Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/C78A8DC84E9011EFAE612740C4F9AE02.roa
File:                     C78A8DC84E9011EFAE612740C4F9AE02.roa (raw, json)
Hash identifier:          W+mbtVm2POoobU2t9bsSRW0Nl2YnIbDLWv/W8S/aZ7s=
Subject key identifier:   54:CB:22:5E:99:A1:2A:15:2E:3F:00:52:C3:5C:BD:F7:A4:50:78:A2
Certificate issuer:       /CN=A91262CA/serialNumber=77A201C58EB3B4208C91BA7ECED936E595E61A19
Certificate serial:       0519
Authority key identifier: 77:A2:01:C5:8E:B3:B4:20:8C:91:BA:7E:CE:D9:36:E5:95:E6:1A:19
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d6IBxY6ztCCMkbp-ztk25ZXmGhk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/C78A8DC84E9011EFAE612740C4F9AE02.roa
Signing time:             Wed 31 Jul 2024 02:33:50 +0000
ROA not before:           Wed 31 Jul 2024 02:33:50 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     45458
IP address blocks:        202.183.236.0/23 maxlen: 23
                          202.183.239.0/24 maxlen: 24
                          203.170.186.0/24 maxlen: 24
                          203.170.187.0/24 maxlen: 24
                          203.170.206.0/24 maxlen: 24
                          203.170.207.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1305 (0x519)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91262CA
        Validity
            Not Before: Jul 31 02:33:50 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=66a9a28d-4a7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c2:f0:e8:c5:e2:26:e9:9f:30:12:d0:cf:63:
                    e5:1b:3f:e7:14:d1:75:95:3e:0f:d1:74:a5:fd:82:
                    11:89:23:85:36:ce:97:2e:c8:b3:a1:13:fb:9d:b3:
                    58:86:85:1e:a4:43:f6:03:8b:2e:e8:6c:16:cd:7b:
                    78:e9:86:8a:7f:23:ca:e9:98:19:b5:50:3c:5c:90:
                    f1:f7:1f:de:20:05:75:27:a5:a0:e1:34:d2:f9:c1:
                    ed:71:35:36:fe:e8:1b:17:50:94:16:6b:5b:7d:5b:
                    eb:95:3c:44:2e:d3:5e:5f:7a:76:62:2b:07:1d:ec:
                    14:10:ea:22:66:2b:a5:92:b3:3c:64:66:c2:be:0a:
                    88:a7:73:4f:ff:ff:46:af:bf:92:9a:76:67:f2:04:
                    47:51:ae:1b:92:13:c3:25:6b:75:ed:bd:9b:f5:81:
                    0a:18:dd:17:e2:11:b0:03:7c:c9:a1:86:89:b6:65:
                    76:52:0e:90:08:7b:f8:4f:87:dd:41:17:e8:59:ec:
                    0b:0c:c3:5b:5a:51:53:4a:c6:b6:45:0d:cf:32:18:
                    3b:79:84:8e:27:44:32:43:7b:e0:33:49:79:2d:35:
                    5e:dc:f4:9a:51:05:cd:ee:05:b0:27:29:17:f0:f8:
                    5a:a1:6d:d8:75:fa:f6:27:da:4e:15:29:9b:71:c5:
                    0a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:CB:22:5E:99:A1:2A:15:2E:3F:00:52:C3:5C:BD:F7:A4:50:78:A2
            X509v3 Authority Key Identifier:
                keyid:77:A2:01:C5:8E:B3:B4:20:8C:91:BA:7E:CE:D9:36:E5:95:E6:1A:19

