Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B46B5/D8A525EA18D511EB81B6E441C4F9AE02/1E036484D79D11ED83758740C4F9AE02.roa
File:                     1E036484D79D11ED83758740C4F9AE02.roa (raw, json)
Hash identifier:          Fx+QrCrDT9hKwcDWNtTXpK+w/St7xd70PHBRjUd9Q6M=
Subject key identifier:   AD:29:BD:BF:0B:99:24:42:BC:B0:4A:D3:A4:71:FB:BB:B3:AE:4C:61
Certificate issuer:       /CN=A91B46B5/serialNumber=1F0F9996977A7AEF84B54F3DAD3B96461EE49CDE
Certificate serial:       05F4
Authority key identifier: 1F:0F:99:96:97:7A:7A:EF:84:B5:4F:3D:AD:3B:96:46:1E:E4:9C:DE
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Hw-Zlpd6eu-EtU89rTuWRh7knN4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B46B5/D8A525EA18D511EB81B6E441C4F9AE02/1E036484D79D11ED83758740C4F9AE02.roa
Signing time:             Mon 10 Apr 2023 12:42:13 +0000
ROA not before:           Mon 10 Apr 2023 12:42:13 +0000
ROA not after:            Sun 30 Jul 2023 00:00:00 +0000
asID:                     9310
IP address blocks:        45.248.196.0/22 maxlen: 24
                          103.217.164.0/22 maxlen: 22
                          103.217.164.0/24 maxlen: 24
                          103.217.165.0/24 maxlen: 24
                          103.217.166.0/23 maxlen: 24
                          202.169.96.0/24 maxlen: 24
                          202.169.100.0/24 maxlen: 24
                          202.169.101.0/24 maxlen: 24
                          202.169.102.0/24 maxlen: 24
                          202.169.103.0/24 maxlen: 24
                          202.169.104.0/24 maxlen: 24
                          202.169.105.0/24 maxlen: 24
                          202.169.106.0/24 maxlen: 24
                          202.169.107.0/24 maxlen: 24
                          202.169.108.0/24 maxlen: 24
                          202.169.109.0/24 maxlen: 24
                          202.169.110.0/24 maxlen: 24
                          202.169.111.0/24 maxlen: 24
                          202.169.112.0/24 maxlen: 24
                          202.169.113.0/24 maxlen: 24
                          202.169.114.0/24 maxlen: 24
                          202.169.115.0/24 maxlen: 24
                          202.169.116.0/24 maxlen: 24
                          202.169.117.0/24 maxlen: 24
                          202.169.118.0/24 maxlen: 24
                          202.169.119.0/24 maxlen: 24
                          202.169.120.0/24 maxlen: 24
                          202.169.121.0/24 maxlen: 24
                          202.169.122.0/24 maxlen: 24
                          202.169.123.0/24 maxlen: 24
                          202.169.124.0/24 maxlen: 24
                          202.169.125.0/24 maxlen: 24
                          202.169.126.0/24 maxlen: 24
                          202.169.127.0/24 maxlen: 24
                          2405:180::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1524 (0x5f4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B46B5/serialNumber=1F0F9996977A7AEF84B54F3DAD3B96461EE49CDE
        Validity
            Not Before: Apr 10 12:42:13 2023 GMT
            Not After : Jul 30 00:00:00 2023 GMT
        Subject: CN=64340425-a75e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:28:12:3c:24:0a:62:05:f6:be:6f:c7:6a:22:
                    f2:32:2b:7a:dc:27:a5:c4:ef:3a:5f:67:10:b7:b4:
                    0a:f0:66:77:db:f1:c7:ab:ea:2f:40:21:85:d0:1c:
                    8d:cf:1e:a4:e8:91:65:29:92:25:8a:30:37:fc:d9:
                    e6:27:52:c7:56:66:69:47:83:f0:31:21:32:74:2b:
                    78:ed:d2:25:99:04:63:2c:9f:7d:04:6c:2f:c6:58:
                    c5:70:66:3a:07:84:11:53:3f:98:58:cd:2f:11:58:
                    76:29:46:79:5a:3a:bf:f0:e3:7d:fb:fa:f3:9f:cf:
                    6a:6a:aa:8d:e5:98:fc:d7:9f:90:fd:76:2f:4e:16:
                    cc:fd:a3:3c:47:a4:6e:c2:9a:e9:e3:bf:0f:96:b5:
                    ed:db:41:5d:b3:6d:c5:76:79:77:c3:b6:43:ad:e3:
                    7c:2a:d8:84:c0:d1:94:7c:03:d5:ef:82:d4:79:fe:
                    84:7c:d6:3b:3c:bc:50:9c:ad:2e:c5:80:42:52:5c:
                    4a:63:93:80:68:dd:ec:8e:08:11:ae:63:2c:ea:af:
                    ad:e9:be:10:4b:ee:d7:ee:4e:33:e4:8e:59:9e:45:
                    2d:fe:7f:8f:47:ae:49:e4:9b:bb:c3:ba:09:98:09:
                    31:f5:b7:8b:c8:95:95:a3:07:16:e1:99:89:d6:5d:
                    e0:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:29:BD:BF:0B:99:24:42:BC:B0:4A:D3:A4:71:FB:BB:B3:AE:4C:61
            X509v3 Authority Key Identifier:
                keyid:1F:0F:99:96:97:7A:7A:EF:84:B5:4F:3D:AD:3B:96:46:1E:E4:9C:DE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B46B5/D8A525EA18D511EB81B6E441C4F9AE02/Hw-Zlpd6eu-EtU89rTuWRh7knN4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Hw-Zlpd6eu-EtU89rTuWRh7knN4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B46B5/D8A525EA18D511EB81B6E441C4F9AE02/1E036484D79D11ED83758740C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.248.196.0/22
                  103.217.164.0/22
                  202.169.96.0/24
                  202.169.100.0-202.169.127.255
                IPv6:
                  2405:180::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:7c:35:3f:3c:ca:88:87:cb:3e:70:32:d5:3e:48:91:88:30:
         a3:eb:04:0e:e1:01:60:16:62:ce:c3:17:e4:16:f2:a6:44:b6:
         31:e9:20:27:26:a1:bd:f4:e2:0d:56:b2:f6:e9:cd:42:08:f7:
         3d:91:d5:09:f8:a8:af:d9:84:9a:27:23:16:46:40:fc:50:ef:
         27:8d:6a:09:00:e5:bb:ce:a5:7f:19:47:d3:f9:2d:53:58:1a:
         e8:c3:a2:82:14:db:69:b0:2e:e3:e5:89:83:1c:0a:fb:94:2e:
         5c:e4:5c:2c:8b:35:59:58:01:15:3b:92:fd:55:44:05:29:78:
         83:7c:68:17:07:6f:c5:c2:2f:c6:ec:c6:05:64:3f:76:28:6d:
         89:27:ef:db:b5:ec:dc:c4:0e:c0:3c:e9:f3:b2:3c:aa:7e:a3:
         ae:61:84:f0:a4:31:d1:82:1c:0a:a7:c8:9a:f1:f7:71:7c:7f:
         7d:69:75:75:33:d0:79:9e:0f:d1:55:4c:f1:a6:03:61:b3:06:
         ad:99:0b:53:df:ef:72:60:bf:a8:87:8f:3f:ae:56:35:5d:47:
         3a:b7:05:8c:f6:b4:84:03:41:78:8f:a9:76:00:6c:6b:82:aa:
         f0:43:e2:79:4c:06:b3:57:dd:98:f3:7d:d7:2f:6a:47:2c:df:
         d2:60:56:a3
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgICBfQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjQ2QjUxMTAvBgNVBAUTKDFGMEY5OTk2OTc3QTdBRUY4NEI1NEYzREFEM0I5NjQ2
MUVFNDlDREUwHhcNMjMwNDEwMTI0MjEzWhcNMjMwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDM0MDQyNS1hNzVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3SgSPCQKYgX2vm/HaiLyMit63CelxO86X2cQt7QK8GZ32/HHq+ovQCGF0ByN
zx6k6JFlKZIlijA3/NnmJ1LHVmZpR4PwMSEydCt47dIlmQRjLJ99BGwvxljFcGY6
B4QRUz+YWM0vEVh2KUZ5Wjq/8ON9+/rzn89qaqqN5Zj815+Q/XYvThbM/aM8R6Ru
wprp478PlrXt20Fds23Fdnl3w7ZDreN8KtiEwNGUfAPV74LUef6EfNY7PLxQnK0u
xYBCUlxKY5OAaN3sjggRrmMs6q+t6b4QS+7X7k4z5I5ZnkUt/n+PR65J5Ju7w7oJ
mAkx9beLyJWVowcW4ZmJ1l3ghwIDAQABo4ICvjCCArowHQYDVR0OBBYEFK0pvb8L
mSRCvLBK06Rx+7uzrkxhMB8GA1UdIwQYMBaAFB8PmZaXenrvhLVPPa07lkYe5Jze
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNDZCNS9EOEE1MjVFQTE4
RDUxMUVCODFCNkU0NDFDNEY5QUUwMi9Idy1abHBkNmV1LUV0VTg5clR1V1JoN2tu
TjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0h3LVpscGQ2ZXUtRXRVODlyVHVXUmg3a25ONC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjQ2QjUvRDhBNTI1RUExOEQ1MTFFQjgxQjZFNDQxQzRGOUFFMDIvMUUwMzY0ODRE
NzlEMTFFRDgzNzU4NzQwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSAYIKwYBBQUHAQcBAf8E
OTA3MCYEAgABMCADBAIt+MQDBAJn2aQDBADKqWAwDAMEAsqpZAMEB8qpADANBAIA
AjAHAwUAJAUBgDANBgkqhkiG9w0BAQsFAAOCAQEAZnw1PzzKiIfLPnAy1T5IkYgw
o+sEDuEBYBZizsMX5BbypkS2MekgJyahvfTiDVay9unNQgj3PZHVCfior9mEmicj
FkZA/FDvJ41qCQDlu86lfxlH0/ktU1ga6MOighTbabAu4+WJgxwK+5QuXORcLIs1
WVgBFTuS/VVEBSl4g3xoFwdvxcIvxuzGBWQ/dihtiSfv27Xs3MQOwDzp87I8qn6j
rmGE8KQx0YIcCqfImvH3cXx/fWl1dTPQeZ4P0VVM8aYDYbMGrZkLU9/vcmC/qIeP
P65WNV1HOrcFjPa0hANBeI+pdgBsa4Kq8EPieUwGs1fdmPN91y9qRyzf0mBWow==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:38 2024 by rpki-client on console-fra.rpki-client.org