Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/340360F4D32611EB90F4EB1FC4F9AE02.roa
File:                     340360F4D32611EB90F4EB1FC4F9AE02.roa (raw, json)
Hash identifier:          PurB+r1NrQUuiRhpN6FAH9YfB2qVFUnDJkwDvKGISJk=
Subject key identifier:   A6:30:35:08:4E:B1:31:5B:A0:68:9B:47:97:FD:CA:EB:07:3F:22:BC
Certificate issuer:       /CN=A91AB6EB/serialNumber=FC9BD463D02E9FD2DFC3C39AE4CD5AB322658C2A
Certificate serial:       094D
Authority key identifier: FC:9B:D4:63:D0:2E:9F:D2:DF:C3:C3:9A:E4:CD:5A:B3:22:65:8C:2A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_JvUY9Aun9Lfw8Oa5M1asyJljCo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/340360F4D32611EB90F4EB1FC4F9AE02.roa
Signing time:             Tue 29 Aug 2023 23:45:13 +0000
ROA not before:           Tue 29 Aug 2023 23:45:13 +0000
ROA not after:            Wed 01 May 2024 00:00:00 +0000
asID:                     24105
IP address blocks:        27.255.0.0/24 maxlen: 24
                          27.255.1.0/24 maxlen: 24
                          27.255.2.0/24 maxlen: 24
                          27.255.3.0/24 maxlen: 24
                          27.255.4.0/24 maxlen: 24
                          27.255.5.0/24 maxlen: 24
                          27.255.6.0/24 maxlen: 24
                          27.255.7.0/24 maxlen: 24
                          27.255.8.0/24 maxlen: 24
                          27.255.9.0/24 maxlen: 24
                          27.255.10.0/24 maxlen: 24
                          27.255.11.0/24 maxlen: 24
                          27.255.12.0/24 maxlen: 24
                          27.255.13.0/24 maxlen: 24
                          27.255.14.0/24 maxlen: 24
                          27.255.15.0/24 maxlen: 24
                          27.255.16.0/24 maxlen: 24
                          27.255.17.0/24 maxlen: 24
                          27.255.18.0/24 maxlen: 24
                          27.255.19.0/24 maxlen: 24
                          27.255.20.0/24 maxlen: 24
                          27.255.21.0/24 maxlen: 24
                          27.255.22.0/24 maxlen: 24
                          27.255.23.0/24 maxlen: 24
                          27.255.24.0/24 maxlen: 24
                          27.255.25.0/24 maxlen: 24
                          27.255.26.0/24 maxlen: 24
                          27.255.27.0/24 maxlen: 24
                          27.255.28.0/24 maxlen: 24
                          27.255.29.0/24 maxlen: 24
                          27.255.30.0/24 maxlen: 24
                          27.255.31.0/24 maxlen: 24
                          27.255.32.0/24 maxlen: 24
                          27.255.33.0/24 maxlen: 24
                          27.255.34.0/24 maxlen: 24
                          27.255.35.0/24 maxlen: 24
                          27.255.36.0/24 maxlen: 24
                          27.255.37.0/24 maxlen: 24
                          27.255.38.0/24 maxlen: 24
                          27.255.39.0/24 maxlen: 24
                          27.255.40.0/24 maxlen: 24
                          27.255.41.0/24 maxlen: 24
                          27.255.42.0/24 maxlen: 24
                          27.255.43.0/24 maxlen: 24
                          27.255.44.0/24 maxlen: 24
                          27.255.45.0/24 maxlen: 24
