Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91659DB/235F9444C7B511E987F3F62CC4F9AE02/56673008C7B611E98F7B612FC4F9AE02.roa
File:                     56673008C7B611E98F7B612FC4F9AE02.roa (raw, json)
Hash identifier:          78/4cqP9nmcp5VQpofcUSXlTJWv6MkZsGyaTmm5letU=
Subject key identifier:   0B:6F:1F:7A:F6:61:0E:EE:76:8F:B7:F9:BA:05:C2:52:09:04:0C:73
Certificate issuer:       /CN=A91659DB/serialNumber=6E439C6E13B7108E00A6E51B8BBE162953A0EA2B
Certificate serial:       0C23
Authority key identifier: 6E:43:9C:6E:13:B7:10:8E:00:A6:E5:1B:8B:BE:16:29:53:A0:EA:2B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bkOcbhO3EI4ApuUbi74WKVOg6is.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91659DB/235F9444C7B511E987F3F62CC4F9AE02/56673008C7B611E98F7B612FC4F9AE02.roa
Signing time:             Wed 26 Jul 2023 18:35:47 +0000
ROA not before:           Wed 26 Jul 2023 18:35:47 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     58511
IP address blocks:        103.95.176.0/22 maxlen: 22
                          113.212.72.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3107 (0xc23)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91659DB/serialNumber=6E439C6E13B7108E00A6E51B8BBE162953A0EA2B
        Validity
            Not Before: Jul 26 18:35:47 2023 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=64c16783-fd3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3e:4a:29:27:4a:ee:19:71:6e:c7:aa:b6:a7:
                    9f:4b:e0:7a:94:f2:a9:74:e1:89:2d:d3:b9:3e:17:
                    f2:c9:71:12:41:bd:5e:8c:bf:4b:9d:d3:aa:45:34:
                    a1:de:55:83:c4:78:20:a1:08:9f:22:7d:28:a4:f4:
                    27:c3:ab:d1:ae:15:dc:d7:ce:0f:e1:26:6c:a2:a5:
                    45:8f:54:02:e2:a5:d4:ad:27:99:c0:db:05:f8:bb:
                    f2:a7:2c:8b:84:cc:ca:da:53:49:2c:63:29:41:0a:
                    52:16:c1:66:8b:22:08:d2:2e:0e:ac:48:6b:20:44:
                    dd:d5:0b:76:96:15:7b:fa:70:15:7b:ab:a4:3b:9e:
                    92:1d:37:34:8c:ec:26:5c:20:ea:5a:b2:28:f1:34:
                    01:17:2d:ac:f6:e1:2c:30:a8:9e:07:8a:d6:3d:2a:
                    a4:d1:61:4f:de:28:06:e1:89:22:31:f6:a7:c9:0c:
                    8b:e7:75:fe:51:00:f6:69:51:39:da:e0:07:0e:a4:
                    db:73:64:83:d0:6f:f7:75:ed:fb:9d:66:df:7f:71:
                    4d:2e:4a:5b:6c:e9:34:6e:45:2c:60:f7:ac:a0:bb:
                    3e:d1:f1:40:99:b3:ae:20:1e:5b:4e:25:b6:3e:f3:
                    83:f4:dd:f6:59:04:16:d4:1f:57:8a:ca:8f:da:71:
                    ff:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:6F:1F:7A:F6:61:0E:EE:76:8F:B7:F9:BA:05:C2:52:09:04:0C:73
            X509v3 Authority Key Identifier:
                keyid:6E:43:9C:6E:13:B7:10:8E:00:A6:E5:1B:8B:BE:16:29:53:A0:EA:2B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91659DB/235F9444C7B511E987F3F62CC4F9AE02/bkOcbhO3EI4ApuUbi74WKVOg6is.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bkOcbhO3EI4ApuUbi74WKVOg6is.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91659DB/235F9444C7B511E987F3F62CC4F9AE02/56673008C7B611E98F7B612FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.95.176.0/22
