Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911D2A3/F6AC63864EFD11E8892B8683C4F9AE02/6D4540A2C3E511ECAF82A571C4F9AE02.roa
File:                     6D4540A2C3E511ECAF82A571C4F9AE02.roa (raw, json)
Hash identifier:          xyGwwDli467DRLVWgHONP4GO48A/pj105YcSr2Bi32c=
Subject key identifier:   BE:D6:5C:CB:9C:6B:C5:EF:9D:04:ED:E4:EC:45:F1:F0:F1:26:B7:2E
Certificate issuer:       /CN=A911D2A3/serialNumber=3BEEE4BDA5A04B104B1D72E601C30938DBA4B644
Certificate serial:       11C4
Authority key identifier: 3B:EE:E4:BD:A5:A0:4B:10:4B:1D:72:E6:01:C3:09:38:DB:A4:B6:44
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/O-7kvaWgSxBLHXLmAcMJONuktkQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911D2A3/F6AC63864EFD11E8892B8683C4F9AE02/6D4540A2C3E511ECAF82A571C4F9AE02.roa
Signing time:             Sun 24 Apr 2022 15:44:29 +0000
ROA not before:           Sun 24 Apr 2022 15:44:29 +0000
ROA not after:            Sat 30 Jul 2022 00:00:00 +0000
asID:                     135131
IP address blocks:        103.114.166.0/23 maxlen: 23
                          103.114.166.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4548 (0x11c4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911D2A3/serialNumber=3BEEE4BDA5A04B104B1D72E601C30938DBA4B644
        Validity
            Not Before: Apr 24 15:44:29 2022 GMT
            Not After : Jul 30 00:00:00 2022 GMT
        Subject: CN=6265705d-ffb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:49:60:09:c6:17:5f:dd:7d:68:3b:4f:68:a2:
                    55:06:6c:a1:82:ff:18:10:ec:c5:5a:9a:aa:75:6b:
                    ba:3e:3e:85:7b:0f:a0:b6:1c:a3:a6:92:7f:69:f9:
                    d3:f6:b6:60:b7:39:0b:05:d9:c8:47:93:94:1b:32:
                    a2:cd:36:2a:bb:b3:9f:a7:ad:1e:16:0f:3e:7d:ce:
                    d6:18:c6:dd:93:00:b3:b5:be:d6:51:f1:9a:2c:2e:
                    b7:c0:ce:7f:b0:c3:d3:b5:94:75:f3:c3:ce:28:2b:
                    73:1d:fc:e5:27:d5:6b:61:3c:01:96:74:72:a8:0c:
                    44:3b:0d:e2:ef:2f:4a:db:96:6b:7b:46:fd:77:54:
                    8c:2d:12:c7:ee:0a:47:19:1a:77:97:1c:4f:94:81:
                    72:be:9b:15:07:74:b2:b4:80:c6:a6:2a:f1:46:95:
                    49:6b:b5:06:07:15:7c:09:11:b4:a2:a7:5d:28:53:
                    bc:84:7f:54:ed:47:74:e4:b0:62:a6:6e:2f:19:09:
                    56:80:4c:b3:14:04:b4:db:cb:09:e2:0c:bc:a7:cc:
                    c5:79:87:65:6f:9a:05:6a:33:34:ef:6b:0f:4d:c9:
                    cb:cc:d0:30:a9:9f:12:12:35:0a:8b:e7:de:36:36:
                    d4:f7:98:3b:7a:97:0d:64:5c:1b:17:17:e8:2b:3d:
                    0c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:D6:5C:CB:9C:6B:C5:EF:9D:04:ED:E4:EC:45:F1:F0:F1:26:B7:2E
            X509v3 Authority Key Identifier:
                keyid:3B:EE:E4:BD:A5:A0:4B:10:4B:1D:72:E6:01:C3:09:38:DB:A4:B6:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911D2A3/F6AC63864EFD11E8892B8683C4F9AE02/O-7kvaWgSxBLHXLmAcMJONuktkQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/O-7kvaWgSxBLHXLmAcMJONuktkQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911D2A3/F6AC63864EFD11E8892B8683C4F9AE02/6D4540A2C3E511ECAF82A571C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.114.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:7a:02:dc:60:6d:fb:12:26:33:eb:94:82:ac:20:df:06:0f:
         7b:52:d5:b2:6c:3c:c5:1a:f8:bb:b0:7d:14:f2:37:f1:ed:84:
         8e:f5:85:fd:da:af:1d:95:17:28:e0:70:41:09:63:f6:40:cb:
         35:fb:77:4f:0e:3f:ee:22:cf:0d:2b:e2:82:11:a5:6b:5d:4e:
         43:46:34:46:d7:1f:d2:39:0f:4c:ae:90:19:9a:b1:85:9d:51:
         6b:ff:d9:66:80:ee:4e:bc:9d:d2:ed:75:1d:0b:df:d1:91:db:
         5b:d2:40:44:3d:09:00:35:25:88:ab:b5:90:3f:84:6a:b3:0d:
         aa:48:dc:a6:f4:32:af:79:75:1b:b7:aa:c2:25:50:c1:90:c3:
         e9:bf:2c:ce:6f:af:21:a6:2b:99:bd:61:0f:81:2d:ef:19:e6:
         65:19:b6:ae:15:ff:45:64:f4:ab:bf:a4:49:09:d3:4a:b4:8e:
         e1:54:d6:2d:da:65:3d:8b:22:ca:a9:cb:38:3a:1e:0e:ac:98:
         a6:4a:6e:c2:da:9d:75:4f:5a:18:cf:a8:60:56:4c:66:ba:b3:
         2b:fb:96:d9:5b:49:0f:e4:b5:59:5a:63:70:4f:06:5e:b1:7b:
         de:3d:a4:e3:24:04:a4:dd:b2:a1:a6:a3:b3:8b:fc:a0:93:ec:
         46:5c:d7:5a
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICEcQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUQyQTMxMTAvBgNVBAUTKDNCRUVFNEJEQTVBMDRCMTA0QjFENzJFNjAxQzMwOTM4
REJBNEI2NDQwHhcNMjIwNDI0MTU0NDI5WhcNMjIwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjY1NzA1ZC1mZmIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxUlgCcYXX919aDtPaKJVBmyhgv8YEOzFWpqqdWu6Pj6Few+gthyjppJ/afnT
9rZgtzkLBdnIR5OUGzKizTYqu7Ofp60eFg8+fc7WGMbdkwCztb7WUfGaLC63wM5/
sMPTtZR188POKCtzHfzlJ9VrYTwBlnRyqAxEOw3i7y9K25Zre0b9d1SMLRLH7gpH
GRp3lxxPlIFyvpsVB3SytIDGpirxRpVJa7UGBxV8CRG0oqddKFO8hH9U7Ud05LBi
pm4vGQlWgEyzFAS028sJ4gy8p8zFeYdlb5oFajM072sPTcnLzNAwqZ8SEjUKi+fe
NjbU95g7epcNZFwbFxfoKz0MEQIDAQABo4IClTCCApEwHQYDVR0OBBYEFL7WXMuc
a8XvnQTt5OxF8fDxJrcuMB8GA1UdIwQYMBaAFDvu5L2loEsQSx1y5gHDCTjbpLZE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRDJBMy9GNkFDNjM4NjRF
RkQxMUU4ODkyQjg2ODNDNEY5QUUwMi9PLTdrdmFXZ1N4QkxIWExtQWNNSk9OdWt0
a1EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL08tN2t2YVdnU3hCTEhYTG1BY01KT051a3RrUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUQyQTMvRjZBQzYzODY0RUZEMTFFODg5MkI4NjgzQzRGOUFFMDIvNkQ0NTQwQTJD
M0U1MTFFQ0FGODJBNTcxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFncqYwDQYJKoZIhvcNAQELBQADggEBAGZ6AtxgbfsSJjPr
lIKsIN8GD3tS1bJsPMUa+LuwfRTyN/HthI71hf3arx2VFyjgcEEJY/ZAyzX7d08O
P+4izw0r4oIRpWtdTkNGNEbXH9I5D0yukBmasYWdUWv/2WaA7k68ndLtdR0L39GR
21vSQEQ9CQA1JYirtZA/hGqzDapI3Kb0Mq95dRu3qsIlUMGQw+m/LM5vryGmK5m9
YQ+BLe8Z5mUZtq4V/0Vk9Ku/pEkJ00q0juFU1i3aZT2LIsqpyzg6Hg6smKZKbsLa
nXVPWhjPqGBWTGa6syv7ltlbSQ/ktVlaY3BPBl6xe949pOMkBKTdsqGmo7OL/KCT
7EZc11o=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:47 2024 by rpki-client on console-ams.rpki-client.org