Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/6EA131EC23C411EDA6D7F073C4F9AE02.roa
File:                     6EA131EC23C411EDA6D7F073C4F9AE02.roa (raw, json)
Hash identifier:          l4OciRbs5AdXioKMVSmoCeiWIjEd42EBV0wfs3K+MeY=
Subject key identifier:   BB:F1:C8:A7:4D:7F:9B:E5:48:7D:91:C2:8C:05:9D:52:16:0A:F4:02
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3BF4
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/6EA131EC23C411EDA6D7F073C4F9AE02.roa
Signing time:             Thu 25 Aug 2022 03:10:09 +0000
ROA not before:           Thu 25 Aug 2022 03:10:09 +0000
ROA not after:            Sat 30 Sep 2023 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15348 (0x3bf4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Aug 25 03:10:09 2022 GMT
            Not After : Sep 30 00:00:00 2023 GMT
        Subject: CN=6306e811-03bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:36:6d:df:98:a2:b4:d0:a3:e7:7d:a9:e1:63:
                    a2:cf:2c:e2:a1:68:c9:22:11:5a:53:5b:3d:3f:7b:
                    f2:1a:2b:b5:b2:f2:b9:9f:98:3d:3a:a7:bf:6c:da:
                    99:86:1c:d6:00:1c:d4:9e:c5:00:1e:81:3f:a4:8d:
                    88:86:87:5c:90:59:91:b4:96:1b:3c:d7:52:d1:d5:
                    4f:ab:5b:8d:42:99:9c:aa:71:65:5c:96:ee:cd:c6:
                    83:7d:31:db:cd:42:02:1d:0d:e9:8a:a4:9b:af:43:
                    ab:7e:87:de:93:62:36:16:c9:ef:4f:e8:e5:72:da:
                    1b:14:2a:00:63:38:c6:0a:c0:fa:08:33:fa:6b:83:
                    81:a3:b1:da:2a:2e:7c:19:76:03:1c:e4:89:ec:61:
                    a9:bb:a1:e2:73:41:72:f5:79:dd:0d:37:ac:9e:af:
                    55:2e:92:ae:14:ed:2d:02:29:ca:75:bc:a5:93:e7:
                    6e:77:f4:9e:2d:3a:63:86:f2:2a:94:e6:f8:39:1c:
                    e2:26:b2:a2:ca:0a:c3:f0:21:c7:77:42:9f:ed:6c:
                    14:4c:0a:46:14:48:2c:c5:73:c9:d0:39:78:7a:95:
                    de:02:d9:02:3f:24:3a:6f:86:b1:00:41:f3:40:75:
                    84:62:da:39:20:82:24:1c:79:02:73:44:1d:25:b4:
                    71:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:F1:C8:A7:4D:7F:9B:E5:48:7D:91:C2:8C:05:9D:52:16:0A:F4:02
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/6EA131EC23C411EDA6D7F073C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         ce:48:09:e6:25:3e:af:fe:d3:f3:60:52:50:1d:8d:be:7c:70:
         b9:26:23:b9:b9:53:bd:3f:b4:b3:80:80:1f:dc:a9:db:a0:55:
         89:8f:2c:ec:98:eb:fa:9c:7b:6f:9d:8a:dc:76:e9:5f:c6:ef:
         2d:81:c3:3a:6a:e1:25:57:d3:f5:ed:69:39:3c:5e:06:00:70:
         05:bb:92:1e:93:cf:34:54:31:27:38:f6:34:61:b2:62:b0:65:
         61:02:90:12:2a:b9:84:4a:3b:e2:aa:39:ec:70:74:d8:ef:05:
         70:50:16:e4:15:ee:17:da:26:ac:37:89:ba:51:18:f6:12:d4:
         a3:2a:b2:8c:17:7d:b6:92:04:5f:fa:af:2c:ab:81:57:04:73:
         92:95:0e:a9:c3:1c:26:70:37:91:64:0c:9d:b8:8c:9d:56:07:
         2f:cd:16:ed:ec:68:fd:bf:a0:6f:bd:91:bd:dc:52:fa:c3:06:
         a2:b4:8f:c0:20:1e:ef:d4:01:2b:1b:58:ae:3f:06:4f:e3:79:
         b9:ab:41:04:c3:0d:bb:e2:11:e7:a1:56:d7:24:86:62:c1:42:
         87:78:10:a3:d1:e3:d6:f7:27:c7:f8:58:e5:f1:96:a5:a2:e0:
         8c:1b:46:79:74:4a:0f:bc:89:60:79:d2:8c:1a:d7:72:d1:32:
         fb:c4:d9:90
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICO/QwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwODI1MDMxMDA5WhcNMjMwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzA2ZTgxMS0wM2JkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzDZt35iitNCj532p4WOizyzioWjJIhFaU1s9P3vyGiu1svK5n5g9Oqe/bNqZ
hhzWABzUnsUAHoE/pI2IhodckFmRtJYbPNdS0dVPq1uNQpmcqnFlXJbuzcaDfTHb
zUICHQ3piqSbr0Orfofek2I2FsnvT+jlctobFCoAYzjGCsD6CDP6a4OBo7HaKi58
GXYDHOSJ7GGpu6Hic0Fy9XndDTesnq9VLpKuFO0tAinKdbylk+dud/SeLTpjhvIq
lOb4ORziJrKiygrD8CHHd0Kf7WwUTApGFEgsxXPJ0Dl4epXeAtkCPyQ6b4axAEHz
QHWEYto5IIIkHHkCc0QdJbRxtQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFLvxyKdN
f5vlSH2RwowFnVIWCvQCMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvNkVBMTMxRUMy
M0M0MTFFREE2RDdGMDczQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAzkgJ5iU+r/7T82BSUB2NvnxwuSYjublTvT+0s4CAH9yp26BViY8s7Jjr
+px7b52K3HbpX8bvLYHDOmrhJVfT9e1pOTxeBgBwBbuSHpPPNFQxJzj2NGGyYrBl
YQKQEiq5hEo74qo57HB02O8FcFAW5BXuF9omrDeJulEY9hLUoyqyjBd9tpIEX/qv
LKuBVwRzkpUOqcMcJnA3kWQMnbiMnVYHL80W7exo/b+gb72RvdxS+sMGorSPwCAe
79QBKxtYrj8GT+N5uatBBMMNu+IR56FW1ySGYsFCh3gQo9Hj1vcnx/hY5fGWpaLg
jBtGeXRKD7yJYHnSjBrXctEy+8TZkA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org