Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/2F839B92E42911ECB166E076C4F9AE02.roa
File:                     2F839B92E42911ECB166E076C4F9AE02.roa (raw, json)
Hash identifier:          S4Um+r48RIj0nr2hggHSfLOaaO2Nlc7yXN7HR4pUeJ8=
Subject key identifier:   32:0E:A1:BD:90:32:22:0B:AC:F4:89:A7:B0:CA:0B:D7:1C:A8:1B:51
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3B0F
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/2F839B92E42911ECB166E076C4F9AE02.roa
Signing time:             Sun 05 Jun 2022 03:40:09 +0000
ROA not before:           Sun 05 Jun 2022 03:40:09 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15119 (0x3b0f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Jun  5 03:40:09 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=629c2599-b25c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a3:50:2d:53:74:5c:22:07:57:ba:2c:4b:69:
                    9a:07:4b:be:6a:69:47:b3:b7:fd:2c:00:0c:f0:0a:
                    95:74:73:9f:e2:f7:ab:db:ee:59:78:f9:d2:60:de:
                    ce:8f:46:bd:e1:3c:19:aa:f8:bf:1d:5a:b1:a3:b2:
                    0a:df:32:d9:c1:53:ff:5f:86:86:3b:eb:16:ae:11:
                    8f:14:a8:e4:50:74:f0:06:dc:7c:f0:77:b7:ba:aa:
                    44:39:7b:e9:e1:a0:9d:44:85:22:19:ee:aa:a0:61:
                    d5:b8:d4:c1:b6:4f:04:c0:2d:73:46:5e:10:c8:fe:
                    24:85:85:6e:16:3e:8d:ca:74:07:41:ff:27:a7:e3:
                    f6:0d:7b:f8:91:25:a3:8b:63:47:6f:6a:df:b6:b3:
                    2b:16:90:8d:3b:50:4a:b8:2d:ac:ad:ad:d6:22:e5:
                    b9:73:b9:3a:d6:41:83:20:8a:4b:58:d6:b8:cd:73:
                    1e:1f:1d:70:80:3e:66:dc:e6:f7:18:5a:96:df:f0:
                    f0:22:29:c1:ad:b6:46:e5:1c:e4:2b:c7:10:32:76:
                    37:ea:81:6e:98:3f:aa:71:07:f7:86:80:6d:11:34:
                    f8:8e:8e:de:fb:fc:4d:98:4a:9f:79:d9:09:e9:68:
                    8e:ce:b8:66:f3:ab:20:94:f1:67:88:74:22:1c:ec:
                    2b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:0E:A1:BD:90:32:22:0B:AC:F4:89:A7:B0:CA:0B:D7:1C:A8:1B:51
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/2F839B92E42911ECB166E076C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         9c:e4:68:67:ad:78:92:15:e3:75:7d:1c:e8:2a:b2:be:b8:70:
         4a:89:ce:16:6d:8b:de:de:86:bc:72:99:7c:ed:de:a2:a4:0c:
         6f:af:85:ad:5b:4b:21:5b:d1:2f:1b:fa:3a:30:15:d8:15:ef:
         88:c6:3d:45:d9:4f:70:3c:20:2f:3d:77:0d:bd:13:2b:1e:58:
         d2:fa:05:f6:ad:43:75:0b:f8:03:e1:78:ab:93:e8:2f:eb:44:
         16:4d:d5:61:23:3f:42:bf:04:40:43:54:13:c1:6b:3e:de:cb:
         18:08:b4:ca:d1:9b:08:b6:55:13:5f:99:63:b8:c4:bb:1e:e5:
         86:4e:63:06:1c:a6:98:5b:02:e7:ee:6c:00:7a:9c:07:17:7e:
         94:dc:06:cf:6d:31:07:30:38:16:d4:5e:5d:89:68:93:aa:3d:
         9c:99:4b:35:d5:c2:ef:79:24:62:19:7f:92:3c:78:52:06:6e:
         49:4e:81:6d:1a:42:d8:fc:09:a9:db:7d:c5:12:8a:1a:d8:66:
         e3:06:90:b2:a7:f5:47:26:d9:a2:79:06:b2:8f:dd:db:58:56:
         33:f6:02:f7:26:0c:93:77:9d:90:b3:1a:d1:69:cf:6d:0f:5f:
         9c:e1:9f:db:4f:55:08:89:7a:32:5a:2a:2e:88:d9:89:7d:60:
         d6:06:84:fa
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICOw8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwNjA1MDM0MDA5WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjljMjU5OS1iMjVjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArqNQLVN0XCIHV7osS2maB0u+amlHs7f9LAAM8AqVdHOf4ver2+5ZePnSYN7O
j0a94TwZqvi/HVqxo7IK3zLZwVP/X4aGO+sWrhGPFKjkUHTwBtx88He3uqpEOXvp
4aCdRIUiGe6qoGHVuNTBtk8EwC1zRl4QyP4khYVuFj6NynQHQf8np+P2DXv4kSWj
i2NHb2rftrMrFpCNO1BKuC2sra3WIuW5c7k61kGDIIpLWNa4zXMeHx1wgD5m3Ob3
GFqW3/DwIinBrbZG5RzkK8cQMnY36oFumD+qcQf3hoBtETT4jo7e+/xNmEqfedkJ
6WiOzrhm86sglPFniHQiHOwryQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFDIOob2Q
MiILrPSJp7DKC9ccqBtRMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvMkY4MzlCOTJF
NDI5MTFFQ0IxNjZFMDc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAnORoZ614khXjdX0c6CqyvrhwSonOFm2L3t6GvHKZfO3eoqQMb6+FrVtL
IVvRLxv6OjAV2BXviMY9RdlPcDwgLz13Db0TKx5Y0voF9q1DdQv4A+F4q5PoL+tE
Fk3VYSM/Qr8EQENUE8FrPt7LGAi0ytGbCLZVE1+ZY7jEux7lhk5jBhymmFsC5+5s
AHqcBxd+lNwGz20xBzA4FtReXYlok6o9nJlLNdXC73kkYhl/kjx4UgZuSU6BbRpC
2PwJqdt9xRKKGthm4waQsqf1RybZonkGso/d21hWM/YC9yYMk3edkLMa0WnPbQ9f
nOGf209VCIl6MloqLojZiX1g1gaE+g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org