Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F9090/F52E9A20C53611EC93978E29C4F9AE02/3563A906C6CB11ECB185E43EC4F9AE02.roa
File:                     3563A906C6CB11ECB185E43EC4F9AE02.roa (raw, json)
Hash identifier:          /ZBKWzBFwvbVIdjsXv9zml8tSujEKYTIUpF7WouCn2w=
Subject key identifier:   44:6F:B2:E4:9D:7E:2B:3B:6E:D9:75:58:DD:8C:04:29:AD:72:9B:A0
Certificate issuer:       /CN=A91F9090/serialNumber=732AEDA41C3EB1F6AD9943422170FE7C0249E5B4
Certificate serial:       01F2
Authority key identifier: 73:2A:ED:A4:1C:3E:B1:F6:AD:99:43:42:21:70:FE:7C:02:49:E5:B4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cyrtpBw-sfatmUNCIXD-fAJJ5bQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F9090/F52E9A20C53611EC93978E29C4F9AE02/3563A906C6CB11ECB185E43EC4F9AE02.roa
Signing time:             Sat 09 Sep 2023 02:33:25 +0000
ROA not before:           Sat 09 Sep 2023 02:33:25 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     132742
IP address blocks:        43.242.44.0/22 maxlen: 24
                          103.37.248.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 498 (0x1f2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F9090/serialNumber=732AEDA41C3EB1F6AD9943422170FE7C0249E5B4
        Validity
            Not Before: Sep  9 02:33:25 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=64fbd975-d403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8f:2e:b5:d5:a9:bd:7d:a2:08:c8:ed:a4:e2:
                    4b:27:31:04:16:24:4b:c7:73:67:af:34:90:ba:9d:
                    a7:57:df:1c:e8:b3:e3:20:b6:70:11:d1:18:d0:00:
                    36:ae:2a:74:16:c1:18:f6:97:b9:c1:97:cb:ec:f0:
                    0a:51:cf:7e:83:de:f9:d3:f2:af:0a:47:3e:e3:0f:
                    6b:70:6a:7a:77:76:52:9c:1e:e6:8e:0c:21:8c:a2:
                    43:87:d4:8f:02:6f:08:5f:89:15:c6:32:0a:7e:e3:
                    f8:5a:48:88:6c:fc:ff:74:3a:81:13:94:03:47:29:
                    8d:4d:1b:49:0a:1c:42:39:cb:c0:4e:81:0a:b0:24:
                    7f:8c:ee:85:81:55:ab:35:c6:27:04:3e:09:85:09:
                    87:35:77:f5:64:61:57:03:de:54:64:7b:0f:5c:a8:
                    0b:1a:00:55:d7:d9:68:19:02:c8:73:c2:36:b2:28:
                    53:5e:37:23:5e:2b:56:bf:20:a4:43:5a:73:8a:ac:
                    1f:96:a6:da:fe:31:69:b7:29:d8:a7:b7:a1:10:71:
                    9a:7e:aa:9a:a2:d6:bc:8c:67:6a:c6:2e:da:93:3e:
                    b7:f0:d6:68:4f:5d:f7:7e:1c:f2:f0:9a:27:e5:01:
                    4d:07:ec:15:82:0b:c8:e5:69:e0:46:44:a2:51:ab:
                    c6:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:6F:B2:E4:9D:7E:2B:3B:6E:D9:75:58:DD:8C:04:29:AD:72:9B:A0
            X509v3 Authority Key Identifier:
                keyid:73:2A:ED:A4:1C:3E:B1:F6:AD:99:43:42:21:70:FE:7C:02:49:E5:B4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F9090/F52E9A20C53611EC93978E29C4F9AE02/cyrtpBw-sfatmUNCIXD-fAJJ5bQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cyrtpBw-sfatmUNCIXD-fAJJ5bQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F9090/F52E9A20C53611EC93978E29C4F9AE02/3563A906C6CB11ECB185E43EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.242.44.0/22
