Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/73FD9CC8D8D011ECB773DB2DC4F9AE02.roa
File:                     73FD9CC8D8D011ECB773DB2DC4F9AE02.roa (raw, json)
Hash identifier:          kfT30ldrPOA7arQh8vpMzqDq1ZxMx5MhS3+5dT3vhGg=
Subject key identifier:   00:FE:4C:F7:50:A8:AA:F1:53:8D:86:3C:6A:DC:EB:2C:92:A1:B1:5C
Certificate issuer:       /CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
Certificate serial:       0AE0
Authority key identifier: C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/73FD9CC8D8D011ECB773DB2DC4F9AE02.roa
Signing time:             Sat 21 May 2022 06:37:16 +0000
ROA not before:           Sat 21 May 2022 06:37:15 +0000
ROA not after:            Sun 28 May 2023 00:00:00 +0000
asID:                     58945
IP address blocks:        59.152.3.0/24 maxlen: 24
                          59.152.14.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2784 (0xae0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
        Validity
            Not Before: May 21 06:37:15 2022 GMT
            Not After : May 28 00:00:00 2023 GMT
        Subject: CN=6288889b-da2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:b7:9b:cd:68:a3:6a:a7:90:9f:8f:d9:94:17:
                    ca:ed:a2:18:9a:41:3f:f2:75:5d:65:b7:58:03:23:
                    f9:68:90:e2:2c:5d:bd:c3:02:19:e6:8c:e4:a2:2f:
                    c5:a7:19:00:bb:61:72:47:a4:e1:c7:7d:b7:52:06:
                    66:08:9f:6a:c4:75:28:0f:b7:6a:aa:af:5d:c1:4f:
                    02:a2:05:8f:d7:a2:d3:b2:31:bb:74:5d:8b:89:1e:
                    17:70:ce:a7:2a:34:fa:ff:78:f8:4b:6e:6c:40:00:
                    b0:da:7f:33:fe:8b:ee:f4:28:6f:a9:26:7b:cd:ef:
                    34:30:25:61:00:3e:67:d3:f9:24:bb:86:5a:0b:46:
                    d0:d3:31:66:b1:dd:77:61:5f:25:0e:1e:c5:95:b9:
                    fb:e5:d3:42:ae:1b:06:27:90:60:85:6c:65:ef:bd:
                    6b:c1:d8:d8:cc:d7:40:57:ad:58:73:f2:6d:0e:fb:
                    0a:a8:dc:64:cd:8c:d1:39:10:3f:2c:e8:fc:4c:07:
                    db:2f:e1:c7:d0:a6:f9:f3:d7:37:23:fe:e9:8a:a7:
                    c9:3d:be:a4:2d:58:04:6d:33:1a:af:98:4b:f6:66:
                    ea:c8:08:17:6e:06:48:15:10:31:69:a3:79:6e:47:
                    7c:8d:35:8d:6b:2b:bd:23:1e:5e:80:d3:7f:f2:c3:
                    15:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:FE:4C:F7:50:A8:AA:F1:53:8D:86:3C:6A:DC:EB:2C:92:A1:B1:5C
            X509v3 Authority Key Identifier:
                keyid:C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/yDSTwCl8y1jSg3lG1gY_FKfe6YY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/73FD9CC8D8D011ECB773DB2DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  59.152.3.0/24
