Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919B0F9/1D2B5B2AD6BC11E894550D42C4F9AE02/4A71604EEFD911EDB141156BC4F9AE02.roa
File:                     4A71604EEFD911EDB141156BC4F9AE02.roa (raw, json)
Hash identifier:          Nw4CYuWH41T1WXtvYMGZTHigmhncOR97wXXkM5Vf8Kc=
Subject key identifier:   69:44:AA:66:93:5A:03:41:35:52:0F:D8:5E:62:7D:18:60:BC:2F:31
Certificate issuer:       /CN=A919B0F9/serialNumber=B92F3E588B21943ACBB805BFDF0B1944BF7CAC3B
Certificate serial:       10C7
Authority key identifier: B9:2F:3E:58:8B:21:94:3A:CB:B8:05:BF:DF:0B:19:44:BF:7C:AC:3B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uS8-WIshlDrLuAW_3wsZRL98rDs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919B0F9/1D2B5B2AD6BC11E894550D42C4F9AE02/4A71604EEFD911EDB141156BC4F9AE02.roa
Signing time:             Thu 11 May 2023 08:53:26 +0000
ROA not before:           Thu 11 May 2023 08:53:25 +0000
ROA not after:            Wed 31 Jan 2024 00:00:00 +0000
asID:                     55352
IP address blocks:        103.131.184.0/22 maxlen: 22
                          103.131.184.0/24 maxlen: 24
                          103.131.185.0/24 maxlen: 24
                          103.131.186.0/24 maxlen: 24
                          103.131.187.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4295 (0x10c7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919B0F9/serialNumber=B92F3E588B21943ACBB805BFDF0B1944BF7CAC3B
        Validity
            Not Before: May 11 08:53:25 2023 GMT
            Not After : Jan 31 00:00:00 2024 GMT
        Subject: CN=645cad05-66d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:66:d4:97:e7:75:e8:ba:69:cd:9d:fc:1a:29:
                    e6:7d:06:de:6a:a1:6d:62:0f:3f:a5:70:9e:60:50:
                    2d:0d:f6:f9:96:47:20:23:0d:0b:92:83:d8:5b:68:
                    95:66:af:44:2d:a0:a7:c9:82:73:d3:a9:58:1a:f8:
                    50:7d:70:7c:65:13:1f:de:59:b4:f6:4d:a8:a5:52:
                    d5:a0:a6:45:1e:97:2e:5a:8b:81:bf:4d:ef:0b:e5:
                    16:2a:53:2b:1a:7e:05:8d:36:aa:9d:4d:51:36:87:
                    37:7e:6a:e7:fb:4c:92:c5:b4:50:61:27:aa:57:59:
                    c2:26:6f:ff:a7:93:72:4b:69:71:32:04:9d:41:9a:
                    1a:b3:e6:04:3b:c5:06:d5:4a:c2:ee:08:09:47:52:
                    da:b6:84:8b:06:25:64:0f:ce:ae:b8:14:01:2d:31:
                    05:2b:5d:c0:99:6c:ea:18:18:21:af:07:a0:41:07:
                    41:8e:c2:15:91:06:4b:c6:6e:60:92:30:78:7e:ec:
                    78:6b:88:fe:9d:58:19:28:01:fa:91:07:3d:e6:da:
                    05:ce:b7:c2:6f:8b:7b:b0:45:a1:a1:d9:7a:92:d5:
                    6d:40:00:76:5c:b8:0e:2c:0e:12:5c:0e:59:32:38:
                    ee:28:5f:cb:2a:99:15:3d:11:d0:0f:89:52:b6:59:
                    db:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:44:AA:66:93:5A:03:41:35:52:0F:D8:5E:62:7D:18:60:BC:2F:31
            X509v3 Authority Key Identifier:
                keyid:B9:2F:3E:58:8B:21:94:3A:CB:B8:05:BF:DF:0B:19:44:BF:7C:AC:3B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919B0F9/1D2B5B2AD6BC11E894550D42C4F9AE02/uS8-WIshlDrLuAW_3wsZRL98rDs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uS8-WIshlDrLuAW_3wsZRL98rDs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919B0F9/1D2B5B2AD6BC11E894550D42C4F9AE02/4A71604EEFD911EDB141156BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.131.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:81:bc:e3:95:5f:d7:fa:f4:d2:29:86:dc:8a:12:64:f4:b8:
         f7:c0:56:6c:db:11:a4:c2:fe:5d:86:a3:5c:5d:16:da:76:8e:
         1e:cd:53:9b:60:d9:cf:55:95:f4:81:3d:fc:ca:57:34:4e:71:
         cb:3b:d1:2c:96:03:fc:c6:0b:39:07:9b:e1:ad:bc:bd:fc:91:
         e3:2f:4f:1e:3d:e7:d1:c7:66:a9:de:df:aa:6b:f2:3c:a7:84:
         2b:a8:65:37:da:21:8a:04:19:c9:84:0b:05:9f:68:56:ad:83:
         87:8a:3a:8f:38:bc:b1:73:5b:ec:24:ef:0b:65:3a:4f:19:d4:
         10:76:bb:d8:2f:8c:6d:3f:d1:6e:11:7d:5c:ab:c8:84:e0:21:
         f7:5a:e5:22:44:a5:5e:ed:50:2e:f3:6b:be:f3:c4:7b:c6:80:
         c5:bf:8e:76:83:9d:91:4b:ab:8d:80:85:0b:e1:17:c5:a6:92:
         83:72:b3:21:d1:64:30:da:00:d2:f4:24:ea:9b:c8:a5:50:94:
         54:63:4f:55:04:d3:85:7b:03:ab:e1:4e:99:84:d3:de:9f:46:
         78:7e:55:ab:c1:c4:c2:00:50:45:8e:b6:77:42:e1:6a:6e:f6:
         e9:d6:88:d4:e8:35:b6:ca:e2:e7:95:f8:9e:dd:26:90:4a:0b:
         45:05:61:de
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICEMcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUIwRjkxMTAvBgNVBAUTKEI5MkYzRTU4OEIyMTk0M0FDQkI4MDVCRkRGMEIxOTQ0
QkY3Q0FDM0IwHhcNMjMwNTExMDg1MzI1WhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDVjYWQwNS02NmQzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvmbUl+d16LppzZ38GinmfQbeaqFtYg8/pXCeYFAtDfb5lkcgIw0LkoPYW2iV
Zq9ELaCnyYJz06lYGvhQfXB8ZRMf3lm09k2opVLVoKZFHpcuWouBv03vC+UWKlMr
Gn4FjTaqnU1RNoc3fmrn+0ySxbRQYSeqV1nCJm//p5NyS2lxMgSdQZoas+YEO8UG
1UrC7ggJR1LatoSLBiVkD86uuBQBLTEFK13AmWzqGBghrwegQQdBjsIVkQZLxm5g
kjB4fux4a4j+nVgZKAH6kQc95toFzrfCb4t7sEWhodl6ktVtQAB2XLgOLA4SXA5Z
MjjuKF/LKpkVPRHQD4lStlnbDQIDAQABo4IClTCCApEwHQYDVR0OBBYEFGlEqmaT
WgNBNVIP2F5ifRhgvC8xMB8GA1UdIwQYMBaAFLkvPliLIZQ6y7gFv98LGUS/fKw7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QjBGOS8xRDJCNUIyQUQ2
QkMxMUU4OTQ1NTBENDJDNEY5QUUwMi91UzgtV0lzaGxEckx1QVdfM3dzWlJMOThy
RHMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3VTOC1XSXNobERyTHVBV18zd3NaUkw5OHJEcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUIwRjkvMUQyQjVCMkFENkJDMTFFODk0NTUwRDQyQzRGOUFFMDIvNEE3MTYwNEVF
RkQ5MTFFREIxNDExNTZCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJng7gwDQYJKoZIhvcNAQELBQADggEBAGKBvOOVX9f69NIp
htyKEmT0uPfAVmzbEaTC/l2Go1xdFtp2jh7NU5tg2c9VlfSBPfzKVzROccs70SyW
A/zGCzkHm+GtvL38keMvTx4959HHZqne36pr8jynhCuoZTfaIYoEGcmECwWfaFat
g4eKOo84vLFzW+wk7wtlOk8Z1BB2u9gvjG0/0W4RfVyryITgIfda5SJEpV7tUC7z
a77zxHvGgMW/jnaDnZFLq42AhQvhF8WmkoNysyHRZDDaANL0JOqbyKVQlFRjT1UE
04V7A6vhTpmE096fRnh+VavBxMIAUEWOtndC4Wpu9unWiNToNbbK4ueV+J7dJpBK
C0UFYd4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:48 2024 by rpki-client on console-ams.rpki-client.org