Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/87C0B88A53ED11EBA77C870DC4F9AE02.roa
File:                     87C0B88A53ED11EBA77C870DC4F9AE02.roa (raw, json)
Hash identifier:          +iNsQSa9EHu/pRjy5wWsKQ60PpXdRbZ3SJuXys3aRRE=
Subject key identifier:   58:C4:44:DE:8E:47:B6:60:5F:75:7F:B8:2E:C8:E2:E0:B2:3E:86:DF
Certificate issuer:       /CN=A9146944/serialNumber=ED1F958CB604B576E82214B4CF3CC0FE620EF9F4
Certificate serial:       041D
Authority key identifier: ED:1F:95:8C:B6:04:B5:76:E8:22:14:B4:CF:3C:C0:FE:62:0E:F9:F4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7R-VjLYEtXboIhS0zzzA_mIO-fQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/87C0B88A53ED11EBA77C870DC4F9AE02.roa
Signing time:             Sun 04 Jul 2021 22:17:20 +0000
ROA not before:           Sun 04 Jul 2021 22:17:20 +0000
ROA not after:            Wed 31 Aug 2022 00:00:00 +0000
asID:                     134371
IP address blocks:        103.57.40.0/24 maxlen: 24
                          2403:6940:f::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1053 (0x41d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9146944/serialNumber=ED1F958CB604B576E82214B4CF3CC0FE620EF9F4
        Validity
            Not Before: Jul  4 22:17:20 2021 GMT
            Not After : Aug 31 00:00:00 2022 GMT
        Subject: CN=60e23370-8949
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:f8:a4:fe:3e:e5:9e:85:b4:6e:92:7f:98:5c:
                    05:8e:07:d3:0c:78:5a:86:d0:1e:44:7e:f4:c3:72:
                    90:f5:9e:05:17:b7:82:58:20:ca:d7:6c:c7:20:6a:
                    98:d2:4b:13:52:a1:aa:2f:8b:60:de:1e:e1:ba:18:
                    95:56:08:e7:a9:74:c0:81:b3:b0:c2:55:7b:49:22:
                    c0:2a:24:dc:94:8e:03:be:d7:ba:c6:0c:82:10:88:
                    7e:12:29:76:b3:cd:31:5d:fc:5f:09:5f:d4:38:d5:
                    de:69:72:60:c7:00:b9:7d:20:40:36:46:df:89:90:
                    4d:70:78:b4:f2:c3:36:5d:b8:41:11:41:89:52:3f:
                    f6:68:bb:fd:53:84:71:1d:0a:fa:74:f7:0d:cd:fc:
                    99:c3:d0:6b:cc:c3:99:2a:6c:f5:85:0a:bc:56:0a:
                    11:25:2d:81:8b:53:bd:68:82:e5:02:e0:ce:cd:da:
                    46:59:3c:a6:89:66:fe:7c:06:57:c0:2e:fb:cb:4c:
                    57:26:9f:a9:4d:2d:d5:7d:88:7b:5a:97:b6:35:5b:
                    ab:2d:46:0f:9d:f4:04:a7:61:58:09:b1:cc:b9:2f:
                    65:c2:ce:75:4b:59:bd:a6:cd:40:99:33:66:ad:8c:
                    3c:3e:f9:cb:22:39:52:7a:10:5a:68:c5:24:90:b0:
                    4d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:C4:44:DE:8E:47:B6:60:5F:75:7F:B8:2E:C8:E2:E0:B2:3E:86:DF
            X509v3 Authority Key Identifier:
                keyid:ED:1F:95:8C:B6:04:B5:76:E8:22:14:B4:CF:3C:C0:FE:62:0E:F9:F4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/7R-VjLYEtXboIhS0zzzA_mIO-fQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7R-VjLYEtXboIhS0zzzA_mIO-fQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9146944/43BD1C6E8E9511EAA9D73A2EC4F9AE02/87C0B88A53ED11EBA77C870DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.57.40.0/24
