Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/CB3BE9F053E611EC949BFB3DC4F9AE02.roa
File:                     CB3BE9F053E611EC949BFB3DC4F9AE02.roa (raw, json)
Hash identifier:          FZX1C7EJq0mBmDYPxTfOVwGSacv8OCo1Dv7y/zN9k3g=
Subject key identifier:   87:60:E0:CB:94:CE:B4:82:AF:74:F2:47:C5:C4:08:06:18:0A:57:6D
Certificate issuer:       /CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
Certificate serial:       269F
Authority key identifier: A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/CB3BE9F053E611EC949BFB3DC4F9AE02.roa
Signing time:             Tue 01 Mar 2022 16:22:09 +0000
ROA not before:           Tue 01 Mar 2022 16:22:09 +0000
ROA not after:            Mon 01 May 2023 00:00:00 +0000
asID:                     135386
IP address blocks:        43.243.123.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9887 (0x269f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
        Validity
            Not Before: Mar  1 16:22:09 2022 GMT
            Not After : May  1 00:00:00 2023 GMT
        Subject: CN=621e4831-6169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:79:fa:25:17:d1:c5:66:8e:a0:6a:d7:da:1b:
                    4c:81:d9:1c:5c:d1:ad:b9:b7:af:c1:0d:29:47:db:
                    64:fb:dc:98:aa:67:3f:72:7b:1d:09:3e:92:2f:23:
                    cb:8b:f0:12:96:71:11:a1:73:02:3e:18:89:89:68:
                    4f:18:30:c6:ec:75:d6:fe:07:6d:f9:6a:42:30:9d:
                    e7:40:09:83:e0:d5:4e:71:e8:0d:34:ba:77:ea:4e:
                    6f:c9:41:41:dd:73:9d:16:42:7d:d7:47:76:43:65:
                    7b:20:08:95:48:01:7e:6a:9e:44:b7:3c:34:ff:f7:
                    a3:69:ce:d6:6c:e0:ae:92:f5:a9:12:eb:0c:45:6e:
                    d6:02:02:cf:27:76:07:41:38:b0:88:27:45:05:a0:
                    63:07:10:d8:a7:3c:80:f5:90:0d:31:bc:c0:37:67:
                    53:a5:b3:4a:30:41:8d:63:d6:ef:cb:94:4a:30:cd:
                    35:23:af:ce:8c:8b:32:9a:e1:61:c1:0e:d4:7d:f4:
                    fe:7a:42:f0:ad:49:4c:2b:bf:b5:02:bc:ed:d6:3f:
                    da:f7:c5:91:25:e1:bb:20:87:6f:6b:60:71:2f:d8:
                    6d:70:bd:4f:2a:4b:e4:af:d9:8a:b2:a5:65:15:d8:
                    be:02:39:c8:a0:d0:58:83:44:07:a5:93:e1:7e:f2:
                    fc:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:60:E0:CB:94:CE:B4:82:AF:74:F2:47:C5:C4:08:06:18:0A:57:6D
            X509v3 Authority Key Identifier:
                keyid:A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/oDlpuv_Weqt11JODf6HHxp_7Jxc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/CB3BE9F053E611EC949BFB3DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.243.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:6d:e7:26:7c:76:61:45:50:ff:da:12:af:eb:f5:79:96:9c:
         c4:52:33:39:cf:08:0e:05:95:55:81:07:d4:ff:72:6f:d4:29:
         ef:dc:b7:e1:0c:b9:58:8b:2c:33:a8:ab:0f:a5:5c:35:83:07:
         dc:7a:ea:3e:2f:83:af:66:2b:a4:cc:5b:f4:93:91:3d:f2:db:
         5e:6e:b6:81:3f:b7:d9:06:26:1b:af:3f:73:fe:d5:61:4f:f4:
         a3:e7:cc:fb:c5:5a:70:54:bb:68:9f:d5:d4:6a:61:3b:49:ba:
         f3:30:eb:5d:06:97:6f:f7:d2:ba:69:b7:77:08:09:be:d7:fb:
         0a:bd:8a:2b:9a:0f:1a:9e:2b:4c:64:a9:be:03:dd:ae:a3:f5:
         f3:a3:15:77:8c:4c:c9:0c:cb:9a:a0:d8:dc:81:32:8e:48:2b:
         b9:81:9f:74:9e:9c:c6:62:98:20:4b:0d:66:44:ea:66:c3:93:
         81:06:54:06:dd:5a:d8:f8:0f:5f:d2:df:e4:6d:8e:8b:99:d3:
         85:2a:9c:85:93:14:d6:cc:5e:b0:b5:52:12:4b:9a:b4:bd:b6:
         89:57:29:e1:29:75:73:2b:37:7b:77:94:76:b8:c3:55:16:04:
         a9:a3:d5:69:2f:02:6a:87:3a:5c:40:19:07:5a:1e:5c:2d:85:
         42:9a:bd:c4
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICJp8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0E0OTYxMTAvBgNVBAUTKEEwMzk2OUJBRkZENjdBQUI3NUQ0OTM4MzdGQTFDN0M2
OUZGQjI3MTcwHhcNMjIwMzAxMTYyMjA5WhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjFlNDgzMS02MTY5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsnn6JRfRxWaOoGrX2htMgdkcXNGtubevwQ0pR9tk+9yYqmc/cnsdCT6SLyPL
i/ASlnERoXMCPhiJiWhPGDDG7HXW/gdt+WpCMJ3nQAmD4NVOcegNNLp36k5vyUFB
3XOdFkJ910d2Q2V7IAiVSAF+ap5Etzw0//ejac7WbOCukvWpEusMRW7WAgLPJ3YH
QTiwiCdFBaBjBxDYpzyA9ZANMbzAN2dTpbNKMEGNY9bvy5RKMM01I6/OjIsymuFh
wQ7UffT+ekLwrUlMK7+1Arzt1j/a98WRJeG7IIdva2BxL9htcL1PKkvkr9mKsqVl
Fdi+AjnIoNBYg0QHpZPhfvL8EQIDAQABo4IClTCCApEwHQYDVR0OBBYEFIdg4MuU
zrSCr3TyR8XECAYYCldtMB8GA1UdIwQYMBaAFKA5abr/1nqrddSTg3+hx8af+ycX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQTQ5Ni9GQjEyQTI3ODND
MEYxMUU0Qjc4OEZGNEFDNEY5QUUwMi9vRGxwdXZfV2VxdDExSk9EZjZISHhwXzdK
eGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29EbHB1dl9XZXF0MTFKT0RmNkhIeHBfN0p4Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0E0OTYvRkIxMkEyNzgzQzBGMTFFNEI3ODhGRjRBQzRGOUFFMDIvQ0IzQkU5RjA1
M0U2MTFFQzk0OUJGQjNEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAAr83swDQYJKoZIhvcNAQELBQADggEBAHdt5yZ8dmFFUP/a
Eq/r9XmWnMRSMznPCA4FlVWBB9T/cm/UKe/ct+EMuViLLDOoqw+lXDWDB9x66j4v
g69mK6TMW/STkT3y215utoE/t9kGJhuvP3P+1WFP9KPnzPvFWnBUu2if1dRqYTtJ
uvMw610Gl2/30rppt3cICb7X+wq9iiuaDxqeK0xkqb4D3a6j9fOjFXeMTMkMy5qg
2NyBMo5IK7mBn3SenMZimCBLDWZE6mbDk4EGVAbdWtj4D1/S3+RtjouZ04UqnIWT
FNbMXrC1UhJLmrS9tolXKeEpdXMrN3t3lHa4w1UWBKmj1WkvAmqHOlxAGQdaHlwt
hUKavcQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:26 2024 by rpki-client on console-ams.rpki-client.org