Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/C2210BF48F3011ECB867A584C4F9AE02.roa
File:                     C2210BF48F3011ECB867A584C4F9AE02.roa (raw, json)
Hash identifier:          dHK9lpOMSette7WbTS1O4OQWTNp9/a5XeUWf9mmJqH0=
Subject key identifier:   8C:96:21:1B:05:FB:38:28:4B:5E:FD:DC:91:E9:F9:C6:7B:71:31:85
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       36ED
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/C2210BF48F3011ECB867A584C4F9AE02.roa
Signing time:             Thu 17 Feb 2022 05:00:15 +0000
ROA not before:           Thu 17 Feb 2022 05:00:15 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14061 (0x36ed)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Feb 17 05:00:15 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=620dd65f-5d64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d2:5e:88:0a:f4:26:19:a6:40:fd:6f:7b:50:
                    aa:8d:e3:c1:fd:03:4f:59:a7:05:ea:89:8a:6b:c1:
                    2f:59:12:1b:cc:25:76:55:9c:b2:0a:fe:f8:93:7f:
                    bf:aa:99:88:e1:6b:7c:6d:1a:5e:9f:29:0e:73:fa:
                    6d:af:5b:e0:77:c1:01:a4:b8:4d:fc:ee:01:09:8b:
                    2f:79:3e:2e:e0:a0:8e:f7:35:b2:4d:f1:62:64:df:
                    69:66:e5:06:49:8c:74:3c:b6:da:9b:57:11:b8:b4:
                    68:f6:3d:28:65:64:2b:d5:75:41:16:5a:ac:7b:d6:
                    ef:18:6c:a5:62:c6:9a:e3:de:df:b6:f1:82:1a:27:
                    dd:21:66:94:1d:70:d5:a2:a6:ce:3b:53:84:56:84:
                    73:1e:29:de:9e:c9:bb:cb:2e:2c:76:09:e7:ca:f6:
                    84:7f:2e:75:5e:0f:58:98:6e:a5:c8:22:3e:89:89:
                    d5:5e:9f:d3:bc:7d:ae:05:81:18:53:61:49:30:56:
                    30:70:3a:90:0c:23:36:b0:c7:85:b7:a8:ea:e7:da:
                    13:bf:2a:08:90:8b:62:b1:de:89:ed:33:03:e8:18:
                    53:15:4c:0c:8f:f1:a4:6f:9f:68:ac:4e:1c:f0:21:
                    ea:9e:b3:4b:30:9c:07:5a:73:8b:c9:ea:75:5a:79:
                    3a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:96:21:1B:05:FB:38:28:4B:5E:FD:DC:91:E9:F9:C6:7B:71:31:85
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/C2210BF48F3011ECB867A584C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         45:5c:19:21:37:e7:31:f1:bb:1d:d2:fa:ea:18:6e:48:98:f8:
         28:8e:0a:bd:f0:8a:e9:da:fa:48:5e:da:e5:11:14:60:00:13:
         a8:e2:33:9b:24:39:16:1e:a5:9f:9c:55:67:c7:cb:a4:9a:c0:
         24:80:84:e7:24:9e:31:d4:51:4b:ed:a8:1d:4f:48:a8:d8:b6:
         a3:29:10:8a:e8:f5:dc:9c:1c:86:97:6e:b6:ea:07:5a:e8:69:
         d9:de:14:ea:08:a1:48:c6:8a:cc:ed:80:0a:39:07:63:76:9c:
         9b:13:56:c5:bb:ac:e4:44:85:2a:7b:54:d0:1b:d3:13:a1:b5:
         4b:5a:2b:55:52:26:cc:6a:10:3f:53:51:aa:6a:79:86:43:8f:
         0f:c8:86:9b:37:dc:cc:14:6e:d8:99:d7:1a:e3:98:93:ce:6c:
         19:78:5b:2d:76:3a:a1:81:2e:7e:cb:c6:b0:51:15:f8:58:71:
         21:8b:c6:d9:1c:2f:2d:d5:36:25:d6:d4:95:3a:d3:b4:1a:ec:
         16:49:70:54:0e:ce:9f:b3:34:86:b5:f2:65:d8:20:e0:5b:ed:
         6b:b4:b1:9e:a3:fa:48:c1:4e:54:b5:7f:dd:ae:5e:ac:cc:3d:
         b8:6e:53:e7:54:aa:b4:56:af:27:e6:91:0c:05:92:3b:64:c1:
         13:f9:30:2b
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICNu0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMjE3MDUwMDE1WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjBkZDY1Zi01ZDY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvNJeiAr0JhmmQP1ve1CqjePB/QNPWacF6omKa8EvWRIbzCV2VZyyCv74k3+/
qpmI4Wt8bRpenykOc/ptr1vgd8EBpLhN/O4BCYsveT4u4KCO9zWyTfFiZN9pZuUG
SYx0PLbam1cRuLRo9j0oZWQr1XVBFlqse9bvGGylYsaa497ftvGCGifdIWaUHXDV
oqbOO1OEVoRzHinensm7yy4sdgnnyvaEfy51Xg9YmG6lyCI+iYnVXp/TvH2uBYEY
U2FJMFYwcDqQDCM2sMeFt6jq59oTvyoIkItisd6J7TMD6BhTFUwMj/Gkb59orE4c
8CHqnrNLMJwHWnOLyep1Wnk6iQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFIyWIRsF
+zgoS1793JHp+cZ7cTGFMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvQzIyMTBCRjQ4
RjMwMTFFQ0I4NjdBNTg0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEARVwZITfnMfG7HdL66hhuSJj4KI4KvfCK6dr6SF7a5REUYAATqOIzmyQ5
Fh6ln5xVZ8fLpJrAJICE5ySeMdRRS+2oHU9IqNi2oykQiuj13JwchpdutuoHWuhp
2d4U6gihSMaKzO2ACjkHY3acmxNWxbus5ESFKntU0BvTE6G1S1orVVImzGoQP1NR
qmp5hkOPD8iGmzfczBRu2JnXGuOYk85sGXhbLXY6oYEufsvGsFEV+FhxIYvG2Rwv
LdU2JdbUlTrTtBrsFklwVA7On7M0hrXyZdgg4Fvta7SxnqP6SMFOVLV/3a5erMw9
uG5T51SqtFavJ+aRDAWSO2TBE/kwKw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org