Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91900BF/FEA1CD68B6E311ECBE59992DC4F9AE02/02898F769CCE11ED95155A3DC4F9AE02.roa
File:                     02898F769CCE11ED95155A3DC4F9AE02.roa (raw, json)
Hash identifier:          2UKpMSGngmnlcswUscIavH1LCKez4vUaT3vQBz24uMU=
Subject key identifier:   97:33:4C:57:AE:21:55:EA:A2:97:89:78:03:65:BB:FB:58:E1:4C:E8
Certificate issuer:       /CN=A91900BF/serialNumber=28EA1557B99E2B127551CD340C3AAF4C0A61006B
Certificate serial:       01A3
Authority key identifier: 28:EA:15:57:B9:9E:2B:12:75:51:CD:34:0C:3A:AF:4C:0A:61:00:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KOoVV7meKxJ1Uc00DDqvTAphAGs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91900BF/FEA1CD68B6E311ECBE59992DC4F9AE02/02898F769CCE11ED95155A3DC4F9AE02.roa
Signing time:             Wed 25 Jan 2023 16:33:34 +0000
ROA not before:           Wed 25 Jan 2023 16:33:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     135327
IP address blocks:        103.214.76.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 419 (0x1a3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91900BF/serialNumber=28EA1557B99E2B127551CD340C3AAF4C0A61006B
        Validity
            Not Before: Jan 25 16:33:34 2023 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=63d159de-3528
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:95:56:e1:6e:33:e2:d1:17:f2:f9:68:38:4c:
                    b8:5a:27:40:2c:99:12:c3:ac:89:27:30:57:6b:b1:
                    d1:2c:c8:b7:ba:a8:4e:cd:7c:37:44:f8:71:f3:63:
                    c9:d0:eb:0c:ce:e6:84:85:b2:b0:8e:24:64:37:b1:
                    82:61:55:f6:2b:f9:84:8f:7f:b1:f3:e8:4d:a5:ab:
                    b7:6a:ae:ed:81:99:4b:be:9d:27:fc:ad:00:db:d2:
                    54:45:e0:ee:19:4c:d0:69:fe:4a:74:fb:05:10:dd:
                    c3:b6:0c:2e:af:7b:db:e7:fb:3e:85:03:08:a7:f5:
                    a4:9a:52:44:f3:76:fd:9c:33:bd:86:f0:ea:6e:f2:
                    80:3e:22:16:8a:f2:e0:f2:7c:8b:d6:10:cd:85:9f:
                    3b:7c:54:51:06:18:6f:8c:fa:48:b7:82:80:38:dc:
                    db:59:54:9a:1e:5a:d0:3e:34:77:f9:5e:11:cb:78:
                    da:4c:35:5c:09:10:2d:ae:ee:0d:e2:bb:cb:a2:23:
                    2b:81:51:eb:ce:49:8c:62:3d:1f:ef:33:03:5e:f3:
                    df:d4:11:bc:ee:62:7f:08:1d:3c:9a:96:a6:8e:e0:
                    1a:8f:e2:26:f9:52:ea:f0:fb:1d:04:5e:33:c9:ea:
                    0a:6b:3d:b3:43:c6:ce:b7:10:13:e3:a2:99:c9:76:
                    2b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:33:4C:57:AE:21:55:EA:A2:97:89:78:03:65:BB:FB:58:E1:4C:E8
            X509v3 Authority Key Identifier:
                keyid:28:EA:15:57:B9:9E:2B:12:75:51:CD:34:0C:3A:AF:4C:0A:61:00:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91900BF/FEA1CD68B6E311ECBE59992DC4F9AE02/KOoVV7meKxJ1Uc00DDqvTAphAGs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KOoVV7meKxJ1Uc00DDqvTAphAGs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91900BF/FEA1CD68B6E311ECBE59992DC4F9AE02/02898F769CCE11ED95155A3DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:c7:7e:d5:4c:ad:ac:9b:0c:2b:19:53:d0:9e:c9:ce:44:e6:
         5e:18:dc:6e:5f:e5:c0:4d:fa:fe:af:b7:0a:ea:9b:8c:8d:12:
         8f:07:c0:f0:42:1a:a5:e2:83:66:63:04:77:20:ca:d9:c8:93:
         bc:16:cf:7b:5d:26:61:4b:c8:cf:78:0a:0c:ed:89:a7:96:ce:
         23:b4:bd:1f:79:5e:9c:06:46:eb:06:b7:8b:8a:d3:2d:8f:62:
         dc:97:ea:96:68:eb:59:96:96:c9:01:4d:6c:3a:79:50:62:76:
         35:db:e9:13:a4:e3:68:35:36:f2:f6:82:6e:2e:07:b9:2e:d0:
         9f:30:1e:0a:8c:5c:be:4e:ed:78:89:9f:e1:8e:da:7a:21:9e:
         98:7c:71:a1:ed:a5:02:54:e0:aa:bf:2d:9f:02:f2:90:ca:b3:
         05:27:1b:79:de:17:9e:92:2b:62:d6:36:ef:4d:ad:48:f7:3d:
         38:1e:bd:3c:fb:b3:9f:5e:d9:b1:76:0c:fb:e0:dc:bc:f4:c1:
         75:a4:c4:5a:c8:0a:52:29:4f:87:9e:0e:c7:0b:3b:54:f8:1d:
         58:e1:d6:b9:a5:e3:14:56:37:e0:92:3d:f8:54:f5:10:d1:6e:
         9a:9c:c6:71:df:e3:c7:a4:f2:3f:07:d1:a3:5d:71:bd:a9:4d:
         e3:df:8f:1b
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAaMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTAwQkYxMTAvBgNVBAUTKDI4RUExNTU3Qjk5RTJCMTI3NTUxQ0QzNDBDM0FBRjRD
MEE2MTAwNkIwHhcNMjMwMTI1MTYzMzM0WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2QxNTlkZS0zNTI4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv5VW4W4z4tEX8vloOEy4WidALJkSw6yJJzBXa7HRLMi3uqhOzXw3RPhx82PJ
0OsMzuaEhbKwjiRkN7GCYVX2K/mEj3+x8+hNpau3aq7tgZlLvp0n/K0A29JUReDu
GUzQaf5KdPsFEN3Dtgwur3vb5/s+hQMIp/WkmlJE83b9nDO9hvDqbvKAPiIWivLg
8nyL1hDNhZ87fFRRBhhvjPpIt4KAONzbWVSaHlrQPjR3+V4Ry3jaTDVcCRAtru4N
4rvLoiMrgVHrzkmMYj0f7zMDXvPf1BG87mJ/CB08mpamjuAaj+Im+VLq8PsdBF4z
yeoKaz2zQ8bOtxAT46KZyXYrTwIDAQABo4IClTCCApEwHQYDVR0OBBYEFJczTFeu
IVXqopeJeANlu/tY4UzoMB8GA1UdIwQYMBaAFCjqFVe5nisSdVHNNAw6r0wKYQBr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MDBCRi9GRUExQ0Q2OEI2
RTMxMUVDQkU1OTk5MkRDNEY5QUUwMi9LT29WVjdtZUt4SjFVYzAwRERxdlRBcGhB
R3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tPb1ZWN21lS3hKMVVjMDBERHF2VEFwaEFHcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTAwQkYvRkVBMUNENjhCNkUzMTFFQ0JFNTk5OTJEQzRGOUFFMDIvMDI4OThGNzY5
Q0NFMTFFRDk1MTU1QTNEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJn1kwwDQYJKoZIhvcNAQELBQADggEBAAPHftVMraybDCsZ
U9Ceyc5E5l4Y3G5f5cBN+v6vtwrqm4yNEo8HwPBCGqXig2ZjBHcgytnIk7wWz3td
JmFLyM94CgztiaeWziO0vR95XpwGRusGt4uK0y2PYtyX6pZo61mWlskBTWw6eVBi
djXb6ROk42g1NvL2gm4uB7ku0J8wHgqMXL5O7XiJn+GO2nohnph8caHtpQJU4Kq/
LZ8C8pDKswUnG3neF56SK2LWNu9NrUj3PTgevTz7s59e2bF2DPvg3Lz0wXWkxFrI
ClIpT4eeDscLO1T4HVjh1rml4xRWN+CSPfhU9RDRbpqcxnHf48ek8j8H0aNdcb2p
TePfjxs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:46 2024 by rpki-client on console-ams.rpki-client.org