Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/CA9A9F10927C11EE97411A1AC4F9AE02.roa
File:                     CA9A9F10927C11EE97411A1AC4F9AE02.roa (raw, json)
Hash identifier:          L/6xupydmurIU4PQxzAraN1hgqwttkFttkRQlcUtQJg=
Subject key identifier:   C3:78:FC:EA:D9:F8:58:05:F0:7A:11:5E:AB:E3:EE:19:F9:CE:E9:A3
Certificate issuer:       /CN=A91B7C1A/serialNumber=F97E72027F72336455A36453FB29B1E45B5AED40
Certificate serial:       0D
Authority key identifier: F9:7E:72:02:7F:72:33:64:55:A3:64:53:FB:29:B1:E4:5B:5A:ED:40
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-X5yAn9yM2RVo2RT-ymx5Fta7UA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/CA9A9F10927C11EE97411A1AC4F9AE02.roa
Signing time:             Mon 04 Dec 2023 08:19:15 +0000
ROA not before:           Mon 04 Dec 2023 08:19:15 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     136593
IP address blocks:        103.99.178.0/23 maxlen: 23
                          103.99.179.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13 (0xd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B7C1A/serialNumber=F97E72027F72336455A36453FB29B1E45B5AED40
        Validity
            Not Before: Dec  4 08:19:15 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=656d8b83-af0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:62:80:19:96:d4:0c:28:48:02:2e:45:06:b5:
                    89:dc:e1:ec:bd:e1:23:b2:16:c5:cd:03:2b:53:08:
                    55:a8:95:5b:a4:98:04:96:20:d0:ac:42:f9:4d:b2:
                    e2:fd:2d:d5:19:9f:e6:e4:55:26:11:45:b9:55:de:
                    b1:2d:ed:5e:a3:c1:d0:10:4a:01:df:1c:ca:97:85:
                    d7:5a:ed:d3:7f:56:fb:70:70:09:d6:dc:49:a8:d5:
                    4d:15:b5:ac:c5:12:85:fe:0e:de:2c:0a:6b:6c:20:
                    51:aa:6b:9d:7c:74:6a:bb:4f:bb:e6:2f:2a:3e:c3:
                    97:f4:d0:b4:1d:e8:37:44:d9:78:d0:c1:00:19:7e:
                    2a:24:8e:0a:97:52:19:75:17:21:91:51:02:47:72:
                    c7:f0:3f:12:d3:f8:26:18:94:dd:2b:bc:36:c0:1c:
                    aa:c9:eb:53:6a:17:00:14:94:7c:72:a1:1b:a8:d3:
                    e1:f8:54:53:7c:67:fe:16:28:1a:4a:35:12:a7:62:
                    1f:88:a0:4a:56:21:da:16:3c:0e:50:55:98:15:79:
                    00:9a:16:af:21:79:2c:6b:e4:d4:a5:46:6a:91:56:
                    63:34:98:7b:4c:02:eb:c7:85:f0:d9:f7:76:5d:45:
                    40:1b:6a:e5:1b:13:00:b8:79:6c:02:72:57:a4:89:
                    e4:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:78:FC:EA:D9:F8:58:05:F0:7A:11:5E:AB:E3:EE:19:F9:CE:E9:A3
            X509v3 Authority Key Identifier:
                keyid:F9:7E:72:02:7F:72:33:64:55:A3:64:53:FB:29:B1:E4:5B:5A:ED:40

