Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/38E22FF4E98911EC95FA5922C4F9AE02.roa
File:                     38E22FF4E98911EC95FA5922C4F9AE02.roa (raw, json)
Hash identifier:          Go++esJHgwuq1cDqQ0eRcnJZf0rfxuQMglP3jWCfb/c=
Subject key identifier:   94:A7:20:3E:76:A3:50:A2:FE:E2:53:09:9D:57:33:90:3C:84:98:E7
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3B31
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/38E22FF4E98911EC95FA5922C4F9AE02.roa
Signing time:             Sun 12 Jun 2022 04:20:09 +0000
ROA not before:           Sun 12 Jun 2022 04:20:09 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15153 (0x3b31)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Jun 12 04:20:09 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=62a56979-47eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:25:d1:ec:3a:b9:65:76:d6:26:eb:73:f6:c4:
                    d4:56:20:8b:60:4a:b0:20:75:f1:f8:fd:2d:e9:88:
                    ea:6f:90:79:b4:a7:76:fd:b3:bf:c9:11:94:f8:60:
                    4e:8d:f2:94:ea:63:33:f3:51:4a:01:13:46:36:6e:
                    29:cf:aa:fa:e4:62:d9:67:1b:32:43:14:4a:c0:6f:
                    0b:e5:b2:37:3a:9a:1a:21:d0:45:d7:46:ba:a6:5c:
                    69:3d:1b:21:ee:04:f0:5f:b1:8d:55:84:cf:4b:df:
                    ca:dd:59:d7:3e:a6:c3:f4:d0:ef:8d:72:c6:b5:47:
                    07:dc:37:2c:2e:ba:8b:95:82:3b:60:52:f6:eb:cf:
                    64:ba:99:1a:1a:c0:14:d8:5e:47:e1:71:58:07:64:
                    fc:a9:54:44:13:95:68:6d:c5:f7:23:de:5b:20:bf:
                    ed:f1:94:f9:ff:f7:83:d6:44:32:3f:ac:1d:f3:0c:
                    a4:11:a0:23:16:c8:5b:16:13:80:e0:c0:e3:75:ed:
                    b3:a7:9b:c6:e4:1c:68:59:9b:92:40:5b:87:61:7c:
                    3c:4c:d4:00:68:9c:e8:8b:b3:bd:27:d0:2f:65:88:
                    ab:75:52:50:e0:d9:7a:5a:b3:8c:3e:db:ed:f9:a8:
                    8f:94:4c:d5:3a:76:c8:7a:30:bc:6b:13:2b:4d:ea:
                    e5:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:A7:20:3E:76:A3:50:A2:FE:E2:53:09:9D:57:33:90:3C:84:98:E7
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/38E22FF4E98911EC95FA5922C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         d5:42:77:b0:81:71:ad:a6:40:ea:b6:cc:07:80:94:63:38:2a:
         fa:27:83:29:b2:db:02:be:b8:3d:06:5d:c8:97:1e:f5:6c:0e:
         67:b5:53:f3:4a:e2:a6:ba:ef:24:e2:a4:55:95:7b:5a:d8:cf:
         e6:1f:d3:94:b9:cf:cc:84:53:28:6a:56:54:5f:e8:fc:d7:95:
         aa:7b:90:d3:14:00:3c:c1:b7:55:4f:87:b5:aa:1f:71:ba:40:
         10:98:b7:bb:f0:ab:2d:96:3f:6a:3b:b1:5c:2d:42:49:a6:bd:
         b3:58:3f:71:8c:5a:64:ef:fa:da:09:01:8a:fb:ca:51:94:9b:
         a0:c2:10:56:a2:ee:14:08:43:41:d3:88:63:49:87:ea:0e:80:
         fb:6e:6c:bf:ab:f0:e3:25:93:48:57:74:24:27:4d:ab:29:3e:
         c1:5c:3e:b9:3d:2e:90:3c:f2:7a:95:41:5e:8f:6f:02:fa:f5:
         8b:de:c0:76:c2:09:8f:ef:ca:17:d9:f4:6c:03:a4:f2:b8:76:
         b8:48:01:88:2b:e3:bf:09:2e:ba:2e:79:9b:40:18:d2:e9:5e:
         e1:1f:a1:a5:29:63:17:c7:02:29:e2:4e:f5:97:f2:01:91:2c:
         cb:51:89:38:c8:df:10:14:ba:d5:de:54:95:c2:c0:4c:d9:38:
         9f:85:6f:e4
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICOzEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwNjEyMDQyMDA5WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmE1Njk3OS00N2ViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAriXR7Dq5ZXbWJutz9sTUViCLYEqwIHXx+P0t6Yjqb5B5tKd2/bO/yRGU+GBO
jfKU6mMz81FKARNGNm4pz6r65GLZZxsyQxRKwG8L5bI3OpoaIdBF10a6plxpPRsh
7gTwX7GNVYTPS9/K3VnXPqbD9NDvjXLGtUcH3DcsLrqLlYI7YFL2689kupkaGsAU
2F5H4XFYB2T8qVREE5VobcX3I95bIL/t8ZT5//eD1kQyP6wd8wykEaAjFshbFhOA
4MDjde2zp5vG5BxoWZuSQFuHYXw8TNQAaJzoi7O9J9AvZYirdVJQ4Nl6WrOMPtvt
+aiPlEzVOnbIejC8axMrTerlzQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFJSnID52
o1Ci/uJTCZ1XM5A8hJjnMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvMzhFMjJGRjRF
OTg5MTFFQzk1RkE1OTIyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEA1UJ3sIFxraZA6rbMB4CUYzgq+ieDKbLbAr64PQZdyJce9WwOZ7VT80ri
prrvJOKkVZV7WtjP5h/TlLnPzIRTKGpWVF/o/NeVqnuQ0xQAPMG3VU+HtaofcbpA
EJi3u/CrLZY/ajuxXC1CSaa9s1g/cYxaZO/62gkBivvKUZSboMIQVqLuFAhDQdOI
Y0mH6g6A+25sv6vw4yWTSFd0JCdNqyk+wVw+uT0ukDzyepVBXo9vAvr1i97AdsIJ
j+/KF9n0bAOk8rh2uEgBiCvjvwkuui55m0AY0ule4R+hpSljF8cCKeJO9ZfyAZEs
y1GJOMjfEBS61d5UlcLATNk4n4Vv5A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:50 2024 by rpki-client on console-ams.rpki-client.org