Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B9128/86A79556485011ECBDD48E5DC4F9AE02/4BAFEC44485211ECA746075EC4F9AE02.roa
File:                     4BAFEC44485211ECA746075EC4F9AE02.roa (raw, json)
Hash identifier:          NQ1d17x+E2EHUN+8ZApOoopcWATDc5prH7e7YWHn17Q=
Subject key identifier:   9B:93:44:03:ED:EA:EE:48:09:D5:FC:41:FC:36:68:DD:9E:A4:54:78
Certificate issuer:       /CN=A91B9128/serialNumber=A6DB5ED7F50766D0795BF356BE5523063C60ACDC
Certificate serial:       02A3
Authority key identifier: A6:DB:5E:D7:F5:07:66:D0:79:5B:F3:56:BE:55:23:06:3C:60:AC:DC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ptte1_UHZtB5W_NWvlUjBjxgrNw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B9128/86A79556485011ECBDD48E5DC4F9AE02/4BAFEC44485211ECA746075EC4F9AE02.roa
Signing time:             Tue 13 Dec 2022 04:23:19 +0000
ROA not before:           Tue 13 Dec 2022 04:23:19 +0000
ROA not after:            Fri 01 Mar 2024 00:00:00 +0000
asID:                     149019
IP address blocks:        103.176.174.0/23 maxlen: 23
                          103.176.174.0/24 maxlen: 24
                          103.176.175.0/24 maxlen: 24
                          2001:df0:12c0::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 675 (0x2a3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B9128/serialNumber=A6DB5ED7F50766D0795BF356BE5523063C60ACDC
        Validity
            Not Before: Dec 13 04:23:19 2022 GMT
            Not After : Mar  1 00:00:00 2024 GMT
        Subject: CN=6397fe36-60cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:01:78:35:0d:0e:15:35:a8:62:aa:da:37:40:
                    2e:bf:a2:30:9c:91:74:e9:0a:b3:8c:af:ff:3e:c2:
                    40:75:32:d5:eb:a0:06:c3:24:72:71:65:82:9a:65:
                    34:67:be:e2:d6:9d:68:76:f9:39:c6:14:dc:51:35:
                    c3:12:a4:f9:91:96:d0:80:ed:a6:1d:02:48:3b:22:
                    d9:6f:56:ab:f5:9e:39:14:1d:fa:b4:3d:64:be:0d:
                    bd:e8:48:b6:64:82:c2:74:64:a0:2f:29:ea:ee:f7:
                    c3:2e:ee:2a:87:ee:b4:bb:38:d1:6c:96:45:6c:cc:
                    71:67:2d:9d:c7:a1:d5:1f:76:ed:c9:30:aa:e1:a8:
                    85:9b:e4:47:24:3d:a5:90:ff:a9:9e:46:64:56:17:
                    da:c3:73:da:0c:68:07:7c:b2:ee:2f:f5:1f:5f:68:
                    c4:16:fb:5d:31:ef:fe:ec:af:76:f3:95:42:58:5e:
                    62:bf:b5:ed:d8:7b:36:89:3f:0e:bb:cb:26:e9:46:
                    60:17:4e:68:65:31:60:17:19:36:fb:27:48:37:a2:
                    e4:34:41:6f:75:47:04:b8:46:10:81:b6:fc:a1:3e:
                    1c:bc:1e:b9:75:13:8c:a8:0b:9c:f4:68:4a:8a:c7:
                    cf:80:a4:d8:06:80:6d:61:52:62:63:54:1d:ce:ef:
                    68:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:93:44:03:ED:EA:EE:48:09:D5:FC:41:FC:36:68:DD:9E:A4:54:78
            X509v3 Authority Key Identifier:
