Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91317E5/DB00F802A0FA11EBBC09943AC4F9AE02/B461D642A0FC11EB9332023DC4F9AE02.roa
File:                     B461D642A0FC11EB9332023DC4F9AE02.roa (raw, json)
Hash identifier:          CjNqhGWu5TE7l6Ga+MA/AXRFH5okcZhvTHUHdwynmH4=
Subject key identifier:   B2:9A:8A:83:EF:40:88:78:C4:DD:9A:E3:55:6A:B6:BE:96:46:89:3E
Certificate issuer:       /CN=A91317E5/serialNumber=45258841F7F04FB39D91DA3E3FABB529E8528F49
Certificate serial:       0500
Authority key identifier: 45:25:88:41:F7:F0:4F:B3:9D:91:DA:3E:3F:AB:B5:29:E8:52:8F:49
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RSWIQffwT7Odkdo-P6u1KehSj0k.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91317E5/DB00F802A0FA11EBBC09943AC4F9AE02/B461D642A0FC11EB9332023DC4F9AE02.roa
Signing time:             Sun 03 Dec 2023 00:32:18 +0000
ROA not before:           Sun 03 Dec 2023 00:32:18 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     134740
IP address blocks:        103.198.252.0/22 maxlen: 22
                          103.198.252.0/24 maxlen: 24
                          103.198.253.0/24 maxlen: 24
                          103.198.254.0/24 maxlen: 24
                          103.198.255.0/24 maxlen: 24
                          202.58.108.0/22 maxlen: 22
                          202.58.108.0/24 maxlen: 24
                          202.58.109.0/24 maxlen: 24
                          202.58.110.0/24 maxlen: 24
                          202.58.111.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1280 (0x500)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91317E5/serialNumber=45258841F7F04FB39D91DA3E3FABB529E8528F49
        Validity
            Not Before: Dec  3 00:32:18 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=656bcc92-ef8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:05:3b:95:3d:fb:cf:31:b4:d3:f8:a5:4a:07:
                    37:4e:41:52:ec:26:c4:0a:b9:5e:6e:1b:f8:9d:d1:
                    ea:1f:d0:37:84:f9:81:07:df:91:fd:46:eb:3d:8c:
                    a5:07:3c:1c:a5:1d:99:3a:a4:60:53:c4:5c:be:0a:
                    aa:09:f0:b2:ae:fb:0f:89:b9:be:38:b6:35:54:81:
                    74:9c:a0:29:02:89:d4:bb:1a:46:f1:b9:22:c7:14:
                    4b:ef:e7:5b:b5:b5:a9:c4:26:a9:32:df:6b:44:05:
                    3a:7d:73:59:39:30:57:fa:ee:88:de:a4:5b:81:7e:
                    33:a4:c7:d8:1c:7e:69:54:69:cf:23:be:d2:c4:db:
                    45:a9:49:1e:e3:15:ba:96:64:2d:61:ee:51:89:6d:
                    d6:67:1d:3a:2d:8a:ab:40:41:67:d0:02:ff:4f:78:
                    82:c0:d9:0a:95:13:e4:10:6d:9e:ee:0a:25:27:13:
                    da:48:6e:7e:06:8f:a7:d2:5d:d8:f0:e7:00:7f:59:
                    97:93:bd:1f:29:c8:e4:ee:df:e5:1d:9f:42:68:80:
                    80:7b:c0:00:86:46:95:22:21:18:74:01:93:db:83:
                    0c:d0:57:7f:1b:0b:09:e9:d8:81:f0:c7:c8:60:66:
                    8a:f6:2a:1a:8a:49:31:a1:76:e4:e2:9e:a5:45:f7:
                    de:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:9A:8A:83:EF:40:88:78:C4:DD:9A:E3:55:6A:B6:BE:96:46:89:3E
            X509v3 Authority Key Identifier:
                keyid:45:25:88:41:F7:F0:4F:B3:9D:91:DA:3E:3F:AB:B5:29:E8:52:8F:49

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91317E5/DB00F802A0FA11EBBC09943AC4F9AE02/RSWIQffwT7Odkdo-P6u1KehSj0k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RSWIQffwT7Odkdo-P6u1KehSj0k.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91317E5/DB00F802A0FA11EBBC09943AC4F9AE02/B461D642A0FC11EB9332023DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.198.252.0/22
                  202.58.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:4f:6b:bd:76:83:fc:f9:50:b8:41:b5:0a:df:eb:89:99:66:
         89:46:f3:63:b3:99:8d:5f:a5:b2:93:67:05:be:52:83:97:b8:
         cb:20:1f:c8:52:71:29:28:43:a7:b5:93:80:bd:6b:08:84:5b:
         60:4d:ce:c6:c0:83:72:f6:0f:e4:8c:79:54:52:16:00:32:a0:
         f1:a1:53:e2:e5:92:64:e2:15:91:5b:b1:d7:41:b9:64:3f:50:
         17:14:e2:e1:f0:a3:b6:a0:e1:9c:64:cd:13:21:30:3d:41:be:
         b4:ed:79:76:32:bb:ea:0e:8d:17:0e:a9:16:ad:00:39:fb:6f:
         2c:4f:19:d8:89:a4:86:56:9b:de:e1:09:3c:6e:8e:ce:dd:ec:
         65:ea:7d:03:55:9a:81:70:4e:40:f1:8e:f8:b3:d8:35:24:70:
         a9:90:94:58:b6:54:e6:b4:05:ac:6f:aa:a5:b2:ef:c6:d2:44:
         6e:89:01:7b:ee:3b:65:21:ce:f6:31:5d:0e:05:7f:fb:92:c9:
         aa:02:50:7e:03:0f:7c:0c:aa:99:27:c0:b2:41:5a:41:a8:1e:
         41:83:0e:0e:8c:12:6d:14:75:6c:99:6e:49:9f:83:8b:8d:eb:
         86:53:72:32:29:6a:c1:1d:58:70:eb:1e:53:66:a7:5d:89:6b:
         a4:45:e7:c3
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBQAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzE3RTUxMTAvBgNVBAUTKDQ1MjU4ODQxRjdGMDRGQjM5RDkxREEzRTNGQUJCNTI5
RTg1MjhGNDkwHhcNMjMxMjAzMDAzMjE4WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTZiY2M5Mi1lZjhiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2wU7lT37zzG00/ilSgc3TkFS7CbECrlebhv4ndHqH9A3hPmBB9+R/UbrPYyl
BzwcpR2ZOqRgU8RcvgqqCfCyrvsPibm+OLY1VIF0nKApAonUuxpG8bkixxRL7+db
tbWpxCapMt9rRAU6fXNZOTBX+u6I3qRbgX4zpMfYHH5pVGnPI77SxNtFqUke4xW6
lmQtYe5RiW3WZx06LYqrQEFn0AL/T3iCwNkKlRPkEG2e7golJxPaSG5+Bo+n0l3Y
8OcAf1mXk70fKcjk7t/lHZ9CaICAe8AAhkaVIiEYdAGT24MM0Fd/GwsJ6diB8MfI
YGaK9ioaikkxoXbk4p6lRffe4QIDAQABo4ICmzCCApcwHQYDVR0OBBYEFLKaioPv
QIh4xN2a41Vqtr6WRok+MB8GA1UdIwQYMBaAFEUliEH38E+znZHaPj+rtSnoUo9J
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMTdFNS9EQjAwRjgwMkEw
RkExMUVCQkMwOTk0M0FDNEY5QUUwMi9SU1dJUWZmd1Q3T2RrZG8tUDZ1MUtlaFNq
MGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1JTV0lRZmZ3VDdPZGtkby1QNnUxS2VoU2oway5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzE3RTUvREIwMEY4MDJBMEZBMTFFQkJDMDk5NDNBQzRGOUFFMDIvQjQ2MUQ2NDJB
MEZDMTFFQjkzMzIwMjNEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAJnxvwDBALKOmwwDQYJKoZIhvcNAQELBQADggEBAEtPa712
g/z5ULhBtQrf64mZZolG82OzmY1fpbKTZwW+UoOXuMsgH8hScSkoQ6e1k4C9awiE
W2BNzsbAg3L2D+SMeVRSFgAyoPGhU+LlkmTiFZFbsddBuWQ/UBcU4uHwo7ag4Zxk
zRMhMD1BvrTteXYyu+oOjRcOqRatADn7byxPGdiJpIZWm97hCTxujs7d7GXqfQNV
moFwTkDxjviz2DUkcKmQlFi2VOa0BaxvqqWy78bSRG6JAXvuO2UhzvYxXQ4Ff/uS
yaoCUH4DD3wMqpknwLJBWkGoHkGDDg6MEm0UdWyZbkmfg4uN64ZTcjIpasEdWHDr
HlNmp12Ja6RF58M=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:53 2024 by rpki-client on console-ams.rpki-client.org