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/-X5yAn9yM2RVo2RT-ymx5Fta7UA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-X5yAn9yM2RVo2RT-ymx5Fta7UA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B7C1A/1A3C6F0E927711EEA3944E0CC4F9AE02/CA9A9F10927C11EE97411A1AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.99.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:c3:2f:b4:06:9d:cd:a4:50:b5:d0:b0:ff:ff:6a:49:ed:b1:
         4c:19:88:7f:8a:6c:5d:4b:27:6c:20:3f:42:ae:9d:3f:87:8d:
         45:09:c4:4f:e8:2f:5a:42:00:38:be:81:69:62:a1:6d:f0:1b:
         6e:e5:5b:aa:0c:6a:0b:26:91:02:a0:57:03:5c:43:78:7b:93:
         1c:1d:21:70:dd:e4:27:8b:08:65:42:d6:ea:fa:3b:d5:26:71:
         2b:4c:be:6c:76:55:06:d2:fb:0a:d3:07:80:55:b3:84:c7:95:
         37:23:34:15:fd:ee:7a:fa:12:05:65:ba:fa:21:27:86:d8:2e:
         23:9e:59:65:c9:de:08:e6:a1:94:20:ff:d9:8c:e0:a3:0b:c7:
         aa:e2:a7:7a:e8:f5:73:70:c6:03:ff:6e:ed:a0:a3:05:c6:3d:
         5c:68:f1:38:36:91:fc:2a:76:4a:fb:a9:3b:ec:28:ac:d6:4f:
         5f:ed:bc:b7:03:b8:4b:7a:d1:08:ba:5e:b6:b6:ba:40:bf:f5:
         e4:a1:af:e4:16:90:e3:60:68:2d:67:19:47:8f:f2:a2:f9:28:
         cd:97:38:65:1e:a0:97:eb:4f:3d:e1:f4:b0:72:e6:84:26:1f:
         b8:27:89:bc:9c:8d:9a:54:94:86:92:2c:27:2b:90:52:1f:73:
         6a:30:36:67
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBDTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
N0MxQTExMC8GA1UEBRMoRjk3RTcyMDI3RjcyMzM2NDU1QTM2NDUzRkIyOUIxRTQ1
QjVBRUQ0MDAeFw0yMzEyMDQwODE5MTVaFw0yNDEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1NmQ4YjgzLWFmMGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDUYoAZltQMKEgCLkUGtYnc4ey94SOyFsXNAytTCFWolVukmASWINCsQvlNsuL9
LdUZn+bkVSYRRblV3rEt7V6jwdAQSgHfHMqXhdda7dN/VvtwcAnW3Emo1U0VtazF
EoX+Dt4sCmtsIFGqa518dGq7T7vmLyo+w5f00LQd6DdE2XjQwQAZfiokjgqXUhl1
FyGRUQJHcsfwPxLT+CYYlN0rvDbAHKrJ61NqFwAUlHxyoRuo0+H4VFN8Z/4WKBpK
NRKnYh+IoEpWIdoWPA5QVZgVeQCaFq8heSxr5NSlRmqRVmM0mHtMAuvHhfDZ93Zd
RUAbauUbEwC4eWwCclekieRhAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUw3j86tn4
WAXwehFeq+PuGfnO6aMwHwYDVR0jBBgwFoAU+X5yAn9yM2RVo2RT+ymx5Fta7UAw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI3QzFBLzFBM0M2RjBFOTI3
NzExRUVBMzk0NEUwQ0M0RjlBRTAyLy1YNXlBbjl5TTJSVm8yUlQteW14NUZ0YTdV
QS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvLVg1eUFuOXlNMlJWbzJSVC15bXg1RnRhN1VBLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
N0MxQS8xQTNDNkYwRTkyNzcxMUVFQTM5NDRFMENDNEY5QUUwMi9DQTlBOUYxMDky
N0MxMUVFOTc0MTFBMUFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAWdjsjANBgkqhkiG9w0BAQsFAAOCAQEALMMvtAadzaRQtdCw
//9qSe2xTBmIf4psXUsnbCA/Qq6dP4eNRQnET+gvWkIAOL6BaWKhbfAbbuVbqgxq
CyaRAqBXA1xDeHuTHB0hcN3kJ4sIZULW6vo71SZxK0y+bHZVBtL7CtMHgFWzhMeV
NyM0Ff3uevoSBWW6+iEnhtguI55ZZcneCOahlCD/2YzgowvHquKneuj1c3DGA/9u
7aCjBcY9XGjxODaR/Cp2SvupO+worNZPX+28twO4S3rRCLpetra6QL/15KGv5BaQ
42BoLWcZR4/yovkozZc4ZR6gl+tPPeH0sHLmhCYfuCeJvJyNmlSUhpIsJyuQUh9z
ajA2Zw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:38 2024 by rpki-client on console-fra.rpki-client.org