Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916C128/664A9BCAFA6D11E3B6AC23505911EA32/49BE5EECF0EC11EB9D0B176AC4F9AE02.roa
File:                     49BE5EECF0EC11EB9D0B176AC4F9AE02.roa (raw, json)
Hash identifier:          jLpNP8QrfOAvK7FAwIsMXSiSqr2mn1Is6WmDe23th1I=
Subject key identifier:   13:20:19:14:9C:06:51:BB:28:AB:13:A3:29:83:2B:53:93:21:4F:BA
Certificate issuer:       /CN=A916C128/serialNumber=B5642732265D40BF75CA94A9EC8119211C1B9B32
Certificate serial:       291B
Authority key identifier: B5:64:27:32:26:5D:40:BF:75:CA:94:A9:EC:81:19:21:1C:1B:9B:32
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tWQnMiZdQL91ypSp7IEZIRwbmzI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916C128/664A9BCAFA6D11E3B6AC23505911EA32/49BE5EECF0EC11EB9D0B176AC4F9AE02.roa
Signing time:             Tue 07 Jun 2022 04:22:32 +0000
ROA not before:           Tue 07 Jun 2022 04:22:31 +0000
ROA not after:            Sun 30 Jul 2023 00:00:00 +0000
asID:                     58443
IP address blocks:        103.227.30.0/23 maxlen: 24
                          103.248.191.0/24 maxlen: 24
                          103.255.248.0/24 maxlen: 24
                          103.255.249.0/24 maxlen: 24
                          2400:7180:1::/48 maxlen: 48
                          2400:7180:5::/48 maxlen: 48
                          2400:7180:a::/48 maxlen: 48
                          2400:7180:110::/48 maxlen: 48
                          2400:7180:111::/48 maxlen: 48
                          2400:7180:120::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10523 (0x291b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916C128/serialNumber=B5642732265D40BF75CA94A9EC8119211C1B9B32
        Validity
            Not Before: Jun  7 04:22:31 2022 GMT
            Not After : Jul 30 00:00:00 2023 GMT
        Subject: CN=629ed287-24b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fb:d1:ec:12:0c:41:d6:f6:5c:26:df:c9:6e:
                    2a:b4:f5:ea:71:c5:51:7b:ec:ce:19:b5:6b:7e:8b:
                    09:b2:26:cc:07:92:7f:69:55:eb:aa:09:f2:e1:29:
                    25:66:7b:94:d6:31:e2:cb:72:b9:13:af:c8:bf:93:
                    64:44:42:4e:be:06:13:07:38:27:15:bd:d8:dc:af:
                    e6:08:04:39:3d:05:48:2c:67:2b:98:44:f6:74:b3:
                    31:6c:a3:a0:4d:56:d3:41:3d:0a:54:00:d0:86:95:
                    df:4c:6f:09:17:68:86:3c:33:06:24:25:d2:fd:e1:
                    14:b4:76:6d:33:fe:98:27:6b:57:67:46:72:ea:19:
                    4a:85:35:ec:ba:4d:a9:49:36:38:03:cb:e4:37:18:
                    18:04:e3:a6:ec:1e:53:4d:7d:04:9b:7d:03:e7:1f:
                    f7:f9:d0:28:67:68:68:52:ea:16:c1:67:ae:0c:ff:
                    a7:59:51:31:c4:c3:7c:06:8e:ca:61:4c:30:19:9a:
                    04:36:9d:cf:c7:55:20:60:71:18:ab:98:3e:fa:7c:
                    e1:82:d3:f8:4b:14:a0:f2:07:c2:c4:7d:9c:d9:49:
                    a6:ef:53:a9:b0:6d:ef:c2:af:a4:62:7c:fa:a8:0a:
                    fa:bc:42:14:95:03:e3:16:15:9a:3c:1c:7d:9f:ac:
                    ac:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:20:19:14:9C:06:51:BB:28:AB:13:A3:29:83:2B:53:93:21:4F:BA
            X509v3 Authority Key Identifier:
                keyid:B5:64:27:32:26:5D:40:BF:75:CA:94:A9:EC:81:19:21:1C:1B:9B:32

