Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/52CF8CB881DD11ECA24BD65EC4F9AE02.roa
File:                     52CF8CB881DD11ECA24BD65EC4F9AE02.roa (raw, json)
Hash identifier:          K4flf0WDVW7X77NzMRahpj4s0DHXFOXDKHshxKEr5kk=
Subject key identifier:   7C:12:B8:8D:CB:4C:4C:90:2D:E4:A3:29:37:F8:2C:A6:04:33:29:D8
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3631
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/52CF8CB881DD11ECA24BD65EC4F9AE02.roa
Signing time:             Mon 31 Jan 2022 04:00:10 +0000
ROA not before:           Mon 31 Jan 2022 04:00:10 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13873 (0x3631)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Jan 31 04:00:10 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=61f75eca-cadd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e6:03:ea:01:97:01:2d:14:af:81:c7:39:46:
                    50:17:b4:e5:a1:74:8f:3f:a9:0e:41:d4:25:25:51:
                    6b:6b:61:17:0e:35:b2:91:86:ac:e4:22:9b:17:29:
                    81:a3:57:4f:4d:d3:1b:84:c0:2f:a7:f2:12:0c:2d:
                    fc:42:2e:8a:65:9c:0a:97:d7:a4:0b:3f:0d:ee:cf:
                    5d:1d:33:b1:9b:44:3e:7e:00:21:91:b9:63:f1:79:
                    39:4a:ac:ff:67:44:a6:1c:a9:c3:78:4b:09:a7:a9:
                    19:14:ee:86:b3:ed:b5:fd:44:be:80:59:1b:42:e9:
                    e7:3f:62:5f:eb:d2:82:91:67:5c:df:22:ad:04:21:
                    87:17:29:4c:ae:38:09:2a:4d:81:29:ef:a6:9c:38:
                    bf:ac:3b:7a:65:71:98:fb:44:78:fd:87:ee:f3:a4:
                    03:ad:aa:64:13:47:e5:45:79:4b:ec:c6:8c:22:6a:
                    8d:f9:10:90:6b:23:84:6c:5b:77:87:06:fe:f4:62:
                    a0:d6:26:3d:8c:f4:3b:c0:a0:5e:00:ab:01:03:c1:
                    11:5f:41:91:af:be:65:6f:c5:34:45:24:31:2c:c1:
                    70:74:b4:04:95:81:ab:b4:c9:8c:da:7d:b5:a8:bb:
                    49:82:28:5e:2a:8b:86:9a:c0:b9:7f:13:4b:21:65:
                    38:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:12:B8:8D:CB:4C:4C:90:2D:E4:A3:29:37:F8:2C:A6:04:33:29:D8
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/52CF8CB881DD11ECA24BD65EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         a5:0f:bf:8f:bf:c5:8e:44:59:99:11:31:6e:31:c8:80:3d:68:
         cf:6e:61:7d:da:c7:54:43:7a:6a:66:5d:f2:e3:dc:f0:12:2e:
         f0:a3:7b:d2:b9:0e:06:9c:5e:19:5a:83:30:20:49:3f:e8:9c:
         2f:7b:b6:ef:03:a1:cd:f2:b9:bd:7f:80:d5:ac:1f:bd:a6:f6:
         98:3e:f1:a4:55:44:16:a0:12:89:f0:ca:82:4b:38:2d:73:54:
         d3:fc:e6:b8:69:ce:e1:b3:0c:01:94:b9:1c:86:ff:25:f7:60:
         9a:fe:81:12:7b:06:11:ec:36:10:7f:65:da:44:6e:6c:1f:b2:
         88:2f:66:43:20:a1:16:35:c8:6a:ca:bc:70:7c:e4:f5:8a:b6:
         29:a0:f6:05:8f:fe:49:f0:44:9f:ff:d2:3c:5a:11:b6:4d:10:
         4e:02:5f:76:5a:40:d7:d3:4b:c8:e3:cc:77:a6:65:bb:4f:ea:
         12:76:40:77:a0:e0:c7:91:04:60:13:2a:41:bb:45:a0:7f:9b:
         1e:8b:15:4c:67:d2:4e:88:c4:36:12:f5:f8:bc:4a:b3:0e:53:
         46:a6:b4:88:14:07:3a:b0:cd:d9:f8:59:2d:36:8d:f3:98:9b:
         5f:c2:5d:6e:9e:29:f6:67:56:cc:50:d7:be:b9:d0:30:b8:cf:
         9e:e0:ea:b7
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICNjEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMTMxMDQwMDEwWhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWY3NWVjYS1jYWRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsOYD6gGXAS0Ur4HHOUZQF7TloXSPP6kOQdQlJVFra2EXDjWykYas5CKbFymB
o1dPTdMbhMAvp/ISDC38Qi6KZZwKl9ekCz8N7s9dHTOxm0Q+fgAhkblj8Xk5Sqz/
Z0SmHKnDeEsJp6kZFO6Gs+21/US+gFkbQunnP2Jf69KCkWdc3yKtBCGHFylMrjgJ
Kk2BKe+mnDi/rDt6ZXGY+0R4/Yfu86QDrapkE0flRXlL7MaMImqN+RCQayOEbFt3
hwb+9GKg1iY9jPQ7wKBeAKsBA8ERX0GRr75lb8U0RSQxLMFwdLQElYGrtMmM2n21
qLtJgiheKouGmsC5fxNLIWU4fQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFHwSuI3L
TEyQLeSjKTf4LKYEMynYMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvNTJDRjhDQjg4
MUREMTFFQ0EyNEJENjVFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEApQ+/j7/FjkRZmRExbjHIgD1oz25hfdrHVEN6amZd8uPc8BIu8KN70rkO
BpxeGVqDMCBJP+icL3u27wOhzfK5vX+A1awfvab2mD7xpFVEFqASifDKgks4LXNU
0/zmuGnO4bMMAZS5HIb/Jfdgmv6BEnsGEew2EH9l2kRubB+yiC9mQyChFjXIasq8
cHzk9Yq2KaD2BY/+SfBEn//SPFoRtk0QTgJfdlpA19NLyOPMd6Zlu0/qEnZAd6Dg
x5EEYBMqQbtFoH+bHosVTGfSTojENhL1+LxKsw5TRqa0iBQHOrDN2fhZLTaN85ib
X8Jdbp4p9mdWzFDXvrnQMLjPnuDqtw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org