Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F2152/B7C6C60006D211EA8AAC9344C4F9AE02/BB193400201311EAA535D544C4F9AE02.roa
File:                     BB193400201311EAA535D544C4F9AE02.roa (raw, json)
Hash identifier:          KQZlpSPQRB02ozmRk4s9qhx02QyjtmI+r9U2A1rEnLs=
Subject key identifier:   FE:A9:95:EF:1F:8D:0A:D3:4A:04:6F:DD:C1:BB:91:42:DB:34:D3:90
Certificate issuer:       /CN=A91F2152/serialNumber=243E4829ABF2F909C12DDA044FE5D36B82105392
Certificate serial:       08A3
Authority key identifier: 24:3E:48:29:AB:F2:F9:09:C1:2D:DA:04:4F:E5:D3:6B:82:10:53:92
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JD5IKavy-QnBLdoET-XTa4IQU5I.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F2152/B7C6C60006D211EA8AAC9344C4F9AE02/BB193400201311EAA535D544C4F9AE02.roa
Signing time:             Sat 05 Mar 2022 20:46:11 +0000
ROA not before:           Sat 05 Mar 2022 20:46:11 +0000
ROA not after:            Mon 01 May 2023 00:00:00 +0000
asID:                     135037
IP address blocks:        103.206.228.0/22 maxlen: 22
                          103.206.228.0/24 maxlen: 24
                          103.206.229.0/24 maxlen: 24
                          103.206.230.0/24 maxlen: 24
                          103.206.231.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2211 (0x8a3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F2152/serialNumber=243E4829ABF2F909C12DDA044FE5D36B82105392
        Validity
            Not Before: Mar  5 20:46:11 2022 GMT
            Not After : May  1 00:00:00 2023 GMT
        Subject: CN=6223cc13-a02d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:bf:23:33:af:b0:42:ff:41:ef:81:c2:38:02:
                    9d:05:2a:44:c4:d2:7c:03:0e:90:b3:ba:9c:db:a3:
                    ea:00:f5:ca:0b:2d:47:34:d3:51:a9:b2:78:a7:a6:
                    2e:b2:18:13:8d:00:9d:72:10:c4:8b:37:0e:38:7d:
                    b2:c4:77:b8:e7:bf:4e:d7:32:78:64:d3:32:bf:97:
                    1f:8d:6e:2e:f8:1c:0c:ca:e1:2f:e8:0f:1a:89:09:
                    a1:47:be:d3:ea:1c:b9:7d:fd:02:44:bd:13:f9:00:
                    3e:74:25:18:bf:43:3c:48:86:7c:c2:02:93:42:1f:
                    ab:23:c0:39:68:06:4d:6a:69:9a:d5:1f:1f:3f:93:
                    fa:2a:7f:a3:dc:41:8b:da:6e:fa:65:4e:4b:11:6f:
                    ac:c0:49:72:66:0d:4d:27:98:30:d3:13:cd:d4:b4:
                    a0:69:50:4c:bf:8b:6a:12:2e:26:06:d2:25:ee:dc:
                    80:ff:15:f0:1e:fe:2c:d1:a0:75:49:cf:3a:fc:eb:
                    c4:12:46:82:97:a8:1e:da:03:c3:5a:c6:1e:fb:94:
                    68:7f:3e:d1:29:ff:e5:e6:71:b6:18:9f:98:6a:92:
                    1a:38:db:cb:5c:f8:0d:cd:1e:73:1d:42:56:e6:54:
                    d8:33:e8:4b:e4:0f:69:98:48:a5:16:4f:37:93:97:
                    a4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:A9:95:EF:1F:8D:0A:D3:4A:04:6F:DD:C1:BB:91:42:DB:34:D3:90
            X509v3 Authority Key Identifier:
                keyid:24:3E:48:29:AB:F2:F9:09:C1:2D:DA:04:4F:E5:D3:6B:82:10:53:92

