Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/B13E23D60A6311EDBFC8FF76C4F9AE02.roa
File:                     B13E23D60A6311EDBFC8FF76C4F9AE02.roa (raw, json)
Hash identifier:          GUFz2WZf7OAuwKvtaK3olm0O2w+Rz+3EGR96K/TXjIw=
Subject key identifier:   4B:D6:7B:3E:22:64:5B:48:DE:10:F3:83:9C:5F:78:DE:39:7F:7F:66
Certificate issuer:       /CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
Certificate serial:       0C87
Authority key identifier: C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/B13E23D60A6311EDBFC8FF76C4F9AE02.roa
Signing time:             Wed 10 May 2023 18:57:57 +0000
ROA not before:           Wed 10 May 2023 18:57:57 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     58945
IP address blocks:        59.152.3.0/24 maxlen: 24
                          59.152.14.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3207 (0xc87)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
        Validity
            Not Before: May 10 18:57:57 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=645be935-2432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a0:d4:ca:e6:5d:64:1c:32:ba:d3:50:02:97:
                    9c:36:c3:a3:79:98:85:c8:cc:11:7e:6d:26:99:ff:
                    1b:91:59:f7:91:d3:19:30:b3:6a:9e:2a:aa:0d:3a:
                    2e:8f:b2:92:27:f5:0e:92:07:a0:89:89:02:1d:b3:
                    aa:a0:f4:7e:44:67:77:b7:70:c8:f9:7a:4f:85:07:
                    75:87:08:18:51:e9:00:4a:32:49:09:dc:1c:4f:e4:
                    65:09:7c:7a:1b:4e:ba:e8:ca:de:ba:82:11:62:b2:
                    ce:64:76:a9:54:a8:69:d3:8d:b7:e5:79:f7:c7:cc:
                    17:d5:3a:88:75:b9:1c:bd:bf:e7:61:4f:c3:32:f6:
                    2e:aa:d2:7b:f2:52:75:a6:66:72:18:fa:92:ce:3e:
                    67:7f:39:10:bf:ad:4b:6a:ff:fd:b1:fa:a3:70:2e:
                    c7:07:1c:ac:56:d4:65:e9:4f:b4:bc:eb:15:04:f9:
                    e4:63:6d:c4:2b:3d:cc:b4:f4:eb:9e:93:a4:d6:78:
                    2f:f4:8e:45:e7:e1:b7:fe:17:58:b4:2c:00:ca:58:
                    ce:20:79:a8:8b:cd:ce:1e:a0:a4:bb:63:77:56:53:
                    75:40:8d:41:fb:33:7a:99:b9:f6:d3:55:40:e9:e6:
                    c6:52:9b:1c:c3:38:13:d3:ee:9d:8b:3c:34:23:40:
                    e6:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:D6:7B:3E:22:64:5B:48:DE:10:F3:83:9C:5F:78:DE:39:7F:7F:66
            X509v3 Authority Key Identifier:
                keyid:C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/yDSTwCl8y1jSg3lG1gY_FKfe6YY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/B13E23D60A6311EDBFC8FF76C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  59.152.3.0/24
                  59.152.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:91:2e:b1:73:1e:e4:bf:a9:a8:da:31:b2:88:16:e9:30:c7:
         51:e4:0e:0e:57:77:33:08:c0:6f:89:28:bd:9c:50:66:2d:99:
         e7:44:2d:2a:52:3a:5e:f5:43:8f:b5:8e:c4:18:d2:0d:e4:15:
         5f:a7:a0:07:ca:30:ee:84:97:a5:8d:11:d0:3d:67:ce:e8:36:
         0d:96:ae:99:d6:90:d5:d5:e7:bf:7b:9a:fd:a6:4a:70:c9:80:
         b1:d3:d2:54:9d:e4:68:43:cf:e2:5e:9d:fe:09:38:3f:35:d2:
         82:01:f2:41:a8:9b:b0:6d:3a:a1:08:90:e3:67:68:03:d9:be:
         7d:84:cf:e3:01:3c:72:54:ab:54:98:96:0d:7d:2e:b1:e7:9c:
         a7:dc:31:f0:4b:8e:7d:4b:ea:88:93:e6:7b:c0:13:d0:56:28:
         b5:da:ff:c8:c9:50:66:e4:aa:9e:50:14:82:3f:d7:e4:57:9f:
         b8:fd:5b:2a:5a:31:f9:35:5e:73:66:06:4d:19:64:e2:d9:ba:
         a0:b8:86:95:0b:48:42:2e:55:98:0d:36:02:61:e9:c5:bf:20:
         4d:02:ed:c4:05:95:1e:3d:9c:2f:03:5e:5e:2f:31:2b:e6:12:
         9b:43:01:77:8e:ef:3c:11:48:6e:3a:97:52:16:27:0a:55:e5:
         6f:c5:f2:8d
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICDIcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUIwNkMxMTAvBgNVBAUTKEM4MzQ5M0MwMjk3Q0NCNThEMjgzNzk0NkQ2MDYzRjE0
QTdERUU5ODYwHhcNMjMwNTEwMTg1NzU3WhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NDViZTkzNS0yNDMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1KDUyuZdZBwyutNQApecNsOjeZiFyMwRfm0mmf8bkVn3kdMZMLNqniqqDTou
j7KSJ/UOkgegiYkCHbOqoPR+RGd3t3DI+XpPhQd1hwgYUekASjJJCdwcT+RlCXx6
G0666MreuoIRYrLOZHapVKhp04235Xn3x8wX1TqIdbkcvb/nYU/DMvYuqtJ78lJ1
pmZyGPqSzj5nfzkQv61Lav/9sfqjcC7HBxysVtRl6U+0vOsVBPnkY23EKz3MtPTr
npOk1ngv9I5F5+G3/hdYtCwAyljOIHmoi83OHqCku2N3VlN1QI1B+zN6mbn201VA
6ebGUpscwzgT0+6dizw0I0DmhQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFEvWez4i
ZFtI3hDzg5xfeN45f39mMB8GA1UdIwQYMBaAFMg0k8ApfMtY0oN5RtYGPxSn3umG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QjA2Qy9FOUQ2MkU3NEZF
QUUxMUU4OTEwRDRENjZDNEY5QUUwMi95RFNUd0NsOHkxalNnM2xHMWdZX0ZLZmU2
WVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lEU1R3Q2w4eTFqU2czbEcxZ1lfRktmZTZZWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUIwNkMvRTlENjJFNzRGRUFFMTFFODkxMEQ0RDY2QzRGOUFFMDIvQjEzRTIzRDYw
QTYzMTFFREJGQzhGRjc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAA7mAMDBAA7mA4wDQYJKoZIhvcNAQELBQADggEBAAORLrFz
HuS/qajaMbKIFukwx1HkDg5XdzMIwG+JKL2cUGYtmedELSpSOl71Q4+1jsQY0g3k
FV+noAfKMO6El6WNEdA9Z87oNg2WrpnWkNXV5797mv2mSnDJgLHT0lSd5GhDz+Je
nf4JOD810oIB8kGom7BtOqEIkONnaAPZvn2Ez+MBPHJUq1SYlg19LrHnnKfcMfBL
jn1L6oiT5nvAE9BWKLXa/8jJUGbkqp5QFII/1+RXn7j9WypaMfk1XnNmBk0ZZOLZ
uqC4hpULSEIuVZgNNgJh6cW/IE0C7cQFlR49nC8DXl4vMSvmEptDAXeO7zwRSG46
l1IWJwpV5W/F8o0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:48 2024 by rpki-client on console-ams.rpki-client.org