Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D9F0A/E86021D6A23C11E88A6FE66CC4F9AE02/D089AD14090011EDB6B9BF3FC4F9AE02.roa
File:                     D089AD14090011EDB6B9BF3FC4F9AE02.roa (raw, json)
Hash identifier:          QDRyVejW6ofO8bLL2i2do97z6Hdosr3pdsG2HjKsyXc=
Subject key identifier:   9D:BE:71:C7:AB:01:61:90:B6:78:55:47:4C:3B:AF:14:4F:14:74:E1
Certificate issuer:       /CN=A91D9F0A/serialNumber=E46BBF01768956E866AEC443F2BB13501F2E7379
Certificate serial:       1263
Authority key identifier: E4:6B:BF:01:76:89:56:E8:66:AE:C4:43:F2:BB:13:50:1F:2E:73:79
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Gu_AXaJVuhmrsRD8rsTUB8uc3k.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D9F0A/E86021D6A23C11E88A6FE66CC4F9AE02/D089AD14090011EDB6B9BF3FC4F9AE02.roa
Signing time:             Tue 31 Oct 2023 17:44:59 +0000
ROA not before:           Tue 31 Oct 2023 17:44:59 +0000
ROA not after:            Fri 01 Mar 2024 00:00:00 +0000
asID:                     138043
IP address blocks:        103.121.48.0/24 maxlen: 24
                          103.121.49.0/24 maxlen: 24
                          103.130.196.0/24 maxlen: 24
                          103.130.197.0/24 maxlen: 24
                          2400:9860::/32 maxlen: 32
                          2400:9860::/48 maxlen: 48
                          2400:9860:1::/48 maxlen: 48
                          2400:9860:2::/48 maxlen: 48
                          2400:9860:3::/48 maxlen: 48
                          2400:9860:4::/48 maxlen: 48
                          2400:9860:5::/48 maxlen: 48
                          2400:9860:6::/48 maxlen: 48
                          2400:9860:7::/48 maxlen: 48
                          2400:9860:8::/48 maxlen: 48
                          2400:9860:9::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4707 (0x1263)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D9F0A/serialNumber=E46BBF01768956E866AEC443F2BB13501F2E7379
        Validity
            Not Before: Oct 31 17:44:59 2023 GMT
            Not After : Mar  1 00:00:00 2024 GMT
        Subject: CN=65413d1b-137d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:88:c0:c1:9a:bd:de:36:2d:f5:3b:81:ab:09:
                    4a:1e:94:5a:25:25:9f:d5:5f:51:f6:89:87:cb:60:
                    aa:b6:0f:48:f3:b8:a6:f5:ef:88:46:45:5d:e3:2f:
                    c1:ca:6f:46:51:e9:09:23:e1:c7:f4:27:5c:75:20:
                    b8:de:64:c5:3e:98:5c:cf:bf:ac:da:34:74:23:a1:
                    e6:26:3d:35:a5:fc:91:9f:08:85:ff:e2:5f:13:d8:
                    4d:36:71:ba:b2:5a:54:dc:da:1d:84:8b:cc:33:5f:
                    c0:72:29:00:98:cd:79:f2:a0:28:bf:b6:4a:ab:18:
                    cd:6f:39:f8:8a:39:03:d5:19:2d:5b:f6:a9:1c:ea:
                    01:c1:51:35:4e:3a:35:29:07:05:cc:49:45:a4:b7:
                    a3:cd:79:b8:fd:68:be:ec:04:b1:c7:90:c2:62:c5:
                    e0:c0:0d:07:23:2b:00:af:9a:2b:7f:63:2a:a7:33:
                    f0:dc:bb:f4:b8:f5:86:5a:e3:46:28:fd:86:25:10:
                    26:7b:4b:79:48:80:e3:ac:ad:26:7e:87:7a:c2:dd:
                    7e:5b:e4:e5:a8:31:90:5d:0d:f7:c2:5b:51:b6:17:
                    69:35:39:23:ac:91:e4:0d:91:4f:f1:62:d8:c9:eb:
                    c3:15:2a:56:e9:29:d8:4c:40:73:28:70:ce:6e:97:
                    fb:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:BE:71:C7:AB:01:61:90:B6:78:55:47:4C:3B:AF:14:4F:14:74:E1
            X509v3 Authority Key Identifier:
                keyid:E4:6B:BF:01:76:89:56:E8:66:AE:C4:43:F2:BB:13:50:1F:2E:73:79

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D9F0A/E86021D6A23C11E88A6FE66CC4F9AE02/5Gu_AXaJVuhmrsRD8rsTUB8uc3k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5Gu_AXaJVuhmrsRD8rsTUB8uc3k.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D9F0A/E86021D6A23C11E88A6FE66CC4F9AE02/D089AD14090011EDB6B9BF3FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.121.48.0/23
                  103.130.196.0/23
                IPv6:
                  2400:9860::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:3a:ab:8b:f4:c6:55:ee:c5:2f:8d:db:86:a4:40:0b:94:04:
         17:4d:81:5d:44:e5:11:b6:7e:91:8c:85:80:aa:c7:18:e0:97:
         b1:70:54:99:49:ef:11:10:14:e9:cf:02:66:38:14:13:01:8e:
         75:6c:c0:dc:6e:a2:7a:61:a5:70:b9:0c:78:ba:14:97:a2:00:
         9b:8d:af:29:54:5d:21:bb:5d:05:cc:56:11:1d:e8:15:07:6b:
         40:0c:d5:6f:e2:18:34:88:d4:d3:c1:00:a6:f3:7f:0e:b5:3b:
         20:d4:64:33:a7:f6:f6:fc:32:23:00:cd:58:f1:ff:6f:aa:64:
         36:a1:5f:e2:58:3b:4f:db:94:4b:4f:82:ee:83:96:21:9a:b6:
         fa:30:d9:ef:c6:98:5a:96:97:62:fe:ce:8b:4f:f3:89:dd:5e:
         c0:39:5f:8b:21:0a:7c:e2:79:dd:2e:9e:8a:b5:65:23:98:9e:
         3d:bb:15:72:17:44:f5:8c:b8:35:9b:20:07:ab:83:08:44:1e:
         31:a8:48:3e:ad:5c:b8:21:85:cd:35:ff:ce:ef:17:bc:ba:0a:
         0c:e4:a7:aa:89:4a:67:09:25:6b:06:5a:b6:f5:a1:f7:dc:91:
         dd:73:a3:f1:b4:93:0d:ab:01:0b:59:67:06:5a:ea:f6:0e:af:
         f0:31:f3:b5
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICEmMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDlGMEExMTAvBgNVBAUTKEU0NkJCRjAxNzY4OTU2RTg2NkFFQzQ0M0YyQkIxMzUw
MUYyRTczNzkwHhcNMjMxMDMxMTc0NDU5WhcNMjQwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTQxM2QxYi0xMzdkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxYjAwZq93jYt9TuBqwlKHpRaJSWf1V9R9omHy2Cqtg9I87im9e+IRkVd4y/B
ym9GUekJI+HH9CdcdSC43mTFPphcz7+s2jR0I6HmJj01pfyRnwiF/+JfE9hNNnG6
slpU3NodhIvMM1/AcikAmM158qAov7ZKqxjNbzn4ijkD1RktW/apHOoBwVE1Tjo1
KQcFzElFpLejzXm4/Wi+7ASxx5DCYsXgwA0HIysAr5orf2MqpzPw3Lv0uPWGWuNG
KP2GJRAme0t5SIDjrK0mfod6wt1+W+TlqDGQXQ33wltRthdpNTkjrJHkDZFP8WLY
yevDFSpW6SnYTEBzKHDObpf7bQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFJ2+ccer
AWGQtnhVR0w7rxRPFHThMB8GA1UdIwQYMBaAFORrvwF2iVboZq7EQ/K7E1AfLnN5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEOUYwQS9FODYwMjFENkEy
M0MxMUU4OEE2RkU2NkNDNEY5QUUwMi81R3VfQVhhSlZ1aG1yc1JEOHJzVFVCOHVj
M2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVHdV9BWGFKVnVobXJzUkQ4cnNUVUI4dWMzay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDlGMEEvRTg2MDIxRDZBMjNDMTFFODhBNkZFNjZDQzRGOUFFMDIvRDA4OUFEMTQw
OTAwMTFFREI2QjlCRjNGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAFneTADBAFngsQwDQQCAAIwBwMFACQAmGAwDQYJKoZIhvcN
AQELBQADggEBAGs6q4v0xlXuxS+N24akQAuUBBdNgV1E5RG2fpGMhYCqxxjgl7Fw
VJlJ7xEQFOnPAmY4FBMBjnVswNxuonphpXC5DHi6FJeiAJuNrylUXSG7XQXMVhEd
6BUHa0AM1W/iGDSI1NPBAKbzfw61OyDUZDOn9vb8MiMAzVjx/2+qZDahX+JYO0/b
lEtPgu6DliGatvow2e/GmFqWl2L+zotP84ndXsA5X4shCnzied0unoq1ZSOYnj27
FXIXRPWMuDWbIAergwhEHjGoSD6tXLghhc01/87vF7y6Cgzkp6qJSmcJJWsGWrb1
offckd1zo/G0kw2rAQtZZwZa6vYOr/Ax87U=
-----END CERTIFICATE-----