Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913992F/629B7990EBAF11E792899E4EC4F9AE02/19D770A8DB7511EE95A9FD33C4F9AE02.roa
File:                     19D770A8DB7511EE95A9FD33C4F9AE02.roa (raw, json)
Hash identifier:          SA696wtK60mZTUEGTiFYA42tOd+KZQhbcjz5mMYZyGc=
Subject key identifier:   FB:5A:EC:26:EA:09:FA:AD:E4:4F:3E:89:0E:A6:3D:6E:0A:77:96:ED
Certificate issuer:       /CN=A913992F/serialNumber=1F5FB3A5D7B5CB043E9D9C1B3608D4B2635916F4
Certificate serial:       162F
Authority key identifier: 1F:5F:B3:A5:D7:B5:CB:04:3E:9D:9C:1B:36:08:D4:B2:63:59:16:F4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/H1-zpde1ywQ-nZwbNgjUsmNZFvQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913992F/629B7990EBAF11E792899E4EC4F9AE02/19D770A8DB7511EE95A9FD33C4F9AE02.roa
Signing time:             Wed 06 Mar 2024 04:50:49 +0000
ROA not before:           Wed 06 Mar 2024 04:50:49 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     151487
IP address blocks:        103.104.60.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5679 (0x162f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913992F/serialNumber=1F5FB3A5D7B5CB043E9D9C1B3608D4B2635916F4
        Validity
            Not Before: Mar  6 04:50:49 2024 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=65e7f628-54dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:a2:41:b9:66:72:00:63:31:86:56:05:72:fe:
                    86:68:05:37:55:5c:fd:db:1d:4d:97:ee:8f:c6:2c:
                    76:37:f1:55:5b:58:65:0a:00:fa:06:05:af:e3:a8:
                    d1:91:9d:e1:6c:45:f7:87:5d:65:bf:9c:8f:df:33:
                    83:a8:81:e0:73:68:37:59:ab:9f:7a:b6:41:9b:56:
                    ab:79:3f:19:f9:64:25:ce:d9:48:e0:41:cc:31:e5:
                    1e:16:c2:0b:72:23:ab:8e:fe:3d:3f:c5:13:55:c6:
                    bd:79:db:f2:c6:29:b1:b4:0b:9e:dc:6f:3c:0e:d9:
                    66:2a:93:2d:92:f2:24:37:ea:bd:85:53:ac:98:fb:
                    69:d0:cc:1b:22:66:3f:2f:ee:1d:6b:7c:18:df:ac:
                    64:3f:fa:af:ec:e5:f5:d7:12:b7:76:1c:72:b4:03:
                    5b:0b:ee:1a:69:9f:53:fb:a4:a7:66:ab:e7:ce:e0:
                    10:39:a2:5c:35:6e:d0:a2:6e:36:11:6f:c2:32:22:
                    b6:69:7e:9b:0c:39:0b:d5:53:80:03:57:b7:1d:05:
                    97:4f:d1:4e:11:39:5a:d5:ff:99:7e:a2:4e:f5:8d:
                    76:9c:9a:33:f0:16:31:d0:e4:ed:44:e3:04:1f:51:
                    7f:f8:ab:57:1a:c7:37:33:f5:7e:f0:27:4a:7c:46:
                    45:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:5A:EC:26:EA:09:FA:AD:E4:4F:3E:89:0E:A6:3D:6E:0A:77:96:ED
            X509v3 Authority Key Identifier:
                keyid:1F:5F:B3:A5:D7:B5:CB:04:3E:9D:9C:1B:36:08:D4:B2:63:59:16:F4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913992F/629B7990EBAF11E792899E4EC4F9AE02/H1-zpde1ywQ-nZwbNgjUsmNZFvQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/H1-zpde1ywQ-nZwbNgjUsmNZFvQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913992F/629B7990EBAF11E792899E4EC4F9AE02/19D770A8DB7511EE95A9FD33C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.104.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:3d:a5:4f:72:5d:36:f5:a4:bf:3f:88:01:86:49:25:64:f9:
         db:9f:0e:45:0d:77:96:74:44:d2:a0:bc:f4:df:51:51:23:6b:
         dd:27:f3:4b:37:76:0e:0a:41:41:8e:bf:87:c0:28:94:f9:0a:
         70:c9:d4:46:ef:0e:de:6e:fe:22:3c:9c:3f:a0:48:00:61:51:
         0c:6f:82:93:81:80:ac:07:b7:dc:00:30:f1:bb:de:2f:5e:73:
         d3:4e:11:c0:45:c3:31:3d:43:9f:60:52:1d:71:8f:cb:64:e9:
         33:a7:f7:7b:68:47:d9:ed:49:9c:10:45:2d:75:43:17:4e:52:
         82:43:5b:3f:99:d2:4a:68:7a:70:8e:8e:eb:7b:1b:c1:d4:b1:
         3d:08:34:78:1d:e2:1f:f2:9c:70:24:09:d4:07:91:d9:56:1f:
         e4:4b:fb:2c:81:5e:c0:15:76:28:4f:75:2d:59:28:7f:df:a6:
         55:04:4a:05:62:de:82:25:0d:23:bf:c8:84:cc:ed:7a:0c:13:
         8f:7e:fb:d3:7f:fd:be:03:e1:f1:51:cb:6a:ad:08:09:29:61:
         60:2a:d2:59:7a:50:d8:ce:8b:0e:c2:e3:5f:27:43:03:82:69:
         36:1e:71:0b:c8:1f:81:08:ea:7d:1c:69:0f:11:cc:d0:75:b9:
         fc:40:12:a4
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICFi8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Mzk5MkYxMTAvBgNVBAUTKDFGNUZCM0E1RDdCNUNCMDQzRTlEOUMxQjM2MDhENEIy
NjM1OTE2RjQwHhcNMjQwMzA2MDQ1MDQ5WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWU3ZjYyOC01NGRjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6KJBuWZyAGMxhlYFcv6GaAU3VVz92x1Nl+6Pxix2N/FVW1hlCgD6BgWv46jR
kZ3hbEX3h11lv5yP3zODqIHgc2g3WauferZBm1areT8Z+WQlztlI4EHMMeUeFsIL
ciOrjv49P8UTVca9edvyximxtAue3G88DtlmKpMtkvIkN+q9hVOsmPtp0MwbImY/
L+4da3wY36xkP/qv7OX11xK3dhxytANbC+4aaZ9T+6SnZqvnzuAQOaJcNW7Qom42
EW/CMiK2aX6bDDkL1VOAA1e3HQWXT9FOETla1f+ZfqJO9Y12nJoz8BYx0OTtROME
H1F/+KtXGsc3M/V+8CdKfEZFDwIDAQABo4IClTCCApEwHQYDVR0OBBYEFPta7Cbq
Cfqt5E8+iQ6mPW4Kd5btMB8GA1UdIwQYMBaAFB9fs6XXtcsEPp2cGzYI1LJjWRb0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzOTkyRi82MjlCNzk5MEVC
QUYxMUU3OTI4OTlFNEVDNEY5QUUwMi9IMS16cGRlMXl3US1uWndiTmdqVXNtTlpG
dlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0gxLXpwZGUxeXdRLW5ad2JOZ2pVc21OWkZ2US5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Mzk5MkYvNjI5Qjc5OTBFQkFGMTFFNzkyODk5RTRFQzRGOUFFMDIvMTlENzcwQThE
Qjc1MTFFRTk1QTlGRDMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnaDwwDQYJKoZIhvcNAQELBQADggEBAG49pU9yXTb1pL8/
iAGGSSVk+dufDkUNd5Z0RNKgvPTfUVEja90n80s3dg4KQUGOv4fAKJT5CnDJ1Ebv
Dt5u/iI8nD+gSABhUQxvgpOBgKwHt9wAMPG73i9ec9NOEcBFwzE9Q59gUh1xj8tk
6TOn93toR9ntSZwQRS11QxdOUoJDWz+Z0kpoenCOjut7G8HUsT0INHgd4h/ynHAk
CdQHkdlWH+RL+yyBXsAVdihPdS1ZKH/fplUESgVi3oIlDSO/yITM7XoME49++9N/
/b4D4fFRy2qtCAkpYWAq0ll6UNjOiw7C418nQwOCaTYecQvIH4EI6n0caQ8RzNB1
ufxAEqQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:54 2024 by rpki-client on console-ams.rpki-client.org