Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/FB3C9284B57D11EF8E1CF66EC4F9AE02.roa
File:                     FB3C9284B57D11EF8E1CF66EC4F9AE02.roa (raw, json)
Hash identifier:          IbRPJlMpla3CLgcHjBxGak9uGhrQ1mhXERwS5BbUMsU=
Subject key identifier:   7A:C3:EA:11:CE:00:E0:B9:D6:AC:25:86:F3:33:B2:2E:36:3D:CC:D7
Certificate issuer:       /CN=A91C0BDE/serialNumber=A4B50BECD8BBA285587128D5919283DBE1690918
Certificate serial:       08AA
Authority key identifier: A4:B5:0B:EC:D8:BB:A2:85:58:71:28:D5:91:92:83:DB:E1:69:09:18
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/FB3C9284B57D11EF8E1CF66EC4F9AE02.roa
Signing time:             Sun 08 Dec 2024 16:03:36 +0000
ROA not before:           Sun 08 Dec 2024 16:03:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38138
IP address blocks:        114.129.8.0/21 maxlen: 21
                          114.129.8.0/24 maxlen: 24
                          114.129.9.0/24 maxlen: 24
                          114.129.10.0/24 maxlen: 24
                          114.129.12.0/24 maxlen: 24
                          2405:eec0::/32 maxlen: 32
                          2405:eec0:1::/48 maxlen: 48
                          2405:eec0:2::/48 maxlen: 48
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2218 (0x8aa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C0BDE
        Validity
            Not Before: Dec  8 16:03:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6755c358-5203
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:11:63:6c:de:11:d0:a4:b8:1b:ef:3c:99:e5:
                    74:02:1a:fd:ab:30:92:d9:b6:59:8c:af:c8:9c:26:
                    b2:e9:ec:08:d2:2a:02:d6:6b:7b:39:2b:5f:60:5f:
                    89:ed:cb:31:d1:47:67:70:27:2f:9a:fb:0f:d1:ea:
                    3c:2d:14:e6:75:b3:64:91:81:ea:62:9b:6f:65:97:
                    8e:ca:7d:54:e7:1d:f2:e1:05:d4:f5:54:2d:ff:58:
                    5e:cd:59:f1:2c:ff:5e:08:0c:3f:f4:15:0d:c2:33:
                    e7:13:c7:dc:54:4a:f9:8b:14:3e:08:5a:23:2f:cd:
                    ca:ef:a1:1a:d8:c4:55:dc:ec:2d:de:d3:95:a5:b9:
                    fd:90:ce:6c:ef:b4:80:1a:a6:14:b2:eb:38:d4:bc:
                    c8:1d:20:6b:15:36:34:be:2e:6e:ac:96:a5:9d:ea:
                    ee:35:fd:ea:f6:8c:4a:28:48:38:9a:21:71:f4:03:
                    03:d3:d9:91:51:82:c2:2e:61:b5:83:42:a5:aa:81:
                    b6:c0:ae:bd:ca:73:07:2c:cd:1c:69:7b:a1:5e:9e:
                    7b:7e:07:5b:9b:1f:13:fa:46:d9:c6:81:4f:bc:68:
                    82:0c:4e:ff:76:59:6d:a1:43:a2:99:e3:ea:9b:95:
                    ce:d9:0b:05:6d:41:9e:79:7f:1b:7f:cf:65:f9:1a:
                    23:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:C3:EA:11:CE:00:E0:B9:D6:AC:25:86:F3:33:B2:2E:36:3D:CC:D7
            X509v3 Authority Key Identifier:
                keyid:A4:B5:0B:EC:D8:BB:A2:85:58:71:28:D5:91:92:83:DB:E1:69:09:18

