Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D604E/91B5C0C0F4ED11E98CBFA013C4F9AE02/6BE9064C619F11ECA575C929C4F9AE02.roa
File:                     6BE9064C619F11ECA575C929C4F9AE02.roa (raw, json)
Hash identifier:          KNsXO00VoksJN0k115nCVfX3hkfrewHab6nB+7ESqzg=
Subject key identifier:   B4:37:22:A1:4F:55:EE:63:D6:84:2A:48:71:A0:28:2D:C2:E9:A7:78
Certificate issuer:       /CN=A91D604E/serialNumber=E4DCEC595A1BB673897223656AC639B95352DD73
Certificate serial:       09F1
Authority key identifier: E4:DC:EC:59:5A:1B:B6:73:89:72:23:65:6A:C6:39:B9:53:52:DD:73
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5NzsWVobtnOJciNlasY5uVNS3XM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D604E/91B5C0C0F4ED11E98CBFA013C4F9AE02/6BE9064C619F11ECA575C929C4F9AE02.roa
Signing time:             Fri 01 Jul 2022 07:45:38 +0000
ROA not before:           Fri 01 Jul 2022 07:45:38 +0000
ROA not after:            Thu 31 Aug 2023 00:00:00 +0000
asID:                     135517
IP address blocks:        45.252.52.0/22 maxlen: 24
                          103.221.52.0/24 maxlen: 24
                          103.221.53.0/24 maxlen: 24
                          103.221.54.0/24 maxlen: 24
                          103.221.55.0/24 maxlen: 24
                          2400:f8c0::/32 maxlen: 36
                          2400:f8c0:2::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2545 (0x9f1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D604E/serialNumber=E4DCEC595A1BB673897223656AC639B95352DD73
        Validity
            Not Before: Jul  1 07:45:38 2022 GMT
            Not After : Aug 31 00:00:00 2023 GMT
        Subject: CN=62bea622-8416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3f:72:79:f9:ff:16:84:b6:ef:4c:f7:fb:08:
                    ba:6a:20:19:ed:b4:1e:23:a3:63:8f:05:10:12:01:
                    62:aa:80:e0:49:4c:07:94:40:51:78:76:ce:20:08:
                    b3:3e:44:a4:ae:9e:22:08:19:44:99:18:33:43:30:
                    a2:71:b3:e2:02:0e:d4:0a:08:56:14:98:85:32:aa:
                    40:c3:72:13:52:c6:ca:c1:04:eb:13:5b:0f:58:84:
                    8d:65:eb:b9:c2:5e:23:6e:31:e8:61:52:b6:6f:f7:
                    5d:ed:e0:ee:d8:ff:b5:32:be:c2:5b:aa:a1:7d:a7:
                    2d:4d:c8:be:5c:56:b4:88:7f:9a:af:a5:7b:e3:1a:
                    0b:86:89:f8:a2:05:6a:b0:65:b9:b1:23:d4:10:88:
                    55:4a:b5:f0:60:fa:86:ec:cb:55:8f:2b:48:a2:92:
                    d1:0f:dc:fa:88:74:04:61:a6:b8:ac:5a:1c:26:33:
                    0a:0c:09:8b:4a:4c:43:5e:b1:65:64:6b:ff:26:f3:
                    56:ca:9f:93:5f:5c:f1:79:e0:35:6d:bb:b7:06:31:
                    82:cc:45:46:37:57:00:ef:6a:36:2a:fe:1b:bd:70:
                    2b:b8:0d:a1:63:90:c8:ac:fc:c6:90:34:6a:34:b4:
                    a2:ed:f3:f8:b2:86:86:9b:8f:c7:46:ec:ee:1b:72:
                    a2:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:37:22:A1:4F:55:EE:63:D6:84:2A:48:71:A0:28:2D:C2:E9:A7:78
            X509v3 Authority Key Identifier:
                keyid:E4:DC:EC:59:5A:1B:B6:73:89:72:23:65:6A:C6:39:B9:53:52:DD:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D604E/91B5C0C0F4ED11E98CBFA013C4F9AE02/5NzsWVobtnOJciNlasY5uVNS3XM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5NzsWVobtnOJciNlasY5uVNS3XM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D604E/91B5C0C0F4ED11E98CBFA013C4F9AE02/6BE9064C619F11ECA575C929C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.252.52.0/22
                  103.221.52.0/22
                IPv6:
                  2400:f8c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:f5:b8:ef:56:c9:c9:95:b9:b4:31:de:77:6b:48:43:b4:c7:
         b2:84:5c:3e:4f:73:7f:41:ff:af:6e:b8:28:9e:4b:71:d2:ba:
         06:6c:0c:6a:5d:78:52:da:86:ea:8f:2e:36:5a:45:f4:a3:90:
         f8:04:d1:dd:89:36:dc:46:59:36:e0:11:30:89:0e:7d:af:f7:
         91:98:01:d1:b2:b7:02:76:2b:7f:da:ad:1b:20:ca:f8:78:91:
         5e:33:5f:7f:b6:38:96:59:be:0c:b3:10:3d:2d:d0:d2:72:4a:
         02:c2:d7:08:43:a1:c3:a8:cc:21:5e:54:0f:c5:19:c4:78:b0:
         79:0a:76:85:99:b2:61:0c:c7:b1:94:b8:9e:fb:74:86:7f:05:
         cb:56:ed:4e:3d:df:10:13:01:0d:08:2d:c9:e1:eb:81:cd:b4:
         14:6a:ec:f3:8f:aa:b5:35:4e:12:04:d7:23:08:ca:42:7e:cb:
         5e:69:4f:00:52:f8:2b:29:90:52:31:17:23:0b:c8:f6:90:a2:
         f7:37:dc:41:27:49:a1:cf:53:a2:7b:fd:6f:d0:8c:27:19:59:
         0b:a2:59:b0:11:c8:72:a5:fe:3a:db:e7:cc:64:10:92:36:bc:
         5e:88:89:39:5f:0e:8f:69:0b:9f:97:d4:11:22:bb:39:2c:b9:
         72:4c:b3:59
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCfEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDYwNEUxMTAvBgNVBAUTKEU0RENFQzU5NUExQkI2NzM4OTcyMjM2NTZBQzYzOUI5
NTM1MkRENzMwHhcNMjIwNzAxMDc0NTM4WhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmJlYTYyMi04NDE2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArD9yefn/FoS270z3+wi6aiAZ7bQeI6NjjwUQEgFiqoDgSUwHlEBReHbOIAiz
PkSkrp4iCBlEmRgzQzCicbPiAg7UCghWFJiFMqpAw3ITUsbKwQTrE1sPWISNZeu5
wl4jbjHoYVK2b/dd7eDu2P+1Mr7CW6qhfactTci+XFa0iH+ar6V74xoLhon4ogVq
sGW5sSPUEIhVSrXwYPqG7MtVjytIopLRD9z6iHQEYaa4rFocJjMKDAmLSkxDXrFl
ZGv/JvNWyp+TX1zxeeA1bbu3BjGCzEVGN1cA72o2Kv4bvXAruA2hY5DIrPzGkDRq
NLSi7fP4soaGm4/HRuzuG3KiJQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFLQ3IqFP
Ve5j1oQqSHGgKC3C6ad4MB8GA1UdIwQYMBaAFOTc7FlaG7ZziXIjZWrGOblTUt1z
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENjA0RS85MUI1QzBDMEY0
RUQxMUU5OENCRkEwMTNDNEY5QUUwMi81TnpzV1ZvYnRuT0pjaU5sYXNZNXVWTlMz
WE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVOenNXVm9idG5PSmNpTmxhc1k1dVZOUzNYTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDYwNEUvOTFCNUMwQzBGNEVEMTFFOThDQkZBMDEzQzRGOUFFMDIvNkJFOTA2NEM2
MTlGMTFFQ0E1NzVDOTI5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAIt/DQDBAJn3TQwDQQCAAIwBwMFACQA+MAwDQYJKoZIhvcN
AQELBQADggEBABT1uO9WycmVubQx3ndrSEO0x7KEXD5Pc39B/69uuCieS3HSugZs
DGpdeFLahuqPLjZaRfSjkPgE0d2JNtxGWTbgETCJDn2v95GYAdGytwJ2K3/arRsg
yvh4kV4zX3+2OJZZvgyzED0t0NJySgLC1whDocOozCFeVA/FGcR4sHkKdoWZsmEM
x7GUuJ77dIZ/BctW7U493xATAQ0ILcnh64HNtBRq7POPqrU1ThIE1yMIykJ+y15p
TwBS+CspkFIxFyMLyPaQovc33EEnSaHPU6J7/W/QjCcZWQuiWbARyHKl/jrb58xk
EJI2vF6IiTlfDo9pC5+X1BEiuzksuXJMs1k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:42 2024 by rpki-client on console-fra.rpki-client.org