Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/F2038E34119711EDA76B0017C4F9AE02.roa
File:                     F2038E34119711EDA76B0017C4F9AE02.roa (raw, json)
Hash identifier:          KT+mdvtdhiQOknUOTtrWXOxhNWLHeYCTJWNnc37fr5I=
Subject key identifier:   B8:91:84:A3:5B:D9:F0:25:BA:C6:4D:5B:75:73:CE:B3:08:BE:59:86
Certificate issuer:       /CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
Certificate serial:       0B92
Authority key identifier: C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/F2038E34119711EDA76B0017C4F9AE02.roa
Signing time:             Sat 06 Aug 2022 08:04:43 +0000
ROA not before:           Sat 06 Aug 2022 08:04:43 +0000
ROA not after:            Sun 28 May 2023 00:00:00 +0000
asID:                     18230
IP address blocks:        59.152.0.0/20 maxlen: 20
                          59.152.0.0/24 maxlen: 24
                          59.152.1.0/24 maxlen: 24
                          59.152.2.0/24 maxlen: 24
                          59.152.4.0/24 maxlen: 24
                          59.152.5.0/24 maxlen: 24
                          59.152.6.0/24 maxlen: 24
                          59.152.7.0/24 maxlen: 24
                          59.152.8.0/24 maxlen: 24
                          59.152.9.0/24 maxlen: 24
                          59.152.10.0/24 maxlen: 24
                          59.152.12.0/24 maxlen: 24
                          59.152.13.0/24 maxlen: 24
                          59.152.15.0/24 maxlen: 24
                          203.189.224.0/21 maxlen: 24
                          2404:1b40::/32 maxlen: 32
                          2404:1b40::/48 maxlen: 48
                          2404:1b40:1::/48 maxlen: 48
                          2404:1b40:2::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2962 (0xb92)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
        Validity
            Not Before: Aug  6 08:04:43 2022 GMT
            Not After : May 28 00:00:00 2023 GMT
        Subject: CN=62ee209b-42b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f1:05:35:52:7e:54:ca:9d:67:b1:af:ca:e8:
                    8a:2f:67:f7:68:1e:8c:2e:90:46:c5:f7:46:1d:3c:
                    8c:30:26:f0:f5:1d:36:57:dc:79:f8:3d:f7:bf:01:
                    cb:28:1e:86:93:ba:6f:79:20:5a:6d:62:5a:83:bb:
                    b6:5e:8b:23:5a:47:5f:ef:dd:07:45:29:3b:d7:b9:
                    b1:04:2d:d1:84:d8:7a:0d:b1:39:0f:8b:a3:ba:85:
                    7e:fb:a3:63:8e:96:a6:f2:5e:59:69:c6:a1:6e:64:
                    80:a0:7a:3f:20:df:e9:05:5e:5d:c1:2a:9c:a9:27:
                    2f:93:54:3d:86:c0:8d:90:27:83:7c:0a:5c:92:2b:
                    33:7c:a3:e5:43:85:98:8d:be:00:e9:31:f4:f3:d3:
                    49:ad:3e:40:60:cf:85:70:6b:29:cf:19:47:d4:dd:
                    4e:e5:97:5b:29:e8:54:4c:b6:2a:88:b4:70:31:c8:
                    8a:1e:42:ac:06:ad:3d:f4:e9:96:e7:7b:51:f3:24:
                    84:af:53:51:30:3a:da:ad:50:c2:cd:c7:91:bc:98:
                    b9:de:88:bd:92:eb:9e:bf:cf:6a:e9:e8:9a:18:68:
                    75:e5:00:2b:1e:7c:99:20:ce:b9:cc:f7:2a:63:06:
                    1a:c9:d7:d8:9e:f8:74:0e:ab:ea:73:35:2e:6f:37:
                    31:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:91:84:A3:5B:D9:F0:25:BA:C6:4D:5B:75:73:CE:B3:08:BE:59:86
            X509v3 Authority Key Identifier:
                keyid:C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/yDSTwCl8y1jSg3lG1gY_FKfe6YY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/F2038E34119711EDA76B0017C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  59.152.0.0/20
                  203.189.224.0/21
                IPv6:
                  2404:1b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         39:01:33:24:74:ba:37:e6:51:81:ae:ba:fe:27:f3:1f:5d:4a:
         55:1c:71:a5:3e:8b:f5:09:4d:ac:60:1b:49:11:b0:7e:8c:cb:
         c5:f5:fe:60:48:32:8f:58:be:a8:f1:a8:ec:43:82:43:01:da:
         bb:ab:be:89:a5:be:c6:56:60:4a:44:a5:24:e9:86:1e:4c:5f:
         7d:47:6c:3d:8b:5e:39:5a:d8:fb:9a:b2:27:17:db:86:ee:ae:
         2b:43:c0:88:18:7f:01:b1:f9:4a:7e:d3:41:c1:a7:b1:84:85:
         04:a5:8f:81:e9:1d:9d:72:59:2d:f6:9e:d5:c2:e0:1a:cf:97:
         71:75:8f:4a:09:42:dc:d4:df:d1:ef:2d:c6:c5:50:47:5a:9e:
         f9:c7:90:b2:4a:7a:b1:7d:4e:3c:d9:8d:fb:38:3d:30:c1:89:
         02:a2:f1:73:dc:98:0a:17:1e:6d:dd:3d:fa:00:27:d9:27:fb:
         e8:77:67:64:a1:3c:9a:1f:a5:08:ba:3f:6e:9e:9e:94:46:0d:
         6b:8d:ff:f1:b7:39:98:19:d2:2c:a1:2d:71:0c:64:6a:63:c1:
         bd:09:fe:b2:6f:9a:40:2f:97:91:61:c9:24:0a:e4:d6:76:59:
         10:d4:71:aa:83:bf:10:ff:8b:48:58:f6:a7:ca:6d:a8:10:7b:
         13:48:01:cf
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICC5IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUIwNkMxMTAvBgNVBAUTKEM4MzQ5M0MwMjk3Q0NCNThEMjgzNzk0NkQ2MDYzRjE0
QTdERUU5ODYwHhcNMjIwODA2MDgwNDQzWhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02MmVlMjA5Yi00MmI1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsfEFNVJ+VMqdZ7GvyuiKL2f3aB6MLpBGxfdGHTyMMCbw9R02V9x5+D33vwHL
KB6Gk7pveSBabWJag7u2XosjWkdf790HRSk717mxBC3RhNh6DbE5D4ujuoV++6Nj
jpam8l5ZacahbmSAoHo/IN/pBV5dwSqcqScvk1Q9hsCNkCeDfApckiszfKPlQ4WY
jb4A6TH089NJrT5AYM+FcGspzxlH1N1O5ZdbKehUTLYqiLRwMciKHkKsBq099OmW
53tR8ySEr1NRMDrarVDCzceRvJi53oi9kuuev89q6eiaGGh15QArHnyZIM65zPcq
YwYaydfYnvh0DqvqczUubzcxrwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFLiRhKNb
2fAlusZNW3VzzrMIvlmGMB8GA1UdIwQYMBaAFMg0k8ApfMtY0oN5RtYGPxSn3umG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QjA2Qy9FOUQ2MkU3NEZF
QUUxMUU4OTEwRDRENjZDNEY5QUUwMi95RFNUd0NsOHkxalNnM2xHMWdZX0ZLZmU2
WVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lEU1R3Q2w4eTFqU2czbEcxZ1lfRktmZTZZWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUIwNkMvRTlENjJFNzRGRUFFMTFFODkxMEQ0RDY2QzRGOUFFMDIvRjIwMzhFMzQx
MTk3MTFFREE3NkIwMDE3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAQ7mAADBAPLveAwDQQCAAIwBwMFACQEG0AwDQYJKoZIhvcN
AQELBQADggEBADkBMyR0ujfmUYGuuv4n8x9dSlUccaU+i/UJTaxgG0kRsH6My8X1
/mBIMo9YvqjxqOxDgkMB2rurvomlvsZWYEpEpSTphh5MX31HbD2LXjla2PuasicX
24buritDwIgYfwGx+Up+00HBp7GEhQSlj4HpHZ1yWS32ntXC4BrPl3F1j0oJQtzU
39HvLcbFUEdanvnHkLJKerF9TjzZjfs4PTDBiQKi8XPcmAoXHm3dPfoAJ9kn++h3
Z2ShPJofpQi6P26enpRGDWuN//G3OZgZ0iyhLXEMZGpjwb0J/rJvmkAvl5FhySQK
5NZ2WRDUcaqDvxD/i0hY9qfKbagQexNIAc8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:48 2024 by rpki-client on console-ams.rpki-client.org