Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/31E43EC0DF7211ECA7DA532FC4F9AE02.roa
File:                     31E43EC0DF7211ECA7DA532FC4F9AE02.roa (raw, json)
Hash identifier:          RbLCjfG5+riue3+A16+M0fukbUN/9imLqXoomO6Pckw=
Subject key identifier:   A1:CC:2C:C9:11:61:A8:4A:4A:5A:DB:3D:EE:C9:1A:3A:12:B1:4E:26
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3AE5
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/31E43EC0DF7211ECA7DA532FC4F9AE02.roa
Signing time:             Mon 30 May 2022 02:40:08 +0000
ROA not before:           Mon 30 May 2022 02:40:08 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15077 (0x3ae5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: May 30 02:40:08 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=62942e88-9df5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e6:9d:b0:fa:e7:cc:08:08:8a:2e:f9:f0:4b:
                    21:2c:81:78:61:9d:fc:14:ea:de:90:7b:9a:2e:1f:
                    4d:51:ea:56:7d:84:ef:54:4e:ad:c1:6d:e6:04:22:
                    d4:ad:d6:af:af:61:87:80:17:cc:66:c1:d0:fd:4a:
                    4d:0a:20:ab:cc:c2:1a:f5:96:e7:df:ff:d5:34:19:
                    b6:06:96:0b:8c:27:26:a8:d0:d7:c1:05:00:1c:f6:
                    00:19:5e:e9:ae:ea:a2:9b:78:5d:38:e5:53:01:7e:
                    4c:c0:4e:0d:e4:88:06:56:be:49:5e:87:71:e5:1f:
                    98:87:b3:2c:c0:43:df:3c:9b:63:3a:3f:64:03:40:
                    51:7c:b2:76:d7:91:ae:88:47:f7:cb:64:77:c1:71:
                    ef:6c:1a:73:4a:0e:47:e0:36:ae:49:15:81:70:01:
                    b9:c6:57:4d:9b:59:60:0b:f6:88:49:70:e0:29:5a:
                    73:28:3a:0e:cc:64:95:92:9a:2c:66:88:a9:19:eb:
                    a9:8a:cf:e4:d6:2c:79:6b:a2:c6:b8:5d:47:75:28:
                    fa:ff:11:82:94:8d:f6:75:67:dc:c9:ed:1b:21:1c:
                    00:ba:57:5d:d4:e6:64:84:bf:ae:3e:e4:31:75:d4:
                    a4:d3:3f:b8:4f:fe:3f:7d:40:8a:6e:08:c3:5f:34:
                    24:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:CC:2C:C9:11:61:A8:4A:4A:5A:DB:3D:EE:C9:1A:3A:12:B1:4E:26
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/31E43EC0DF7211ECA7DA532FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         98:3a:09:8d:ef:0f:10:17:db:60:38:96:c1:fb:a0:51:9e:d5:
         be:bd:75:b0:a7:27:9c:02:dd:4f:d5:d4:2a:05:af:f7:87:5d:
         64:5d:70:f3:fa:a8:81:15:8d:40:59:6c:6d:8f:04:5d:a3:30:
         fb:22:55:99:2d:0e:50:21:c0:d3:39:75:6d:de:b5:f6:33:ce:
         72:d2:42:c2:7d:74:34:03:0a:67:a9:9c:5c:5a:0f:d6:f9:89:
         7b:80:52:dd:39:68:d8:a5:35:61:0e:fe:fe:0f:c5:26:32:01:
         57:51:86:cf:a3:70:4b:1d:43:c9:36:65:97:56:47:b0:cf:e0:
         c7:5b:0b:68:9a:49:4f:32:3e:9b:bc:d4:ac:b1:5d:64:95:2a:
         4f:ef:b0:a1:e3:72:70:d4:83:d5:bf:b8:0c:f8:b9:4c:d0:0f:
         57:03:a7:f1:5c:c7:8e:e7:2c:aa:ea:f6:1d:e4:1d:17:e5:df:
         a9:90:e2:77:8a:30:f3:60:8f:90:bb:4d:b0:85:1c:8c:51:87:
         8c:ca:9f:62:b3:48:e0:85:8a:15:79:f6:56:46:4f:9b:27:e9:
         17:bd:8b:9f:72:bc:72:96:dc:2b:9c:b0:32:47:21:11:0c:7f:
         bc:2d:34:0b:64:98:7a:81:ba:8b:2b:10:39:e8:a5:37:55:a1:
         e7:87:a8:7d
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICOuUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwNTMwMDI0MDA4WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Mjk0MmU4OC05ZGY1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAouadsPrnzAgIii758EshLIF4YZ38FOrekHuaLh9NUepWfYTvVE6twW3mBCLU
rdavr2GHgBfMZsHQ/UpNCiCrzMIa9Zbn3//VNBm2BpYLjCcmqNDXwQUAHPYAGV7p
ruqim3hdOOVTAX5MwE4N5IgGVr5JXodx5R+Yh7MswEPfPJtjOj9kA0BRfLJ215Gu
iEf3y2R3wXHvbBpzSg5H4DauSRWBcAG5xldNm1lgC/aISXDgKVpzKDoOzGSVkpos
ZoipGeupis/k1ix5a6LGuF1HdSj6/xGClI32dWfcye0bIRwAuldd1OZkhL+uPuQx
ddSk0z+4T/4/fUCKbgjDXzQk8wIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFKHMLMkR
YahKSlrbPe7JGjoSsU4mMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvMzFFNDNFQzBE
RjcyMTFFQ0E3REE1MzJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAmDoJje8PEBfbYDiWwfugUZ7Vvr11sKcnnALdT9XUKgWv94ddZF1w8/qo
gRWNQFlsbY8EXaMw+yJVmS0OUCHA0zl1bd619jPOctJCwn10NAMKZ6mcXFoP1vmJ
e4BS3Tlo2KU1YQ7+/g/FJjIBV1GGz6NwSx1DyTZll1ZHsM/gx1sLaJpJTzI+m7zU
rLFdZJUqT++woeNycNSD1b+4DPi5TNAPVwOn8VzHjucsqur2HeQdF+XfqZDid4ow
82CPkLtNsIUcjFGHjMqfYrNI4IWKFXn2VkZPmyfpF72Ln3K8cpbcK5ywMkchEQx/
vC00C2SYeoG6iysQOeilN1Wh54eofQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org