Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/24A2453A928211EEA57D2073C4F9AE02.roa
File:                     24A2453A928211EEA57D2073C4F9AE02.roa (raw, json)
Hash identifier:          guVrzmd7piP+YU00WxYrfIFzO2F8orFQsSZlSzIO13c=
Subject key identifier:   90:91:B7:98:71:BA:5B:8F:08:53:F5:4E:68:6B:A4:54:0A:D6:B3:78
Certificate issuer:       /CN=A91B7C1A/serialNumber=F97E72027F72336455A36453FB29B1E45B5AED40
Certificate serial:       13
Authority key identifier: F9:7E:72:02:7F:72:33:64:55:A3:64:53:FB:29:B1:E4:5B:5A:ED:40
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-X5yAn9yM2RVo2RT-ymx5Fta7UA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/24A2453A928211EEA57D2073C4F9AE02.roa
Signing time:             Mon 04 Dec 2023 08:50:15 +0000
ROA not before:           Mon 04 Dec 2023 08:50:15 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     44901
IP address blocks:        103.79.118.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 19 (0x13)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B7C1A/serialNumber=F97E72027F72336455A36453FB29B1E45B5AED40
        Validity
            Not Before: Dec  4 08:50:15 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=656d92c7-8b86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c0:61:7b:6a:1a:22:ec:0b:3d:ed:2e:8b:88:
                    11:5d:8f:7f:bc:b2:d6:27:d0:23:32:e8:c3:b8:dd:
                    d2:30:3f:6e:79:31:89:26:5e:ca:df:c7:a7:be:29:
                    69:7c:af:14:c1:31:25:68:5b:01:a5:62:13:82:17:
                    a0:ed:65:ea:18:41:38:54:5c:a2:32:17:d6:b5:18:
                    10:ff:98:7d:c1:39:8e:45:2c:89:ce:56:0c:db:28:
                    62:47:f6:d8:4e:64:3b:02:ba:28:6b:c3:fe:17:98:
                    c1:3a:00:65:cc:9a:17:d6:24:dd:3e:73:cf:dc:12:
                    0f:b7:ce:db:93:f2:da:02:b9:c3:dd:7a:c6:24:a2:
                    ad:b6:5d:cc:67:1c:5c:76:82:fe:9a:44:2e:89:ed:
                    3a:54:ad:eb:c3:9f:95:f1:43:47:04:93:ee:ec:d0:
                    07:39:bc:d1:59:2d:fa:0e:24:81:dc:01:86:51:ba:
                    5a:f2:17:d5:07:34:ac:82:a6:14:74:fe:8b:60:36:
                    7f:d1:df:99:2a:b9:ba:22:3b:d3:4a:8b:34:e4:9d:
                    95:b4:d3:20:48:c5:35:d9:33:c1:ff:ab:2f:03:d7:
                    4c:21:17:67:3e:36:f0:3b:68:c6:d4:a4:d3:69:f8:
                    81:8f:d5:ae:2c:cb:95:da:4f:10:4f:23:7b:42:e0:
                    c1:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:91:B7:98:71:BA:5B:8F:08:53:F5:4E:68:6B:A4:54:0A:D6:B3:78
            X509v3 Authority Key Identifier:
                keyid:F9:7E:72:02:7F:72:33:64:55:A3:64:53:FB:29:B1:E4:5B:5A:ED:40

