Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913992F/629B7990EBAF11E792899E4EC4F9AE02/1ABB3284DB7511EE95A9FD33C4F9AE02.roa
File:                     1ABB3284DB7511EE95A9FD33C4F9AE02.roa (raw, json)
Hash identifier:          8cY/JK0nhSV4lvcL0IOna9zTVfECwsFd9piyJtRSY00=
Subject key identifier:   FC:E9:06:E6:AB:FA:53:BA:10:27:49:69:42:22:D6:A1:80:A4:20:98
Certificate issuer:       /CN=A913992F/serialNumber=1F5FB3A5D7B5CB043E9D9C1B3608D4B2635916F4
Certificate serial:       1630
Authority key identifier: 1F:5F:B3:A5:D7:B5:CB:04:3E:9D:9C:1B:36:08:D4:B2:63:59:16:F4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/H1-zpde1ywQ-nZwbNgjUsmNZFvQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913992F/629B7990EBAF11E792899E4EC4F9AE02/1ABB3284DB7511EE95A9FD33C4F9AE02.roa
Signing time:             Wed 06 Mar 2024 04:50:50 +0000
ROA not before:           Wed 06 Mar 2024 04:50:50 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     834
IP address blocks:        103.104.62.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5680 (0x1630)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913992F/serialNumber=1F5FB3A5D7B5CB043E9D9C1B3608D4B2635916F4
        Validity
            Not Before: Mar  6 04:50:50 2024 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=65e7f62a-8f4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:73:f8:c4:f7:a3:8d:41:ad:7c:5d:72:91:b2:
                    3f:1d:62:a3:c9:cf:a3:33:c4:0a:aa:a7:d8:b5:9c:
                    af:ee:ca:fa:b5:e5:48:ae:b7:bb:36:cc:5d:44:57:
                    f0:e8:6b:23:39:7b:e3:74:8a:37:00:75:11:94:8d:
                    f2:ee:6f:33:b5:b3:e6:91:d9:a4:db:11:2f:31:64:
                    da:bb:b6:ed:f1:c2:f1:0d:fa:8e:4b:30:1a:d6:80:
                    0a:3b:2d:3f:fd:f1:7e:39:7b:92:93:c8:2d:2e:54:
                    69:4b:4b:6f:5f:8a:1a:97:35:da:43:04:74:53:26:
                    ce:6f:85:5d:09:2c:40:a9:a2:d7:59:1d:6c:b5:a0:
                    74:fc:9b:42:cb:dc:15:53:0d:54:c1:37:b6:e2:03:
                    28:37:07:56:18:81:5e:ea:61:ae:fb:b1:f9:9f:20:
                    45:a0:ce:23:30:fb:ed:6d:17:64:1f:e6:4c:3e:1f:
                    4d:db:d7:f0:02:f8:02:d1:06:42:a0:f1:45:63:fc:
                    b1:33:9d:e6:3c:09:a1:02:be:27:1f:e1:08:96:b6:
                    4f:2c:7b:b9:88:c5:05:34:f5:0d:91:1b:19:3c:83:
                    2b:26:cf:d9:2d:e0:88:b0:7e:49:08:8c:ac:7d:ba:
                    56:68:7e:0e:a3:a8:2c:2d:6f:b1:19:2d:60:bb:bf:
                    8a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:E9:06:E6:AB:FA:53:BA:10:27:49:69:42:22:D6:A1:80:A4:20:98
            X509v3 Authority Key Identifier:
                keyid:1F:5F:B3:A5:D7:B5:CB:04:3E:9D:9C:1B:36:08:D4:B2:63:59:16:F4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913992F/629B7990EBAF11E792899E4EC4F9AE02/H1-zpde1ywQ-nZwbNgjUsmNZFvQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/H1-zpde1ywQ-nZwbNgjUsmNZFvQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913992F/629B7990EBAF11E792899E4EC4F9AE02/1ABB3284DB7511EE95A9FD33C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.104.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:90:07:6c:83:0c:7b:c9:d7:71:cc:60:8d:4a:7e:8c:27:35:
         25:d8:f8:1a:27:33:d9:33:19:e6:72:2b:ff:eb:8e:51:23:ab:
         2e:88:2e:d2:4f:d4:99:b1:7c:68:c1:45:0a:82:46:29:78:c0:
         28:82:a8:78:77:07:45:84:e0:a1:0e:03:d3:6e:a5:3e:c7:e1:
         18:ec:7e:e6:69:c5:ce:48:9b:48:ab:d7:79:a3:c7:19:51:5c:
         8d:bc:ad:0c:86:e5:09:64:e8:96:3b:3e:b8:7d:4f:cf:9a:cd:
         0a:ca:ad:5c:d0:d0:f9:17:30:a2:80:72:cf:3a:39:b9:d6:a5:
         21:5d:c0:e9:5c:51:f3:dc:d5:51:d0:66:70:d9:a0:eb:fc:98:
         2e:0f:ec:83:38:60:80:25:37:a9:67:3b:68:46:3f:75:51:eb:
         7c:4c:36:fa:07:c5:52:c9:59:1a:3c:b5:a8:cc:19:a3:dd:ed:
         06:5e:23:99:ee:7d:d2:90:dc:f6:72:92:4b:58:40:c0:04:01:
         ad:3a:50:5c:4a:62:c2:76:64:67:b0:6c:a5:d4:df:f8:e1:6b:
         2c:aa:a6:f9:57:19:f0:b2:17:21:6d:3d:13:d3:d8:c7:35:be:
         8c:b5:32:44:25:b5:57:c5:66:b7:46:72:ec:db:92:2d:12:1b:
         29:61:98:93
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICFjAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Mzk5MkYxMTAvBgNVBAUTKDFGNUZCM0E1RDdCNUNCMDQzRTlEOUMxQjM2MDhENEIy
NjM1OTE2RjQwHhcNMjQwMzA2MDQ1MDUwWhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWU3ZjYyYS04ZjRjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7XP4xPejjUGtfF1ykbI/HWKjyc+jM8QKqqfYtZyv7sr6teVIrre7NsxdRFfw
6GsjOXvjdIo3AHURlI3y7m8ztbPmkdmk2xEvMWTau7bt8cLxDfqOSzAa1oAKOy0/
/fF+OXuSk8gtLlRpS0tvX4oalzXaQwR0UybOb4VdCSxAqaLXWR1staB0/JtCy9wV
Uw1UwTe24gMoNwdWGIFe6mGu+7H5nyBFoM4jMPvtbRdkH+ZMPh9N29fwAvgC0QZC
oPFFY/yxM53mPAmhAr4nH+EIlrZPLHu5iMUFNPUNkRsZPIMrJs/ZLeCIsH5JCIys
fbpWaH4Oo6gsLW+xGS1gu7+KRQIDAQABo4IClTCCApEwHQYDVR0OBBYEFPzpBuar
+lO6ECdJaUIi1qGApCCYMB8GA1UdIwQYMBaAFB9fs6XXtcsEPp2cGzYI1LJjWRb0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzOTkyRi82MjlCNzk5MEVC
QUYxMUU3OTI4OTlFNEVDNEY5QUUwMi9IMS16cGRlMXl3US1uWndiTmdqVXNtTlpG
dlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0gxLXpwZGUxeXdRLW5ad2JOZ2pVc21OWkZ2US5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Mzk5MkYvNjI5Qjc5OTBFQkFGMTFFNzkyODk5RTRFQzRGOUFFMDIvMUFCQjMyODRE
Qjc1MTFFRTk1QTlGRDMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnaD4wDQYJKoZIhvcNAQELBQADggEBAC2QB2yDDHvJ13HM
YI1KfownNSXY+BonM9kzGeZyK//rjlEjqy6ILtJP1JmxfGjBRQqCRil4wCiCqHh3
B0WE4KEOA9NupT7H4RjsfuZpxc5Im0ir13mjxxlRXI28rQyG5Qlk6JY7Prh9T8+a
zQrKrVzQ0PkXMKKAcs86ObnWpSFdwOlcUfPc1VHQZnDZoOv8mC4P7IM4YIAlN6ln
O2hGP3VR63xMNvoHxVLJWRo8tajMGaPd7QZeI5nufdKQ3PZykktYQMAEAa06UFxK
YsJ2ZGewbKXU3/jhayyqpvlXGfCyFyFtPRPT2Mc1voy1MkQltVfFZrdGcuzbki0S
GylhmJM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:03 2024 by rpki-client on console-fra.rpki-client.org