                  59.152.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:87:94:2f:00:8d:48:83:db:22:5b:d0:06:6c:98:8a:8b:2e:
         96:34:2d:fa:7e:0e:58:8b:c8:05:e5:34:ca:6c:1a:9a:dd:19:
         ad:99:03:80:b5:5f:e2:66:98:67:7d:54:03:08:fc:28:12:df:
         93:e5:f4:f3:e6:a0:ea:e3:98:1b:98:9c:42:e3:cf:58:01:d7:
         0d:39:6f:04:df:31:ca:e4:52:0c:06:17:f2:9a:64:47:c4:81:
         a0:87:ad:69:3d:2c:ea:7f:87:b7:62:64:5b:5d:8c:9e:a0:2b:
         e6:8a:6c:42:23:ea:00:8e:d4:0d:c3:93:9a:38:30:5b:9f:45:
         40:ea:d2:8f:29:bd:c3:30:96:b9:77:f5:bb:c1:b1:c8:72:59:
         8c:97:90:f7:4a:6f:7f:ef:ac:91:a4:e4:21:da:c5:93:4a:59:
         5a:52:39:f7:a6:01:4e:48:b7:75:ce:4a:a4:16:c1:2b:af:06:
         b9:cf:5d:77:6b:6e:44:43:0d:c0:cb:a7:4e:bd:10:72:b5:fd:
         03:94:b2:41:0c:e2:e8:a3:79:e1:8d:8f:f9:6a:4f:a6:df:a3:
         25:b7:e8:20:e7:e3:93:e0:2a:09:dc:97:b5:3a:2c:fa:5c:08:
         4e:f9:90:27:9c:d9:ac:fb:54:20:33:77:ee:37:b2:47:6e:04:
         74:1e:fb:c9
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICCuAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUIwNkMxMTAvBgNVBAUTKEM4MzQ5M0MwMjk3Q0NCNThEMjgzNzk0NkQ2MDYzRjE0
QTdERUU5ODYwHhcNMjIwNTIxMDYzNzE1WhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02Mjg4ODg5Yi1kYTJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3LebzWijaqeQn4/ZlBfK7aIYmkE/8nVdZbdYAyP5aJDiLF29wwIZ5ozkoi/F
pxkAu2FyR6Thx323UgZmCJ9qxHUoD7dqqq9dwU8CogWP16LTsjG7dF2LiR4XcM6n
KjT6/3j4S25sQACw2n8z/ovu9ChvqSZ7ze80MCVhAD5n0/kku4ZaC0bQ0zFmsd13
YV8lDh7Flbn75dNCrhsGJ5BghWxl771rwdjYzNdAV61Yc/JtDvsKqNxkzYzRORA/
LOj8TAfbL+HH0Kb589c3I/7piqfJPb6kLVgEbTMar5hL9mbqyAgXbgZIFRAxaaN5
bkd8jTWNayu9Ix5egNN/8sMVWwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFAD+TPdQ
qKrxU42GPGrc6yySobFcMB8GA1UdIwQYMBaAFMg0k8ApfMtY0oN5RtYGPxSn3umG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QjA2Qy9FOUQ2MkU3NEZF
QUUxMUU4OTEwRDRENjZDNEY5QUUwMi95RFNUd0NsOHkxalNnM2xHMWdZX0ZLZmU2
WVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lEU1R3Q2w4eTFqU2czbEcxZ1lfRktmZTZZWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUIwNkMvRTlENjJFNzRGRUFFMTFFODkxMEQ0RDY2QzRGOUFFMDIvNzNGRDlDQzhE
OEQwMTFFQ0I3NzNEQjJEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAA7mAMDBAA7mA4wDQYJKoZIhvcNAQELBQADggEBABSHlC8A
jUiD2yJb0AZsmIqLLpY0Lfp+DliLyAXlNMpsGprdGa2ZA4C1X+JmmGd9VAMI/CgS
35Pl9PPmoOrjmBuYnELjz1gB1w05bwTfMcrkUgwGF/KaZEfEgaCHrWk9LOp/h7di
ZFtdjJ6gK+aKbEIj6gCO1A3Dk5o4MFufRUDq0o8pvcMwlrl39bvBschyWYyXkPdK
b3/vrJGk5CHaxZNKWVpSOfemAU5It3XOSqQWwSuvBrnPXXdrbkRDDcDLp069EHK1
/QOUskEM4uijeeGNj/lqT6bfoyW36CDn45PgKgncl7U6LPpcCE75kCec2az7VCAz
d+43skduBHQe+8k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:48 2024 by rpki-client on console-ams.rpki-client.org