Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/72595044924711ECA2A6DA36C4F9AE02.roa
File:                     72595044924711ECA2A6DA36C4F9AE02.roa (raw, json)
Hash identifier:          T+iMQlsRoO841ofvCw99SnkeUPxvdRLNgIXcbGyMsO0=
Subject key identifier:   EC:F1:EB:3C:41:FD:AA:B3:9A:C9:65:DF:2D:DB:AA:AC:98:09:E5:3A
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3714
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/72595044924711ECA2A6DA36C4F9AE02.roa
Signing time:             Sun 20 Feb 2022 12:20:10 +0000
ROA not before:           Sun 20 Feb 2022 12:20:10 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14100 (0x3714)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Feb 20 12:20:10 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=621231fa-85e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:28:f1:d4:67:05:83:8c:3e:c2:b1:71:9b:fd:
                    19:48:77:d0:c2:53:e7:b4:82:ff:93:86:9b:26:40:
                    da:4c:ad:5e:77:1c:39:62:10:51:5b:2d:ef:b1:ed:
                    8a:22:6f:c5:c2:1b:0f:ab:1c:e7:8d:98:e5:db:08:
                    de:0d:ed:18:f4:de:f1:92:81:3d:a8:f5:3a:ed:16:
                    47:53:2f:fa:e8:ab:12:6d:49:7f:7b:99:0c:dc:b2:
                    28:d6:70:7c:51:9c:37:c4:3e:0f:5b:34:5a:1b:b2:
                    ae:16:9b:cc:eb:7a:ff:35:b3:9e:21:65:58:ce:75:
                    a1:7a:b5:0f:48:cb:dc:89:64:a4:67:f4:45:08:54:
                    99:c8:e7:00:06:d9:0a:4b:bd:cf:0e:2f:a4:59:e8:
                    01:4b:0b:6d:59:e4:a1:da:6b:95:de:6f:46:4d:03:
                    6b:ea:6d:0f:2b:b8:50:b0:4e:7d:b7:a2:3d:b9:42:
                    aa:1c:2d:99:54:81:cd:6d:2e:c8:fe:0c:f4:18:97:
                    33:e6:26:02:19:63:c8:7e:11:c7:ae:20:cb:af:41:
                    84:b7:c4:c5:fb:24:62:be:7a:31:8f:bf:44:b5:7a:
                    43:a7:a6:68:11:34:78:54:5b:c1:55:55:c6:e3:fb:
                    db:56:1f:69:47:63:9d:53:fd:02:47:af:54:36:57:
                    a6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:F1:EB:3C:41:FD:AA:B3:9A:C9:65:DF:2D:DB:AA:AC:98:09:E5:3A
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/72595044924711ECA2A6DA36C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:78:6e:ea:bd:47:43:6d:c8:75:fb:dd:d5:89:02:cb:1d:86:
         b0:55:f3:e9:f0:5a:89:3c:23:57:9b:a7:d5:c4:ff:ac:ac:b0:
         56:52:20:5f:b8:84:eb:87:87:52:4c:f5:52:67:c7:7d:12:e7:
         e3:88:c3:d9:0c:51:58:33:49:92:89:7c:4b:eb:c2:60:53:d2:
         02:02:6a:13:08:96:d4:d2:09:8f:d4:0b:35:7e:90:ab:a7:f0:
         51:28:e0:04:ac:84:62:9b:b2:53:82:c1:09:a1:b5:e4:c2:41:
         3d:b9:64:87:ab:f5:18:67:2d:df:59:4e:da:8f:9b:ca:8e:4d:
         93:13:3c:58:a4:19:ed:6d:5a:fc:18:4c:66:6d:37:9c:5b:20:
         14:77:0c:d1:ef:36:00:cc:61:74:bf:66:35:74:6d:e0:fb:56:
         5a:71:11:fe:6a:45:68:fe:6e:18:48:29:bd:64:14:0a:a2:5e:
         50:4b:4c:1a:aa:4a:d6:1e:94:79:f4:2e:f8:6f:f0:36:dc:32:
         16:f2:a7:19:39:f4:ca:82:2a:36:c4:82:ff:6e:89:42:0a:bb:
         ac:df:ab:a5:3a:ae:92:2a:56:53:f2:3a:61:96:d5:f0:ef:ce:
         0f:af:d9:52:ba:da:f2:11:6e:67:96:50:89:63:b7:ef:bb:29:
         92:90:5c:d8
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICNxQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMjIwMTIyMDEwWhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjEyMzFmYS04NWUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvSjx1GcFg4w+wrFxm/0ZSHfQwlPntIL/k4abJkDaTK1edxw5YhBRWy3vse2K
Im/FwhsPqxznjZjl2wjeDe0Y9N7xkoE9qPU67RZHUy/66KsSbUl/e5kM3LIo1nB8
UZw3xD4PWzRaG7KuFpvM63r/NbOeIWVYznWherUPSMvciWSkZ/RFCFSZyOcABtkK
S73PDi+kWegBSwttWeSh2muV3m9GTQNr6m0PK7hQsE59t6I9uUKqHC2ZVIHNbS7I
/gz0GJcz5iYCGWPIfhHHriDLr0GEt8TF+yRivnoxj79EtXpDp6ZoETR4VFvBVVXG
4/vbVh9pR2OdU/0CR69UNlem4wIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFOzx6zxB
/aqzmsll3y3bqqyYCeU6MB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvNzI1OTUwNDQ5
MjQ3MTFFQ0EyQTZEQTM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHACABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAWHhu6r1HQ23Idfvd1YkCyx2GsFXz6fBaiTwjV5un1cT/rKywVlIgX7iE
64eHUkz1UmfHfRLn44jD2QxRWDNJkol8S+vCYFPSAgJqEwiW1NIJj9QLNX6Qq6fw
USjgBKyEYpuyU4LBCaG15MJBPblkh6v1GGct31lO2o+byo5NkxM8WKQZ7W1a/BhM
Zm03nFsgFHcM0e82AMxhdL9mNXRt4PtWWnER/mpFaP5uGEgpvWQUCqJeUEtMGqpK
1h6UefQu+G/wNtwyFvKnGTn0yoIqNsSC/26JQgq7rN+rpTqukipWU/I6YZbV8O/O
D6/ZUrra8hFuZ5ZQiWO377spkpBc2A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org