Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91411B3/C6DA292C184611EA9B842F27C4F9AE02/DB1E3802080211ED9C6C0F11C4F9AE02.roa
File:                     DB1E3802080211ED9C6C0F11C4F9AE02.roa (raw, json)
Hash identifier:          83qk0MEWiNe0VZqZRjlXIysdl4XAZH/Wwn4dPxsorXQ=
Subject key identifier:   51:55:00:14:D5:96:E1:54:E7:64:F6:05:03:FA:2A:BB:F7:33:0A:A6
Certificate issuer:       /CN=A91411B3/serialNumber=ACD04E49C8B72BBE01E3537559CF4C94730ED5DF
Certificate serial:       0B25
Authority key identifier: AC:D0:4E:49:C8:B7:2B:BE:01:E3:53:75:59:CF:4C:94:73:0E:D5:DF
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rNBOSci3K74B41N1Wc9MlHMO1d8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91411B3/C6DA292C184611EA9B842F27C4F9AE02/DB1E3802080211ED9C6C0F11C4F9AE02.roa
Signing time:             Fri 08 Mar 2024 19:58:10 +0000
ROA not before:           Fri 08 Mar 2024 19:58:10 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     150001
IP address blocks:        103.126.12.0/22 maxlen: 22
                          103.126.12.0/23 maxlen: 23
                          103.126.12.0/24 maxlen: 24
                          103.126.13.0/24 maxlen: 24
                          103.126.14.0/23 maxlen: 23
                          103.126.14.0/24 maxlen: 24
                          103.126.15.0/24 maxlen: 24
                          2404:1c0::/32 maxlen: 32
                          2404:1c0::/33 maxlen: 33
                          2404:1c0:8000::/33 maxlen: 33

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2853 (0xb25)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91411B3/serialNumber=ACD04E49C8B72BBE01E3537559CF4C94730ED5DF
        Validity
            Not Before: Mar  8 19:58:10 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=65eb6dd2-00d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d9:27:1c:72:e9:9c:37:4f:96:ec:b2:91:eb:
                    2d:f8:79:59:97:2a:48:64:aa:c6:0d:2d:c7:a6:69:
                    e5:f4:99:f1:c8:42:f7:f4:c8:74:90:59:ec:6c:f5:
                    b6:48:c6:62:19:57:39:f0:33:21:b0:00:3e:d8:67:
                    8b:09:e0:47:de:1e:7f:1a:e3:c9:02:32:4e:a8:f6:
                    27:aa:ee:ea:a9:2e:ac:f9:5b:c4:af:0e:33:ef:1a:
                    75:43:66:e2:18:68:a5:f8:02:62:98:44:ef:01:50:
                    05:98:c6:4b:74:dd:a2:81:e4:57:8b:77:c8:d6:1e:
                    04:38:d8:1e:64:ac:76:e3:75:fe:f4:8b:7e:0d:7d:
                    4b:62:fa:0b:44:80:86:be:bd:88:2a:64:53:18:22:
                    57:a8:1f:c3:60:68:d4:7c:d6:de:f4:6a:27:68:26:
                    ff:0b:d9:83:eb:0e:f1:90:27:7a:a7:ec:ea:a4:33:
                    75:56:2e:86:39:0d:0a:53:0a:1a:d5:e2:7b:fc:0b:
                    72:ab:e5:2d:20:2b:68:2f:c1:c9:3d:0c:9a:e7:3b:
                    44:58:27:4f:23:91:56:6c:79:a3:e8:07:a6:6f:94:
                    4a:8a:b3:0c:b7:bb:33:29:a9:bc:9d:4a:25:96:77:
                    88:28:18:33:9c:8b:a2:32:78:30:96:12:c6:90:f5:
                    37:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:55:00:14:D5:96:E1:54:E7:64:F6:05:03:FA:2A:BB:F7:33:0A:A6
            X509v3 Authority Key Identifier:
                keyid:AC:D0:4E:49:C8:B7:2B:BE:01:E3:53:75:59:CF:4C:94:73:0E:D5:DF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91411B3/C6DA292C184611EA9B842F27C4F9AE02/rNBOSci3K74B41N1Wc9MlHMO1d8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rNBOSci3K74B41N1Wc9MlHMO1d8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91411B3/C6DA292C184611EA9B842F27C4F9AE02/DB1E3802080211ED9C6C0F11C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.126.12.0/22
                IPv6:
                  2404:1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:95:cd:bd:a1:90:f0:d7:ff:51:60:08:f4:eb:e3:38:b0:1f:
         c5:26:f7:31:d8:2f:0a:79:d6:f8:59:89:41:7e:9d:04:06:7c:
         de:3d:84:64:a3:91:6e:8d:35:cc:12:95:d4:fb:64:b9:bb:08:
         be:83:b7:10:98:d6:77:f4:6c:4a:52:8e:15:b9:43:a9:77:57:
         90:1f:5d:ec:ab:db:16:00:1a:52:9d:e5:8a:7d:cd:97:3a:7a:
         6f:75:2b:a9:ee:33:53:c0:cd:e9:10:78:58:f8:f4:ca:50:38:
         50:24:ab:df:de:af:a0:97:b5:ba:e7:e2:c3:89:58:2c:e8:ee:
         ad:28:b8:f6:68:d0:fb:06:09:d6:e5:2e:fd:91:42:9f:50:b9:
         41:bb:7a:41:55:33:d5:0c:4e:5c:c1:30:22:c0:0b:3a:97:e0:
         ab:63:26:a7:66:be:ea:e8:98:c7:15:8c:88:37:2d:de:e3:22:
         43:44:1b:3b:6e:87:d0:a2:c6:75:cd:f1:57:ab:cd:37:89:e4:
         5e:21:21:47:4f:00:2b:17:71:2d:38:ec:da:49:e7:12:a4:35:
         45:0b:40:b6:93:48:27:fd:b0:6a:8a:1a:bb:99:ec:fb:be:43:
         7b:59:23:a3:bb:eb:7a:b7:f3:b8:77:96:90:d3:d7:78:10:8d:
         ea:b3:4e:39
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCyUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDExQjMxMTAvBgNVBAUTKEFDRDA0RTQ5QzhCNzJCQkUwMUUzNTM3NTU5Q0Y0Qzk0
NzMwRUQ1REYwHhcNMjQwMzA4MTk1ODEwWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWViNmRkMi0wMGQ2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqdknHHLpnDdPluyykest+HlZlypIZKrGDS3Hpmnl9JnxyEL39Mh0kFnsbPW2
SMZiGVc58DMhsAA+2GeLCeBH3h5/GuPJAjJOqPYnqu7qqS6s+VvErw4z7xp1Q2bi
GGil+AJimETvAVAFmMZLdN2igeRXi3fI1h4EONgeZKx243X+9It+DX1LYvoLRICG
vr2IKmRTGCJXqB/DYGjUfNbe9GonaCb/C9mD6w7xkCd6p+zqpDN1Vi6GOQ0KUwoa
1eJ7/Atyq+UtICtoL8HJPQya5ztEWCdPI5FWbHmj6Aemb5RKirMMt7szKam8nUol
lneIKBgznIuiMngwlhLGkPU3pwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFFFVABTV
luFU52T2BQP6Krv3MwqmMB8GA1UdIwQYMBaAFKzQTknItyu+AeNTdVnPTJRzDtXf
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MTFCMy9DNkRBMjkyQzE4
NDYxMUVBOUI4NDJGMjdDNEY5QUUwMi9yTkJPU2NpM0s3NEI0MU4xV2M5TWxITU8x
ZDguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JOQk9TY2kzSzc0QjQxTjFXYzlNbEhNTzFkOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDExQjMvQzZEQTI5MkMxODQ2MTFFQTlCODQyRjI3QzRGOUFFMDIvREIxRTM4MDIw
ODAyMTFFRDlDNkMwRjExQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJnfgwwDQQCAAIwBwMFACQEAcAwDQYJKoZIhvcNAQELBQAD
ggEBAFKVzb2hkPDX/1FgCPTr4ziwH8Um9zHYLwp51vhZiUF+nQQGfN49hGSjkW6N
NcwSldT7ZLm7CL6DtxCY1nf0bEpSjhW5Q6l3V5AfXeyr2xYAGlKd5Yp9zZc6em91
K6nuM1PAzekQeFj49MpQOFAkq9/er6CXtbrn4sOJWCzo7q0ouPZo0PsGCdblLv2R
Qp9QuUG7ekFVM9UMTlzBMCLACzqX4KtjJqdmvuromMcVjIg3Ld7jIkNEGztuh9Ci
xnXN8VerzTeJ5F4hIUdPACsXcS047NpJ5xKkNUULQLaTSCf9sGqKGruZ7Pu+Q3tZ
I6O763q387h3lpDT13gQjeqzTjk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:03 2024 by rpki-client on console-fra.rpki-client.org