Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/47FA06C2D92311EC8CE05676C4F9AE02.roa
File:                     47FA06C2D92311EC8CE05676C4F9AE02.roa (raw, json)
Hash identifier:          Lbw8H6nkfrrzgqYM904AZhMWSxYAIF/QrW/XOZa8Z2c=
Subject key identifier:   BB:53:E1:8F:3C:C6:94:4C:19:A8:6E:02:A4:16:1E:D8:8D:69:70:CD
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3A8F
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/47FA06C2D92311EC8CE05676C4F9AE02.roa
Signing time:             Sun 22 May 2022 02:30:11 +0000
ROA not before:           Sun 22 May 2022 02:30:10 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14991 (0x3a8f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: May 22 02:30:10 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=6289a032-e6fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:b7:4d:e1:aa:ef:87:53:a9:87:05:b1:9b:9d:
                    39:bc:7e:33:5b:46:0f:f9:da:0f:f6:07:64:0b:61:
                    25:20:27:ac:f7:63:12:ab:73:0e:53:db:e7:47:d7:
                    46:51:60:da:ec:80:78:46:ca:a2:82:50:18:f7:c2:
                    10:33:a9:0a:43:33:02:1a:b6:85:88:9b:3a:3f:ed:
                    e0:61:ef:94:2b:df:8f:18:be:0b:b2:e1:ea:cf:0e:
                    2b:07:b6:36:88:83:5c:35:bc:aa:fb:d1:29:38:92:
                    6d:28:e5:5e:04:c6:18:29:53:ad:aa:32:25:89:c4:
                    3e:e3:1f:f6:c5:79:4b:d5:ae:19:3f:bb:58:e7:4d:
                    9d:1e:c3:90:d0:6a:70:6a:8b:3d:16:61:4b:fc:1e:
                    86:65:33:cf:49:df:68:a7:75:3d:ee:7a:c7:ed:5a:
                    6c:93:ad:a5:28:23:de:e9:dd:78:51:70:ba:0c:2a:
                    ef:99:61:03:e1:98:99:d6:1e:9a:b9:7f:35:3e:6c:
                    83:3d:7f:ed:5a:ae:9f:19:fb:28:58:6a:ce:b5:04:
                    0f:80:6c:95:cc:c6:71:ca:26:ee:b7:83:74:18:ec:
                    58:43:86:2b:f7:9b:7e:98:70:4f:db:af:c2:34:f6:
                    20:67:d6:9c:dc:8f:97:db:f0:78:30:de:da:58:1b:
                    54:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:53:E1:8F:3C:C6:94:4C:19:A8:6E:02:A4:16:1E:D8:8D:69:70:CD
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/47FA06C2D92311EC8CE05676C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         0c:7a:9a:4d:77:a8:9a:00:e3:cd:7c:b2:00:0e:51:bc:42:08:
         96:98:c4:72:16:62:d6:1e:d4:fb:33:df:e5:c4:51:18:b3:1b:
         d1:15:77:45:4b:3d:b6:ae:61:b9:50:60:cc:33:99:2d:52:08:
         a1:1f:01:bf:85:d5:2d:e7:b2:42:d9:c3:70:19:02:25:02:69:
         78:f6:5b:1f:22:0d:eb:b5:8b:58:c6:07:c2:9f:c1:fe:a2:b5:
         30:26:ed:82:0d:be:8f:3c:76:0e:03:c6:16:24:a4:35:7b:9d:
         eb:ee:bd:80:aa:ff:1a:3f:8b:e7:57:55:9e:2c:b5:b2:93:25:
         d7:74:fd:9c:42:d7:1f:42:ad:a6:e7:ab:07:76:3b:56:56:21:
         36:16:36:0f:fc:ff:ea:d2:61:22:32:76:91:82:88:58:5f:41:
         0d:a5:1a:fa:c2:38:b5:01:f4:6b:1c:93:b9:85:1b:f4:07:6c:
         19:b0:6a:51:0d:89:0f:3c:3a:94:e6:d5:05:04:05:2e:8c:52:
         d0:40:af:00:f7:e6:e3:d6:6b:06:32:b9:bd:e2:aa:d0:f6:60:
         cd:d1:1f:a7:ed:fa:53:82:b8:3a:63:29:06:33:30:6c:da:47:
         dc:c0:13:ca:67:21:08:84:29:b7:51:8b:9f:fd:43:3e:35:f7:
         ed:6a:5c:a2
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICOo8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwNTIyMDIzMDEwWhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Mjg5YTAzMi1lNmZkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA87dN4arvh1OphwWxm505vH4zW0YP+doP9gdkC2ElICes92MSq3MOU9vnR9dG
UWDa7IB4RsqiglAY98IQM6kKQzMCGraFiJs6P+3gYe+UK9+PGL4LsuHqzw4rB7Y2
iINcNbyq+9EpOJJtKOVeBMYYKVOtqjIlicQ+4x/2xXlL1a4ZP7tY502dHsOQ0Gpw
aos9FmFL/B6GZTPPSd9op3U97nrH7Vpsk62lKCPe6d14UXC6DCrvmWED4ZiZ1h6a
uX81PmyDPX/tWq6fGfsoWGrOtQQPgGyVzMZxyibut4N0GOxYQ4Yr95t+mHBP26/C
NPYgZ9ac3I+X2/B4MN7aWBtUpQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFLtT4Y88
xpRMGahuAqQWHtiNaXDNMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvNDdGQTA2QzJE
OTIzMTFFQzhDRTA1Njc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEADHqaTXeomgDjzXyyAA5RvEIIlpjEchZi1h7U+zPf5cRRGLMb0RV3RUs9
tq5huVBgzDOZLVIIoR8Bv4XVLeeyQtnDcBkCJQJpePZbHyIN67WLWMYHwp/B/qK1
MCbtgg2+jzx2DgPGFiSkNXud6+69gKr/Gj+L51dVniy1spMl13T9nELXH0Ktpuer
B3Y7VlYhNhY2D/z/6tJhIjJ2kYKIWF9BDaUa+sI4tQH0axyTuYUb9AdsGbBqUQ2J
Dzw6lObVBQQFLoxS0ECvAPfm49ZrBjK5veKq0PZgzdEfp+36U4K4OmMpBjMwbNpH
3MATymchCIQpt1GLn/1DPjX37Wpcog==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:50 2024 by rpki-client on console-ams.rpki-client.org