Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/DF9B89324F0C11EE8BC4C968C4F9AE02.roa
File:                     DF9B89324F0C11EE8BC4C968C4F9AE02.roa (raw, json)
Hash identifier:          G1E8STJLRmEpZ51fDBGcnlte28ZbubUF/iIGWTwy8o8=
Subject key identifier:   C1:F3:08:8A:54:60:7B:62:3C:47:03:12:FB:0C:81:DB:53:56:87:C5
Certificate issuer:       /CN=A918D808/serialNumber=0725F2491801505185C9069A4013635C38B56B72
Certificate serial:       05BC
Authority key identifier: 07:25:F2:49:18:01:50:51:85:C9:06:9A:40:13:63:5C:38:B5:6B:72
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ByXySRgBUFGFyQaaQBNjXDi1a3I.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/DF9B89324F0C11EE8BC4C968C4F9AE02.roa
Signing time:             Sat 09 Sep 2023 12:32:35 +0000
ROA not before:           Sat 09 Sep 2023 12:32:35 +0000
ROA not after:            Wed 31 Jan 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        103.104.140.0/24 maxlen: 24
                          103.104.142.0/24 maxlen: 24
                          103.104.143.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1468 (0x5bc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918D808/serialNumber=0725F2491801505185C9069A4013635C38B56B72
        Validity
            Not Before: Sep  9 12:32:35 2023 GMT
            Not After : Jan 31 00:00:00 2024 GMT
        Subject: CN=64fc65e3-d1a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7d:c2:4d:c3:b9:22:74:8c:0f:76:00:a9:85:
                    dc:12:f6:b7:7a:c0:b8:e6:8f:04:b3:8a:3d:cf:2d:
                    3f:a1:e6:16:28:65:92:67:88:91:a1:6a:7d:99:48:
                    93:90:38:61:8b:e5:6d:9c:ad:a0:8d:cc:3e:7e:f3:
                    6e:94:92:ec:4c:8e:97:0e:db:65:5a:2c:0c:78:c3:
                    d6:f4:9a:41:a0:88:cb:cd:62:b4:d8:77:04:ed:25:
                    bb:6d:0f:c7:2d:65:a6:10:81:94:91:c1:20:0f:9a:
                    c6:ee:6d:0e:4b:dc:2c:a4:62:2f:e9:2d:a6:15:8d:
                    46:8a:ad:b2:0f:93:b2:d4:36:27:f9:ce:f7:09:fa:
                    b8:07:76:d6:bc:d1:d3:83:28:a2:b3:5f:1e:17:08:
                    88:37:06:28:54:0b:94:af:6d:5b:cd:4b:40:93:63:
                    3c:b6:02:ca:8c:ec:af:28:4c:96:f1:f4:f3:77:4f:
                    3d:86:ea:bf:64:0e:7c:06:7b:e6:cd:f1:37:01:88:
                    12:fa:ef:53:8e:cb:f5:fd:0f:21:91:1b:df:b5:e0:
                    c0:3e:87:4b:38:75:65:c5:1f:ff:a3:ab:c8:d7:ce:
                    5c:a1:b6:ba:02:27:7d:1d:7c:62:48:14:79:8c:4f:
                    eb:5f:c8:a2:b9:64:18:6d:b7:29:87:1f:62:67:25:
                    9a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:F3:08:8A:54:60:7B:62:3C:47:03:12:FB:0C:81:DB:53:56:87:C5
            X509v3 Authority Key Identifier:
                keyid:07:25:F2:49:18:01:50:51:85:C9:06:9A:40:13:63:5C:38:B5:6B:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/ByXySRgBUFGFyQaaQBNjXDi1a3I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ByXySRgBUFGFyQaaQBNjXDi1a3I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/DF9B89324F0C11EE8BC4C968C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.104.140.0/24
