Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A5B07/72A48A76CCE111ECBBA05C2CC4F9AE02/15405136CCE511EC86804C58C4F9AE02.roa
File:                     15405136CCE511EC86804C58C4F9AE02.roa (raw, json)
Hash identifier:          qKSsSKfYFtNOt0HKVYZt7NqAnOebH2AGdMvMcA37PjE=
Subject key identifier:   1A:9C:F3:0A:46:BC:D2:09:C4:74:25:3B:A7:2D:7D:52:DB:26:04:C2
Certificate issuer:       /CN=A91A5B07/serialNumber=F4FFFE60E7D63BE4F1819BBA84CD5B20474C91C6
Certificate serial:       0195
Authority key identifier: F4:FF:FE:60:E7:D6:3B:E4:F1:81:9B:BA:84:CD:5B:20:47:4C:91:C6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9P_-YOfWO-TxgZu6hM1bIEdMkcY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A5B07/72A48A76CCE111ECBBA05C2CC4F9AE02/15405136CCE511EC86804C58C4F9AE02.roa
Signing time:             Tue 25 Apr 2023 05:25:32 +0000
ROA not before:           Tue 25 Apr 2023 05:25:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     135391
IP address blocks:        103.211.192.0/22 maxlen: 24
                          139.5.108.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 405 (0x195)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A5B07/serialNumber=F4FFFE60E7D63BE4F1819BBA84CD5B20474C91C6
        Validity
            Not Before: Apr 25 05:25:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6447644c-7eec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c2:3a:b1:c7:bb:5d:03:d1:30:57:52:14:0e:
                    be:80:f6:4b:61:8a:e3:01:60:34:d8:db:e6:39:3d:
                    3a:84:a3:19:f0:54:6e:e5:f9:a4:42:86:d7:56:b8:
                    aa:db:81:9d:cb:f1:70:b5:ba:ad:dc:46:f6:70:d6:
                    9f:4b:6a:c9:5b:1d:66:83:82:df:ee:8d:5b:36:25:
                    ca:3d:8a:d4:a5:30:a6:28:37:6b:00:77:68:b6:f7:
                    58:98:18:ac:b8:f3:d8:78:4c:79:fc:16:3e:0a:c9:
                    ef:07:86:cd:4b:ca:ce:b2:e0:0a:9a:48:fa:5e:9f:
                    0d:6e:cb:bd:a3:c5:3a:d6:be:43:c8:26:80:42:a7:
                    95:dd:1b:4d:ca:8a:12:27:e4:14:32:37:c6:b8:5a:
                    a2:7f:1b:d9:b6:78:ad:7c:6a:02:a7:7f:d0:02:5d:
                    03:6f:6d:4a:bc:e8:da:0f:54:22:31:70:58:e2:37:
                    fa:5f:76:d0:4a:c4:67:dd:40:da:70:80:5c:47:92:
                    57:7d:91:3f:24:ac:fa:3a:d1:ad:5c:dc:26:92:a1:
                    0a:41:64:1f:83:34:9a:e0:33:13:f9:58:0a:48:da:
                    d2:63:c0:32:e8:5b:06:68:af:56:13:d6:40:99:3a:
                    1f:dc:93:03:4f:1e:e1:5c:15:ff:e1:aa:50:2a:a1:
                    ec:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:9C:F3:0A:46:BC:D2:09:C4:74:25:3B:A7:2D:7D:52:DB:26:04:C2
            X509v3 Authority Key Identifier:
                keyid:F4:FF:FE:60:E7:D6:3B:E4:F1:81:9B:BA:84:CD:5B:20:47:4C:91:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A5B07/72A48A76CCE111ECBBA05C2CC4F9AE02/9P_-YOfWO-TxgZu6hM1bIEdMkcY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9P_-YOfWO-TxgZu6hM1bIEdMkcY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A5B07/72A48A76CCE111ECBBA05C2CC4F9AE02/15405136CCE511EC86804C58C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.211.192.0/22
