Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F87BB/9DF0DFBE7DE911ECBEA08E0FC4F9AE02/648D3AE260EB11EEB09C0314C4F9AE02.roa
File:                     648D3AE260EB11EEB09C0314C4F9AE02.roa (raw, json)
Hash identifier:          sgEAUYT/QtHTiTXoq5AebTmwHTjan7DxKGX1+qmV7x0=
Subject key identifier:   C6:B4:93:D0:13:2B:A2:3D:31:ED:E1:46:02:D4:1E:2A:2C:1D:F3:C7
Certificate issuer:       /CN=A91F87BB/serialNumber=B319DF1455D8A2E1498CDC5D491569831C5AFDA1
Certificate serial:       02B9
Authority key identifier: B3:19:DF:14:55:D8:A2:E1:49:8C:DC:5D:49:15:69:83:1C:5A:FD:A1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sxnfFFXYouFJjNxdSRVpgxxa_aE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F87BB/9DF0DFBE7DE911ECBEA08E0FC4F9AE02/648D3AE260EB11EEB09C0314C4F9AE02.roa
Signing time:             Mon 02 Oct 2023 06:17:42 +0000
ROA not before:           Mon 02 Oct 2023 06:17:42 +0000
ROA not after:            Wed 01 May 2024 00:00:00 +0000
asID:                     139611
IP address blocks:        103.180.54.0/23 maxlen: 23
                          103.180.54.0/24 maxlen: 24
                          2400:51e0::/32 maxlen: 32
                          2400:51e0:1000::/36 maxlen: 36
                          2400:51e0:1001::/48 maxlen: 48
                          2400:51e0:1002::/48 maxlen: 48
                          2400:51e0:1003::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 697 (0x2b9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F87BB/serialNumber=B319DF1455D8A2E1498CDC5D491569831C5AFDA1
        Validity
            Not Before: Oct  2 06:17:42 2023 GMT
            Not After : May  1 00:00:00 2024 GMT
        Subject: CN=651a6085-8ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:32:98:e3:d5:6c:ef:3f:43:6c:5d:aa:b8:eb:
                    dd:bb:ec:d4:be:e6:48:08:99:09:35:a9:75:9f:c3:
                    d4:52:4f:0f:cc:4f:49:dd:35:de:e2:c1:50:3c:5b:
                    75:10:0a:81:4d:38:b2:13:21:1c:cd:54:a1:5d:cd:
                    91:0b:08:f1:28:de:db:7c:31:23:87:75:c8:36:7b:
                    1e:61:17:9e:07:28:85:71:87:f7:72:a6:e6:4d:0c:
                    ed:87:ea:79:51:02:a2:eb:dc:4a:94:2e:82:b4:f2:
                    6d:8a:a8:f2:89:20:7a:00:8e:9c:d8:de:a1:be:59:
                    89:57:4b:4e:1c:f3:00:fa:26:7f:8b:4b:ba:11:d2:
                    82:c7:19:df:9b:9a:45:17:b4:79:c9:9c:a3:93:2e:
                    f3:e5:d9:59:6c:bb:b8:3e:12:c4:4a:4d:b8:2e:16:
                    3d:39:a7:46:70:7a:f1:c2:b3:b5:0c:fe:a2:b2:d0:
                    f4:c3:bb:12:64:aa:b2:64:42:5d:81:ae:b0:e5:aa:
                    e4:03:c4:f9:3e:bd:72:53:1a:aa:0b:22:6c:c4:45:
                    95:ec:35:3c:7c:39:ed:45:2b:84:2b:0b:d5:90:f2:
                    86:ee:37:3d:d8:c7:6e:4f:c5:9a:af:7f:57:4d:17:
                    f3:fa:f1:5f:5a:b1:90:82:c2:10:99:49:59:58:f1:
                    99:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:B4:93:D0:13:2B:A2:3D:31:ED:E1:46:02:D4:1E:2A:2C:1D:F3:C7
            X509v3 Authority Key Identifier:
                keyid:B3:19:DF:14:55:D8:A2:E1:49:8C:DC:5D:49:15:69:83:1C:5A:FD:A1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F87BB/9DF0DFBE7DE911ECBEA08E0FC4F9AE02/sxnfFFXYouFJjNxdSRVpgxxa_aE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sxnfFFXYouFJjNxdSRVpgxxa_aE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F87BB/9DF0DFBE7DE911ECBEA08E0FC4F9AE02/648D3AE260EB11EEB09C0314C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.180.54.0/23
                IPv6:
                  2400:51e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:cd:7f:70:5b:b1:20:79:4c:dc:4a:62:a8:89:ac:f0:5a:1b:
         9a:4d:a5:1c:80:f0:84:70:2c:12:37:0e:40:bd:84:02:d3:cf:
         2a:1a:5d:4c:63:af:62:af:e6:89:0b:c2:8b:b3:f0:9a:7b:b5:
         ad:02:19:f5:c9:d1:2b:45:a5:18:fd:ff:25:d5:41:8f:6f:7f:
         ff:bf:32:1d:c3:97:fc:57:e2:9c:70:be:f8:f4:b3:31:8e:63:
         cf:df:ea:0c:a7:79:b1:4f:d1:88:40:a7:39:83:9d:38:e7:45:
         9d:36:d7:3a:cc:08:6d:a9:0f:b1:6e:db:2f:5b:bb:72:fb:ec:
         bc:fc:0c:72:42:ba:b5:28:f7:c0:76:d8:9e:57:25:33:c1:a8:
         ca:a0:47:5d:44:4c:12:cd:2d:20:50:60:92:d8:20:84:ab:fc:
         69:5d:44:91:5e:a7:54:7b:0d:56:3a:5d:4c:eb:4b:e8:46:6f:
         e1:bb:d5:92:4f:c1:f7:ef:c9:38:2a:6d:07:8e:7d:22:96:f6:
         a0:4f:a6:21:3a:49:30:96:f8:64:f4:fb:fa:c0:59:9e:4b:7a:
         69:ef:62:56:57:42:5a:61:e2:81:68:2f:ae:9c:9a:f3:c2:d4:
         dc:67:82:d8:b5:89:86:9f:65:92:75:a1:7c:6c:13:1b:e7:27:
         5a:05:ed:99
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICArkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Rjg3QkIxMTAvBgNVBAUTKEIzMTlERjE0NTVEOEEyRTE0OThDREM1RDQ5MTU2OTgz
MUM1QUZEQTEwHhcNMjMxMDAyMDYxNzQyWhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTFhNjA4NS04YWQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnTKY49Vs7z9DbF2quOvdu+zUvuZICJkJNal1n8PUUk8PzE9J3TXe4sFQPFt1
EAqBTTiyEyEczVShXc2RCwjxKN7bfDEjh3XINnseYReeByiFcYf3cqbmTQzth+p5
UQKi69xKlC6CtPJtiqjyiSB6AI6c2N6hvlmJV0tOHPMA+iZ/i0u6EdKCxxnfm5pF
F7R5yZyjky7z5dlZbLu4PhLESk24LhY9OadGcHrxwrO1DP6istD0w7sSZKqyZEJd
ga6w5arkA8T5Pr1yUxqqCyJsxEWV7DU8fDntRSuEKwvVkPKG7jc92MduT8War39X
TRfz+vFfWrGQgsIQmUlZWPGZ2QIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFMa0k9AT
K6I9Me3hRgLUHiosHfPHMB8GA1UdIwQYMBaAFLMZ3xRV2KLhSYzcXUkVaYMcWv2h
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGODdCQi85REYwREZCRTdE
RTkxMUVDQkVBMDhFMEZDNEY5QUUwMi9zeG5mRkZYWW91RkpqTnhkU1JWcGd4eGFf
YUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3N4bmZGRlhZb3VGSmpOeGRTUlZwZ3h4YV9hRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Rjg3QkIvOURGMERGQkU3REU5MTFFQ0JFQTA4RTBGQzRGOUFFMDIvNjQ4RDNBRTI2
MEVCMTFFRUIwOUMwMzE0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAFntDYwDQQCAAIwBwMFACQAUeAwDQYJKoZIhvcNAQELBQAD
ggEBAB7Nf3BbsSB5TNxKYqiJrPBaG5pNpRyA8IRwLBI3DkC9hALTzyoaXUxjr2Kv
5okLwouz8Jp7ta0CGfXJ0StFpRj9/yXVQY9vf/+/Mh3Dl/xX4pxwvvj0szGOY8/f
6gynebFP0YhApzmDnTjnRZ021zrMCG2pD7Fu2y9bu3L77Lz8DHJCurUo98B22J5X
JTPBqMqgR11ETBLNLSBQYJLYIISr/GldRJFep1R7DVY6XUzrS+hGb+G71ZJPwffv
yTgqbQeOfSKW9qBPpiE6STCW+GT0+/rAWZ5LemnvYlZXQlph4oFoL66cmvPC1Nxn
gti1iYafZZJ1oXxsExvnJ1oF7Zk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:51 2024 by rpki-client on console-fra.rpki-client.org