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/-X5yAn9yM2RVo2RT-ymx5Fta7UA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-X5yAn9yM2RVo2RT-ymx5Fta7UA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/24A2453A928211EEA57D2073C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.79.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:a2:62:14:ff:cd:00:17:bc:65:18:3c:5b:ca:3d:bc:ab:76:
         5e:5c:88:41:d9:8a:9f:98:08:e6:5c:b6:46:6e:53:95:22:03:
         90:8a:95:ac:c7:ad:81:aa:3d:c3:04:93:8e:c0:9c:a7:69:77:
         7f:83:2f:d9:75:f6:79:d3:68:5a:75:63:d8:bb:64:97:35:ed:
         b3:27:05:00:d5:f8:28:d4:cf:bd:65:c0:c0:49:5e:1c:94:25:
         bd:7b:18:22:7c:e8:57:72:a7:40:8d:9e:bc:73:3d:39:9b:6d:
         8c:20:e5:41:c2:19:56:4b:fd:d0:0a:2f:f1:3a:30:5f:3c:df:
         b1:52:35:08:dc:38:dd:c6:d1:9a:2e:60:3c:c4:59:4f:b7:ce:
         32:7e:4e:fb:a5:09:a1:16:08:0d:85:05:24:c2:7d:4b:d4:9e:
         db:b7:2c:c5:73:92:a8:0b:4f:e9:a3:ab:47:dd:2d:28:22:e7:
         49:ea:b2:cd:87:fa:c2:5e:51:2f:b8:5a:f0:2b:1a:46:e4:1a:
         d6:8b:f1:12:14:15:39:77:01:15:91:4d:55:0d:40:34:a2:b2:
         37:46:ae:27:53:ea:d1:68:f3:10:d7:04:c2:29:a1:2f:8a:d6:
         d9:8b:10:db:9a:4c:2c:cd:a1:18:53:05:a7:9d:e1:9b:77:00:
         0c:52:d9:fb
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBEzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
N0MxQTExMC8GA1UEBRMoRjk3RTcyMDI3RjcyMzM2NDU1QTM2NDUzRkIyOUIxRTQ1
QjVBRUQ0MDAeFw0yMzEyMDQwODUwMTVaFw0yNDEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1NmQ5MmM3LThiODYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDCwGF7ahoi7As97S6LiBFdj3+8stYn0CMy6MO43dIwP255MYkmXsrfx6e+KWl8
rxTBMSVoWwGlYhOCF6DtZeoYQThUXKIyF9a1GBD/mH3BOY5FLInOVgzbKGJH9thO
ZDsCuihrw/4XmME6AGXMmhfWJN0+c8/cEg+3ztuT8toCucPdesYkoq22XcxnHFx2
gv6aRC6J7TpUrevDn5XxQ0cEk+7s0Ac5vNFZLfoOJIHcAYZRulryF9UHNKyCphR0
/otgNn/R35kquboiO9NKizTknZW00yBIxTXZM8H/qy8D10whF2c+NvA7aMbUpNNp
+IGP1a4sy5XaTxBPI3tC4MG5AgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUkJG3mHG6
W48IU/VOaGukVArWs3gwHwYDVR0jBBgwFoAU+X5yAn9yM2RVo2RT+ymx5Fta7UAw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI3QzFBLzFBM0M2RjBFOTI3
NzExRUVBMzk0NEUwQ0M0RjlBRTAyLy1YNXlBbjl5TTJSVm8yUlQteW14NUZ0YTdV
QS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvLVg1eUFuOXlNMlJWbzJSVC15bXg1RnRhN1VBLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
N0MxQS8xQTNDNkYwRTkyNzcxMUVFQTM5NDRFMENDNEY5QUUwMi8yNEEyNDUzQTky
ODIxMUVFQTU3RDIwNzNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAGdPdjANBgkqhkiG9w0BAQsFAAOCAQEAJ6JiFP/NABe8ZRg8
W8o9vKt2XlyIQdmKn5gI5ly2Rm5TlSIDkIqVrMetgao9wwSTjsCcp2l3f4Mv2XX2
edNoWnVj2LtklzXtsycFANX4KNTPvWXAwEleHJQlvXsYInzoV3KnQI2evHM9OZtt
jCDlQcIZVkv90Aov8TowXzzfsVI1CNw43cbRmi5gPMRZT7fOMn5O+6UJoRYIDYUF
JMJ9S9Se27csxXOSqAtP6aOrR90tKCLnSeqyzYf6wl5RL7ha8CsaRuQa1ovxEhQV
OXcBFZFNVQ1ANKKyN0auJ1Pq0WjzENcEwimhL4rW2YsQ25pMLM2hGFMFp53hm3cA
DFLZ+w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:38 2024 by rpki-client on console-fra.rpki-client.org