                IPv6:
                  2403:6940:f::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:91:8c:37:3d:eb:64:66:3f:c0:c7:b8:8d:3a:82:a9:ae:00:
         95:ec:49:b1:fb:88:24:c1:52:44:33:4a:c9:99:84:24:2c:4c:
         84:e2:54:db:4e:90:bf:e7:bf:68:42:9a:47:be:97:7f:82:54:
         e4:07:7e:e7:81:9f:a8:32:40:b7:6a:a2:1b:7e:88:17:bb:ef:
         ef:23:aa:b1:5e:33:85:ae:3a:98:04:58:db:6f:cf:cf:13:f7:
         5b:93:ab:e6:b4:c2:13:07:9c:15:1a:3f:b8:f6:13:6b:2a:bc:
         3d:0b:27:57:66:68:6c:c4:62:f6:57:29:ce:bc:07:d0:ba:6d:
         67:ac:bf:2f:aa:7b:1d:d3:f9:46:95:fe:37:51:62:20:59:61:
         e2:15:51:02:c0:59:b9:58:3e:a2:69:87:60:f9:49:a4:2d:4a:
         c4:10:be:56:47:28:bd:81:14:76:f4:e0:30:10:82:4c:1e:6a:
         45:46:b0:6a:27:40:c1:b0:22:ec:da:c4:be:68:f1:c0:dc:56:
         30:38:cc:b1:e5:95:49:f0:28:ed:9d:be:0d:80:8b:f7:96:e5:
         86:f6:81:5d:83:0e:da:5b:f7:81:18:85:61:b1:f2:4f:ac:ce:
         6d:9f:0d:90:56:c5:c0:7f:dd:2c:86:b0:42:6a:2e:7f:9d:17:
         a2:83:a7:18
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICBB0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDY5NDQxMTAvBgNVBAUTKEVEMUY5NThDQjYwNEI1NzZFODIyMTRCNENGM0NDMEZF
NjIwRUY5RjQwHhcNMjEwNzA0MjIxNzIwWhcNMjIwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MGUyMzM3MC04OTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5fik/j7lnoW0bpJ/mFwFjgfTDHhahtAeRH70w3KQ9Z4FF7eCWCDK12zHIGqY
0ksTUqGqL4tg3h7huhiVVgjnqXTAgbOwwlV7SSLAKiTclI4Dvte6xgyCEIh+Eil2
s80xXfxfCV/UONXeaXJgxwC5fSBANkbfiZBNcHi08sM2XbhBEUGJUj/2aLv9U4Rx
HQr6dPcNzfyZw9BrzMOZKmz1hQq8VgoRJS2Bi1O9aILlAuDOzdpGWTymiWb+fAZX
wC77y0xXJp+pTS3VfYh7Wpe2NVurLUYPnfQEp2FYCbHMuS9lws51S1m9ps1AmTNm
rYw8PvnLIjlSehBaaMUkkLBNYwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFFjERN6O
R7ZgX3V/uC7I4uCyPobfMB8GA1UdIwQYMBaAFO0flYy2BLV26CIUtM88wP5iDvn0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0Njk0NC80M0JEMUM2RThF
OTUxMUVBQTlENzNBMkVDNEY5QUUwMi83Ui1WakxZRXRYYm9JaFMwenp6QV9tSU8t
ZlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdSLVZqTFlFdFhib0loUzB6enpBX21JTy1mUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDY5NDQvNDNCRDFDNkU4RTk1MTFFQUE5RDczQTJFQzRGOUFFMDIvODdDMEI4OEE1
M0VEMTFFQkE3N0M4NzBEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBABnOSgwDwQCAAIwCQMHACQDaUAADzANBgkqhkiG9w0BAQsF
AAOCAQEAsZGMNz3rZGY/wMe4jTqCqa4AlexJsfuIJMFSRDNKyZmEJCxMhOJU206Q
v+e/aEKaR76Xf4JU5Ad+54GfqDJAt2qiG36IF7vv7yOqsV4zha46mARY22/PzxP3
W5Or5rTCEwecFRo/uPYTayq8PQsnV2ZobMRi9lcpzrwH0LptZ6y/L6p7HdP5RpX+
N1FiIFlh4hVRAsBZuVg+ommHYPlJpC1KxBC+VkcovYEUdvTgMBCCTB5qRUawaidA
wbAi7NrEvmjxwNxWMDjMseWVSfAo7Z2+DYCL95blhvaBXYMO2lv3gRiFYbHyT6zO
bZ8NkFbFwH/dLIawQmouf50XooOnGA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:57 2024 by rpki-client on console-ams.rpki-client.org