                keyid:A6:DB:5E:D7:F5:07:66:D0:79:5B:F3:56:BE:55:23:06:3C:60:AC:DC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B9128/86A79556485011ECBDD48E5DC4F9AE02/ptte1_UHZtB5W_NWvlUjBjxgrNw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ptte1_UHZtB5W_NWvlUjBjxgrNw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B9128/86A79556485011ECBDD48E5DC4F9AE02/4BAFEC44485211ECA746075EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.176.174.0/23
                IPv6:
                  2001:df0:12c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:1a:cc:63:09:87:c4:ff:dc:ed:b0:1d:35:ff:41:83:c9:a4:
         b3:5b:0e:b3:1d:b0:7c:c2:d4:2c:0a:de:ed:4e:de:33:1f:94:
         ab:41:e8:c4:c6:49:bc:92:c7:16:d3:31:e6:a6:6f:6d:3e:2a:
         c9:c0:51:38:47:f7:a8:9b:8a:a3:66:76:f4:e0:24:0f:4b:e3:
         0b:8f:ab:ec:52:2e:f9:ec:0d:86:fb:df:f4:7b:7c:78:76:d9:
         cc:fd:b2:e2:86:2f:51:1c:5d:d6:b6:94:d4:e7:b1:91:64:b0:
         bc:47:d0:1f:26:80:76:d4:9e:b9:09:85:1a:3c:96:64:2e:51:
         60:2a:13:81:7d:92:3e:5e:81:c0:d9:85:3f:b5:88:45:6e:4b:
         07:9c:de:c3:33:3c:09:a5:49:62:fb:c7:5c:af:36:e2:af:8b:
         d7:47:a4:ad:5b:dc:7e:40:e0:aa:86:6e:f7:bd:73:a8:8b:d6:
         2c:2f:5e:ec:5b:28:61:9c:2c:f4:41:38:ac:95:2a:1c:65:ea:
         31:29:1f:41:56:6a:58:3d:3c:eb:3d:70:4f:a5:dd:58:a0:ac:
         9d:a0:69:06:34:2d:ec:24:ea:f2:50:e5:ec:47:0c:c3:42:2f:
         75:fa:b1:5b:06:42:9f:54:b5:98:c6:0c:af:a3:2f:64:29:14:
         ae:91:37:34
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAqMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjkxMjgxMTAvBgNVBAUTKEE2REI1RUQ3RjUwNzY2RDA3OTVCRjM1NkJFNTUyMzA2
M0M2MEFDREMwHhcNMjIxMjEzMDQyMzE5WhcNMjQwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Mzk3ZmUzNi02MGNjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAmAF4NQ0OFTWoYqraN0Auv6IwnJF06QqzjK//PsJAdTLV66AGwyRycWWCmmU0
Z77i1p1odvk5xhTcUTXDEqT5kZbQgO2mHQJIOyLZb1ar9Z45FB36tD1kvg296Ei2
ZILCdGSgLynq7vfDLu4qh+60uzjRbJZFbMxxZy2dx6HVH3btyTCq4aiFm+RHJD2l
kP+pnkZkVhfaw3PaDGgHfLLuL/UfX2jEFvtdMe/+7K9285VCWF5iv7Xt2Hs2iT8O
u8sm6UZgF05oZTFgFxk2+ydIN6LkNEFvdUcEuEYQgbb8oT4cvB65dROMqAuc9GhK
isfPgKTYBoBtYVJiY1Qdzu9owQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFJuTRAPt
6u5ICdX8Qfw2aN2epFR4MB8GA1UdIwQYMBaAFKbbXtf1B2bQeVvzVr5VIwY8YKzc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCOTEyOC84NkE3OTU1NjQ4
NTAxMUVDQkRENDhFNURDNEY5QUUwMi9wdHRlMV9VSFp0QjVXX05XdmxVakJqeGdy
TncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3B0dGUxX1VIWnRCNVdfTld2bFVqQmp4Z3JOdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjkxMjgvODZBNzk1NTY0ODUwMTFFQ0JERDQ4RTVEQzRGOUFFMDIvNEJBRkVDNDQ0
ODUyMTFFQ0E3NDYwNzVFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnsK4wDwQCAAIwCQMHACABDfASwDANBgkqhkiG9w0BAQsF
AAOCAQEAJxrMYwmHxP/c7bAdNf9Bg8mks1sOsx2wfMLULAre7U7eMx+Uq0HoxMZJ
vJLHFtMx5qZvbT4qycBROEf3qJuKo2Z29OAkD0vjC4+r7FIu+ewNhvvf9Ht8eHbZ
zP2y4oYvURxd1raU1OexkWSwvEfQHyaAdtSeuQmFGjyWZC5RYCoTgX2SPl6BwNmF
P7WIRW5LB5zewzM8CaVJYvvHXK824q+L10ekrVvcfkDgqoZu971zqIvWLC9e7Fso
YZws9EE4rJUqHGXqMSkfQVZqWD086z1wT6XdWKCsnaBpBjQt7CTq8lDl7EcMw0Iv
dfqxWwZCn1S1mMYMr6MvZCkUrpE3NA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:58 2024 by rpki-client on console-ams.rpki-client.org