Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/68ADA7FED6BF11EC91742C61C4F9AE02.roa
File:                     68ADA7FED6BF11EC91742C61C4F9AE02.roa (raw, json)
Hash identifier:          s/jaSGF8m6HpLjTbOWP6ezFVtMYsjhQobcReMb6hpUY=
Subject key identifier:   75:FE:73:2E:CD:3F:7B:2D:12:11:F6:01:88:64:8B:5C:8E:12:08:E2
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3A6D
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/68ADA7FED6BF11EC91742C61C4F9AE02.roa
Signing time:             Thu 19 May 2022 03:00:09 +0000
ROA not before:           Thu 19 May 2022 03:00:09 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14957 (0x3a6d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: May 19 03:00:09 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=6285b2b9-2244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7f:4f:88:25:43:cb:8e:40:82:91:07:5f:b0:
                    c2:e1:c2:b3:ed:60:74:47:4d:8f:c4:9c:39:46:37:
                    0e:c2:ab:ab:43:a2:0c:e0:fd:10:0e:69:e0:dc:99:
                    61:90:ab:f1:3c:90:64:a9:56:d3:fa:61:fc:b7:99:
                    94:15:e9:4b:7a:21:0f:9a:58:7a:d7:f9:b1:65:79:
                    39:66:9d:24:dc:78:9f:f8:16:fd:e5:5c:9b:48:aa:
                    ab:f5:12:17:6d:90:f4:7e:29:b1:00:3c:5b:e3:09:
                    7f:6a:bc:6e:50:14:b6:32:81:ec:e0:19:dc:db:a4:
                    98:68:69:2b:16:b0:2a:b8:47:23:84:1b:4c:24:78:
                    3b:90:6d:9f:32:3d:81:31:40:e7:61:44:5e:7e:f4:
                    8b:ad:b2:de:78:2d:3a:26:f7:1e:fa:66:9b:8e:af:
                    fe:8e:23:10:41:28:a4:19:3b:2a:bc:3b:10:95:85:
                    fa:1e:80:f8:25:d4:f9:44:7a:e3:76:12:33:38:72:
                    37:ad:a9:86:93:56:86:29:14:c4:96:55:9e:ee:54:
                    de:aa:14:cb:8e:b0:43:0f:e0:34:f3:af:87:0a:d0:
                    91:60:75:be:29:a6:81:24:81:00:6e:b8:66:de:0d:
                    9d:1c:7e:c3:c4:7c:34:33:57:10:df:11:57:f6:ac:
                    55:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:FE:73:2E:CD:3F:7B:2D:12:11:F6:01:88:64:8B:5C:8E:12:08:E2
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/68ADA7FED6BF11EC91742C61C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         04:3e:f1:d6:08:09:91:12:d9:13:5e:bf:59:b5:9e:ce:f6:50:
         9f:f0:ab:ad:d7:18:c9:15:8c:0c:8d:64:3f:02:6c:c3:ea:1c:
         bc:8e:1c:d9:1a:43:3a:e2:75:2d:b2:b2:81:d7:34:a9:12:7e:
         3f:e5:b0:71:ca:4f:7f:65:cb:89:2e:8e:9c:21:8a:b5:6e:5f:
         4f:1f:79:03:11:33:ab:ab:9f:fb:76:a8:c1:38:b0:f2:86:92:
         47:68:cb:25:42:84:98:20:f2:9b:9f:dc:d6:ff:e9:bb:6b:34:
         fd:6e:07:67:9f:74:a3:8c:ca:98:ee:3f:dc:c4:d3:2c:eb:32:
         8d:91:cd:a8:4b:b8:7f:2b:70:f0:78:b2:08:32:6f:1e:c8:18:
         0d:2b:bb:4f:5b:52:4f:a2:41:9d:be:00:13:49:b8:e6:a9:00:
         11:bb:ee:dd:ed:57:a7:33:24:bd:35:ef:d3:f9:ae:43:94:61:
         2d:07:a5:5e:d6:4f:9e:b1:c9:12:7d:c2:28:fc:66:97:1b:84:
         4d:e7:4b:f2:03:2e:ab:c6:af:f2:fa:67:24:a1:e3:ee:1c:c2:
         09:10:aa:f0:72:bb:1c:f3:c0:e3:61:47:ed:42:65:21:6d:85:
         6e:93:71:30:84:a0:44:30:ef:cc:05:65:72:05:7f:54:c3:8c:
         4c:f0:f4:10
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICOm0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwNTE5MDMwMDA5WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Mjg1YjJiOS0yMjQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx39PiCVDy45AgpEHX7DC4cKz7WB0R02PxJw5RjcOwqurQ6IM4P0QDmng3Jlh
kKvxPJBkqVbT+mH8t5mUFelLeiEPmlh61/mxZXk5Zp0k3Hif+Bb95VybSKqr9RIX
bZD0fimxADxb4wl/arxuUBS2MoHs4Bnc26SYaGkrFrAquEcjhBtMJHg7kG2fMj2B
MUDnYURefvSLrbLeeC06Jvce+mabjq/+jiMQQSikGTsqvDsQlYX6HoD4JdT5RHrj
dhIzOHI3ramGk1aGKRTEllWe7lTeqhTLjrBDD+A086+HCtCRYHW+KaaBJIEAbrhm
3g2dHH7DxHw0M1cQ3xFX9qxVWQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFHX+cy7N
P3stEhH2AYhki1yOEgjiMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvNjhBREE3RkVE
NkJGMTFFQzkxNzQyQzYxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEABD7x1ggJkRLZE16/WbWezvZQn/CrrdcYyRWMDI1kPwJsw+ocvI4c2RpD
OuJ1LbKygdc0qRJ+P+WwccpPf2XLiS6OnCGKtW5fTx95AxEzq6uf+3aowTiw8oaS
R2jLJUKEmCDym5/c1v/pu2s0/W4HZ590o4zKmO4/3MTTLOsyjZHNqEu4fytw8Hiy
CDJvHsgYDSu7T1tST6JBnb4AE0m45qkAEbvu3e1XpzMkvTXv0/muQ5RhLQelXtZP
nrHJEn3CKPxmlxuETedL8gMuq8av8vpnJKHj7hzCCRCq8HK7HPPA42FH7UJlIW2F
bpNxMISgRDDvzAVlcgV/VMOMTPD0EA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org