Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/72CF8784843011EC8F2D8771C4F9AE02.roa
File:                     72CF8784843011EC8F2D8771C4F9AE02.roa (raw, json)
Hash identifier:          lk52FBqajPz7otvlcS6ZVB4pBkyQC/HKsupebqngX6s=
Subject key identifier:   FF:3F:E5:04:5C:D9:19:F6:D2:A4:86:B2:AD:4E:46:7B:41:B9:45:22
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       364C
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/72CF8784843011EC8F2D8771C4F9AE02.roa
Signing time:             Wed 02 Feb 2022 14:00:17 +0000
ROA not before:           Wed 02 Feb 2022 14:00:17 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13900 (0x364c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Feb  2 14:00:17 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=61fa8e70-bca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:03:34:16:6a:c3:02:1b:51:ae:5c:d5:29:ff:
                    60:c4:56:fe:cc:1b:c4:33:6d:44:0f:9b:eb:33:f5:
                    37:94:21:1c:ba:5b:7f:24:62:8b:48:50:5f:f7:5a:
                    66:8c:3b:17:68:13:17:1c:ca:c0:36:24:94:4d:fc:
                    ea:4b:30:14:b4:98:32:01:ad:a1:fd:74:31:10:35:
                    bb:5d:2d:22:9c:44:29:a9:a0:21:ed:c4:2a:ae:49:
                    2f:71:44:13:6d:23:91:37:8f:4a:44:26:23:e8:b9:
                    ee:85:4c:38:84:4e:e7:5a:ae:2f:5f:92:74:0a:79:
                    88:b6:82:95:50:5d:0d:16:0c:aa:7e:c4:f4:f4:8e:
                    8f:ac:ca:a5:fc:cd:09:c1:db:e4:86:0a:06:8b:45:
                    c9:c1:83:ab:e8:90:6f:5a:6e:78:3b:14:c6:82:77:
                    38:93:6c:25:28:0b:1a:f7:ed:d6:07:59:84:4b:cd:
                    31:ee:f3:c3:c3:ed:97:0f:61:92:46:18:6a:67:c2:
                    68:a3:23:8d:ea:b0:d5:51:2e:de:75:99:47:84:c4:
                    db:81:ba:7a:2a:58:8e:21:aa:24:59:59:54:54:60:
                    65:18:59:7b:a5:48:80:f1:bd:ce:4d:33:8c:07:0f:
                    2d:88:63:e2:14:d9:c9:7f:87:74:9b:c9:98:2f:f9:
                    22:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:3F:E5:04:5C:D9:19:F6:D2:A4:86:B2:AD:4E:46:7B:41:B9:45:22
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/72CF8784843011EC8F2D8771C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:49:6c:59:b6:e9:23:af:36:29:3c:23:86:db:f6:d5:c7:05:
         c4:a4:7c:9d:f5:ce:db:22:e6:ec:b5:fe:60:49:51:ff:bb:d3:
         5a:a8:4f:cf:0f:d6:80:74:ae:b0:01:23:7d:b6:b0:a5:62:09:
         78:e9:0f:fe:b2:45:c3:2b:8e:7a:93:41:e4:10:a5:84:8e:78:
         70:ad:b0:a9:0a:5e:fb:66:23:43:ae:b3:52:58:11:98:cc:65:
         46:9d:5a:9e:f5:23:75:b8:04:65:20:4f:70:61:28:b8:07:71:
         29:ce:48:c8:a6:80:42:3c:88:ba:d6:0a:82:99:cf:7f:5a:51:
         c8:1f:85:54:e0:99:b8:4d:b5:0d:eb:e3:f7:90:90:97:1f:91:
         c6:36:3d:cf:52:e1:ce:68:9e:a9:54:53:6e:49:bc:2a:05:78:
         14:90:96:1a:bc:0e:c5:6e:12:87:cd:4b:28:1e:a5:23:8b:fb:
         02:5f:7b:88:67:36:d5:bc:6f:01:0f:ea:88:34:00:f6:40:b5:
         41:f4:7f:92:36:f2:58:63:de:3c:a0:78:f7:b8:22:54:9f:c0:
         48:98:16:8d:45:c9:52:37:ff:a9:a0:b5:61:ca:13:21:80:f6:
         d4:f0:52:c6:e3:f2:c1:39:45:5d:38:27:cf:48:7c:61:fd:03:
         c1:45:e9:70
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICNkwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMjAyMTQwMDE3WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWZhOGU3MC1iY2ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzwM0FmrDAhtRrlzVKf9gxFb+zBvEM21ED5vrM/U3lCEcult/JGKLSFBf91pm
jDsXaBMXHMrANiSUTfzqSzAUtJgyAa2h/XQxEDW7XS0inEQpqaAh7cQqrkkvcUQT
bSORN49KRCYj6LnuhUw4hE7nWq4vX5J0CnmItoKVUF0NFgyqfsT09I6PrMql/M0J
wdvkhgoGi0XJwYOr6JBvWm54OxTGgnc4k2wlKAsa9+3WB1mES80x7vPDw+2XD2GS
RhhqZ8JooyON6rDVUS7edZlHhMTbgbp6KliOIaokWVlUVGBlGFl7pUiA8b3OTTOM
Bw8tiGPiFNnJf4d0m8mYL/kiBwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFP8/5QRc
2Rn20qSGsq1ORntBuUUiMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvNzJDRjg3ODQ4
NDMwMTFFQzhGMkQ4NzcxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHACABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEABklsWbbpI682KTwjhtv21ccFxKR8nfXO2yLm7LX+YElR/7vTWqhPzw/W
gHSusAEjfbawpWIJeOkP/rJFwyuOepNB5BClhI54cK2wqQpe+2YjQ66zUlgRmMxl
Rp1anvUjdbgEZSBPcGEouAdxKc5IyKaAQjyIutYKgpnPf1pRyB+FVOCZuE21Devj
95CQlx+RxjY9z1LhzmieqVRTbkm8KgV4FJCWGrwOxW4Sh81LKB6lI4v7Al97iGc2
1bxvAQ/qiDQA9kC1QfR/kjbyWGPePKB497giVJ/ASJgWjUXJUjf/qaC1YcoTIYD2
1PBSxuPywTlFXTgnz0h8Yf0DwUXpcA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org