Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/CA3C5EA453E611EC949BFB3DC4F9AE02.roa
File:                     CA3C5EA453E611EC949BFB3DC4F9AE02.roa (raw, json)
Hash identifier:          HJDHtCf5c6yYVV2Cuvb5jM3FUBFXEwkVFs1jkxZBuAo=
Subject key identifier:   BB:D5:9A:3C:4E:F4:F4:CB:B4:06:8E:D4:51:AC:8A:9D:0F:58:A9:6D
Certificate issuer:       /CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
Certificate serial:       25DF
Authority key identifier: A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/CA3C5EA453E611EC949BFB3DC4F9AE02.roa
Signing time:             Fri 03 Dec 2021 03:12:04 +0000
ROA not before:           Fri 03 Dec 2021 03:12:04 +0000
ROA not after:            Sun 01 May 2022 00:00:00 +0000
asID:                     133405
IP address blocks:        43.243.120.0/24 maxlen: 24
                          43.243.121.0/24 maxlen: 24
                          43.243.176.0/24 maxlen: 24
                          43.243.177.0/24 maxlen: 24
                          43.243.178.0/24 maxlen: 24
                          43.243.179.0/24 maxlen: 24
                          2401:a280::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9695 (0x25df)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
        Validity
            Not Before: Dec  3 03:12:04 2021 GMT
            Not After : May  1 00:00:00 2022 GMT
        Subject: CN=61a98b04-04f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:4d:ee:a4:b8:fd:07:3a:b6:0b:73:d2:f7:5c:
                    18:51:61:13:39:ed:84:a3:19:76:4d:33:ea:76:28:
                    3e:83:b6:5f:9c:25:33:c6:77:ac:71:bc:9a:26:cf:
                    1b:1b:d4:a4:c7:df:e8:2b:b9:68:db:84:bd:1f:91:
                    a3:58:75:1d:09:8f:f3:42:32:e3:7e:bb:af:f4:8c:
                    4c:9d:12:dd:36:c0:e1:3a:d4:b1:db:59:ad:3c:6a:
                    75:d7:b0:97:a4:26:41:54:06:36:ad:68:f2:70:41:
                    2a:72:39:3b:6e:1e:ae:8d:4d:99:06:8f:09:b6:5b:
                    d8:ec:ff:01:64:73:f2:70:7f:33:de:4d:3f:f5:a6:
                    df:0d:38:78:70:7f:0d:86:94:b2:5b:9a:9e:0f:d6:
                    0c:45:c9:46:1a:30:d7:b3:61:07:f7:fb:bd:f0:48:
                    2d:0a:d0:87:43:03:c3:41:25:f5:75:2c:9f:d5:3c:
                    ef:9d:44:83:85:3b:2d:ed:bb:fe:8f:bd:c6:48:90:
                    72:d4:c1:56:ed:07:24:a1:4e:22:4d:19:7b:17:5d:
                    1d:d8:41:89:b9:38:06:80:4d:e4:39:a0:1c:bb:5a:
                    ed:7c:c9:4b:68:69:6c:b1:d4:85:a7:4c:44:d0:8e:
                    2b:b9:32:f1:07:d2:57:fe:57:12:ab:53:4b:80:f1:
                    37:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:D5:9A:3C:4E:F4:F4:CB:B4:06:8E:D4:51:AC:8A:9D:0F:58:A9:6D
            X509v3 Authority Key Identifier:
                keyid:A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/oDlpuv_Weqt11JODf6HHxp_7Jxc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/CA3C5EA453E611EC949BFB3DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.243.120.0/23
