Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/D6A522D0DB6211ECBF0EE529C4F9AE02.roa
File:                     D6A522D0DB6211ECBF0EE529C4F9AE02.roa (raw, json)
Hash identifier:          xaeHC0nmAFJboRQkvw0BoW7wAwe9tvYTPege69wHR9Y=
Subject key identifier:   F0:7F:DF:4C:6C:04:86:90:37:43:0F:EC:F4:81:95:77:71:52:1D:E2
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3AAF
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/D6A522D0DB6211ECBF0EE529C4F9AE02.roa
Signing time:             Wed 25 May 2022 01:10:09 +0000
ROA not before:           Wed 25 May 2022 01:10:09 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15023 (0x3aaf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: May 25 01:10:09 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=628d81f1-5efd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d6:ff:61:1a:cd:71:ed:9c:98:8c:5f:2c:e3:
                    ae:68:e1:36:b3:37:90:d9:7e:e0:6d:42:5f:42:ae:
                    8b:b6:39:96:25:e2:a4:c0:56:2d:c9:26:a3:bd:76:
                    46:ff:df:78:80:f1:74:4f:75:38:46:14:e5:25:ac:
                    0b:8f:e2:c7:67:c2:d7:88:06:81:85:a9:d6:72:76:
                    bf:07:32:e2:72:34:70:0a:81:fc:5f:3e:7e:a4:62:
                    d9:9d:d5:0b:4f:16:83:8e:cc:f8:de:92:8a:f9:33:
                    80:8f:60:c6:c6:08:43:ef:ee:c1:1a:59:d0:20:05:
                    1f:b3:f1:70:4b:06:0f:32:a6:52:9d:12:a6:44:65:
                    7b:42:94:1f:a5:21:1f:cf:5b:7d:02:f2:94:5e:7a:
                    28:cc:6f:ce:33:04:10:58:7c:1e:11:a3:d8:62:c7:
                    d3:a9:53:e4:3b:c2:65:40:ac:ed:ee:42:a4:cd:b8:
                    b8:e1:5d:3c:51:35:4a:5b:60:3a:c7:e4:bd:bb:d2:
                    57:64:5c:88:f4:c9:0a:2c:14:95:04:75:1e:a5:50:
                    ca:c7:dd:58:d9:d6:b7:73:84:93:63:ab:2c:33:c8:
                    91:98:70:07:38:66:c2:52:a0:9a:71:4c:57:7e:ae:
                    a1:62:6f:01:17:40:9d:aa:3c:0d:b7:33:a8:14:97:
                    31:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:7F:DF:4C:6C:04:86:90:37:43:0F:EC:F4:81:95:77:71:52:1D:E2
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/D6A522D0DB6211ECBF0EE529C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         02:b0:d3:36:65:8d:40:57:56:07:21:62:ec:fa:5b:dd:bb:4b:
         90:c9:c5:49:cc:a0:57:c5:b6:64:a7:f2:cc:43:72:d9:75:02:
         e8:b7:4c:d6:ba:d8:de:bd:0b:72:ae:6d:5d:54:7a:9c:db:6e:
         2a:cf:06:b9:90:7e:dd:04:b1:f9:45:44:7f:af:99:51:23:5c:
         e3:51:e3:1e:62:c9:01:cc:ac:6a:ab:55:33:41:b2:7a:8b:49:
         0a:75:98:e4:13:71:63:6b:4f:3d:a3:83:40:15:cd:00:98:83:
         40:12:ef:33:20:2a:f7:cc:3c:a1:61:4a:75:62:4e:14:03:f1:
         21:69:e7:2c:c6:f9:85:48:85:e6:50:ce:46:8a:38:07:71:cd:
         86:cc:92:e6:d5:1f:98:bf:10:30:01:a6:72:aa:1a:27:29:c5:
         11:46:75:a5:4f:56:e9:a3:70:24:ad:ce:e7:4f:6a:c7:8b:14:
         ec:dd:6d:92:1f:4f:a6:ce:af:44:b1:c8:32:64:3f:5f:df:09:
         97:07:2a:07:e4:06:34:50:fa:9f:b3:07:de:ea:32:a6:31:50:
         15:30:92:23:de:19:2d:93:30:b9:53:5d:43:a5:64:df:ec:ea:
         0b:3a:4e:21:cd:d3:f5:0f:69:9b:3f:48:e7:ce:e6:bc:04:5d:
         e3:59:07:1e
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICOq8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwNTI1MDExMDA5WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjhkODFmMS01ZWZkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwdb/YRrNce2cmIxfLOOuaOE2szeQ2X7gbUJfQq6LtjmWJeKkwFYtySajvXZG
/994gPF0T3U4RhTlJawLj+LHZ8LXiAaBhanWcna/BzLicjRwCoH8Xz5+pGLZndUL
TxaDjsz43pKK+TOAj2DGxghD7+7BGlnQIAUfs/FwSwYPMqZSnRKmRGV7QpQfpSEf
z1t9AvKUXnoozG/OMwQQWHweEaPYYsfTqVPkO8JlQKzt7kKkzbi44V08UTVKW2A6
x+S9u9JXZFyI9MkKLBSVBHUepVDKx91Y2da3c4STY6ssM8iRmHAHOGbCUqCacUxX
fq6hYm8BF0CdqjwNtzOoFJcxVwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFPB/30xs
BIaQN0MP7PSBlXdxUh3iMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvRDZBNTIyRDBE
QjYyMTFFQ0JGMEVFNTI5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAArDTNmWNQFdWByFi7Ppb3btLkMnFScygV8W2ZKfyzENy2XUC6LdM1rrY
3r0Lcq5tXVR6nNtuKs8GuZB+3QSx+UVEf6+ZUSNc41HjHmLJAcysaqtVM0GyeotJ
CnWY5BNxY2tPPaODQBXNAJiDQBLvMyAq98w8oWFKdWJOFAPxIWnnLMb5hUiF5lDO
Roo4B3HNhsyS5tUfmL8QMAGmcqoaJynFEUZ1pU9W6aNwJK3O509qx4sU7N1tkh9P
ps6vRLHIMmQ/X98JlwcqB+QGNFD6n7MH3uoypjFQFTCSI94ZLZMwuVNdQ6Vk3+zq
CzpOIc3T9Q9pmz9I587mvARd41kHHg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:52 2024 by rpki-client on console-ams.rpki-client.org