Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/EF523EF801AA11EDB7DF7B4BC4F9AE02.roa
File:                     EF523EF801AA11EDB7DF7B4BC4F9AE02.roa (raw, json)
Hash identifier:          aaGzyK0rM6yWvgtFRBeWG8LMIuDiH4GVKKr6miZggZs=
Subject key identifier:   C1:EA:9C:B1:BC:4F:18:47:9A:1F:B5:1F:40:B3:A8:E9:A3:62:43:D6
Certificate issuer:       /CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
Certificate serial:       286C
Authority key identifier: A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/EF523EF801AA11EDB7DF7B4BC4F9AE02.roa
Signing time:             Mon 17 Oct 2022 07:02:13 +0000
ROA not before:           Mon 17 Oct 2022 07:02:13 +0000
ROA not after:            Mon 01 May 2023 00:00:00 +0000
asID:                     40065
IP address blocks:        43.243.120.0/24 maxlen: 24
                          43.243.177.0/24 maxlen: 24
                          43.243.178.0/24 maxlen: 24
                          43.243.179.0/24 maxlen: 24
                          183.90.184.0/24 maxlen: 24
                          183.90.185.0/24 maxlen: 24
                          183.90.186.0/24 maxlen: 24
                          183.90.188.0/24 maxlen: 24
                          183.90.190.0/24 maxlen: 24
                          183.90.191.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10348 (0x286c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CA496/serialNumber=A03969BAFFD67AAB75D493837FA1C7C69FFB2717
        Validity
            Not Before: Oct 17 07:02:13 2022 GMT
            Not After : May  1 00:00:00 2023 GMT
        Subject: CN=634cfdf4-b595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:9f:04:77:8a:a2:96:27:ff:0a:8c:55:f6:e1:
                    5b:57:33:88:8a:f3:01:e2:0d:d0:96:85:e6:bd:01:
                    61:c0:6a:44:e3:84:63:db:06:60:37:22:6f:87:36:
                    45:d8:67:2b:a4:bd:16:33:83:91:c6:97:ce:44:0e:
                    8f:4d:0f:c4:c6:20:1b:90:a6:2d:1d:37:5d:f7:52:
                    36:a6:3f:14:9a:92:bc:8f:82:67:17:24:66:53:0c:
                    6e:42:71:ec:7b:aa:15:94:a4:13:86:01:f4:b8:cb:
                    3d:5c:84:47:aa:d3:d5:c2:96:b8:95:42:0b:37:b7:
                    9f:20:21:4c:46:f6:90:be:21:6b:aa:ca:8f:f2:65:
                    86:cb:4e:47:88:01:e2:2b:08:19:c9:1f:c1:a9:42:
                    92:f8:3f:75:53:4b:6e:34:b1:29:05:33:4e:60:6c:
                    13:d7:08:f5:c8:1b:fa:6a:ae:39:80:c1:71:19:d6:
                    c9:8c:ed:c4:a5:40:ec:0c:bd:a0:55:23:21:14:a6:
                    fc:0a:76:6e:29:87:21:af:7a:b9:18:fe:70:7a:15:
                    bf:c1:1b:41:18:6e:98:78:fe:89:37:a6:f1:96:dd:
                    0b:87:f2:97:20:85:d5:bb:ab:bc:4b:1f:b9:31:24:
                    79:63:a0:55:2e:02:63:98:53:a2:91:17:97:40:2b:
                    fb:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:EA:9C:B1:BC:4F:18:47:9A:1F:B5:1F:40:B3:A8:E9:A3:62:43:D6
            X509v3 Authority Key Identifier:
                keyid:A0:39:69:BA:FF:D6:7A:AB:75:D4:93:83:7F:A1:C7:C6:9F:FB:27:17