                  43.243.176.0/22
                IPv6:
                  2401:a280::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:07:9b:f3:b7:6f:d4:fe:b5:31:ad:b6:cc:37:a5:c0:9c:bf:
         5e:85:03:e7:a6:f3:1f:d9:41:b9:58:2c:e5:da:83:77:18:7b:
         b6:2f:e9:5d:77:f1:94:87:01:d4:64:77:ef:73:a8:74:73:bf:
         ed:5e:1c:89:40:7f:89:64:63:e6:08:cc:c4:64:13:1b:be:3d:
         fd:54:e4:c7:ba:96:6d:9a:15:03:ce:94:2f:1f:10:c7:7f:13:
         e5:bf:ea:d4:25:7e:38:d0:f7:63:a4:08:38:d0:a5:fe:9f:7a:
         56:b3:84:31:2b:bc:3b:f6:47:c4:35:57:dc:af:71:e4:68:df:
         33:72:52:fd:f8:2d:ec:6d:91:6b:7f:26:3a:d2:2b:44:5a:61:
         14:af:75:a8:74:49:80:da:15:d2:5c:ef:1d:b3:ec:b5:60:e2:
         e8:d8:8b:cc:40:8c:db:d7:8f:c2:5f:e9:ef:10:7b:12:a0:1f:
         d4:89:9f:15:e5:76:19:59:2c:48:9f:96:7c:cc:f0:c2:56:2c:
         53:ac:f8:1a:da:87:7e:df:97:67:b6:07:bd:16:6b:0b:0d:1e:
         eb:50:78:45:4e:2f:1f:08:03:99:43:63:af:d3:1f:66:3a:73:
         52:e7:b4:db:e6:b5:37:2d:01:71:19:53:3b:46:cd:d9:1e:76:
         8b:3b:84:2f
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICJd8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0E0OTYxMTAvBgNVBAUTKEEwMzk2OUJBRkZENjdBQUI3NUQ0OTM4MzdGQTFDN0M2
OUZGQjI3MTcwHhcNMjExMjAzMDMxMjA0WhcNMjIwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWE5OGIwNC0wNGYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyU3upLj9Bzq2C3PS91wYUWETOe2Eoxl2TTPqdig+g7ZfnCUzxnescbyaJs8b
G9Skx9/oK7lo24S9H5GjWHUdCY/zQjLjfruv9IxMnRLdNsDhOtSx21mtPGp117CX
pCZBVAY2rWjycEEqcjk7bh6ujU2ZBo8JtlvY7P8BZHPycH8z3k0/9abfDTh4cH8N
hpSyW5qeD9YMRclGGjDXs2EH9/u98EgtCtCHQwPDQSX1dSyf1TzvnUSDhTst7bv+
j73GSJBy1MFW7QckoU4iTRl7F10d2EGJuTgGgE3kOaAcu1rtfMlLaGlssdSFp0xE
0I4ruTLxB9JX/lcSq1NLgPE3nQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFLvVmjxO
9PTLtAaO1FGsip0PWKltMB8GA1UdIwQYMBaAFKA5abr/1nqrddSTg3+hx8af+ycX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQTQ5Ni9GQjEyQTI3ODND
MEYxMUU0Qjc4OEZGNEFDNEY5QUUwMi9vRGxwdXZfV2VxdDExSk9EZjZISHhwXzdK
eGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29EbHB1dl9XZXF0MTFKT0RmNkhIeHBfN0p4Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0E0OTYvRkIxMkEyNzgzQzBGMTFFNEI3ODhGRjRBQzRGOUFFMDIvQ0EzQzVFQTQ1
M0U2MTFFQzk0OUJGQjNEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAEr83gDBAIr87AwDQQCAAIwBwMFACQBooAwDQYJKoZIhvcN
AQELBQADggEBAK0Hm/O3b9T+tTGttsw3pcCcv16FA+em8x/ZQblYLOXag3cYe7Yv
6V138ZSHAdRkd+9zqHRzv+1eHIlAf4lkY+YIzMRkExu+Pf1U5Me6lm2aFQPOlC8f
EMd/E+W/6tQlfjjQ92OkCDjQpf6felazhDErvDv2R8Q1V9yvceRo3zNyUv34Lext
kWt/JjrSK0RaYRSvdah0SYDaFdJc7x2z7LVg4ujYi8xAjNvXj8Jf6e8QexKgH9SJ
nxXldhlZLEiflnzM8MJWLFOs+Brah37fl2e2B70WawsNHutQeEVOLx8IA5lDY6/T
H2Y6c1LntNvmtTctAXEZUztGzdkedos7hC8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:40 2024 by rpki-client on console-fra.rpki-client.org