Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/C9232FFCF18E11EC9FD19610C4F9AE02.roa
File:                     C9232FFCF18E11EC9FD19610C4F9AE02.roa (raw, json)
Hash identifier:          dUmMUP938NMcvt57awi0HIyJAWVNF/NFQbiIP6sL0EM=
Subject key identifier:   36:70:B7:63:63:A3:34:4E:BE:0C:9B:42:3E:D0:A6:E7:37:B2:27:9A
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3B62
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/C9232FFCF18E11EC9FD19610C4F9AE02.roa
Signing time:             Wed 22 Jun 2022 01:20:08 +0000
ROA not before:           Wed 22 Jun 2022 01:20:08 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15202 (0x3b62)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Jun 22 01:20:08 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=62b26e48-3559
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2f:a9:f2:5d:3e:b1:24:60:82:ca:15:45:5f:
                    4a:32:31:61:c7:a5:c8:99:0b:7e:04:c7:9d:f6:cd:
                    18:f2:eb:21:0f:57:b0:f0:31:8e:06:fd:0d:5c:ab:
                    15:89:bf:60:26:e0:d1:cd:1e:81:57:35:27:a5:2b:
                    83:df:52:19:27:46:c1:c8:30:40:50:9f:98:48:f4:
                    82:e0:11:f3:a5:9c:c2:28:15:5e:09:c1:14:4d:33:
                    4b:21:df:fd:4f:5f:26:d7:4e:e9:cd:45:b9:f5:72:
                    62:b1:e3:44:7b:83:f5:a4:72:c9:09:ce:33:c2:03:
                    d1:81:3b:79:53:b8:6e:9c:72:06:a7:8a:72:56:a7:
                    fc:91:4d:12:c0:c8:6f:e8:03:0c:05:81:c4:28:c6:
                    91:d4:fc:f9:dd:08:51:95:14:d7:16:a8:29:d8:77:
                    af:fe:18:48:8b:d8:e3:84:a4:ac:9c:69:da:ee:3d:
                    3b:66:87:04:d2:5d:6f:12:51:50:3e:f0:88:de:ec:
                    42:a7:b9:fe:e6:e0:f5:3c:e2:4f:af:4e:f5:f2:ff:
                    5d:11:a5:62:08:61:76:69:8e:b6:f0:fc:7c:9f:2a:
                    9a:d6:c9:ab:cb:79:b6:0d:ac:40:5b:69:42:24:a5:
                    db:a6:0c:86:b3:24:72:d6:90:2b:c0:be:aa:a7:04:
                    44:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:70:B7:63:63:A3:34:4E:BE:0C:9B:42:3E:D0:A6:E7:37:B2:27:9A
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/C9232FFCF18E11EC9FD19610C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         c4:92:65:1d:f0:4d:87:b7:40:42:6b:de:5d:03:68:f1:a4:cf:
         4b:b2:90:de:59:77:da:d5:04:f0:80:72:aa:bd:86:f2:50:d5:
         01:9d:42:29:1a:b2:23:c1:9d:3d:cc:e6:e3:04:78:6c:66:71:
         6f:cb:5b:0f:a2:7a:fa:18:14:5c:cf:46:fb:3e:99:6d:d8:2c:
         3b:e7:73:a4:e2:88:cb:2f:ba:1d:8b:ad:a1:cb:e5:89:7e:57:
         13:3b:03:e9:42:53:1e:e2:94:b4:8d:83:14:a1:e8:16:2d:66:
         66:e2:2f:8c:9f:e7:04:3d:ac:4b:b0:e8:38:c6:cc:66:59:87:
         26:67:a6:d3:18:18:5a:e2:67:93:38:e4:17:2b:9e:b4:cb:a7:
         95:e8:74:86:2f:2e:6c:42:d9:d7:b2:6c:15:d1:1f:a7:02:6b:
         2b:9f:46:8f:e1:b7:8c:da:1b:2d:e5:07:45:3a:55:88:6d:3c:
         8b:f4:9d:e5:29:73:33:d4:2d:88:dd:f9:52:22:9e:39:1f:68:
         6a:7a:9a:d7:cb:a0:54:5a:ae:b0:a5:92:47:fe:a4:ca:d4:b5:
         1d:03:6d:2a:46:17:80:13:12:93:99:85:2b:f6:6f:88:14:cd:
         79:7b:e4:6a:e1:dd:3a:a8:f2:6e:e9:58:ed:15:21:1c:89:94:
         bd:b1:59:c9
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICO2IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwNjIyMDEyMDA4WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmIyNmU0OC0zNTU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArS+p8l0+sSRggsoVRV9KMjFhx6XImQt+BMed9s0Y8ushD1ew8DGOBv0NXKsV
ib9gJuDRzR6BVzUnpSuD31IZJ0bByDBAUJ+YSPSC4BHzpZzCKBVeCcEUTTNLId/9
T18m107pzUW59XJiseNEe4P1pHLJCc4zwgPRgTt5U7hunHIGp4pyVqf8kU0SwMhv
6AMMBYHEKMaR1Pz53QhRlRTXFqgp2Hev/hhIi9jjhKSsnGna7j07ZocE0l1vElFQ
PvCI3uxCp7n+5uD1POJPr0718v9dEaViCGF2aY628Px8nyqa1smry3m2DaxAW2lC
JKXbpgyGsyRy1pArwL6qpwREFQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFDZwt2Nj
ozROvgybQj7Qpuc3sieaMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvQzkyMzJGRkNG
MThFMTFFQzlGRDE5NjEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAxJJlHfBNh7dAQmveXQNo8aTPS7KQ3ll32tUE8IByqr2G8lDVAZ1CKRqy
I8GdPczm4wR4bGZxb8tbD6J6+hgUXM9G+z6ZbdgsO+dzpOKIyy+6HYutocvliX5X
EzsD6UJTHuKUtI2DFKHoFi1mZuIvjJ/nBD2sS7DoOMbMZlmHJmem0xgYWuJnkzjk
FyuetMunleh0hi8ubELZ17JsFdEfpwJrK59Gj+G3jNobLeUHRTpViG08i/Sd5Slz
M9QtiN35UiKeOR9oanqa18ugVFqusKWSR/6kytS1HQNtKkYXgBMSk5mFK/ZviBTN
eXvkauHdOqjybulY7RUhHImUvbFZyQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:52 2024 by rpki-client on console-ams.rpki-client.org