                          27.255.46.0/24 maxlen: 24
                          27.255.47.0/24 maxlen: 24
                          27.255.48.0/24 maxlen: 24
                          27.255.49.0/24 maxlen: 24
                          27.255.50.0/24 maxlen: 24
                          27.255.51.0/24 maxlen: 24
                          27.255.52.0/24 maxlen: 24
                          27.255.53.0/24 maxlen: 24
                          27.255.54.0/24 maxlen: 24
                          27.255.55.0/24 maxlen: 24
                          27.255.56.0/24 maxlen: 24
                          27.255.57.0/24 maxlen: 24
                          27.255.58.0/24 maxlen: 24
                          27.255.59.0/24 maxlen: 24
                          27.255.60.0/24 maxlen: 24
                          27.255.61.0/24 maxlen: 24
                          27.255.62.0/24 maxlen: 24
                          27.255.63.0/24 maxlen: 24
                          42.201.129.0/24 maxlen: 24
                          42.201.139.0/24 maxlen: 24
                          42.201.141.0/24 maxlen: 24
                          42.201.152.0/24 maxlen: 24
                          42.201.155.0/24 maxlen: 24
                          42.201.156.0/24 maxlen: 24
                          42.201.168.0/24 maxlen: 24
                          42.201.184.0/24 maxlen: 24
                          42.201.187.0/24 maxlen: 24
                          42.201.190.0/24 maxlen: 24
                          42.201.195.0/24 maxlen: 24
                          42.201.204.0/24 maxlen: 24
                          42.201.207.0/24 maxlen: 24
                          42.201.222.0/24 maxlen: 24
                          42.201.223.0/24 maxlen: 24
                          42.201.226.0/24 maxlen: 24
                          42.201.227.0/24 maxlen: 24
                          42.201.233.0/24 maxlen: 24
                          42.201.235.0/24 maxlen: 24
                          42.201.244.0/24 maxlen: 24
                          42.201.245.0/24 maxlen: 24
                          42.201.246.0/24 maxlen: 24
                          42.201.247.0/24 maxlen: 24
                          103.17.202.0/24 maxlen: 24
                          180.92.128.0/24 maxlen: 24
                          180.92.129.0/24 maxlen: 24
                          180.92.130.0/24 maxlen: 24
                          180.92.131.0/24 maxlen: 24
                          180.92.132.0/24 maxlen: 24
                          180.92.133.0/24 maxlen: 24
                          180.92.134.0/24 maxlen: 24
                          180.92.135.0/24 maxlen: 24
                          180.92.136.0/24 maxlen: 24
                          180.92.137.0/24 maxlen: 24
                          180.92.138.0/24 maxlen: 24
                          180.92.139.0/24 maxlen: 24
                          180.92.140.0/24 maxlen: 24
                          180.92.141.0/24 maxlen: 24
                          180.92.142.0/24 maxlen: 24
                          180.92.143.0/24 maxlen: 24
                          180.92.144.0/24 maxlen: 24
                          180.92.145.0/24 maxlen: 24
                          180.92.146.0/24 maxlen: 24
