Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/27D8588C6D2E11ECAE06BC14C4F9AE02.roa
File:                     27D8588C6D2E11ECAE06BC14C4F9AE02.roa (raw, json)
Hash identifier:          /s5HMQe22CrktISjV43DMYHEFOTV6QUMZclPfhXoL5Q=
Subject key identifier:   86:D5:0B:79:C0:7A:AB:08:E0:CA:95:D1:CD:F5:E6:F4:1E:C4:A8:33
Certificate issuer:       /CN=A918D808/serialNumber=0725F2491801505185C9069A4013635C38B56B72
Certificate serial:       02C1
Authority key identifier: 07:25:F2:49:18:01:50:51:85:C9:06:9A:40:13:63:5C:38:B5:6B:72
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ByXySRgBUFGFyQaaQBNjXDi1a3I.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/27D8588C6D2E11ECAE06BC14C4F9AE02.roa
Signing time:             Tue 04 Jan 2022 07:15:55 +0000
ROA not before:           Tue 04 Jan 2022 07:15:55 +0000
ROA not after:            Tue 31 Jan 2023 00:00:00 +0000
asID:                     206264
IP address blocks:        103.104.142.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 705 (0x2c1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918D808/serialNumber=0725F2491801505185C9069A4013635C38B56B72
        Validity
            Not Before: Jan  4 07:15:55 2022 GMT
            Not After : Jan 31 00:00:00 2023 GMT
        Subject: CN=61d3f42a-bfef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c7:75:a3:2c:23:81:d8:92:85:aa:a7:1b:c6:
                    1b:23:1f:23:78:d0:87:00:76:e2:25:05:3b:8f:07:
                    b6:27:21:f7:50:c2:20:65:33:4f:5c:ff:97:c4:a3:
                    5f:d0:18:c2:3f:da:83:f6:c0:3f:6e:7e:7e:18:32:
                    4a:3c:6a:87:89:db:4f:ff:a1:96:de:89:de:ea:1f:
                    e5:e2:66:20:8d:f6:f5:ad:d6:2d:29:93:f8:8d:67:
                    c6:d3:af:d4:cc:91:e2:8d:4d:6f:04:f6:93:3d:ea:
                    71:3b:39:12:94:8a:e5:b3:86:2e:ec:a6:2f:c5:98:
                    b0:49:89:47:61:de:54:58:43:48:f8:f5:cd:84:8a:
                    6c:ec:45:a5:0e:1f:ef:9c:c6:77:32:49:19:98:d7:
                    72:35:81:83:43:e1:6a:c8:f8:1e:ed:4f:bd:08:f2:
                    5e:21:fc:10:4b:d3:88:09:b2:3e:72:f3:bb:12:63:
                    03:1e:ca:b3:7e:59:c8:11:ed:fe:12:16:4d:56:80:
                    4d:cd:9e:4b:cd:e7:1f:79:41:40:fa:fd:14:bb:c5:
                    57:5d:51:11:3d:f9:7e:6b:7b:bf:05:9f:b8:e6:ba:
                    04:39:a8:df:aa:d6:51:aa:c7:72:9f:45:55:b7:d7:
                    ae:95:a3:26:48:eb:82:bd:e2:b5:e3:6c:80:d8:70:
                    fe:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:D5:0B:79:C0:7A:AB:08:E0:CA:95:D1:CD:F5:E6:F4:1E:C4:A8:33
            X509v3 Authority Key Identifier:
                keyid:07:25:F2:49:18:01:50:51:85:C9:06:9A:40:13:63:5C:38:B5:6B:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/ByXySRgBUFGFyQaaQBNjXDi1a3I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ByXySRgBUFGFyQaaQBNjXDi1a3I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918D808/E26B4642F4B211E9BF3CE563C4F9AE02/27D8588C6D2E11ECAE06BC14C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.104.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:00:d8:24:aa:d7:11:6b:c9:02:9c:be:e3:75:0e:16:51:c9:
         2d:6b:f5:44:7e:1d:41:95:9d:14:1d:90:ba:81:f5:82:e8:e4:
         03:d3:e5:42:76:c8:5b:a5:df:cc:36:05:02:c6:c7:3d:70:ef:
         43:c4:ba:a1:dd:be:36:29:d0:11:ac:88:a6:a8:fa:3a:da:80:
         b1:3d:31:e1:a7:08:06:b1:67:da:df:4f:bf:07:92:ee:f4:40:
         c3:56:87:56:e3:76:7c:54:da:ca:2b:50:f9:51:85:b3:91:18:
         80:a5:f8:5c:ea:10:85:ba:e1:8b:97:a6:d7:9c:35:0e:df:d9:
         13:71:a3:bb:b2:b6:c1:7e:a4:77:19:ae:73:f0:bd:76:8d:f6:
         05:b3:98:e4:18:bd:f2:cf:32:19:7f:30:46:9e:df:38:02:ee:
         6c:fb:f0:1c:c9:04:4f:49:ca:88:66:eb:ae:93:85:62:08:c8:
         73:c7:b5:33:fe:08:a9:66:85:bd:8a:b2:98:11:b0:a1:d5:3a:
         72:2c:82:c4:51:7d:b3:3e:fb:d2:e9:5b:a2:5c:40:d6:de:d4:
         b8:53:48:6c:2c:ad:49:14:05:48:75:55:fb:ef:d4:9f:d6:fe:
         80:eb:fa:e5:0c:23:c7:1f:7f:3e:54:34:de:59:9d:a9:3e:d4:
         1a:2c:95:db
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAsEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEQ4MDgxMTAvBgNVBAUTKDA3MjVGMjQ5MTgwMTUwNTE4NUM5MDY5QTQwMTM2MzVD
MzhCNTZCNzIwHhcNMjIwMTA0MDcxNTU1WhcNMjMwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWQzZjQyYS1iZmVmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArcd1oywjgdiShaqnG8YbIx8jeNCHAHbiJQU7jwe2JyH3UMIgZTNPXP+XxKNf
0BjCP9qD9sA/bn5+GDJKPGqHidtP/6GW3one6h/l4mYgjfb1rdYtKZP4jWfG06/U
zJHijU1vBPaTPepxOzkSlIrls4Yu7KYvxZiwSYlHYd5UWENI+PXNhIps7EWlDh/v
nMZ3MkkZmNdyNYGDQ+FqyPge7U+9CPJeIfwQS9OICbI+cvO7EmMDHsqzflnIEe3+
EhZNVoBNzZ5LzecfeUFA+v0Uu8VXXVERPfl+a3u/BZ+45roEOajfqtZRqsdyn0VV
t9eulaMmSOuCveK142yA2HD+PQIDAQABo4IClTCCApEwHQYDVR0OBBYEFIbVC3nA
eqsI4MqV0c315vQexKgzMB8GA1UdIwQYMBaAFAcl8kkYAVBRhckGmkATY1w4tWty
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RDgwOC9FMjZCNDY0MkY0
QjIxMUU5QkYzQ0U1NjNDNEY5QUUwMi9CeVh5U1JnQlVGR0Z5UWFhUUJOalhEaTFh
M0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0J5WHlTUmdCVUZHRnlRYWFRQk5qWERpMWEzSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEQ4MDgvRTI2QjQ2NDJGNEIyMTFFOUJGM0NFNTYzQzRGOUFFMDIvMjdEODU4OEM2
RDJFMTFFQ0FFMDZCQzE0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnaI4wDQYJKoZIhvcNAQELBQADggEBAAsA2CSq1xFryQKc
vuN1DhZRyS1r9UR+HUGVnRQdkLqB9YLo5APT5UJ2yFul38w2BQLGxz1w70PEuqHd
vjYp0BGsiKao+jragLE9MeGnCAaxZ9rfT78Hku70QMNWh1bjdnxU2sorUPlRhbOR
GICl+FzqEIW64YuXptecNQ7f2RNxo7uytsF+pHcZrnPwvXaN9gWzmOQYvfLPMhl/
MEae3zgC7mz78BzJBE9Jyohm666ThWIIyHPHtTP+CKlmhb2KspgRsKHVOnIsgsRR
fbM++9LpW6JcQNbe1LhTSGwsrUkUBUh1Vfvv1J/W/oDr+uUMI8cffz5UNN5Znak+
1Boslds=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:15 2024 by rpki-client on console-fra.rpki-client.org