Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B54FE/FEDDC0C0511311EBAF28CA0DC4F9AE02/629AD062760311EBAD797E12C4F9AE02.roa
File:                     629AD062760311EBAD797E12C4F9AE02.roa (raw, json)
Hash identifier:          7SBwI++47MPCYp0RITCn+axpqCjHEeMV3oHkmn/AVuE=
Subject key identifier:   CE:73:B3:EA:CA:18:17:F0:7C:ED:94:D4:4B:9A:C2:8B:94:EB:24:EF
Certificate issuer:       /CN=A91B54FE/serialNumber=07CF81704AD870231E1ED837BC3B80675A027C69
Certificate serial:       0543
Authority key identifier: 07:CF:81:70:4A:D8:70:23:1E:1E:D8:37:BC:3B:80:67:5A:02:7C:69
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/B8-BcErYcCMeHtg3vDuAZ1oCfGk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B54FE/FEDDC0C0511311EBAF28CA0DC4F9AE02/629AD062760311EBAD797E12C4F9AE02.roa
Signing time:             Mon 27 Feb 2023 00:50:55 +0000
ROA not before:           Mon 27 Feb 2023 00:50:55 +0000
ROA not after:            Wed 01 May 2024 00:00:00 +0000
asID:                     134505
IP address blocks:        103.161.104.0/23 maxlen: 23
                          103.161.104.0/24 maxlen: 24
                          103.161.105.0/24 maxlen: 24
                          2001:df5:c080::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1347 (0x543)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B54FE/serialNumber=07CF81704AD870231E1ED837BC3B80675A027C69
        Validity
            Not Before: Feb 27 00:50:55 2023 GMT
            Not After : May  1 00:00:00 2024 GMT
        Subject: CN=63fbfe6f-f138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8d:7a:99:8f:0b:61:47:36:e0:10:d1:2e:d1:
                    bc:fd:24:2f:34:23:a3:50:20:f6:a0:2f:32:8f:4b:
                    9b:91:20:8a:12:f1:c4:e6:37:a7:57:cd:e8:65:a2:
                    0c:2e:5c:c2:53:e1:75:1d:5c:a8:11:c4:58:db:6b:
                    04:01:dc:f0:89:77:fa:80:2a:8c:fc:a0:73:ef:34:
                    17:4a:f4:c3:d2:65:a2:5d:e5:d7:2b:5b:a7:c9:4f:
                    99:01:72:a1:32:45:92:85:e3:d6:63:96:2d:51:69:
                    0a:b8:90:73:2f:5a:a5:f8:5e:88:49:d1:20:3c:c5:
                    62:e4:14:d6:58:53:e0:7f:26:b1:91:49:38:e8:6f:
                    63:55:47:e9:9e:47:9b:67:d3:2a:48:d1:56:37:ab:
                    60:19:51:35:27:a1:0a:ce:f8:a7:1a:8b:ad:a7:9a:
                    06:56:b8:41:fc:0b:71:e1:ec:b2:71:68:f8:d2:b9:
                    c7:7b:e4:c4:ef:e5:ec:d5:8e:02:9a:7c:22:2b:73:
                    16:e4:bf:74:58:b3:f7:e4:57:9c:02:ea:05:9d:c8:
                    dc:30:fc:f3:c1:8e:a4:cc:ee:0f:c3:20:b9:92:b2:
                    20:07:8e:db:45:07:b0:8e:8b:02:0c:c6:8a:c0:c5:
                    91:f8:e0:de:9a:55:08:1e:79:d1:1e:10:f7:30:dd:
                    a4:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:73:B3:EA:CA:18:17:F0:7C:ED:94:D4:4B:9A:C2:8B:94:EB:24:EF
            X509v3 Authority Key Identifier:
                keyid:07:CF:81:70:4A:D8:70:23:1E:1E:D8:37:BC:3B:80:67:5A:02:7C:69