                  103.104.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:66:e4:4c:21:22:67:62:87:5a:36:3b:dd:0e:a4:5d:bb:35:
         3d:b9:75:bd:6e:73:7e:c5:cd:f4:8d:cf:25:ad:f2:ad:8a:2f:
         13:f1:c2:e4:2c:04:76:32:2f:ae:21:87:59:0c:a2:8f:87:e1:
         e9:dd:7f:dd:63:20:a0:f4:1f:d9:b1:7a:bc:01:4e:47:72:7b:
         21:7f:9b:7a:5b:63:65:6d:cf:31:e2:29:ec:4b:6a:25:9d:01:
         13:89:3e:b4:e6:ec:73:d3:a5:55:64:63:92:39:42:59:0b:5a:
         42:19:9d:b4:35:9f:51:e7:2c:61:a3:ef:11:e3:46:ca:a6:78:
         0e:6b:d8:57:64:35:f6:ea:2d:d9:fc:59:07:3b:e5:53:3b:97:
         fd:9a:72:62:0f:8a:cd:48:b2:f9:a6:0b:b4:96:a6:83:7e:73:
         3d:ba:d9:31:20:06:91:79:0f:09:23:c1:c6:32:ac:41:32:c0:
         df:eb:83:8a:6a:e9:06:0c:bb:92:38:d1:7d:8e:01:22:e2:a8:
         af:97:c9:4a:24:9d:66:7a:ab:33:7c:6e:5a:ee:c8:78:5b:da:
         92:c4:42:16:a6:9c:c4:bb:fb:77:ac:27:9d:63:ef:90:15:51:
         24:a4:48:40:95:24:7a:e3:b7:61:22:fc:95:e1:8b:fd:0e:73:
         c9:0a:30:a6
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBbwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEQ4MDgxMTAvBgNVBAUTKDA3MjVGMjQ5MTgwMTUwNTE4NUM5MDY5QTQwMTM2MzVD
MzhCNTZCNzIwHhcNMjMwOTA5MTIzMjM1WhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGZjNjVlMy1kMWEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzX3CTcO5InSMD3YAqYXcEva3esC45o8Es4o9zy0/oeYWKGWSZ4iRoWp9mUiT
kDhhi+VtnK2gjcw+fvNulJLsTI6XDttlWiwMeMPW9JpBoIjLzWK02HcE7SW7bQ/H
LWWmEIGUkcEgD5rG7m0OS9wspGIv6S2mFY1Giq2yD5Oy1DYn+c73Cfq4B3bWvNHT
gyiis18eFwiINwYoVAuUr21bzUtAk2M8tgLKjOyvKEyW8fTzd089huq/ZA58Bnvm
zfE3AYgS+u9Tjsv1/Q8hkRvfteDAPodLOHVlxR//o6vI185coba6Aid9HXxiSBR5
jE/rX8iiuWQYbbcphx9iZyWabQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFMHzCIpU
YHtiPEcDEvsMgdtTVofFMB8GA1UdIwQYMBaAFAcl8kkYAVBRhckGmkATY1w4tWty
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RDgwOC9FMjZCNDY0MkY0
QjIxMUU5QkYzQ0U1NjNDNEY5QUUwMi9CeVh5U1JnQlVGR0Z5UWFhUUJOalhEaTFh
M0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0J5WHlTUmdCVUZHRnlRYWFRQk5qWERpMWEzSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEQ4MDgvRTI2QjQ2NDJGNEIyMTFFOUJGM0NFNTYzQzRGOUFFMDIvREY5Qjg5MzI0
RjBDMTFFRThCQzRDOTY4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnaIwDBAFnaI4wDQYJKoZIhvcNAQELBQADggEBAHlm5Ewh
Imdih1o2O90OpF27NT25db1uc37FzfSNzyWt8q2KLxPxwuQsBHYyL64hh1kMoo+H
4endf91jIKD0H9mxerwBTkdyeyF/m3pbY2VtzzHiKexLaiWdAROJPrTm7HPTpVVk
Y5I5QlkLWkIZnbQ1n1HnLGGj7xHjRsqmeA5r2FdkNfbqLdn8WQc75VM7l/2acmIP
is1IsvmmC7SWpoN+cz262TEgBpF5DwkjwcYyrEEywN/rg4pq6QYMu5I40X2OASLi
qK+XyUoknWZ6qzN8blruyHhb2pLEQhamnMS7+3esJ51j75AVUSSkSECVJHrjt2Ei
/JXhi/0Oc8kKMKY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:26 2024 by rpki-client on console-ams.rpki-client.org