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/FB3C9284B57D11EF8E1CF66EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.129.8.0/21
                IPv6:
                  2405:eec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         ba:f3:a5:0d:db:5e:36:19:f3:f1:33:4d:c4:fc:33:bc:57:9c:
         7a:3c:b0:b8:f1:92:dd:68:8a:de:45:7a:94:d8:30:48:23:92:
         7e:7b:49:d0:dc:6b:25:12:52:6b:ae:1a:30:67:87:c3:cb:80:
         58:25:ea:c2:12:a2:81:17:a3:db:ae:2c:6a:a7:17:3d:30:45:
         1e:ca:ea:90:3b:ed:27:ed:57:a8:be:f4:a9:83:36:60:cd:da:
         25:db:5f:2a:4c:14:07:f3:b4:88:d0:dd:b8:f9:fd:20:ae:b0:
         2d:28:cc:8d:dc:28:34:f7:89:11:c1:29:8e:2b:57:51:88:ec:
         4b:ea:26:a8:5c:36:7a:4e:2d:96:70:43:2f:87:3d:d8:40:25:
         68:da:89:dd:76:99:b9:1e:ad:ee:06:ab:62:9d:f4:7e:2e:43:
         d5:78:76:db:dc:d8:27:3e:5a:c6:39:09:8b:f0:b2:51:bc:7b:
         a4:99:cb:c1:1e:06:49:aa:1c:36:d3:e4:6e:74:d4:31:b2:99:
         f7:95:8b:78:47:fc:9e:bc:3f:2b:39:ad:a8:52:27:dc:5d:dd:
         af:d1:8f:76:0f:c3:23:9c:8f:22:23:da:ed:67:70:ce:b0:79:
         45:6a:80:3f:06:ac:7b:31:d6:5f:35:f2:ba:d6:b2:6e:fe:ec:
         c9:b4:2d:c6
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCKowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzBCREUxMTAvBgNVBAUTKEE0QjUwQkVDRDhCQkEyODU1ODcxMjhENTkxOTI4M0RC
RTE2OTA5MTgwHhcNMjQxMjA4MTYwMzM2WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzU1YzM1OC01MjAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArBFjbN4R0KS4G+88meV0Ahr9qzCS2bZZjK/InCay6ewI0ioC1mt7OStfYF+J
7csx0UdncCcvmvsP0eo8LRTmdbNkkYHqYptvZZeOyn1U5x3y4QXU9VQt/1hezVnx
LP9eCAw/9BUNwjPnE8fcVEr5ixQ+CFojL83K76Ea2MRV3Owt3tOVpbn9kM5s77SA
GqYUsus41LzIHSBrFTY0vi5urJalneruNf3q9oxKKEg4miFx9AMD09mRUYLCLmG1
g0KlqoG2wK69ynMHLM0caXuhXp57fgdbmx8T+kbZxoFPvGiCDE7/dlltoUOimePq
m5XO2QsFbUGeeX8bf89l+Roj7wIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFHrD6hHO
AOC51qwlhvMzsi42PczXMB8GA1UdIwQYMBaAFKS1C+zYu6KFWHEo1ZGSg9vhaQkY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMEJERS83RTVBQzNFMDg5
NzExMUVBOTI0MDJBMEFDNEY5QUUwMi9wTFVMN05pN29vVlljU2pWa1pLRDItRnBD
UmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BMVUw3Tmk3b29WWWNTalZrWktEMi1GcENSZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzBCREUvN0U1QUMzRTA4OTcxMTFFQTkyNDAyQTBBQzRGOUFFMDIvRkIzQzkyODRC
NTdEMTFFRjhFMUNGNjZFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBANygQgwDQQCAAIwBwMFACQF7sAwDQYJKoZIhvcNAQELBQAD
ggEBALrzpQ3bXjYZ8/EzTcT8M7xXnHo8sLjxkt1oit5FepTYMEgjkn57SdDcayUS
UmuuGjBnh8PLgFgl6sISooEXo9uuLGqnFz0wRR7K6pA77SftV6i+9KmDNmDN2iXb
XypMFAfztIjQ3bj5/SCusC0ozI3cKDT3iRHBKY4rV1GI7EvqJqhcNnpOLZZwQy+H
PdhAJWjaid12mbkere4Gq2Kd9H4uQ9V4dtvc2Cc+WsY5CYvwslG8e6SZy8EeBkmq
HDbT5G501DGymfeVi3hH/J68Pys5rahSJ9xd3a/Rj3YPwyOcjyIj2u1ncM6weUVq
gD8GrHsx1l818rrWsm7+7Mm0LcY=
-----END CERTIFICATE-----