Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/B05093E0548311EDAD75A47AC4F9AE02.roa
File:                     B05093E0548311EDAD75A47AC4F9AE02.roa (raw, json)
Hash identifier:          XudHkWa/MN7a0a7TitsLCgskl33RKBCuHmED45j33dQ=
Subject key identifier:   0B:BE:93:8E:E2:4C:C1:CA:C7:71:F6:14:98:40:C2:45:90:E7:B5:2C
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3D19
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/B05093E0548311EDAD75A47AC4F9AE02.roa
Signing time:             Wed 26 Oct 2022 06:00:10 +0000
ROA not before:           Wed 26 Oct 2022 06:00:10 +0000
ROA not after:            Sat 30 Sep 2023 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15641 (0x3d19)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Oct 26 06:00:10 2022 GMT
            Not After : Sep 30 00:00:00 2023 GMT
        Subject: CN=6358ccea-d7bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:c6:8b:6f:6c:5b:31:f2:c0:19:3f:df:20:25:
                    d5:b2:37:db:b2:8d:4b:e2:68:c9:da:e6:f0:aa:44:
                    8b:70:5e:86:81:f8:fc:4f:9b:e1:98:38:ef:c9:3c:
                    1d:d4:c2:70:e3:1e:5d:57:8d:8d:f4:5e:f8:78:0b:
                    fb:b5:9a:3a:df:d2:8a:b7:96:22:88:c7:cb:a5:41:
                    84:d4:ea:2a:28:42:f4:cf:95:64:da:cf:cf:7b:7f:
                    85:46:94:52:e2:5e:f0:c7:46:63:ef:da:0b:76:d1:
                    30:78:2f:f8:8a:74:ed:f6:f0:30:ef:de:bb:50:be:
                    8c:fd:ba:d2:f9:7d:fa:fb:c9:1f:ac:75:40:ea:79:
                    ff:ba:b6:a2:d8:10:6a:96:22:56:d8:8e:63:ca:51:
                    ae:1f:f0:ec:09:8d:dc:b9:8e:80:df:5c:5b:f1:e3:
                    e9:c0:48:fe:b6:e8:cc:72:aa:66:3c:eb:f1:3e:0d:
                    a1:09:7e:b8:00:d5:f1:84:f5:7b:0a:a1:08:6a:dd:
                    51:b3:c1:34:25:c4:87:e3:0b:8b:37:e6:47:60:fa:
                    38:0c:e5:00:bb:76:04:79:60:4c:bf:c8:29:3b:68:
                    b0:39:fa:a7:a9:d6:84:a2:a2:32:08:c9:d4:2d:2e:
                    94:9f:01:11:bc:b6:c7:f6:69:a9:a7:5b:28:bc:e2:
                    2b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:BE:93:8E:E2:4C:C1:CA:C7:71:F6:14:98:40:C2:45:90:E7:B5:2C
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/B05093E0548311EDAD75A47AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         72:21:ef:cd:7b:ed:3b:5e:8b:dc:63:06:10:1b:83:04:d6:d5:
         8a:b9:69:38:64:8d:aa:60:10:71:43:93:95:79:0d:3a:ab:ef:
         a8:09:80:c5:79:8e:7f:4e:f2:13:16:dc:1c:6c:10:a4:03:b7:
         36:ec:d9:13:1a:fd:fb:05:9f:cf:f0:fb:1b:ef:20:52:54:35:
         8f:84:ed:58:8f:f8:f7:60:ed:9f:45:46:60:96:cf:3f:3f:33:
         0a:93:06:c1:bf:1f:0d:66:b2:3f:14:09:c7:61:f6:cd:10:2a:
         d8:95:a4:d8:81:de:e8:18:80:ec:f4:d9:83:ef:6d:98:fb:bd:
         5a:20:d1:27:0c:c7:67:16:59:8e:16:b7:2b:bd:2a:ae:3d:c7:
         88:b8:b2:8c:bd:44:c7:55:d0:9b:72:4d:da:58:a1:ab:49:da:
         3f:d5:f1:b6:69:3a:9f:a6:56:19:91:f1:98:49:b9:2f:5c:fe:
         f6:ee:20:51:48:02:78:f0:2e:1b:cb:e7:b7:98:f2:26:b8:d4:
         b3:de:f6:27:dc:60:67:46:fb:3b:bb:e0:0f:74:7a:7d:4c:b6:
         d9:07:cd:0c:70:d3:64:3f:39:65:d7:9c:4b:fe:8c:5c:4a:fa:
         a8:21:78:cb:69:e5:a1:81:2c:f6:3b:6f:ca:ec:e6:10:1f:32:
         01:69:63:82
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICPRkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIxMDI2MDYwMDEwWhcNMjMwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzU4Y2NlYS1kN2JmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5saLb2xbMfLAGT/fICXVsjfbso1L4mjJ2ubwqkSLcF6Ggfj8T5vhmDjvyTwd
1MJw4x5dV42N9F74eAv7tZo639KKt5YiiMfLpUGE1OoqKEL0z5Vk2s/Pe3+FRpRS
4l7wx0Zj79oLdtEweC/4inTt9vAw7967UL6M/brS+X36+8kfrHVA6nn/urai2BBq
liJW2I5jylGuH/DsCY3cuY6A31xb8ePpwEj+tujMcqpmPOvxPg2hCX64ANXxhPV7
CqEIat1Rs8E0JcSH4wuLN+ZHYPo4DOUAu3YEeWBMv8gpO2iwOfqnqdaEoqIyCMnU
LS6UnwERvLbH9mmpp1sovOIrnwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFAu+k47i
TMHKx3H2FJhAwkWQ57UsMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvQjA1MDkzRTA1
NDgzMTFFREFENzVBNDdBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAciHvzXvtO16L3GMGEBuDBNbVirlpOGSNqmAQcUOTlXkNOqvvqAmAxXmO
f07yExbcHGwQpAO3NuzZExr9+wWfz/D7G+8gUlQ1j4TtWI/492Dtn0VGYJbPPz8z
CpMGwb8fDWayPxQJx2H2zRAq2JWk2IHe6BiA7PTZg+9tmPu9WiDRJwzHZxZZjha3
K70qrj3HiLiyjL1Ex1XQm3JN2lihq0naP9Xxtmk6n6ZWGZHxmEm5L1z+9u4gUUgC
ePAuG8vnt5jyJrjUs972J9xgZ0b7O7vgD3R6fUy22QfNDHDTZD85ZdecS/6MXEr6
qCF4y2nloYEs9jtvyuzmEB8yAWljgg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:50 2024 by rpki-client on console-ams.rpki-client.org