Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/7BD51C0818B511EDB560256FC4F9AE02.roa
File:                     7BD51C0818B511EDB560256FC4F9AE02.roa (raw, json)
Hash identifier:          NM0b3qiDtVzlG1vVyLOZ7Sc3oKBXvNZZ6xRcB7XiUpw=
Subject key identifier:   D2:02:2B:51:E0:D3:1B:5E:0A:AA:01:70:FB:EE:AC:85:E7:57:BF:49
Certificate issuer:       /CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
Certificate serial:       0C1B
Authority key identifier: C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/7BD51C0818B511EDB560256FC4F9AE02.roa
Signing time:             Mon 31 Oct 2022 10:44:46 +0000
ROA not before:           Mon 31 Oct 2022 10:44:46 +0000
ROA not after:            Sun 28 May 2023 00:00:00 +0000
asID:                     18230
IP address blocks:        59.152.0.0/20 maxlen: 20
                          59.152.0.0/24 maxlen: 24
                          59.152.1.0/24 maxlen: 24
                          59.152.2.0/24 maxlen: 24
                          59.152.4.0/24 maxlen: 24
                          59.152.5.0/24 maxlen: 24
                          59.152.6.0/24 maxlen: 24
                          59.152.7.0/24 maxlen: 24
                          59.152.8.0/24 maxlen: 24
                          59.152.9.0/24 maxlen: 24
                          59.152.10.0/24 maxlen: 24
                          59.152.11.0/24 maxlen: 24
                          59.152.12.0/24 maxlen: 24
                          59.152.13.0/24 maxlen: 24
                          59.152.15.0/24 maxlen: 24
                          2404:1b40::/32 maxlen: 32
                          2404:1b40::/48 maxlen: 48
                          2404:1b40:1::/48 maxlen: 48
                          2404:1b40:2::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3099 (0xc1b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
        Validity
            Not Before: Oct 31 10:44:46 2022 GMT
            Not After : May 28 00:00:00 2023 GMT
        Subject: CN=635fa71e-521d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:53:42:37:4e:cf:5b:fc:5a:ed:96:c3:97:05:
                    f1:8c:1b:2d:b0:45:6c:f7:b5:6d:45:9c:0c:19:e4:
                    ac:6e:a1:95:91:ea:0e:ef:18:00:26:7c:42:16:9f:
                    8d:6a:49:cf:eb:25:a3:e6:8a:47:3e:d0:38:7f:d7:
                    d5:3a:c6:5b:00:6e:9e:2f:f5:df:8a:3e:35:8a:f4:
                    aa:21:43:6e:9a:2b:a8:c7:60:d2:a5:36:28:98:7c:
                    bc:d0:22:85:a4:91:8b:ff:c1:90:e4:4a:bd:a2:64:
                    3d:54:d2:59:65:cf:18:ac:4b:22:88:41:f3:1b:9f:
                    40:70:7c:08:f8:95:98:9b:06:0a:48:6a:81:f9:e8:
                    2c:ba:e6:07:04:34:de:3b:38:64:57:03:b0:52:38:
                    db:0a:85:69:88:9c:fa:58:86:a9:e3:4c:19:5b:b4:
                    be:b3:c1:1a:35:17:6c:ee:ff:b8:ab:e8:f8:60:46:
                    7a:3c:bf:ca:65:b6:cf:9c:dd:c7:ec:68:8a:a9:89:
                    08:5f:9b:d2:62:36:69:65:5f:7b:a9:7d:f7:0a:e8:
                    6f:f9:c6:3f:42:47:db:43:5a:95:90:f0:c0:8e:3f:
                    1a:d2:19:d3:40:41:ba:2c:45:02:38:9c:b3:34:09:
                    7c:d0:23:b3:5b:8a:c8:54:87:93:f9:75:07:6e:c7:
                    fe:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:02:2B:51:E0:D3:1B:5E:0A:AA:01:70:FB:EE:AC:85:E7:57:BF:49
            X509v3 Authority Key Identifier:
                keyid:C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/yDSTwCl8y1jSg3lG1gY_FKfe6YY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/7BD51C0818B511EDB560256FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  59.152.0.0/20
                IPv6:
                  2404:1b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:5a:9f:cc:78:e5:f4:e5:15:9c:63:96:54:74:27:79:bc:2d:
         58:b8:fc:60:a9:42:c0:38:d5:fd:d1:d4:f6:f6:a1:83:22:30:
         1b:69:5c:ae:fd:c5:d5:a8:a6:f2:12:a3:4c:2c:c1:00:6c:b5:
         c1:24:51:29:d0:5b:d5:0b:47:d8:69:de:db:92:24:13:44:ac:
         ae:41:fc:fc:c5:d2:77:5c:bb:12:64:03:83:0d:1e:22:0e:f5:
         cc:27:a6:a8:7e:22:e3:bd:15:85:a1:a6:de:2b:78:82:42:0c:
         a3:41:97:c9:2f:3a:13:b2:07:8d:af:e7:c8:84:b7:bc:04:4e:
         12:fc:49:0d:8d:6d:1a:ab:13:98:b6:79:cb:09:90:c8:55:33:
         95:4f:0a:42:6e:5b:44:55:68:25:8f:41:96:0c:e3:c4:64:aa:
         07:cd:88:61:58:50:5e:c0:35:75:ea:b2:9e:8d:fa:e0:b3:a3:
         16:dc:e0:4e:5c:f1:e0:56:a7:55:a0:5b:f4:6f:fa:bc:3c:92:
         f2:b9:57:96:1c:54:ab:74:48:31:bd:15:29:5a:44:9f:f1:73:
         d0:e5:11:fb:36:06:7d:7c:44:b2:1b:5d:96:39:3d:9e:b0:c4:
         df:3c:6b:e2:15:de:46:e1:8d:63:85:b4:be:b6:04:9f:2c:67:
         43:73:40:1c
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICDBswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUIwNkMxMTAvBgNVBAUTKEM4MzQ5M0MwMjk3Q0NCNThEMjgzNzk0NkQ2MDYzRjE0
QTdERUU5ODYwHhcNMjIxMDMxMTA0NDQ2WhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02MzVmYTcxZS01MjFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0FNCN07PW/xa7ZbDlwXxjBstsEVs97VtRZwMGeSsbqGVkeoO7xgAJnxCFp+N
aknP6yWj5opHPtA4f9fVOsZbAG6eL/Xfij41ivSqIUNumiuox2DSpTYomHy80CKF
pJGL/8GQ5Eq9omQ9VNJZZc8YrEsiiEHzG59AcHwI+JWYmwYKSGqB+egsuuYHBDTe
OzhkVwOwUjjbCoVpiJz6WIap40wZW7S+s8EaNRds7v+4q+j4YEZ6PL/KZbbPnN3H
7GiKqYkIX5vSYjZpZV97qX33Cuhv+cY/QkfbQ1qVkPDAjj8a0hnTQEG6LEUCOJyz
NAl80COzW4rIVIeT+XUHbsf+uwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFNICK1Hg
0xteCqoBcPvurIXnV79JMB8GA1UdIwQYMBaAFMg0k8ApfMtY0oN5RtYGPxSn3umG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QjA2Qy9FOUQ2MkU3NEZF
QUUxMUU4OTEwRDRENjZDNEY5QUUwMi95RFNUd0NsOHkxalNnM2xHMWdZX0ZLZmU2
WVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lEU1R3Q2w4eTFqU2czbEcxZ1lfRktmZTZZWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUIwNkMvRTlENjJFNzRGRUFFMTFFODkxMEQ0RDY2QzRGOUFFMDIvN0JENTFDMDgx
OEI1MTFFREI1NjAyNTZGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAQ7mAAwDQQCAAIwBwMFACQEG0AwDQYJKoZIhvcNAQELBQAD
ggEBAG1an8x45fTlFZxjllR0J3m8LVi4/GCpQsA41f3R1Pb2oYMiMBtpXK79xdWo
pvISo0wswQBstcEkUSnQW9ULR9hp3tuSJBNErK5B/PzF0ndcuxJkA4MNHiIO9cwn
pqh+IuO9FYWhpt4reIJCDKNBl8kvOhOyB42v58iEt7wEThL8SQ2NbRqrE5i2ecsJ
kMhVM5VPCkJuW0RVaCWPQZYM48RkqgfNiGFYUF7ANXXqsp6N+uCzoxbc4E5c8eBW
p1WgW/Rv+rw8kvK5V5YcVKt0SDG9FSlaRJ/xc9DlEfs2Bn18RLIbXZY5PZ6wxN88
a+IV3kbhjWOFtL62BJ8sZ0NzQBw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:48 2024 by rpki-client on console-ams.rpki-client.org