                  103.37.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:91:de:11:ac:0a:c6:63:af:12:1d:6f:9e:19:f4:90:0c:db:
         8e:4d:cb:c1:5d:4d:b7:bd:d0:e6:b5:3a:c0:f3:6f:fa:12:45:
         aa:23:da:4f:6b:53:81:c0:a4:9e:e5:b2:18:f4:4d:8f:db:6f:
         f8:e0:cb:b2:0e:aa:34:0c:20:2a:7c:ef:ea:5f:34:92:33:bc:
         7a:10:be:0d:45:82:e5:c6:df:58:a3:7f:ce:3f:42:d1:5f:7e:
         f9:58:50:62:c8:0f:22:b5:58:1b:1c:62:a9:26:d8:5e:03:90:
         a9:46:49:60:fe:cd:e8:55:dc:b4:d5:24:85:a4:e5:59:16:b7:
         fb:28:f5:a9:3b:1f:21:08:5b:e4:52:c9:53:b0:33:0e:cd:81:
         2d:02:0a:f3:c3:c4:bb:b4:b9:b4:74:2e:36:5b:12:e3:a1:e8:
         35:94:14:c8:bf:d1:86:22:b5:f1:10:80:12:df:79:0a:4d:23:
         42:60:5a:34:35:df:11:a1:16:d8:9c:54:67:e4:a5:a2:ce:d8:
         b0:ed:6f:6f:17:fd:0c:66:e6:a5:0e:a3:b1:96:a8:5f:e6:f3:
         43:79:04:8a:89:af:8e:57:3f:bd:2c:aa:38:59:35:68:56:f1:
         3e:6d:d6:5a:89:47:0b:86:a7:fb:22:8e:65:7b:ab:1f:4c:b6:
         7c:1a:78:e9
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICAfIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjkwOTAxMTAvBgNVBAUTKDczMkFFREE0MUMzRUIxRjZBRDk5NDM0MjIxNzBGRTdD
MDI0OUU1QjQwHhcNMjMwOTA5MDIzMzI1WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGZiZDk3NS1kNDAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAno8utdWpvX2iCMjtpOJLJzEEFiRLx3NnrzSQup2nV98c6LPjILZwEdEY0AA2
rip0FsEY9pe5wZfL7PAKUc9+g9750/KvCkc+4w9rcGp6d3ZSnB7mjgwhjKJDh9SP
Am8IX4kVxjIKfuP4WkiIbPz/dDqBE5QDRymNTRtJChxCOcvAToEKsCR/jO6FgVWr
NcYnBD4JhQmHNXf1ZGFXA95UZHsPXKgLGgBV19loGQLIc8I2sihTXjcjXitWvyCk
Q1pziqwflqba/jFptynYp7ehEHGafqqaota8jGdqxi7akz638NZoT133fhzy8Jon
5QFNB+wVggvI5WngRkSiUavGtwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFERvsuSd
fis7btl1WN2MBCmtcpugMB8GA1UdIwQYMBaAFHMq7aQcPrH2rZlDQiFw/nwCSeW0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGOTA5MC9GNTJFOUEyMEM1
MzYxMUVDOTM5NzhFMjlDNEY5QUUwMi9jeXJ0cEJ3LXNmYXRtVU5DSVhELWZBSko1
YlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2N5cnRwQnctc2ZhdG1VTkNJWEQtZkFKSjViUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjkwOTAvRjUyRTlBMjBDNTM2MTFFQzkzOTc4RTI5QzRGOUFFMDIvMzU2M0E5MDZD
NkNCMTFFQ0IxODVFNDNFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIr8iwDBAJnJfgwDQYJKoZIhvcNAQELBQADggEBAHGR3hGs
CsZjrxIdb54Z9JAM245Ny8FdTbe90Oa1OsDzb/oSRaoj2k9rU4HApJ7lshj0TY/b
b/jgy7IOqjQMICp87+pfNJIzvHoQvg1FguXG31ijf84/QtFffvlYUGLIDyK1WBsc
Yqkm2F4DkKlGSWD+zehV3LTVJIWk5VkWt/so9ak7HyEIW+RSyVOwMw7NgS0CCvPD
xLu0ubR0LjZbEuOh6DWUFMi/0YYitfEQgBLfeQpNI0JgWjQ13xGhFticVGfkpaLO
2LDtb28X/Qxm5qUOo7GWqF/m80N5BIqJr45XP70sqjhZNWhW8T5t1lqJRwuGp/si
jmV7qx9MtnwaeOk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:39 2024 by rpki-client on console-ams.rpki-client.org