                  113.212.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:0c:a3:c4:44:a0:c7:e0:f2:ea:b8:90:f9:00:2f:34:49:98:
         d3:d8:65:cb:33:b3:c7:c6:55:3e:a7:28:78:1a:8f:1d:16:97:
         ee:25:fc:39:74:88:29:aa:e6:5b:6a:bd:94:7e:38:91:53:4b:
         55:fa:a6:ba:ec:fc:63:40:35:91:f2:2e:cd:d2:9a:9d:60:77:
         15:c3:a3:ef:d1:e1:b8:bb:54:10:45:ba:86:d8:6d:48:23:aa:
         d5:98:12:ec:f1:6e:af:2f:5c:8a:7b:51:37:0a:b7:52:d2:9b:
         1c:c6:50:06:5c:63:a7:04:c6:a2:b1:68:53:ee:74:9d:2e:bb:
         32:81:3b:ec:17:81:82:e9:ef:54:ca:2f:cc:41:95:0e:43:ea:
         47:80:e8:80:c8:c7:27:12:dc:92:d7:a0:d2:de:7b:92:c4:c4:
         19:f0:48:52:a7:08:91:fa:a0:58:20:9a:f4:0d:85:b5:c6:09:
         c5:33:d6:7c:2c:72:ec:76:45:6f:b0:58:58:50:fc:e1:28:e6:
         c6:07:b3:fd:2e:94:26:d4:84:90:40:d1:d4:13:73:30:d6:c5:
         0c:f6:6c:04:b5:43:6b:f2:67:fd:6c:29:2e:9f:7b:f5:8c:e2:
         35:55:48:31:b5:55:3e:e5:c3:0f:60:44:c2:29:20:8f:ae:6d:
         36:5e:c5:c8
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICDCMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjU5REIxMTAvBgNVBAUTKDZFNDM5QzZFMTNCNzEwOEUwMEE2RTUxQjhCQkUxNjI5
NTNBMEVBMkIwHhcNMjMwNzI2MTgzNTQ3WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGMxNjc4My1mZDNkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArD5KKSdK7hlxbseqtqefS+B6lPKpdOGJLdO5PhfyyXESQb1ejL9LndOqRTSh
3lWDxHggoQifIn0opPQnw6vRrhXc184P4SZsoqVFj1QC4qXUrSeZwNsF+LvypyyL
hMzK2lNJLGMpQQpSFsFmiyII0i4OrEhrIETd1Qt2lhV7+nAVe6ukO56SHTc0jOwm
XCDqWrIo8TQBFy2s9uEsMKieB4rWPSqk0WFP3igG4YkiMfanyQyL53X+UQD2aVE5
2uAHDqTbc2SD0G/3de37nWbff3FNLkpbbOk0bkUsYPesoLs+0fFAmbOuIB5bTiW2
PvOD9N32WQQW1B9XisqP2nH/EwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFAtvH3r2
YQ7udo+3+boFwlIJBAxzMB8GA1UdIwQYMBaAFG5DnG4TtxCOAKblG4u+FilToOor
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2NTlEQi8yMzVGOTQ0NEM3
QjUxMUU5ODdGM0Y2MkNDNEY5QUUwMi9ia09jYmhPM0VJNEFwdVViaTc0V0tWT2c2
aXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JrT2NiaE8zRUk0QXB1VWJpNzRXS1ZPZzZpcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjU5REIvMjM1Rjk0NDRDN0I1MTFFOTg3RjNGNjJDQzRGOUFFMDIvNTY2NzMwMDhD
N0I2MTFFOThGN0I2MTJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAJnX7ADBAJx1EgwDQYJKoZIhvcNAQELBQADggEBAIkMo8RE
oMfg8uq4kPkALzRJmNPYZcszs8fGVT6nKHgajx0Wl+4l/Dl0iCmq5ltqvZR+OJFT
S1X6prrs/GNANZHyLs3Smp1gdxXDo+/R4bi7VBBFuobYbUgjqtWYEuzxbq8vXIp7
UTcKt1LSmxzGUAZcY6cExqKxaFPudJ0uuzKBO+wXgYLp71TKL8xBlQ5D6keA6IDI
xycS3JLXoNLee5LExBnwSFKnCJH6oFggmvQNhbXGCcUz1nwscux2RW+wWFhQ/OEo
5sYHs/0ulCbUhJBA0dQTczDWxQz2bAS1Q2vyZ/1sKS6fe/WM4jVVSDG1VT7lww9g
RMIpII+ubTZexcg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:19 2024 by rpki-client on console-ams.rpki-client.org