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B54FE/FEDDC0C0511311EBAF28CA0DC4F9AE02/B8-BcErYcCMeHtg3vDuAZ1oCfGk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/B8-BcErYcCMeHtg3vDuAZ1oCfGk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B54FE/FEDDC0C0511311EBAF28CA0DC4F9AE02/629AD062760311EBAD797E12C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.161.104.0/23
                IPv6:
                  2001:df5:c080::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:5b:76:f3:44:03:7e:79:7a:9e:5a:39:6e:5b:da:9f:be:dd:
         6d:05:c1:ed:4f:12:51:02:2f:f9:8c:92:6c:e5:43:60:ee:80:
         e2:01:96:6f:b9:d3:1e:dc:51:93:24:a5:33:d9:e8:f0:c3:ad:
         cf:d9:7d:8f:95:61:aa:c6:4b:7f:61:29:16:55:91:91:c5:41:
         11:87:6c:f8:72:d4:16:77:e6:88:ff:f4:0d:f0:a9:e6:ce:d9:
         a6:15:d1:67:79:40:11:38:2e:65:00:42:60:16:a3:34:ed:bb:
         51:2f:a7:5a:98:66:6b:09:25:ab:dc:b4:37:86:c2:c2:8a:85:
         d3:00:0b:16:d9:77:41:8e:2b:79:9b:02:fc:1c:51:7e:3a:24:
         d3:eb:76:5f:cb:42:e6:c7:c4:39:c9:9b:0d:a0:e5:ed:8b:6c:
         b7:69:32:f7:eb:92:77:9d:6f:7d:f1:01:66:3f:1e:a3:35:57:
         b4:81:05:19:3e:f5:08:c7:a6:b0:b9:4b:d3:89:34:4b:68:11:
         f7:98:e3:6c:4a:93:37:5d:d8:9a:67:d2:83:bf:ec:22:e2:8d:
         66:04:f9:12:fd:8d:76:d5:6d:f4:cb:f7:65:43:06:9e:b8:0f:
         a3:26:66:0c:2b:bc:6a:4c:bd:b5:25:1e:91:de:11:b6:26:af:
         23:c3:3e:d8
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICBUMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjU0RkUxMTAvBgNVBAUTKDA3Q0Y4MTcwNEFEODcwMjMxRTFFRDgzN0JDM0I4MDY3
NUEwMjdDNjkwHhcNMjMwMjI3MDA1MDU1WhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2ZiZmU2Zi1mMTM4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArY16mY8LYUc24BDRLtG8/SQvNCOjUCD2oC8yj0ubkSCKEvHE5jenV83oZaIM
LlzCU+F1HVyoEcRY22sEAdzwiXf6gCqM/KBz7zQXSvTD0mWiXeXXK1unyU+ZAXKh
MkWShePWY5YtUWkKuJBzL1ql+F6ISdEgPMVi5BTWWFPgfyaxkUk46G9jVUfpnkeb
Z9MqSNFWN6tgGVE1J6EKzvinGoutp5oGVrhB/Atx4eyycWj40rnHe+TE7+Xs1Y4C
mnwiK3MW5L90WLP35FecAuoFncjcMPzzwY6kzO4PwyC5krIgB47bRQewjosCDMaK
wMWR+ODemlUIHnnRHhD3MN2k5QIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFM5zs+rK
GBfwfO2U1EuawouU6yTvMB8GA1UdIwQYMBaAFAfPgXBK2HAjHh7YN7w7gGdaAnxp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNTRGRS9GRUREQzBDMDUx
MTMxMUVCQUYyOENBMERDNEY5QUUwMi9COC1CY0VyWWNDTWVIdGczdkR1QVoxb0Nm
R2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0I4LUJjRXJZY0NNZUh0ZzN2RHVBWjFvQ2ZHay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjU0RkUvRkVEREMwQzA1MTEzMTFFQkFGMjhDQTBEQzRGOUFFMDIvNjI5QUQwNjI3
NjAzMTFFQkFENzk3RTEyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnoWgwDwQCAAIwCQMHACABDfXAgDANBgkqhkiG9w0BAQsF
AAOCAQEAYlt280QDfnl6nlo5blvan77dbQXB7U8SUQIv+YySbOVDYO6A4gGWb7nT
HtxRkySlM9no8MOtz9l9j5VhqsZLf2EpFlWRkcVBEYds+HLUFnfmiP/0DfCp5s7Z
phXRZ3lAETguZQBCYBajNO27US+nWphmawklq9y0N4bCwoqF0wALFtl3QY4reZsC
/BxRfjok0+t2X8tC5sfEOcmbDaDl7Ytst2ky9+uSd51vffEBZj8eozVXtIEFGT71
CMemsLlL04k0S2gR95jjbEqTN13YmmfSg7/sIuKNZgT5Ev2NdtVt9Mv3ZUMGnrgP
oyZmDCu8aky9tSUekd4RtiavI8M+2A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:56 2024 by rpki-client on console-ams.rpki-client.org