f:95:6c:f1:48:
                    35:1e:37:b8:c6:85:ce:40:ee:08:75:06:11:1f:57:
                    fe:72:a5:25:22:2b:03:91:4c:90:86:77:cd:c4:cf:
                    1b:a5:25:28:9f:73:f0:08:29:59:7b:27:92:fe:04:
                    9a:ff:d7:aa:1f:44:5b:68:9e:d5:a3:b1:69:0f:79:
                    f3:f4:3d:4a:aa:04:ff:45:35:b3:8e:e7:35:dd:cb:
                    bf:57:56:ca:f8:06:bf:4b:8e:35:73:80:eb:a8:e0:
                    ad:6f:f3:ec:a0:1f:b8:2d:1e:51:ec:bb:71:ba:86:
                    a6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:0B:7B:4A:89:65:BF:6E:D5:35:5C:70:AE:30:01:0C:9C:B0:A0:EC
            X509v3 Authority Key Identifier:
                keyid:C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/yDSTwCl8y1jSg3lG1gY_FKfe6YY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/501D5C12F0F811EDAE504410C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  59.152.0.0/20
                IPv6:
                  2404:1b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:da:4a:93:28:a6:2b:94:52:14:b8:27:a1:b6:fb:4f:2d:ee:
         57:55:d1:8e:b9:22:8c:63:78:2c:19:4f:ed:68:d4:fc:d0:96:
         2a:14:6e:d9:13:19:6f:05:c4:76:99:6c:e5:c5:c1:86:03:9f:
         93:fd:9f:44:53:67:13:a0:a9:98:de:0e:89:c1:8a:15:06:d4:
         ff:d5:db:f5:d0:5e:fc:d8:9d:02:8c:6f:b5:5e:db:a8:fd:fb:
         eb:34:25:db:e5:95:6a:3a:f1:89:fa:fc:81:9f:fa:85:5c:9f:
         ca:b9:47:2f:55:46:62:08:23:4f:ee:04:9f:e7:4c:4a:61:6a:
         e6:ea:b2:10:2f:81:63:e8:6c:23:4c:b9:66:93:5f:1e:87:60:
         3c:c7:95:42:ee:80:0c:4d:60:63:f4:f9:21:c0:3d:eb:90:fd:
         d4:ab:b5:a6:83:08:f9:c8:b0:67:da:3c:ef:b4:ce:9a:64:d8:
         2a:f5:25:1c:f9:d3:ae:43:1d:a4:a5:63:6c:e7:84:47:9b:d7:
         03:65:82:e1:97:46:76:16:a2:6c:cc:ec:3b:93:a3:ee:09:35:
         d6:be:2c:fb:34:1c:31:e1:32:71:7e:cc:8a:91:d2:50:14:ec:
         46:d2:35:bf:dd:20:51:ce:95:4c:5d:e1:f6:15:e8:67:02:19:
         ed:35:80:11
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICDIswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUIwNkMxMTAvBgNVBAUTKEM4MzQ5M0MwMjk3Q0NCNThEMjgzNzk0NkQ2MDYzRjE0
QTdERUU5ODYwHhcNMjMwNTEyMTkwODAxWhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NDVlOGU5MC1jOWI1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoC2XBTHTvDPOSN6BL17VdzmhT1SunX51X1NrP1bSfrDK4c4bCR3XfA4cDbk/
YhaB+vK0Qv78jWPa6QCmBl/n3ujpAcWhwFH1Osi5WXKFzGqmf8rqTKpzyGbO+PQV
kh/eMn572T19XV/dJ12MX7xP7/wV23fomL7aHAwUJw/ziT9diFjIVKwYkJ/ccr2Y
2AYfX5Vs8Ug1Hje4xoXOQO4IdQYRH1f+cqUlIisDkUyQhnfNxM8bpSUon3PwCClZ
eyeS/gSa/9eqH0RbaJ7Vo7FpD3nz9D1KqgT/RTWzjuc13cu/V1bK+Aa/S441c4Dr
qOCtb/PsoB+4LR5R7LtxuoamkwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFK4Le0qJ
Zb9u1TVccK4wAQycsKDsMB8GA1UdIwQYMBaAFMg0k8ApfMtY0oN5RtYGPxSn3umG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QjA2Qy9FOUQ2MkU3NEZF
QUUxMUU4OTEwRDRENjZDNEY5QUUwMi95RFNUd0NsOHkxalNnM2xHMWdZX0ZLZmU2
WVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lEU1R3Q2w4eTFqU2czbEcxZ1lfRktmZTZZWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUIwNkMvRTlENjJFNzRGRUFFMTFFODkxMEQ0RDY2QzRGOUFFMDIvNTAxRDVDMTJG
MEY4MTFFREFFNTA0NDEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAQ7mAAwDQQCAAIwBwMFACQEG0AwDQYJKoZIhvcNAQELBQAD
ggEBABbaSpMopiuUUhS4J6G2+08t7ldV0Y65IoxjeCwZT+1o1PzQlioUbtkTGW8F
xHaZbOXFwYYDn5P9n0RTZxOgqZjeDonBihUG1P/V2/XQXvzYnQKMb7Ve26j9++s0
JdvllWo68Yn6/IGf+oVcn8q5Ry9VRmIII0/uBJ/nTEphaubqshAvgWPobCNMuWaT
Xx6HYDzHlULugAxNYGP0+SHAPeuQ/dSrtaaDCPnIsGfaPO+0zppk2Cr1JRz5065D
HaSlY2znhEeb1wNlguGXRnYWomzM7DuTo+4JNda+LPs0HDHhMnF+zIqR0lAU7EbS
Nb/dIFHOlUxd4fYV6GcCGe01gBE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:48 2024 by rpki-client on console-ams.rpki-client.org