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/oDlpuv_Weqt11JODf6HHxp_7Jxc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oDlpuv_Weqt11JODf6HHxp_7Jxc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CA496/FB12A2783C0F11E4B788FF4AC4F9AE02/EF523EF801AA11EDB7DF7B4BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.243.120.0/24
                  43.243.177.0-43.243.179.255
                  183.90.184.0-183.90.186.255
                  183.90.188.0/24
                  183.90.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:50:eb:fc:9f:34:6b:c8:2e:c1:dd:0a:ac:ce:2b:36:d8:bf:
         b3:71:5a:02:c4:c7:6f:4b:7e:20:4a:94:2f:12:ec:04:97:fd:
         be:6c:a3:da:2c:21:d2:e2:4d:b0:70:a2:3a:c2:43:a2:90:21:
         24:82:7f:e7:f9:e3:ea:e6:05:94:95:73:9b:de:e9:10:92:3a:
         3b:84:9f:1b:bb:5a:4e:62:f5:f0:57:54:02:9e:d0:fa:b7:f4:
         61:ea:dc:30:57:cf:0d:04:80:8e:ac:c8:2c:65:af:3d:c2:8d:
         d8:85:59:94:c7:f5:2a:07:82:a7:14:80:16:06:78:4e:4d:54:
         9b:73:cb:8d:14:04:38:47:33:ac:aa:4a:50:29:6a:24:c6:bc:
         66:6f:0d:5f:b1:85:f5:70:99:ee:91:a0:db:8e:6d:0f:76:93:
         1b:d3:35:9d:b2:b2:fa:7f:30:09:b6:64:f2:69:a8:22:21:f6:
         0f:91:ba:94:2c:94:5d:ef:6d:ea:05:73:07:1e:e9:a3:fe:f7:
         bc:22:b9:fd:69:9c:2a:cc:8c:75:fc:ae:79:fd:d5:1a:96:f3:
         59:e2:a1:96:54:4c:cc:20:64:70:0c:1b:c7:6b:65:ac:92:7a:
         53:78:1d:63:3e:e8:4a:67:9c:3b:b2:48:3e:f5:16:a1:b9:97:
         17:7c:c3:8b
-----BEGIN CERTIFICATE-----
MIIFmTCCBIGgAwIBAgICKGwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0E0OTYxMTAvBgNVBAUTKEEwMzk2OUJBRkZENjdBQUI3NUQ0OTM4MzdGQTFDN0M2
OUZGQjI3MTcwHhcNMjIxMDE3MDcwMjEzWhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzRjZmRmNC1iNTk1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA258Ed4qilif/CoxV9uFbVzOIivMB4g3QloXmvQFhwGpE44Rj2wZgNyJvhzZF
2GcrpL0WM4ORxpfORA6PTQ/ExiAbkKYtHTdd91I2pj8UmpK8j4JnFyRmUwxuQnHs
e6oVlKQThgH0uMs9XIRHqtPVwpa4lUILN7efICFMRvaQviFrqsqP8mWGy05HiAHi
KwgZyR/BqUKS+D91U0tuNLEpBTNOYGwT1wj1yBv6aq45gMFxGdbJjO3EpUDsDL2g
VSMhFKb8CnZuKYchr3q5GP5wehW/wRtBGG6YeP6JN6bxlt0Lh/KXIIXVu6u8Sx+5
MSR5Y6BVLgJjmFOikReXQCv7PwIDAQABo4ICvTCCArkwHQYDVR0OBBYEFMHqnLG8
TxhHmh+1H0CzqOmjYkPWMB8GA1UdIwQYMBaAFKA5abr/1nqrddSTg3+hx8af+ycX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQTQ5Ni9GQjEyQTI3ODND
MEYxMUU0Qjc4OEZGNEFDNEY5QUUwMi9vRGxwdXZfV2VxdDExSk9EZjZISHhwXzdK
eGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29EbHB1dl9XZXF0MTFKT0RmNkhIeHBfN0p4Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0E0OTYvRkIxMkEyNzgzQzBGMTFFNEI3ODhGRjRBQzRGOUFFMDIvRUY1MjNFRjgw
MUFBMTFFREI3REY3QjRCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRwYIKwYBBQUHAQcBAf8E
ODA2MDQEAgABMC4DBAAr83gwDAMEACvzsQMEAivzsDAMAwQDt1q4AwQAt1q6AwQA
t1q8AwQBt1q+MA0GCSqGSIb3DQEBCwUAA4IBAQBWUOv8nzRryC7B3Qqszis22L+z
cVoCxMdvS34gSpQvEuwEl/2+bKPaLCHS4k2wcKI6wkOikCEkgn/n+ePq5gWUlXOb
3ukQkjo7hJ8bu1pOYvXwV1QCntD6t/Rh6twwV88NBICOrMgsZa89wo3YhVmUx/Uq
B4KnFIAWBnhOTVSbc8uNFAQ4RzOsqkpQKWokxrxmbw1fsYX1cJnukaDbjm0PdpMb
0zWdsrL6fzAJtmTyaagiIfYPkbqULJRd723qBXMHHumj/ve8Irn9aZwqzIx1/K55
/dUalvNZ4qGWVEzMIGRwDBvHa2WsknpTeB1jPuhKZ5w7skg+9RahuZcXfMOL
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:40 2024 by rpki-client on console-fra.rpki-client.org