Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/51C8F6E659E211ED8CDD624CC4F9AE02.roa
File:                     51C8F6E659E211ED8CDD624CC4F9AE02.roa (raw, json)
Hash identifier:          Glhq1I9G9JXSGB8rDTgBlCnhTASFxhs7Obz3sZDbqKA=
Subject key identifier:   B6:85:A7:A0:6B:90:8B:21:D7:E6:16:0F:12:52:6A:D3:BA:1E:A7:E9
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3DEF
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/51C8F6E659E211ED8CDD624CC4F9AE02.roa
Signing time:             Sat 12 Aug 2023 14:30:10 +0000
ROA not before:           Sat 12 Aug 2023 14:30:10 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15855 (0x3def)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Aug 12 14:30:10 2023 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=64d79771-60b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9f:f5:64:5e:03:12:08:d4:f1:6a:5e:68:97:
                    1f:35:ac:e3:14:f0:57:97:52:8b:f1:9c:aa:0d:0c:
                    d4:69:32:e6:68:52:0e:47:e3:ed:a8:e5:db:72:a8:
                    ca:63:56:c3:6a:23:ac:74:59:77:ce:be:47:bc:9a:
                    1a:1d:53:c8:f9:ca:9e:71:37:79:92:85:49:33:85:
                    87:77:ba:bc:1e:b5:87:c3:de:19:d5:0c:9d:4d:ec:
                    b0:00:82:8d:b5:54:44:77:d3:8c:06:4d:ea:01:79:
                    46:99:1b:3d:80:98:20:be:04:32:f9:85:c5:04:3e:
                    4b:33:72:47:e6:20:54:da:78:ec:bd:96:3f:0a:2f:
                    10:26:31:d7:ac:f6:85:43:ef:dc:ed:9e:5c:9d:02:
                    82:96:a3:16:84:80:a8:04:95:5a:32:e9:65:0f:f4:
                    1e:2b:0d:f4:02:45:36:cf:2a:3b:fe:83:51:e8:11:
                    25:e4:45:78:0b:bc:e1:c4:01:8d:4f:18:fa:69:65:
                    e0:ac:30:f5:c3:1b:a0:03:53:48:24:f0:a6:e9:98:
                    0a:cd:00:0a:12:8f:9e:c7:0c:e1:0f:37:9c:41:9e:
                    05:51:1d:46:c3:80:4d:50:df:15:6a:d8:1c:07:b7:
                    9c:f9:55:92:b5:6c:b6:62:bc:7b:d0:d4:16:06:ec:
                    88:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:85:A7:A0:6B:90:8B:21:D7:E6:16:0F:12:52:6A:D3:BA:1E:A7:E9
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/51C8F6E659E211ED8CDD624CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/24
                IPv6:
                  2001:df7:5380::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:cf:85:8f:4c:e2:fb:24:e9:6e:d8:bb:2b:67:34:e6:8a:e9:
         46:2c:fa:97:ce:76:31:2c:3d:ab:08:7e:0b:90:15:ac:79:55:
         4d:7e:8b:ce:1f:43:01:cf:96:4b:c4:3b:db:84:1f:b1:29:c8:
         e8:3b:26:81:91:cf:ba:14:fd:fc:ec:42:5c:79:f8:4f:61:48:
         5f:6f:63:3f:9e:94:61:ee:6c:11:b3:88:75:0c:1f:67:ba:f2:
         cd:b6:04:a0:dc:e4:a1:7b:b2:74:84:92:b8:39:e2:10:63:5b:
         ae:96:79:84:72:60:41:dd:b1:a5:1f:03:f1:27:bd:0a:56:6a:
         4a:1a:eb:7b:b8:1b:16:60:7d:0a:50:e5:f3:6f:35:75:fa:4c:
         e2:92:10:ce:61:aa:7c:a5:79:4e:8e:c7:52:01:eb:57:36:43:
         5e:08:43:d1:cf:1e:2e:d2:96:85:40:63:30:ea:8c:86:2c:e8:
         6b:d6:37:c6:f0:38:29:e9:2d:96:52:68:8d:26:e5:d9:ad:57:
         c2:c1:80:70:dd:39:2e:98:fd:25:c5:87:ca:91:a7:f1:14:93:
         fd:36:32:03:39:ed:c2:4e:3f:a1:88:d9:b6:b5:1e:6e:99:ce:
         a6:72:6a:44:e5:e5:6d:93:f3:36:ef:3b:c8:20:0f:6e:eb:94:
         6d:d7:0f:92
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICPe8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjMwODEyMTQzMDEwWhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGQ3OTc3MS02MGI0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuZ/1ZF4DEgjU8WpeaJcfNazjFPBXl1KL8ZyqDQzUaTLmaFIOR+PtqOXbcqjK
Y1bDaiOsdFl3zr5HvJoaHVPI+cqecTd5koVJM4WHd7q8HrWHw94Z1QydTeywAIKN
tVREd9OMBk3qAXlGmRs9gJggvgQy+YXFBD5LM3JH5iBU2njsvZY/Ci8QJjHXrPaF
Q+/c7Z5cnQKClqMWhICoBJVaMullD/QeKw30AkU2zyo7/oNR6BEl5EV4C7zhxAGN
Txj6aWXgrDD1wxugA1NIJPCm6ZgKzQAKEo+exwzhDzecQZ4FUR1Gw4BNUN8Vatgc
B7ec+VWStWy2Yrx70NQWBuyIXQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFLaFp6Br
kIsh1+YWDxJSatO6HqfpMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvNTFDOEY2RTY1
OUUyMTFFRDhDREQ2MjRDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBABnq9owDwQCAAIwCQMHACABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAUc+Fj0zi+yTpbti7K2c05orpRiz6l852MSw9qwh+C5AVrHlVTX6Lzh9D
Ac+WS8Q724QfsSnI6DsmgZHPuhT9/OxCXHn4T2FIX29jP56UYe5sEbOIdQwfZ7ry
zbYEoNzkoXuydISSuDniEGNbrpZ5hHJgQd2xpR8D8Se9ClZqShrre7gbFmB9ClDl
8281dfpM4pIQzmGqfKV5To7HUgHrVzZDXghD0c8eLtKWhUBjMOqMhizoa9Y3xvA4
KektllJojSbl2a1XwsGAcN05Lpj9JcWHypGn8RST/TYyAzntwk4/oYjZtrUebpnO
pnJqROXlbZPzNu87yCAPbuuUbdcPkg==
-----END CERTIFICATE-----
Generated at Mon Dec 18 04:53:49 2023 by rpki-client on console-ams.rpki-client.org