Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/881E948457B311EDB34D002BC4F9AE02.roa
File:                     881E948457B311EDB34D002BC4F9AE02.roa (raw, json)
Hash identifier:          0KwD1didGCKqo70254w0SbYP5HBWat9BU7Yv3Q7y9Ak=
Subject key identifier:   E4:76:64:80:11:0F:23:C4:B2:17:DE:7A:3E:39:73:53:3C:F2:A8:2D
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3D40
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/881E948457B311EDB34D002BC4F9AE02.roa
Signing time:             Sun 30 Oct 2022 03:00:09 +0000
ROA not before:           Sun 30 Oct 2022 03:00:09 +0000
ROA not after:            Sat 30 Sep 2023 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15680 (0x3d40)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Oct 30 03:00:09 2022 GMT
            Not After : Sep 30 00:00:00 2023 GMT
        Subject: CN=635de8b9-9f09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a3:c9:bb:00:cb:6b:03:d2:88:d3:80:e7:48:
                    23:a2:87:5f:fc:60:76:22:5f:fc:89:b0:79:6b:51:
                    bb:ab:e2:4d:1c:4c:4c:f7:52:6b:b5:f3:f3:86:62:
                    89:84:e6:7f:1f:e4:d4:5e:ca:06:61:c0:2a:5f:0f:
                    cf:7f:dd:13:83:85:38:94:c9:e0:71:db:da:f4:31:
                    14:05:55:dd:8a:5e:52:6a:ba:e4:cc:9b:57:e5:5f:
                    5b:90:3f:24:db:be:51:c3:bd:01:23:a8:86:de:44:
                    e0:ae:8f:59:7e:6a:86:6a:69:0d:32:65:7e:30:f6:
                    37:e9:75:99:5d:9b:5c:46:8c:85:fa:f3:93:9a:17:
                    67:86:47:1d:05:a0:9c:95:99:66:84:b2:8c:a2:dd:
                    0b:1e:f2:9a:10:61:eb:b3:26:0c:56:ab:95:1e:7c:
                    fa:d0:46:d7:e8:df:0f:85:c5:c0:01:41:33:cd:de:
                    03:84:5b:59:b1:c3:c3:cb:a0:c0:77:f5:91:df:f6:
                    98:22:74:de:62:59:6a:c3:6f:53:59:fd:00:2e:ef:
                    a1:41:44:1b:21:55:62:ef:44:10:55:ec:da:95:bc:
                    f1:de:87:31:17:a6:7d:e8:59:f0:f6:20:87:16:bf:
                    b5:79:a0:a2:64:2c:36:39:97:58:1d:5e:04:ef:ed:
                    5c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:76:64:80:11:0F:23:C4:B2:17:DE:7A:3E:39:73:53:3C:F2:A8:2D
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/881E948457B311EDB34D002BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         6a:01:77:b6:a3:e3:48:14:91:0c:11:7b:e4:76:0b:e2:7d:7c:
         34:a7:92:2e:42:2e:bf:61:3b:89:68:34:1f:16:f3:17:e4:a1:
         0c:a6:71:d3:98:72:b8:d1:b3:03:c3:2e:9a:df:8d:dd:02:10:
         cb:f6:78:ae:80:86:64:d9:e3:fc:67:95:24:20:2e:b8:e4:68:
         2b:4b:7c:c2:1b:9c:26:1d:cc:92:1c:b6:b8:b0:91:d5:08:c0:
         05:a9:ff:52:28:10:56:82:dc:96:a1:65:d3:4a:97:f6:7f:cd:
         1e:1f:7c:33:0b:c3:5a:dd:cd:c3:be:50:9d:96:f6:03:03:54:
         6a:c4:dd:ec:ef:66:bc:1a:03:ff:65:94:6c:df:bd:10:f8:28:
         21:e3:ea:12:7f:fd:36:0e:07:72:9e:13:6f:4f:05:ee:08:9b:
         1b:00:6b:20:46:aa:e0:b5:2b:ee:89:0c:21:45:47:32:b3:27:
         a9:b5:4c:1a:3f:66:0a:bf:ef:d1:45:33:76:d6:d4:6c:0e:f5:
         f2:b6:1f:e9:99:e7:6b:25:46:9f:6e:d1:95:3d:f5:54:92:e0:
         63:7b:09:eb:29:84:8f:7e:fb:29:7c:25:bc:d1:b7:be:1b:55:
         3f:3e:10:f7:5f:61:b6:32:a0:23:56:b3:5a:17:1f:59:af:ad:
         00:ad:b3:28
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICPUAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIxMDMwMDMwMDA5WhcNMjMwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzVkZThiOS05ZjA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1aPJuwDLawPSiNOA50gjoodf/GB2Il/8ibB5a1G7q+JNHExM91JrtfPzhmKJ
hOZ/H+TUXsoGYcAqXw/Pf90Tg4U4lMngcdva9DEUBVXdil5SarrkzJtX5V9bkD8k
275Rw70BI6iG3kTgro9ZfmqGamkNMmV+MPY36XWZXZtcRoyF+vOTmhdnhkcdBaCc
lZlmhLKMot0LHvKaEGHrsyYMVquVHnz60EbX6N8PhcXAAUEzzd4DhFtZscPDy6DA
d/WR3/aYInTeYllqw29TWf0ALu+hQUQbIVVi70QQVezalbzx3ocxF6Z96Fnw9iCH
Fr+1eaCiZCw2OZdYHV4E7+1cPQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFOR2ZIAR
DyPEshfeej45c1M88qgtMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvODgxRTk0ODQ1
N0IzMTFFREIzNEQwMDJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAagF3tqPjSBSRDBF75HYL4n18NKeSLkIuv2E7iWg0HxbzF+ShDKZx05hy
uNGzA8Mumt+N3QIQy/Z4roCGZNnj/GeVJCAuuORoK0t8whucJh3Mkhy2uLCR1QjA
Ban/UigQVoLclqFl00qX9n/NHh98MwvDWt3Nw75QnZb2AwNUasTd7O9mvBoD/2WU
bN+9EPgoIePqEn/9Ng4Hcp4Tb08F7gibGwBrIEaq4LUr7okMIUVHMrMnqbVMGj9m
Cr/v0UUzdtbUbA718rYf6ZnnayVGn27RlT31VJLgY3sJ6ymEj377KXwlvNG3vhtV
Pz4Q919htjKgI1azWhcfWa+tAK2zKA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org