                          180.92.147.0/24 maxlen: 24
                          180.92.148.0/24 maxlen: 24
                          180.92.149.0/24 maxlen: 24
                          180.92.150.0/24 maxlen: 24
                          180.92.151.0/24 maxlen: 24
                          180.92.152.0/24 maxlen: 24
                          180.92.153.0/24 maxlen: 24
                          180.92.154.0/24 maxlen: 24
                          180.92.155.0/24 maxlen: 24
                          180.92.156.0/24 maxlen: 24
                          180.92.157.0/24 maxlen: 24
                          180.92.158.0/24 maxlen: 24
                          180.92.159.0/24 maxlen: 24
                          192.135.90.0/24 maxlen: 24
                          192.135.91.0/24 maxlen: 24
                          192.144.78.0/24 maxlen: 24
                          192.144.79.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2381 (0x94d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91AB6EB/serialNumber=FC9BD463D02E9FD2DFC3C39AE4CD5AB322658C2A
        Validity
            Not Before: Aug 29 23:45:13 2023 GMT
            Not After : May  1 00:00:00 2024 GMT
        Subject: CN=64ee8309-e6b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:db:99:77:2d:7f:27:26:3c:78:f3:9c:9e:80:
                    5c:41:a0:44:e1:ce:97:b2:d7:42:74:0e:f8:f6:fe:
                    6a:4b:78:73:f0:d7:40:e1:8d:ce:8a:40:7c:b8:b5:
                    27:75:54:4e:52:a5:a2:7d:cd:57:96:7c:eb:ed:0b:
                    01:17:e8:0e:e6:2f:79:27:35:5d:73:01:b9:ec:c4:
                    17:5f:49:49:4e:a7:ef:c1:0c:31:3f:d4:3a:3f:b9:
                    ac:82:88:fe:c7:6c:f2:90:6a:9c:a4:e6:29:88:32:
                    82:23:52:94:5e:20:ed:1c:b7:c6:4b:02:45:5a:86:
                    ba:1a:dd:61:87:cb:62:21:e8:75:4c:69:44:1b:0d:
                    b5:a4:52:b3:4f:29:f0:c8:3a:42:02:32:ef:1d:20:
                    f3:57:cd:94:8f:2c:a1:f1:37:10:42:f0:5f:b9:0c:
                    e4:a0:e0:73:be:bc:3d:59:75:1d:9f:b7:12:bb:58:
                    04:a8:7e:64:e0:45:14:74:61:d2:25:e0:bd:cd:01:
                    3f:dd:59:0e:07:21:3d:bf:6e:95:ed:b0:39:6d:63:
                    9b:dd:89:bc:a0:b5:a8:92:28:16:16:ff:2e:ab:1b:
                    92:73:b6:a2:df:b7:ca:eb:1a:37:c0:17:35:e8:ff:
                    d8:81:ac:25:a3:7e:dd:24:6f:30:6f:a0:dd:6b:0a:
                    02:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:30:35:08:4E:B1:31:5B:A0:68:9B:47:97:FD:CA:EB:07:3F:22:BC
            X509v3 Authority Key Identifier:
                keyid:FC:9B:D4:63:D0:2E:9F:D2:DF:C3:C3:9A:E4:CD:5A:B3:22:65:8C:2A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/_JvUY9Aun9Lfw8Oa5M1asyJljCo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_JvUY9Aun9Lfw8Oa5M1asyJljCo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AB6EB/01391B008E2B11EABF86DA4CC4F9AE02/340360F4D32611EB90F4EB1FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.255.0.0/18
                  42.201.129.0/24
                  42.201.139.0/24
                  42.201.141.0/24
                  42.201.152.0/24
                  42.201.155.0-42.201.156.255
                  42.201.168.0/24
                  42.201.184.0/24
                  42.201.187.0/24
                  42.201.190.0/24
