Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/169BFE2459F011EEA83C5B0EC4F9AE02.roa
File:                     169BFE2459F011EEA83C5B0EC4F9AE02.roa (raw, json)
Hash identifier:          qrHkeOu/8hEz7y9aOAYtzh6AD2M3O3Vo4j25QWIEC78=
Subject key identifier:   24:C8:70:4C:91:BF:82:36:B9:61:3C:D1:B1:EC:AC:F1:EE:CC:0B:05
Certificate issuer:       /CN=A918D808/serialNumber=0725F2491801505185C9069A4013635C38B56B72
Certificate serial:       05E7
Authority key identifier: 07:25:F2:49:18:01:50:51:85:C9:06:9A:40:13:63:5C:38:B5:6B:72
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ByXySRgBUFGFyQaaQBNjXDi1a3I.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/169BFE2459F011EEA83C5B0EC4F9AE02.roa
Signing time:             Sat 23 Sep 2023 09:08:20 +0000
ROA not before:           Sat 23 Sep 2023 09:08:20 +0000
ROA not after:            Wed 31 Jan 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        103.104.140.0/24 maxlen: 24
                          103.104.142.0/24 maxlen: 24
                          103.104.143.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1511 (0x5e7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918D808/serialNumber=0725F2491801505185C9069A4013635C38B56B72
        Validity
            Not Before: Sep 23 09:08:20 2023 GMT
            Not After : Jan 31 00:00:00 2024 GMT
        Subject: CN=650eab03-c51b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e9:88:d9:ba:7c:0c:a5:25:50:3a:95:1b:15:
                    fe:2a:7a:ea:49:85:eb:50:d5:9c:bd:ba:20:16:41:
                    91:22:1a:6e:af:3f:56:0c:20:66:46:29:da:ff:a4:
                    3c:3b:3a:7f:c1:18:9d:3a:7d:f4:0b:f6:da:40:63:
                    75:87:fd:85:a7:6a:98:16:30:5d:90:8c:9a:80:b8:
                    15:d7:dc:1f:3d:2c:fa:ff:cd:26:82:d6:27:91:83:
                    ff:3f:03:aa:2e:9d:65:5c:ef:6b:b5:7f:4d:c6:e9:
                    0d:fa:1c:c8:ee:9f:88:7d:e0:23:3f:90:88:f1:87:
                    1e:15:6f:5d:76:94:c6:f1:73:fb:06:6a:f9:cc:db:
                    79:f9:0d:27:b5:2f:29:d1:e6:d3:80:0d:d6:45:28:
                    13:4f:85:a8:7b:b4:f5:85:ca:09:f0:0a:be:f0:c2:
                    90:6f:35:e5:09:61:16:44:86:27:d7:fb:8a:20:82:
                    9c:61:85:a2:5b:2c:4f:56:45:bf:ee:6f:3a:68:4b:
                    11:a5:08:52:76:c4:cd:2f:1d:e4:96:32:8a:20:9e:
                    c2:98:29:59:60:e9:4c:bd:27:54:53:22:89:ba:86:
                    04:e0:03:21:68:16:30:53:a8:5a:cf:c5:9b:60:51:
                    ca:b6:a8:a0:b4:97:37:eb:a6:e2:4f:8a:e2:0f:d5:
                    7d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:C8:70:4C:91:BF:82:36:B9:61:3C:D1:B1:EC:AC:F1:EE:CC:0B:05
            X509v3 Authority Key Identifier:
                keyid:07:25:F2:49:18:01:50:51:85:C9:06:9A:40:13:63:5C:38:B5:6B:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/ByXySRgBUFGFyQaaQBNjXDi1a3I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ByXySRgBUFGFyQaaQBNjXDi1a3I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/169BFE2459F011EEA83C5B0EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.104.140.0/24
                  103.104.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:7b:e9:6f:a9:15:50:79:a0:40:d5:b1:e3:94:5c:75:5f:e4:
         cb:ed:0a:9c:75:66:87:48:8a:96:9f:35:e8:42:af:29:b1:ee:
         a6:88:07:40:58:fa:b7:af:5b:89:bf:1f:a2:69:7b:42:1c:20:
         d6:cc:04:05:40:56:4a:f3:62:60:41:38:a6:9b:fa:10:63:5d:
         9f:08:07:75:58:db:63:ca:b8:de:1b:2c:3f:72:83:e8:72:ee:
         6c:f9:85:b0:4b:5b:51:e8:58:11:95:fd:8b:ba:71:3c:cf:d1:
         aa:86:08:5c:cc:43:47:27:3d:32:91:d6:88:41:9e:9d:63:ac:
         f8:ad:3c:ee:49:94:ab:dd:ec:17:c9:c5:95:e0:71:c7:30:19:
         b5:36:27:a0:a7:09:c9:cf:ff:b8:0e:e2:79:42:24:6a:ed:ad:
         69:64:c0:2b:89:9d:dd:55:90:6d:a5:e1:96:76:14:75:82:1b:
         51:bf:e0:eb:ec:98:7e:b2:8d:ec:d7:5f:e5:82:d7:87:d9:d6:
         b3:94:47:75:72:0c:9e:6c:a8:b5:27:54:8d:fa:f3:9c:8a:02:
         56:00:b2:85:fa:71:6b:f1:3c:68:ef:33:30:3c:b2:8e:50:e2:
         d8:d3:49:3a:7f:a9:d5:a8:fa:00:3c:bd:33:ae:e0:bc:ee:d2:
         77:88:d4:9e
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBecwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEQ4MDgxMTAvBgNVBAUTKDA3MjVGMjQ5MTgwMTUwNTE4NUM5MDY5QTQwMTM2MzVD
MzhCNTZCNzIwHhcNMjMwOTIzMDkwODIwWhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTBlYWIwMy1jNTFiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyemI2bp8DKUlUDqVGxX+KnrqSYXrUNWcvbogFkGRIhpurz9WDCBmRina/6Q8
Ozp/wRidOn30C/baQGN1h/2Fp2qYFjBdkIyagLgV19wfPSz6/80mgtYnkYP/PwOq
Lp1lXO9rtX9NxukN+hzI7p+IfeAjP5CI8YceFW9ddpTG8XP7Bmr5zNt5+Q0ntS8p
0ebTgA3WRSgTT4Woe7T1hcoJ8Aq+8MKQbzXlCWEWRIYn1/uKIIKcYYWiWyxPVkW/
7m86aEsRpQhSdsTNLx3kljKKIJ7CmClZYOlMvSdUUyKJuoYE4AMhaBYwU6haz8Wb
YFHKtqigtJc366biT4riD9V97QIDAQABo4ICmzCCApcwHQYDVR0OBBYEFCTIcEyR
v4I2uWE80bHsrPHuzAsFMB8GA1UdIwQYMBaAFAcl8kkYAVBRhckGmkATY1w4tWty
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RDgwOC9FMjZCNDY0MkY0
QjIxMUU5QkYzQ0U1NjNDNEY5QUUwMi9CeVh5U1JnQlVGR0Z5UWFhUUJOalhEaTFh
M0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0J5WHlTUmdCVUZHRnlRYWFRQk5qWERpMWEzSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEQ4MDgvRTI2QjQ2NDJGNEIyMTFFOUJGM0NFNTYzQzRGOUFFMDIvMTY5QkZFMjQ1
OUYwMTFFRUE4M0M1QjBFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnaIwDBAFnaI4wDQYJKoZIhvcNAQELBQADggEBAAh76W+p
FVB5oEDVseOUXHVf5MvtCpx1ZodIipafNehCrymx7qaIB0BY+revW4m/H6Jpe0Ic
INbMBAVAVkrzYmBBOKab+hBjXZ8IB3VY22PKuN4bLD9yg+hy7mz5hbBLW1HoWBGV
/Yu6cTzP0aqGCFzMQ0cnPTKR1ohBnp1jrPitPO5JlKvd7BfJxZXgcccwGbU2J6Cn
CcnP/7gO4nlCJGrtrWlkwCuJnd1VkG2l4ZZ2FHWCG1G/4OvsmH6yjezXX+WC14fZ
1rOUR3VyDJ5sqLUnVI3685yKAlYAsoX6cWvxPGjvMzA8so5Q4tjTSTp/qdWo+gA8
vTOu4Lzu0neI1J4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:26 2024 by rpki-client on console-ams.rpki-client.org