Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9150EF7/B071397C05E611EA80BCD67CC4F9AE02/CE4227BC05E711EA93AF197EC4F9AE02.roa
File:                     CE4227BC05E711EA93AF197EC4F9AE02.roa (raw, json)
Hash identifier:          x0rGS0VQWu+sjCXxPXJlgVXvFS2FLziYrJHEgZKI/sY=
Subject key identifier:   BE:B5:C5:C7:49:80:DB:5F:68:6A:6D:44:69:6B:38:60:8A:D8:79:C6
Certificate issuer:       /CN=A9150EF7/serialNumber=5C9F6C1DBC4ECF091962F60EBE5ABFCB6B031A2D
Certificate serial:       0AB4
Authority key identifier: 5C:9F:6C:1D:BC:4E:CF:09:19:62:F6:0E:BE:5A:BF:CB:6B:03:1A:2D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XJ9sHbxOzwkZYvYOvlq_y2sDGi0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9150EF7/B071397C05E611EA80BCD67CC4F9AE02/CE4227BC05E711EA93AF197EC4F9AE02.roa
Signing time:             Sun 16 Apr 2023 20:17:02 +0000
ROA not before:           Sun 16 Apr 2023 20:17:02 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     136434
IP address blocks:        103.87.244.0/22 maxlen: 24
                          203.96.188.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2740 (0xab4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9150EF7/serialNumber=5C9F6C1DBC4ECF091962F60EBE5ABFCB6B031A2D
        Validity
            Not Before: Apr 16 20:17:02 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=643c57be-8a0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4b:54:8a:82:84:47:63:9f:51:a9:42:b6:86:
                    e1:7e:90:c6:6f:be:3e:57:10:c9:15:5b:c3:da:f0:
                    9a:30:97:1e:db:9d:d4:68:0c:4f:39:d4:98:b9:32:
                    10:dc:9d:81:27:e3:10:29:13:7c:23:53:29:fa:e5:
                    a4:61:58:a0:d8:41:c7:b8:7f:fa:d1:8f:bb:97:d2:
                    68:6d:98:f7:2a:bc:bd:33:a0:85:45:01:8f:ca:9e:
                    f7:3a:a0:18:52:8d:f9:47:b7:79:76:44:b2:17:0d:
                    8a:d2:1f:65:c6:4b:a7:ae:a0:fb:85:71:78:41:f3:
                    e3:e8:be:9b:d6:f8:29:14:64:1a:5b:dc:1e:0a:d9:
                    5a:da:83:c8:f9:51:df:30:a4:73:f2:c5:b3:4f:04:
                    4a:5b:a3:bc:65:25:df:97:4c:0b:89:64:94:20:a6:
                    b2:4d:15:f1:1d:15:ae:c1:ad:bc:e4:31:6a:65:c2:
                    c8:ed:93:24:63:97:12:3c:36:12:8c:bd:7b:db:ae:
                    55:89:35:67:b8:c2:8e:b1:9a:ab:dc:c3:4b:57:7c:
                    14:5a:20:ac:97:52:ae:0e:5a:79:6d:5a:ff:f6:48:
                    13:40:e2:e1:38:a7:60:39:c2:8b:80:f5:c2:c1:0a:
                    78:cc:92:73:69:46:d1:d0:7d:4b:c5:18:ff:03:58:
                    19:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:B5:C5:C7:49:80:DB:5F:68:6A:6D:44:69:6B:38:60:8A:D8:79:C6
            X509v3 Authority Key Identifier:
                keyid:5C:9F:6C:1D:BC:4E:CF:09:19:62:F6:0E:BE:5A:BF:CB:6B:03:1A:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9150EF7/B071397C05E611EA80BCD67CC4F9AE02/XJ9sHbxOzwkZYvYOvlq_y2sDGi0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XJ9sHbxOzwkZYvYOvlq_y2sDGi0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9150EF7/B071397C05E611EA80BCD67CC4F9AE02/CE4227BC05E711EA93AF197EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.87.244.0/22