                  42.201.195.0/24
                  42.201.204.0/24
                  42.201.207.0/24
                  42.201.222.0/23
                  42.201.226.0/23
                  42.201.233.0/24
                  42.201.235.0/24
                  42.201.244.0/22
                  103.17.202.0/24
                  180.92.128.0/19
                  192.135.90.0/23
                  192.144.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:8b:42:9d:33:8a:0c:1a:f1:fc:70:78:ae:29:b6:39:9d:ea:
         ad:57:ea:94:03:22:12:c1:6d:fc:50:bc:fc:6c:a9:db:b4:76:
         55:16:23:90:f9:0a:b8:14:1e:73:2f:b0:b8:4e:fa:1b:8f:cd:
         66:e4:43:b4:df:7d:57:0d:c3:b6:4c:2d:fa:20:2c:ef:19:5f:
         ed:b1:97:f9:da:06:88:91:85:df:d2:f8:7c:0b:ce:ef:57:32:
         70:1a:d5:56:06:fa:81:58:a8:f6:d7:f8:2a:6f:da:89:b9:3b:
         2e:a5:4c:5d:04:80:85:53:08:96:bc:fb:a6:d2:40:03:c6:6c:
         2b:37:2c:69:73:67:48:14:88:3b:c6:7b:38:38:be:23:ee:d4:
         b5:db:ee:fb:bd:31:51:1a:ef:b9:ea:30:44:a7:6c:7b:1c:7c:
         5d:59:85:d6:7f:a8:4f:3e:4c:1e:93:08:12:e8:91:0a:6f:96:
         ea:30:83:af:b8:50:fe:26:79:35:ce:07:de:c5:17:70:de:8e:
         34:5c:57:0e:c5:d6:a9:a4:0b:a8:ae:32:68:3c:2a:f6:22:0b:
         9e:69:f6:6e:b1:03:b2:2c:c7:84:78:ef:cc:e2:ae:36:83:4d:
         f7:b6:9f:d8:05:35:02:77:ff:48:98:60:ba:43:8c:18:1a:70:
         cb:d7:8f:e0
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgICCU0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUI2RUIxMTAvBgNVBAUTKEZDOUJENDYzRDAyRTlGRDJERkMzQzM5QUU0Q0Q1QUIz
MjI2NThDMkEwHhcNMjMwODI5MjM0NTEzWhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGVlODMwOS1lNmIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtNuZdy1/JyY8ePOcnoBcQaBE4c6XstdCdA749v5qS3hz8NdA4Y3OikB8uLUn
dVROUqWifc1Xlnzr7QsBF+gO5i95JzVdcwG57MQXX0lJTqfvwQwxP9Q6P7msgoj+
x2zykGqcpOYpiDKCI1KUXiDtHLfGSwJFWoa6Gt1hh8tiIeh1TGlEGw21pFKzTynw
yDpCAjLvHSDzV82Ujyyh8TcQQvBfuQzkoOBzvrw9WXUdn7cSu1gEqH5k4EUUdGHS
JeC9zQE/3VkOByE9v26V7bA5bWOb3Ym8oLWokigWFv8uqxuSc7ai37fK6xo3wBc1
6P/Ygawlo37dJG8wb6DdawoCzQIDAQABo4IDIDCCAxwwHQYDVR0OBBYEFKYwNQhO
sTFboGibR5f9yusHPyK8MB8GA1UdIwQYMBaAFPyb1GPQLp/S38PDmuTNWrMiZYwq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQjZFQi8wMTM5MUIwMDhF
MkIxMUVBQkY4NkRBNENDNEY5QUUwMi9fSnZVWTlBdW45TGZ3OE9hNU0xYXN5Smxq
Q28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19KdlVZOUF1bjlMZnc4T2E1TTFhc3lKbGpDby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUI2RUIvMDEzOTFCMDA4RTJCMTFFQUJGODZEQTRDQzRGOUFFMDIvMzQwMzYwRjRE
MzI2MTFFQjkwRjRFQjFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgakGCCsGAQUFBwEHAQH/
BIGZMIGWMIGTBAIAATCBjAMEBhv/AAMEACrJgQMEACrJiwMEACrJjQMEACrJmDAM
AwQAKsmbAwQAKsmcAwQAKsmoAwQAKsm4AwQAKsm7AwQAKsm+AwQAKsnDAwQAKsnM
AwQAKsnPAwQBKsneAwQBKsniAwQAKsnpAwQAKsnrAwQCKsn0AwQAZxHKAwQFtFyA
AwQBwIdaAwQBwJBOMA0GCSqGSIb3DQEBCwUAA4IBAQBai0KdM4oMGvH8cHiuKbY5
neqtV+qUAyISwW38ULz8bKnbtHZVFiOQ+Qq4FB5zL7C4Tvobj81m5EO0331XDcO2
TC36ICzvGV/tsZf52gaIkYXf0vh8C87vVzJwGtVWBvqBWKj21/gqb9qJuTsupUxd
BICFUwiWvPum0kADxmwrNyxpc2dIFIg7xns4OL4j7tS12+77vTFRGu+56jBEp2x7
HHxdWYXWf6hPPkwekwgS6JEKb5bqMIOvuFD+Jnk1zgfexRdw3o40XFcOxdappAuo
rjJoPCr2IgueafZusQOyLMeEeO/M4q42g033tp/YBTUCd/9ImGC6Q4wYGnDL14/g
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:37 2024 by rpki-client on console-fra.rpki-client.org