Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/FFAE96E2971111EC922E4A1CC4F9AE02.roa
File:                     FFAE96E2971111EC922E4A1CC4F9AE02.roa (raw, json)
Hash identifier:          epDaWotk/2aMn30i47bW8PQVyuMRUWv4bAm479XRtiM=
Subject key identifier:   33:05:24:DE:C4:DF:81:46:A3:12:E2:DD:64:46:0A:CA:06:10:B7:C6
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       375F
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/FFAE96E2971111EC922E4A1CC4F9AE02.roa
Signing time:             Sun 27 Feb 2022 05:00:09 +0000
ROA not before:           Sun 27 Feb 2022 05:00:09 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14175 (0x375f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Feb 27 05:00:09 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=621b0559-7e68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a7:c8:62:90:dd:f0:b1:3e:f6:1f:ca:08:3f:
                    46:45:76:a9:cb:c9:fd:5a:af:88:60:eb:16:fb:4a:
                    0e:69:fe:92:71:e9:c2:e0:83:a9:cd:8d:fd:8f:a4:
                    b3:bc:94:bf:4a:c2:79:c4:ef:08:18:a3:45:a8:32:
                    3e:d4:5a:13:cb:67:50:5d:0a:de:90:80:9c:0e:2f:
                    65:f0:17:f8:d2:40:72:86:79:a4:b1:a1:bd:e3:15:
                    67:1d:14:b3:90:03:28:b9:e6:23:e0:c3:72:e6:48:
                    da:da:d7:92:95:e2:de:fb:10:b6:5e:b1:8e:6e:10:
                    2d:6d:d0:c8:5f:c7:0b:d5:6f:6f:a3:1d:37:27:14:
                    8e:7d:85:c6:d7:dc:e6:ee:4a:8a:22:ad:9c:72:de:
                    de:6c:4e:4a:1b:b8:55:d8:dd:31:78:db:92:b2:b8:
                    e3:a4:d3:0a:33:66:12:39:52:a3:6c:ce:ad:fd:f9:
                    f7:d2:2c:ae:31:3d:3f:a8:b9:c2:d8:3a:c2:c3:f9:
                    27:a7:f0:89:b8:45:f1:fb:b4:89:82:0a:28:86:11:
                    bf:69:0c:b3:33:77:97:69:7b:26:c2:15:3f:55:f8:
                    c9:b3:ee:6a:13:4a:1f:24:51:81:13:1d:d1:87:a0:
                    1c:7b:f8:60:c1:36:64:e7:1f:91:49:6b:63:3f:c8:
                    2c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:05:24:DE:C4:DF:81:46:A3:12:E2:DD:64:46:0A:CA:06:10:B7:C6
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/FFAE96E2971111EC922E4A1CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         8f:8c:84:09:6c:1c:7c:4e:6f:9a:01:d8:86:3f:fe:06:30:b6:
         81:5f:1c:95:2a:f7:14:04:4f:8e:ee:2a:c9:99:75:6a:6b:0c:
         a2:a0:2f:96:ea:8f:7c:dd:db:ed:79:16:e5:05:09:6c:71:59:
         ee:bb:77:2f:df:54:33:11:d7:56:d8:ad:ce:92:8b:24:64:14:
         79:1e:b8:1f:6f:8b:4e:67:21:4d:22:2b:f0:bc:42:0d:2d:32:
         86:f4:06:06:87:77:d7:25:35:0c:a3:ea:94:24:9a:ff:b3:90:
         c0:82:68:c4:89:0c:43:89:c3:e4:1f:3c:ac:34:74:8a:68:38:
         8c:82:d7:99:ea:72:c4:c5:ad:4c:1f:ed:5b:c8:31:5b:1c:23:
         56:f5:69:87:d6:06:02:8b:4f:c3:a3:3a:e1:41:2c:b1:b8:10:
         b7:7f:21:cf:37:4b:09:07:95:68:df:75:fa:62:d5:7c:07:94:
         26:f6:7f:58:66:87:d1:fd:6f:23:34:94:86:74:df:5b:4e:af:
         ba:60:bd:27:02:91:c6:9d:21:86:3b:f3:1b:85:bb:70:c6:44:
         8e:87:7f:a0:af:d9:77:88:97:53:fb:c2:80:af:8f:04:10:20:
         c3:d1:5a:b3:5e:b0:b6:03:67:09:f4:dc:c0:ac:6e:b4:96:ea:
         5f:31:4d:1c
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICN18wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMjI3MDUwMDA5WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjFiMDU1OS03ZTY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1KfIYpDd8LE+9h/KCD9GRXapy8n9Wq+IYOsW+0oOaf6ScenC4IOpzY39j6Sz
vJS/SsJ5xO8IGKNFqDI+1FoTy2dQXQrekICcDi9l8Bf40kByhnmksaG94xVnHRSz
kAMoueYj4MNy5kja2teSleLe+xC2XrGObhAtbdDIX8cL1W9vox03JxSOfYXG19zm
7kqKIq2cct7ebE5KG7hV2N0xeNuSsrjjpNMKM2YSOVKjbM6t/fn30iyuMT0/qLnC
2DrCw/knp/CJuEXx+7SJggoohhG/aQyzM3eXaXsmwhU/VfjJs+5qE0ofJFGBEx3R
h6Ace/hgwTZk5x+RSWtjP8gsZwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFDMFJN7E
34FGoxLi3WRGCsoGELfGMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvRkZBRTk2RTI5
NzExMTFFQzkyMkU0QTFDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAj4yECWwcfE5vmgHYhj/+BjC2gV8clSr3FARPju4qyZl1amsMoqAvluqP
fN3b7XkW5QUJbHFZ7rt3L99UMxHXVtitzpKLJGQUeR64H2+LTmchTSIr8LxCDS0y
hvQGBod31yU1DKPqlCSa/7OQwIJoxIkMQ4nD5B88rDR0img4jILXmepyxMWtTB/t
W8gxWxwjVvVph9YGAotPw6M64UEssbgQt38hzzdLCQeVaN91+mLVfAeUJvZ/WGaH
0f1vIzSUhnTfW06vumC9JwKRxp0hhjvzG4W7cMZEjod/oK/Zd4iXU/vCgK+PBBAg
w9Fas16wtgNnCfTcwKxutJbqXzFNHA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org