                  203.96.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:a8:3a:65:d8:23:71:c6:88:08:0f:2d:2e:20:5d:e3:ab:64:
         3b:00:f1:86:10:5a:a9:6b:46:05:a1:5c:89:28:96:bf:e7:26:
         a4:13:09:a3:06:59:a7:b7:52:44:a5:1f:48:f4:b7:57:12:7a:
         a1:fa:05:26:a0:76:bc:3d:41:4f:29:bb:f7:9f:56:e8:a2:69:
         b8:68:b5:42:2a:81:9a:f8:9d:b7:a2:b2:04:68:a3:32:f5:84:
         f2:f3:f0:fe:99:86:a4:25:6d:6d:0b:85:17:92:e9:b5:77:2a:
         e0:13:32:df:e3:b7:c7:76:f4:97:13:f0:37:9b:b7:25:50:3d:
         41:2e:f2:4e:89:48:0b:4f:23:d1:28:5a:90:27:72:a6:86:90:
         e0:f8:ec:84:40:3a:65:5e:52:89:2f:40:35:e9:17:3f:9b:bf:
         d9:c8:85:4e:be:54:d1:e3:71:05:58:a0:4e:18:9c:36:14:c5:
         e4:f6:42:8e:35:88:99:b2:ed:39:ea:da:e5:3d:ba:e4:6f:4d:
         c7:8e:c6:aa:48:d2:1d:da:ac:e5:24:d1:02:31:7d:58:7a:81:
         70:dc:de:c3:7b:65:b1:5d:08:64:bb:cf:f4:bd:d3:ad:9c:02:
         6d:9b:b1:8a:3a:8f:7e:3b:4d:b5:f9:74:6b:a2:45:1a:92:a0:
         00:97:e3:b5
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICCrQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTBFRjcxMTAvBgNVBAUTKDVDOUY2QzFEQkM0RUNGMDkxOTYyRjYwRUJFNUFCRkNC
NkIwMzFBMkQwHhcNMjMwNDE2MjAxNzAyWhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NDNjNTdiZS04YTBkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv0tUioKER2OfUalCtobhfpDGb74+VxDJFVvD2vCaMJce253UaAxPOdSYuTIQ
3J2BJ+MQKRN8I1Mp+uWkYVig2EHHuH/60Y+7l9JobZj3Kry9M6CFRQGPyp73OqAY
Uo35R7d5dkSyFw2K0h9lxkunrqD7hXF4QfPj6L6b1vgpFGQaW9weCtla2oPI+VHf
MKRz8sWzTwRKW6O8ZSXfl0wLiWSUIKayTRXxHRWuwa285DFqZcLI7ZMkY5cSPDYS
jL17265ViTVnuMKOsZqr3MNLV3wUWiCsl1KuDlp5bVr/9kgTQOLhOKdgOcKLgPXC
wQp4zJJzaUbR0H1LxRj/A1gZ8wIDAQABo4ICmzCCApcwHQYDVR0OBBYEFL61xcdJ
gNtfaGptRGlrOGCK2HnGMB8GA1UdIwQYMBaAFFyfbB28Ts8JGWL2Dr5av8trAxot
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MEVGNy9CMDcxMzk3QzA1
RTYxMUVBODBCQ0Q2N0NDNEY5QUUwMi9YSjlzSGJ4T3p3a1pZdllPdmxxX3kyc0RH
aTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hKOXNIYnhPendrWll2WU92bHFfeTJzREdpMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTBFRjcvQjA3MTM5N0MwNUU2MTFFQTgwQkNENjdDQzRGOUFFMDIvQ0U0MjI3QkMw
NUU3MTFFQTkzQUYxOTdFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAJnV/QDBALLYLwwDQYJKoZIhvcNAQELBQADggEBABioOmXY
I3HGiAgPLS4gXeOrZDsA8YYQWqlrRgWhXIkolr/nJqQTCaMGWae3UkSlH0j0t1cS
eqH6BSagdrw9QU8pu/efVuiiabhotUIqgZr4nbeisgRoozL1hPLz8P6ZhqQlbW0L
hReS6bV3KuATMt/jt8d29JcT8DebtyVQPUEu8k6JSAtPI9EoWpAncqaGkOD47IRA
OmVeUokvQDXpFz+bv9nIhU6+VNHjcQVYoE4YnDYUxeT2Qo41iJmy7Tnq2uU9uuRv
TceOxqpI0h3arOUk0QIxfVh6gXDc3sN7ZbFdCGS7z/S9062cAm2bsYo6j347TbX5
dGuiRRqSoACX47U=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:59 2024 by rpki-client on console-ams.rpki-client.org