Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/8964FF5AD5A311EC98764D51C4F9AE02.roa
File:                     8964FF5AD5A311EC98764D51C4F9AE02.roa (raw, json)
Hash identifier:          6N6UweQ8QjsuY0gerRB2r7DyBlqly6a5htSy5odQ+hI=
Subject key identifier:   24:94:4E:8D:37:6C:EE:0B:FE:47:FC:0A:0D:D6:41:33:0E:AE:AD:09
Certificate issuer:       /CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
Certificate serial:       2749
Authority key identifier: A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/8964FF5AD5A311EC98764D51C4F9AE02.roa
Signing time:             Tue 17 May 2022 05:38:11 +0000
ROA not before:           Tue 17 May 2022 05:38:11 +0000
ROA not after:            Mon 01 May 2023 00:00:00 +0000
asID:                     40065
IP address blocks:        43.243.120.0/24 maxlen: 24
                          43.243.121.0/24 maxlen: 24
                          43.243.122.0/24 maxlen: 24
                          43.243.177.0/24 maxlen: 24
                          43.243.178.0/24 maxlen: 24
                          43.243.179.0/24 maxlen: 24
                          183.90.184.0/24 maxlen: 24
                          183.90.185.0/24 maxlen: 24
                          183.90.186.0/24 maxlen: 24
                          183.90.188.0/24 maxlen: 24
                          183.90.190.0/24 maxlen: 24
                          183.90.191.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10057 (0x2749)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
        Validity
            Not Before: May 17 05:38:11 2022 GMT
            Not After : May  1 00:00:00 2023 GMT
        Subject: CN=628334c3-1923
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ff:08:ca:76:08:af:dd:12:3e:4c:9f:9d:e3:
                    43:4d:8c:10:7f:44:b7:21:92:05:ca:88:c7:7b:d3:
                    1b:bc:86:e9:8e:b7:63:56:35:47:ba:b9:77:f4:57:
                    82:7e:0c:8d:d9:3a:85:8d:18:c0:2b:2e:94:c1:f8:
                    b9:19:38:48:98:5d:b0:0e:d4:9d:d7:31:16:b7:c5:
                    ad:a7:48:13:11:56:11:07:53:bc:d7:09:b8:7b:01:
                    0b:7e:8e:30:4c:ac:cc:8f:74:21:90:74:52:51:c0:
                    37:94:40:47:be:a9:8f:27:e3:6e:e7:3a:f4:d6:ab:
                    af:d5:dc:0e:f9:de:6b:05:73:be:5a:7f:03:bb:9f:
                    35:7f:e8:fa:f8:59:f1:70:a1:ac:63:78:dd:4d:d4:
                    34:dc:97:41:ea:b6:4d:f0:26:00:0a:10:b5:bc:4a:
                    98:df:3c:c7:73:24:82:7e:d0:62:e2:99:fc:84:01:
                    8a:46:54:f2:a2:0a:72:f4:7c:d0:71:cf:5f:b7:85:
                    a3:e8:04:54:4c:ce:d5:cd:18:1d:0d:e2:6b:07:b4:
                    3e:64:e0:e3:b4:f2:9a:ae:f3:13:19:4f:76:a0:4e:
                    96:23:8e:f8:6f:0f:0e:c3:92:7e:c0:af:0b:70:9a:
                    82:cf:c2:9d:e1:38:4a:b7:9d:07:94:eb:be:dc:f2:
                    45:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:94:4E:8D:37:6C:EE:0B:FE:47:FC:0A:0D:D6:41:33:0E:AE:AD:09
            X509v3 Authority Key Identifier:
                keyid:A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/oDlpuv_Weqt11JODf6HHxp_7Jxc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/8964FF5AD5A311EC98764D51C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.243.120.0-43.243.122.255
                  43.243.177.0-43.243.179.255
                  183.90.184.0-183.90.186.255
                  183.90.188.0/24
                  183.90.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:93:b0:34:ae:0a:71:af:7d:e9:55:0b:bf:cb:a1:c0:42:97:
         f7:ab:f1:e9:d6:53:f9:44:d2:2c:93:fa:49:fa:ae:5a:15:b9:
         2e:91:e7:94:7d:57:49:a0:c4:90:a6:db:ec:16:02:f4:8f:f3:
         a3:79:18:88:ea:83:3a:d8:9d:45:e4:1f:70:a7:46:c7:ab:c9:
         c7:05:a3:7d:e3:44:40:59:98:7d:0c:ff:a3:11:c6:7a:a6:14:
         69:c4:bd:bd:10:3f:0b:8d:68:62:7f:9a:7f:5f:d6:db:cb:7f:
         78:53:2d:87:7b:cf:9b:04:67:58:e3:26:64:9c:86:21:24:70:
         42:cf:5d:2d:dd:70:d9:2c:36:73:49:57:08:25:80:b0:8f:c0:
         ca:8e:29:ab:57:c3:d4:a5:a2:8a:3e:68:8c:29:64:77:0a:f5:
         f5:3f:b7:23:e9:65:30:40:e0:37:11:ab:93:15:59:81:69:b4:
         3e:d7:e3:fd:d5:36:a9:9f:5a:84:a9:9a:21:f4:ca:38:8a:65:
         d1:00:2c:44:62:0b:7f:78:c4:0f:1c:2e:d9:42:f6:d7:00:e5:
         c5:af:19:1f:18:e8:1b:7b:91:6a:28:9d:d5:d8:1a:ce:c9:95:
         5b:f7:9c:5e:c1:81:40:e1:c4:ad:63:1f:e2:1d:57:4b:68:83:
         d4:a7:52:6a
-----BEGIN CERTIFICATE-----
MIIFoTCCBImgAwIBAgICJ0kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0E0OTYxMTAvBgNVBAUTKEEwMzk2OUJBRkZENjdBQUI3NUQ0OTM4MzdGQTFDN0M2
OUZGQjI3MTcwHhcNMjIwNTE3MDUzODExWhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjgzMzRjMy0xOTIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsf8IynYIr90SPkyfneNDTYwQf0S3IZIFyojHe9MbvIbpjrdjVjVHurl39FeC
fgyN2TqFjRjAKy6Uwfi5GThImF2wDtSd1zEWt8Wtp0gTEVYRB1O81wm4ewELfo4w
TKzMj3QhkHRSUcA3lEBHvqmPJ+Nu5zr01quv1dwO+d5rBXO+Wn8Du581f+j6+Fnx
cKGsY3jdTdQ03JdB6rZN8CYAChC1vEqY3zzHcySCftBi4pn8hAGKRlTyogpy9HzQ
cc9ft4Wj6ARUTM7VzRgdDeJrB7Q+ZODjtPKarvMTGU92oE6WI474bw8Ow5J+wK8L
cJqCz8Kd4ThKt50HlOu+3PJFBQIDAQABo4ICxTCCAsEwHQYDVR0OBBYEFCSUTo03
bO4L/kf8Cg3WQTMOrq0JMB8GA1UdIwQYMBaAFKA5abr/1nqrddSTg3+hx8af+ycX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQTQ5Ni9GQjEyQTI3ODND
MEYxMUU0Qjc4OEZGNEFDNEY5QUUwMi9vRGxwdXZfV2VxdDExSk9EZjZISHhwXzdK
eGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29EbHB1dl9XZXF0MTFKT0RmNkhIeHBfN0p4Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0E0OTYvRkIxMkEyNzgzQzBGMTFFNEI3ODhGRjRBQzRGOUFFMDIvODk2NEZGNUFE
NUEzMTFFQzk4NzY0RDUxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTwYIKwYBBQUHAQcBAf8E
QDA+MDwEAgABMDYwDAMEAyvzeAMEACvzejAMAwQAK/OxAwQCK/OwMAwDBAO3WrgD
BAC3WroDBAC3WrwDBAG3Wr4wDQYJKoZIhvcNAQELBQADggEBAGOTsDSuCnGvfelV
C7/LocBCl/er8enWU/lE0iyT+kn6rloVuS6R55R9V0mgxJCm2+wWAvSP86N5GIjq
gzrYnUXkH3CnRseryccFo33jREBZmH0M/6MRxnqmFGnEvb0QPwuNaGJ/mn9f1tvL
f3hTLYd7z5sEZ1jjJmSchiEkcELPXS3dcNksNnNJVwglgLCPwMqOKatXw9Slooo+
aIwpZHcK9fU/tyPpZTBA4DcRq5MVWYFptD7X4/3VNqmfWoSpmiH0yjiKZdEALERi
C394xA8cLtlC9tcA5cWvGR8Y6Bt7kWoondXYGs7JlVv3nF7BgUDhxK1jH+IdV0to
g9SnUmo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:40 2024 by rpki-client on console-fra.rpki-client.org