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F2152/B7C6C60006D211EA8AAC9344C4F9AE02/JD5IKavy-QnBLdoET-XTa4IQU5I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JD5IKavy-QnBLdoET-XTa4IQU5I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F2152/B7C6C60006D211EA8AAC9344C4F9AE02/BB193400201311EAA535D544C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.206.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c2:9e:63:9b:ca:0e:ba:99:ad:1d:e6:37:8e:6f:68:5c:bd:b7:
         e7:ca:98:f8:8c:ab:9b:a6:89:25:db:17:a5:dc:ff:52:a9:f4:
         c9:a5:f8:e9:d5:18:ac:eb:bb:bf:0f:6a:c7:b4:fe:86:a1:32:
         ae:30:d5:1b:ff:42:40:7d:69:ab:16:60:95:ec:8e:5a:22:f5:
         f4:b3:21:d2:77:59:94:46:bb:58:5c:1f:b3:b6:9d:58:8b:a7:
         34:e4:64:09:1a:0f:88:35:7f:d3:77:ff:fe:b2:df:38:7d:18:
         ae:22:a8:a7:19:e5:dc:d7:ed:dc:3f:27:81:99:94:e5:2a:a4:
         6c:36:fb:93:51:5f:46:19:de:9a:35:e1:2a:55:4f:51:7b:55:
         ee:11:43:6c:c7:94:df:9f:e7:f1:2a:5d:29:6e:4a:0f:4e:11:
         36:a4:ee:83:ba:6c:a1:77:77:7a:1e:9e:34:1f:6c:8e:78:c6:
         00:f1:39:2b:d6:ea:3c:49:ea:83:f2:b9:e8:97:03:aa:fe:a4:
         ca:00:ad:c8:26:63:6f:a0:a5:c6:96:62:ba:65:32:0e:42:08:
         ee:49:9d:e3:6b:75:0e:5b:bc:48:5f:7d:22:5e:7a:6b:05:d2:
         f8:c1:c3:0b:c0:a0:d8:67:e3:bf:90:24:a8:f8:6b:65:64:ab:
         62:1c:93:40
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCKMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjIxNTIxMTAvBgNVBAUTKDI0M0U0ODI5QUJGMkY5MDlDMTJEREEwNDRGRTVEMzZC
ODIxMDUzOTIwHhcNMjIwMzA1MjA0NjExWhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjIzY2MxMy1hMDJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1L8jM6+wQv9B74HCOAKdBSpExNJ8Aw6Qs7qc26PqAPXKCy1HNNNRqbJ4p6Yu
shgTjQCdchDEizcOOH2yxHe4579O1zJ4ZNMyv5cfjW4u+BwMyuEv6A8aiQmhR77T
6hy5ff0CRL0T+QA+dCUYv0M8SIZ8wgKTQh+rI8A5aAZNamma1R8fP5P6Kn+j3EGL
2m76ZU5LEW+swElyZg1NJ5gw0xPN1LSgaVBMv4tqEi4mBtIl7tyA/xXwHv4s0aB1
Sc86/OvEEkaCl6ge2gPDWsYe+5Rofz7RKf/l5nG2GJ+YapIaONvLXPgNzR5zHUJW
5lTYM+hL5A9pmEilFk83k5ek8wIDAQABo4IClTCCApEwHQYDVR0OBBYEFP6ple8f
jQrTSgRv3cG7kULbNNOQMB8GA1UdIwQYMBaAFCQ+SCmr8vkJwS3aBE/l02uCEFOS
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGMjE1Mi9CN0M2QzYwMDA2
RDIxMUVBOEFBQzkzNDRDNEY5QUUwMi9KRDVJS2F2eS1RbkJMZG9FVC1YVGE0SVFV
NUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0pENUlLYXZ5LVFuQkxkb0VULVhUYTRJUVU1SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjIxNTIvQjdDNkM2MDAwNkQyMTFFQThBQUM5MzQ0QzRGOUFFMDIvQkIxOTM0MDAy
MDEzMTFFQUE1MzVENTQ0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnzuQwDQYJKoZIhvcNAQELBQADggEBAMKeY5vKDrqZrR3m
N45vaFy9t+fKmPiMq5umiSXbF6Xc/1Kp9Mml+OnVGKzru78Pase0/oahMq4w1Rv/
QkB9aasWYJXsjloi9fSzIdJ3WZRGu1hcH7O2nViLpzTkZAkaD4g1f9N3//6y3zh9
GK4iqKcZ5dzX7dw/J4GZlOUqpGw2+5NRX0YZ3po14SpVT1F7Ve4RQ2zHlN+f5/Eq
XSluSg9OETak7oO6bKF3d3oenjQfbI54xgDxOSvW6jxJ6oPyueiXA6r+pMoArcgm
Y2+gpcaWYrplMg5CCO5JneNrdQ5bvEhffSJeemsF0vjBwwvAoNhn47+QJKj4a2Vk
q2Ick0A=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:47 2024 by rpki-client on console-fra.rpki-client.org