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/d6IBxY6ztCCMkbp-ztk25ZXmGhk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d6IBxY6ztCCMkbp-ztk25ZXmGhk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91262CA/F5EDC7FC8A5711EC96EBC014C4F9AE02/C78A8DC84E9011EFAE612740C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.183.236.0/23
                  202.183.239.0/24
                  203.170.186.0/23
                  203.170.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:a6:75:28:22:d6:62:f3:74:0b:66:c6:11:8f:b9:ef:04:ec:
         51:81:c8:b6:67:8d:84:0f:16:c5:c1:c8:b8:f8:20:c4:cf:e3:
         69:76:32:7f:10:5f:8a:62:5d:bd:2a:0e:3c:d5:1c:22:67:39:
         55:1c:7d:af:66:70:df:ad:1e:ba:f1:86:18:44:18:74:db:cd:
         e2:3f:d9:dc:b6:75:26:d7:60:f3:4c:4b:dc:0b:bc:78:08:23:
         20:c4:d7:8a:59:0e:d9:6a:0b:ea:1c:20:86:0b:7a:5c:55:55:
         5a:b9:3e:1a:9e:90:b6:e9:aa:b6:7f:9f:27:dc:1d:b8:f4:97:
         5e:73:cb:c2:58:78:29:21:90:86:91:83:01:ea:32:bf:31:27:
         3a:38:cf:3f:7f:f2:dc:da:3c:c2:9c:be:00:cf:2e:27:23:3d:
         e6:4d:af:31:4b:28:e3:ec:c2:a8:c3:b6:76:2d:87:56:b9:eb:
         0c:da:bd:77:48:f1:e4:26:d1:c9:a1:a6:77:ab:bd:a5:56:92:
         cf:66:97:8f:11:f1:67:b9:d6:ef:62:65:5c:86:39:e3:72:e8:
         bb:29:04:0d:35:a5:2a:5d:7b:3c:7d:04:ce:ec:03:b6:a6:95:
         ee:f5:65:0b:87:0d:e8:6d:b8:61:27:b7:8f:5e:b3:45:e5:09:
         2c:00:93:38
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICBRkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjYyQ0ExMTAvBgNVBAUTKDc3QTIwMUM1OEVCM0I0MjA4QzkxQkE3RUNFRDkzNkU1
OTVFNjFBMTkwHhcNMjQwNzMxMDIzMzUwWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmE5YTI4ZC00YTdkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsMLw6MXiJumfMBLQz2PlGz/nFNF1lT4P0XSl/YIRiSOFNs6XLsizoRP7nbNY
hoUepEP2A4su6GwWzXt46YaKfyPK6ZgZtVA8XJDx9x/eIAV1J6Wg4TTS+cHtcTU2
/ugbF1CUFmtbfVvrlTxELtNeX3p2YisHHewUEOoiZiulkrM8ZGbCvgqIp3NP//9G
r7+SmnZn8gRHUa4bkhPDJWt17b2b9YEKGN0X4hGwA3zJoYaJtmV2Ug6QCHv4T4fd
QRfoWewLDMNbWlFTSsa2RQ3PMhg7eYSOJ0QyQ3vgM0l5LTVe3PSaUQXN7gWwJykX
8PhaoW3Ydfr2J9pOFSmbccUKgwIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFFTLIl6Z
oSoVLj8AUsNcvfekUHiiMB8GA1UdIwQYMBaAFHeiAcWOs7QgjJG6fs7ZNuWV5hoZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNjJDQS9GNUVEQzdGQzhB
NTcxMUVDOTZFQkMwMTRDNEY5QUUwMi9kNklCeFk2enRDQ01rYnAtenRrMjVaWG1H
aGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2Q2SUJ4WTZ6dENDTWticC16dGsyNVpYbUdoay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjYyQ0EvRjVFREM3RkM4QTU3MTFFQzk2RUJDMDE0QzRGOUFFMDIvQzc4QThEQzg0
RTkwMTFFRkFFNjEyNzQwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAHKt+wDBADKt+8DBAHLqroDBAHLqs4wDQYJKoZIhvcNAQEL
BQADggEBACWmdSgi1mLzdAtmxhGPue8E7FGByLZnjYQPFsXByLj4IMTP42l2Mn8Q
X4piXb0qDjzVHCJnOVUcfa9mcN+tHrrxhhhEGHTbzeI/2dy2dSbXYPNMS9wLvHgI
IyDE14pZDtlqC+ocIIYLelxVVVq5PhqekLbpqrZ/nyfcHbj0l15zy8JYeCkhkIaR
gwHqMr8xJzo4zz9/8tzaPMKcvgDPLicjPeZNrzFLKOPswqjDtnYth1a56wzavXdI
8eQm0cmhpnervaVWks9ml48R8We51u9iZVyGOeNy6LspBA01pSpdezx9BM7sA7am
le71ZQuHDehtuGEnt49es0XlCSwAkzg=
-----END CERTIFICATE-----