Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/626069D2463A11EDB52EEC16C4F9AE02.roa
File:                     626069D2463A11EDB52EEC16C4F9AE02.roa (raw, json)
Hash identifier:          Fw5gvKGsLna0cHr+sa53Tj4hBZi/hvA4JFAAQdy2neY=
Subject key identifier:   66:78:7F:9D:0E:F6:6A:55:6A:23:9B:7B:0A:8C:49:0C:6A:1D:1B:AE
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3C63
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/626069D2463A11EDB52EEC16C4F9AE02.roa
Signing time:             Sat 08 Oct 2022 05:00:11 +0000
ROA not before:           Sat 08 Oct 2022 05:00:11 +0000
ROA not after:            Sat 30 Sep 2023 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15459 (0x3c63)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Oct  8 05:00:11 2022 GMT
            Not After : Sep 30 00:00:00 2023 GMT
        Subject: CN=634103db-2c4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b6:bf:2c:c4:17:7c:7d:4b:ed:bc:6b:30:ab:
                    4e:1c:41:98:e8:0e:16:e8:ff:10:15:43:1a:6a:ac:
                    e8:e4:79:da:8c:d6:87:fb:95:5b:71:f0:6e:0b:ff:
                    95:b9:06:be:45:a2:aa:30:58:ce:e7:14:ad:df:f9:
                    01:c0:4a:41:87:f0:3d:d8:0e:cb:ce:ca:c1:d3:3f:
                    2f:a2:c9:39:30:ae:b4:65:d9:bd:28:8d:2a:a0:de:
                    e3:83:c4:63:38:b3:d8:8d:0a:3a:f6:bb:ef:84:f6:
                    5d:a2:0a:bd:0c:b4:83:e3:c7:ee:1d:02:08:4f:72:
                    39:cb:df:d1:92:b5:f8:07:5e:ae:34:be:38:57:b8:
                    a9:21:c8:0c:60:9c:75:0c:e5:dc:2f:36:05:d8:5f:
                    83:94:f4:cf:50:09:c5:38:4a:02:0a:42:5f:7e:97:
                    7f:85:d7:0f:fd:90:fd:98:08:f6:d1:32:53:e8:62:
                    44:48:29:b6:f5:97:65:b5:95:92:15:28:85:a1:76:
                    c6:de:b9:97:63:f6:df:f6:a7:02:79:c9:38:98:76:
                    2e:bc:7a:d4:9e:51:dd:ef:1c:d3:7a:35:17:3b:13:
                    1d:e4:f6:4b:a9:36:22:06:48:1c:0e:52:bb:4d:df:
                    ed:f7:36:88:3a:56:88:22:eb:61:04:1e:5c:91:ab:
                    a4:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:78:7F:9D:0E:F6:6A:55:6A:23:9B:7B:0A:8C:49:0C:6A:1D:1B:AE
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/626069D2463A11EDB52EEC16C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         b7:8d:b8:d6:3b:d6:a6:b6:4c:01:01:0a:75:6c:9d:e6:89:b3:
         42:b1:49:c9:d8:2a:91:4b:0f:e6:c0:a6:39:f7:de:d8:7c:76:
         13:01:78:f0:f7:ec:06:d4:32:d8:3e:b0:d6:63:4e:82:ae:14:
         1b:fc:ea:27:b5:59:b7:c1:1a:1c:18:39:38:34:7f:41:1c:38:
         18:c9:be:be:f7:1d:79:42:21:3e:d0:0a:bd:8c:c6:7d:59:3b:
         58:e5:10:13:00:8b:8c:3e:69:76:19:49:9b:ad:f7:e2:03:59:
         22:ad:51:f0:93:a6:fd:9d:2c:36:e7:e8:21:da:ea:fd:a7:13:
         0c:3e:b7:06:aa:11:c7:68:42:86:cd:b1:41:63:10:42:85:c9:
         4e:56:f6:e8:c8:91:ac:25:bd:7d:e0:31:e5:bf:3b:bc:5c:2b:
         73:ed:57:a7:ec:99:eb:12:40:2b:46:7a:73:ef:c7:3e:b4:78:
         68:5a:b0:48:dd:82:5a:ea:8b:10:a5:bd:74:c4:82:4c:3e:d4:
         64:08:88:f1:ef:62:20:c5:cf:9e:27:50:f8:bb:da:98:47:73:
         67:85:73:08:61:30:83:e0:bf:5b:45:f4:d8:a5:bd:58:eb:98:
         cd:fa:01:b6:23:59:c5:14:c1:00:d8:3f:e5:d4:15:74:a2:c2:
         3a:55:13:30
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICPGMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIxMDA4MDUwMDExWhcNMjMwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzQxMDNkYi0yYzRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0La/LMQXfH1L7bxrMKtOHEGY6A4W6P8QFUMaaqzo5HnajNaH+5VbcfBuC/+V
uQa+RaKqMFjO5xSt3/kBwEpBh/A92A7LzsrB0z8vosk5MK60Zdm9KI0qoN7jg8Rj
OLPYjQo69rvvhPZdogq9DLSD48fuHQIIT3I5y9/RkrX4B16uNL44V7ipIcgMYJx1
DOXcLzYF2F+DlPTPUAnFOEoCCkJffpd/hdcP/ZD9mAj20TJT6GJESCm29ZdltZWS
FSiFoXbG3rmXY/bf9qcCeck4mHYuvHrUnlHd7xzTejUXOxMd5PZLqTYiBkgcDlK7
Td/t9zaIOlaIIuthBB5ckauk9wIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFGZ4f50O
9mpVaiObewqMSQxqHRuuMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvNjI2MDY5RDI0
NjNBMTFFREI1MkVFQzE2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAt4241jvWprZMAQEKdWyd5omzQrFJydgqkUsP5sCmOffe2Hx2EwF48Pfs
BtQy2D6w1mNOgq4UG/zqJ7VZt8EaHBg5ODR/QRw4GMm+vvcdeUIhPtAKvYzGfVk7
WOUQEwCLjD5pdhlJm6334gNZIq1R8JOm/Z0sNufoIdrq/acTDD63BqoRx2hChs2x
QWMQQoXJTlb26MiRrCW9feAx5b87vFwrc+1Xp+yZ6xJAK0Z6c+/HPrR4aFqwSN2C
WuqLEKW9dMSCTD7UZAiI8e9iIMXPnidQ+LvamEdzZ4VzCGEwg+C/W0X02KW9WOuY
zfoBtiNZxRTBANg/5dQVdKLCOlUTMA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org