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916C128/664A9BCAFA6D11E3B6AC23505911EA32/tWQnMiZdQL91ypSp7IEZIRwbmzI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tWQnMiZdQL91ypSp7IEZIRwbmzI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916C128/664A9BCAFA6D11E3B6AC23505911EA32/49BE5EECF0EC11EB9D0B176AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.227.30.0/23
                  103.248.191.0/24
                  103.255.248.0/23
                IPv6:
                  2400:7180:1::/48
                  2400:7180:5::/48
                  2400:7180:a::/48
                  2400:7180:110::/47
                  2400:7180:120::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:98:45:a5:31:0b:b3:68:9c:46:99:7d:46:cc:69:24:c3:b7:
         72:e0:40:77:09:7a:33:f4:d9:96:49:d1:d9:86:0f:3d:1e:b9:
         a4:e2:ce:6f:3b:36:43:76:7c:f7:b3:51:17:fb:ff:67:8a:53:
         22:9d:31:74:e1:75:57:da:59:30:e9:e7:c9:1a:7c:6e:5c:4b:
         ea:58:b4:65:37:fb:66:6c:8a:d7:08:97:34:12:7a:cf:48:07:
         26:8c:91:ab:b1:17:33:64:a3:27:08:0f:33:8b:66:ed:6d:c7:
         9e:ec:fd:48:f2:be:e5:ba:8d:7c:92:84:a3:26:1e:f4:a6:a8:
         b1:40:d9:ac:62:56:2f:40:ba:70:a0:f5:8d:c6:66:e3:0d:e1:
         41:45:35:0c:16:3a:82:de:ec:f8:76:83:9e:0d:4d:54:79:ad:
         36:16:27:47:9e:b7:86:15:d2:c5:85:52:e4:5e:c3:8e:2f:ca:
         bf:97:49:50:d7:80:e1:53:ac:09:02:0c:dd:9e:fc:5a:97:d9:
         d6:32:1c:0d:07:bd:98:33:0d:78:67:ad:1c:1e:a2:38:8c:0a:
         15:67:10:71:0b:a0:fe:8e:f6:f4:31:89:83:c6:36:2a:7b:61:
         81:79:9b:ce:d5:8f:d4:de:90:b6:b6:a6:e8:dc:3a:a5:b2:e1:
         71:65:e8:be
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgICKRswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkMxMjgxMTAvBgNVBAUTKEI1NjQyNzMyMjY1RDQwQkY3NUNBOTRBOUVDODExOTIx
MUMxQjlCMzIwHhcNMjIwNjA3MDQyMjMxWhcNMjMwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjllZDI4Ny0yNGIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw/vR7BIMQdb2XCbfyW4qtPXqccVRe+zOGbVrfosJsibMB5J/aVXrqgny4Skl
ZnuU1jHiy3K5E6/Iv5NkREJOvgYTBzgnFb3Y3K/mCAQ5PQVILGcrmET2dLMxbKOg
TVbTQT0KVADQhpXfTG8JF2iGPDMGJCXS/eEUtHZtM/6YJ2tXZ0Zy6hlKhTXsuk2p
STY4A8vkNxgYBOOm7B5TTX0Em30D5x/3+dAoZ2hoUuoWwWeuDP+nWVExxMN8Bo7K
YUwwGZoENp3Px1UgYHEYq5g++nzhgtP4SxSg8gfCxH2c2Umm71OpsG3vwq+kYnz6
qAr6vEIUlQPjFhWaPBx9n6yswQIDAQABo4IC1jCCAtIwHQYDVR0OBBYEFBMgGRSc
BlG7KKsToymDK1OTIU+6MB8GA1UdIwQYMBaAFLVkJzImXUC/dcqUqeyBGSEcG5sy
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QzEyOC82NjRBOUJDQUZB
NkQxMUUzQjZBQzIzNTA1OTExRUEzMi90V1FuTWlaZFFMOTF5cFNwN0lFWklSd2Jt
ekkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3RXUW5NaVpkUUw5MXlwU3A3SUVaSVJ3Ym16SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkMxMjgvNjY0QTlCQ0FGQTZEMTFFM0I2QUMyMzUwNTkxMUVBMzIvNDlCRTVFRUNG
MEVDMTFFQjlEMEIxNzZBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYAYIKwYBBQUHAQcBAf8E
UTBPMBgEAgABMBIDBAFn4x4DBABn+L8DBAFn//gwMwQCAAIwLQMHACQAcYAAAQMH
ACQAcYAABQMHACQAcYAACgMHASQAcYABEAMHACQAcYABIDANBgkqhkiG9w0BAQsF
AAOCAQEAt5hFpTELs2icRpl9RsxpJMO3cuBAdwl6M/TZlknR2YYPPR65pOLObzs2
Q3Z897NRF/v/Z4pTIp0xdOF1V9pZMOnnyRp8blxL6li0ZTf7ZmyK1wiXNBJ6z0gH
JoyRq7EXM2SjJwgPM4tm7W3Hnuz9SPK+5bqNfJKEoyYe9KaosUDZrGJWL0C6cKD1
jcZm4w3hQUU1DBY6gt7s+HaDng1NVHmtNhYnR563hhXSxYVS5F7Dji/Kv5dJUNeA
4VOsCQIM3Z78WpfZ1jIcDQe9mDMNeGetHB6iOIwKFWcQcQug/o729DGJg8Y2Knth
gXmbztWP1N6Qtram6Nw6pbLhcWXovg==
-----END CERTIFICATE-----