                  139.5.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:9d:32:b1:18:e8:ea:36:7b:3a:cd:38:5c:30:4f:c0:39:30:
         c1:2f:49:9f:01:56:1f:e0:c0:35:68:c1:9b:d0:21:96:6f:ec:
         da:80:97:ab:21:91:70:0a:51:96:c2:0d:7b:69:a7:54:9b:33:
         e5:dd:cf:0c:42:39:30:c8:ca:19:ff:82:34:83:c5:97:8b:9f:
         17:80:38:e9:26:e7:ec:c7:32:a6:29:5b:21:49:cf:36:20:94:
         52:c4:0d:21:28:6d:b4:a9:a1:33:01:6c:a6:de:b4:3d:d9:d3:
         79:49:40:40:07:29:ba:a4:9b:a5:68:09:31:19:c8:8e:cf:32:
         dd:c7:43:34:61:c1:19:0f:d6:26:fe:cb:8d:f7:83:52:ec:0b:
         f3:b7:b3:b7:d5:53:1b:e0:12:19:48:42:d8:62:3a:ee:e7:d8:
         4d:46:94:fb:bc:fb:63:94:48:dd:1e:a3:f0:0f:8c:8d:10:6b:
         ea:9b:32:a3:4e:f7:db:7f:f4:9d:8d:ce:94:88:0d:c4:c4:7e:
         96:2b:bf:59:8b:30:f2:51:22:0c:26:84:46:2e:b4:96:7f:f2:
         e2:48:02:4d:41:0a:db:0e:ec:f2:6e:1f:b5:8d:a1:5c:b5:d9:
         a1:8e:0e:e3:3d:33:e1:e3:2d:cb:2f:d7:9e:93:ed:d6:15:9b:
         e3:10:ac:82
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICAZUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTVCMDcxMTAvBgNVBAUTKEY0RkZGRTYwRTdENjNCRTRGMTgxOUJCQTg0Q0Q1QjIw
NDc0QzkxQzYwHhcNMjMwNDI1MDUyNTMyWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDQ3NjQ0Yy03ZWVjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtcI6sce7XQPRMFdSFA6+gPZLYYrjAWA02NvmOT06hKMZ8FRu5fmkQobXVriq
24Gdy/Fwtbqt3Eb2cNafS2rJWx1mg4Lf7o1bNiXKPYrUpTCmKDdrAHdotvdYmBis
uPPYeEx5/BY+CsnvB4bNS8rOsuAKmkj6Xp8Nbsu9o8U61r5DyCaAQqeV3RtNyooS
J+QUMjfGuFqifxvZtnitfGoCp3/QAl0Db21KvOjaD1QiMXBY4jf6X3bQSsRn3UDa
cIBcR5JXfZE/JKz6OtGtXNwmkqEKQWQfgzSa4DMT+VgKSNrSY8Ay6FsGaK9WE9ZA
mTof3JMDTx7hXBX/4apQKqHsoQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFBqc8wpG
vNIJxHQlO6ctfVLbJgTCMB8GA1UdIwQYMBaAFPT//mDn1jvk8YGbuoTNWyBHTJHG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNUIwNy83MkE0OEE3NkND
RTExMUVDQkJBMDVDMkNDNEY5QUUwMi85UF8tWU9mV08tVHhnWnU2aE0xYklFZE1r
Y1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzlQXy1ZT2ZXTy1UeGdadTZoTTFiSUVkTWtjWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTVCMDcvNzJBNDhBNzZDQ0UxMTFFQ0JCQTA1QzJDQzRGOUFFMDIvMTU0MDUxMzZD
Q0U1MTFFQzg2ODA0QzU4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAJn08ADBAKLBWwwDQYJKoZIhvcNAQELBQADggEBAIGdMrEY
6Oo2ezrNOFwwT8A5MMEvSZ8BVh/gwDVowZvQIZZv7NqAl6shkXAKUZbCDXtpp1Sb
M+XdzwxCOTDIyhn/gjSDxZeLnxeAOOkm5+zHMqYpWyFJzzYglFLEDSEobbSpoTMB
bKbetD3Z03lJQEAHKbqkm6VoCTEZyI7PMt3HQzRhwRkP1ib+y433g1LsC/O3s7fV
UxvgEhlIQthiOu7n2E1GlPu8+2OUSN0eo/APjI0Qa+qbMqNO99t/9J2NzpSIDcTE
fpYrv1mLMPJRIgwmhEYutJZ/8uJIAk1BCtsO7PJuH7WNoVy12aGODuM9M+HjLcsv
156T7dYVm+MQrII=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:54 2024 by rpki-client on console-ams.rpki-client.org