Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/BCD83B9AA60511ECA176BB28C4F9AE02.roa
File:                     BCD83B9AA60511ECA176BB28C4F9AE02.roa (raw, json)
Hash identifier:          58/j1Noh5NNJa3UXyahbIHVvYhRPwzwwnAS4p8QlT7M=
Subject key identifier:   8E:D1:AB:5D:26:E5:31:20:3E:41:A7:48:40:BC:A9:7B:58:6D:C6:7A
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3849
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/BCD83B9AA60511ECA176BB28C4F9AE02.roa
Signing time:             Fri 01 Apr 2022 12:20:10 +0000
ROA not before:           Fri 01 Apr 2022 12:20:10 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14409 (0x3849)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Apr  1 12:20:10 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=6246edf9-40f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d4:48:2d:19:74:23:e9:f1:8c:2c:2c:1e:52:
                    a9:01:3d:7e:d7:2a:28:e6:fc:75:06:9e:0c:12:ee:
                    ac:49:86:a3:20:dd:19:06:ae:31:90:e5:04:df:f0:
                    d5:d6:d4:a4:bf:65:5d:9b:da:d3:2d:07:5d:ff:43:
                    56:2a:87:d1:34:7d:27:1f:7f:1c:f2:23:d2:d1:07:
                    5f:98:e8:f2:f4:4b:d6:29:b3:9a:22:8a:80:b4:05:
                    54:44:9e:98:b6:df:bd:b2:8e:1f:9d:d1:e0:bb:7c:
                    db:e6:be:4c:f0:75:ab:b3:6e:a4:49:86:42:d6:17:
                    cb:28:40:47:c9:ca:ec:2f:7a:af:15:23:82:f8:3f:
                    e9:3c:f1:b2:0f:a9:07:b3:5e:a5:92:37:02:5a:81:
                    61:80:4b:9f:c4:bb:85:d2:4d:b2:bd:76:30:0b:5b:
                    4b:ac:e6:f3:8d:ad:7d:92:35:e2:ec:12:3e:78:cf:
                    94:54:f4:6a:e2:d6:4b:47:68:fb:3b:e2:f2:3f:8e:
                    7b:1b:24:9d:66:f6:ee:09:8c:70:2a:45:c8:51:62:
                    cc:c9:26:75:24:c9:63:b4:63:33:7a:03:a1:20:fc:
                    bf:1e:23:07:18:03:f6:60:93:21:b2:ee:60:7a:df:
                    fa:c1:ac:ad:f4:a7:4d:e4:4d:e7:c0:60:02:96:0f:
                    f8:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:D1:AB:5D:26:E5:31:20:3E:41:A7:48:40:BC:A9:7B:58:6D:C6:7A
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/BCD83B9AA60511ECA176BB28C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         76:03:c0:d3:f6:21:c3:23:04:46:45:d6:88:16:db:06:6e:39:
         0d:ac:61:37:37:f8:c9:80:56:8e:5b:92:aa:c0:43:99:63:f0:
         4a:89:85:e2:c1:97:63:6c:ed:95:62:37:6e:5f:14:d8:4e:90:
         a1:d3:0d:8c:bc:21:74:8b:8b:d4:93:74:c8:f6:3b:08:30:db:
         3f:ab:88:b2:bf:ea:c1:f1:c7:84:ca:7f:33:00:a8:bb:83:21:
         10:6c:e8:60:23:5b:54:86:22:02:88:df:2f:18:71:13:54:78:
         0d:fb:da:7f:c0:e8:f6:29:bd:51:b9:0c:63:26:2d:05:67:50:
         77:7a:1f:ee:21:95:0c:84:6b:6c:14:45:07:67:4b:76:d4:74:
         95:c0:cf:55:06:3a:4a:a3:c5:b6:94:09:90:8c:4d:33:fe:14:
         e2:08:da:20:b2:f9:ef:44:ef:1d:8e:82:48:cf:91:ca:ec:69:
         34:c2:53:63:9f:b5:08:77:4c:28:ac:57:9a:25:4e:2d:c5:78:
         b2:56:83:47:ad:bd:55:dc:f6:e6:f3:14:14:2e:64:1c:9a:74:
         c8:95:25:d6:3b:b3:aa:bb:e1:f3:0b:51:4d:23:96:cc:34:00:
         3d:e0:81:2f:69:07:f3:35:a4:5b:bf:87:b6:d2:7b:43:b3:a8:
         4e:9e:45:b2
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICOEkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwNDAxMTIyMDEwWhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjQ2ZWRmOS00MGY5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAttRILRl0I+nxjCwsHlKpAT1+1yoo5vx1Bp4MEu6sSYajIN0ZBq4xkOUE3/DV
1tSkv2Vdm9rTLQdd/0NWKofRNH0nH38c8iPS0QdfmOjy9EvWKbOaIoqAtAVURJ6Y
tt+9so4fndHgu3zb5r5M8HWrs26kSYZC1hfLKEBHycrsL3qvFSOC+D/pPPGyD6kH
s16lkjcCWoFhgEufxLuF0k2yvXYwC1tLrObzja19kjXi7BI+eM+UVPRq4tZLR2j7
O+LyP457GySdZvbuCYxwKkXIUWLMySZ1JMljtGMzegOhIPy/HiMHGAP2YJMhsu5g
et/6wayt9KdN5E3nwGAClg/4yQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFI7Rq10m
5TEgPkGnSEC8qXtYbcZ6MB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvQkNEODNCOUFB
NjA1MTFFQ0ExNzZCQjI4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAdgPA0/YhwyMERkXWiBbbBm45DaxhNzf4yYBWjluSqsBDmWPwSomF4sGX
Y2ztlWI3bl8U2E6QodMNjLwhdIuL1JN0yPY7CDDbP6uIsr/qwfHHhMp/MwCou4Mh
EGzoYCNbVIYiAojfLxhxE1R4Dfvaf8Do9im9UbkMYyYtBWdQd3of7iGVDIRrbBRF
B2dLdtR0lcDPVQY6SqPFtpQJkIxNM/4U4gjaILL570TvHY6CSM+RyuxpNMJTY5+1
CHdMKKxXmiVOLcV4slaDR629Vdz25vMUFC5kHJp0yJUl1juzqrvh8wtRTSOWzDQA
PeCBL2kH8zWkW7+HttJ7Q7OoTp5Fsg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:52 2024 by rpki-client on console-ams.rpki-client.org