Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/62A1E28EEFBF11ED8772146BC4F9AE02.roa
File:                     62A1E28EEFBF11ED8772146BC4F9AE02.roa (raw, json)
Hash identifier:          bhMpw8DPzmrxD5cjF8cnqIknFs6j/akxRQbskkEXbpo=
Subject key identifier:   BB:B9:3A:FB:D0:8D:9D:F4:04:7A:DE:4E:5C:C8:99:B0:9F:E3:C5:DC
Certificate issuer:       /CN=A91C6504/serialNumber=0E44D19B7C9589B2342D051EB094493748DEEB4F
Certificate serial:       05
Authority key identifier: 0E:44:D1:9B:7C:95:89:B2:34:2D:05:1E:B0:94:49:37:48:DE:EB:4F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DkTRm3yVibI0LQUesJRJN0je608.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/62A1E28EEFBF11ED8772146BC4F9AE02.roa
Signing time:             Thu 11 May 2023 05:47:59 +0000
ROA not before:           Thu 11 May 2023 05:47:59 +0000
ROA not after:            Tue 31 Oct 2023 00:00:00 +0000
asID:                     136993
IP address blocks:        103.69.152.0/22 maxlen: 24
                          180.149.236.0/24 maxlen: 24
                          180.149.237.0/24 maxlen: 24
                          180.149.238.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5 (0x5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C6504/serialNumber=0E44D19B7C9589B2342D051EB094493748DEEB4F
        Validity
            Not Before: May 11 05:47:59 2023 GMT
            Not After : Oct 31 00:00:00 2023 GMT
        Subject: CN=645c818f-99a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:22:92:bb:86:0a:1a:57:9f:a8:84:42:76:91:
                    e5:26:01:86:5b:24:7a:78:e8:f3:8c:2f:20:4b:fa:
                    b7:eb:25:ab:86:da:7c:af:8c:7f:d0:27:f0:84:44:
                    b7:13:b3:de:5e:7c:85:96:52:43:a8:7d:06:68:17:
                    d9:2d:23:d2:93:7c:68:ad:ca:6b:02:83:9e:3e:6d:
                    af:ab:5f:76:2a:a7:58:2a:33:b7:df:52:47:f3:83:
                    95:c7:96:62:ff:d0:05:a7:9b:e5:c9:27:5c:39:82:
                    9f:f5:c2:e4:79:dd:ce:31:77:f8:d4:64:b7:3c:68:
                    10:dd:fe:3b:58:cb:37:1b:a6:d8:d4:18:e5:f5:f4:
                    66:57:a3:e6:c6:cf:24:4d:38:60:07:18:7e:47:5d:
                    8d:fa:40:81:c6:53:97:a9:d4:ff:f8:29:73:a3:6a:
                    80:3f:e3:d1:44:e5:d3:27:1f:30:7b:05:95:3c:c5:
                    2b:6d:e2:3d:d3:d5:05:c8:e0:49:0f:32:5b:0c:4d:
                    07:01:2b:1a:38:ba:7b:c1:8c:eb:bf:fa:6e:33:7e:
                    d2:a5:ff:22:e0:89:f5:65:33:cc:ea:fa:fd:78:a3:
                    c7:9f:4b:9a:55:d3:55:b1:82:de:82:29:c6:5c:4f:
                    d2:b7:85:3a:f1:11:e0:af:9c:b3:47:a9:9f:c1:b2:
                    ff:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:B9:3A:FB:D0:8D:9D:F4:04:7A:DE:4E:5C:C8:99:B0:9F:E3:C5:DC
            X509v3 Authority Key Identifier:
                keyid:0E:44:D1:9B:7C:95:89:B2:34:2D:05:1E:B0:94:49:37:48:DE:EB:4F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/DkTRm3yVibI0LQUesJRJN0je608.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DkTRm3yVibI0LQUesJRJN0je608.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C6504/91E06E84EFA711ED9B27356EC4F9AE02/62A1E28EEFBF11ED8772146BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.69.152.0/22
                  180.149.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:11:d1:01:20:bb:fa:2f:45:8e:d3:d6:63:9d:20:33:3c:fe:
         e3:d7:9a:f9:3b:dc:b4:a1:60:33:78:2d:cd:1e:51:7f:64:61:
         71:3d:97:5b:34:f2:40:4e:8f:8a:4e:44:73:fd:2e:61:05:0f:
         fd:08:15:0e:22:2b:53:bd:ee:9a:8a:22:34:1e:65:39:c0:95:
         14:35:7f:3b:f0:00:dc:44:f2:83:d0:69:28:76:9d:14:66:e2:
         b3:67:3c:c8:2f:20:77:c8:a4:0b:8a:b8:6e:4c:6c:19:7e:7e:
         52:ef:66:eb:79:27:1a:0e:fc:a3:3e:da:81:dc:1b:3f:af:91:
         39:e8:d0:53:f7:63:8c:ac:7f:e1:77:d1:b6:73:5c:f8:c8:37:
         2f:0c:f7:e5:6d:12:7e:ab:c7:f4:58:1b:2b:c2:e7:7a:a2:f7:
         53:a6:e0:5c:d4:6e:4e:d4:d5:53:66:4d:0c:0d:4c:53:f9:99:
         22:d5:4f:56:8d:c7:d0:28:47:02:28:e6:86:0e:ac:81:14:53:
         7d:f3:21:28:75:fd:09:4c:b4:1a:25:7e:b1:2d:f8:81:fc:7b:
         9d:71:9c:45:9d:f7:f1:cb:52:0d:31:05:d6:75:f8:52:0a:3c:
         64:ae:e2:eb:2d:3c:e2:42:60:a5:f1:ca:f3:c9:d5:0e:af:4a:
         f6:9b:b3:e5
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBBTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
NjUwNDExMC8GA1UEBRMoMEU0NEQxOUI3Qzk1ODlCMjM0MkQwNTFFQjA5NDQ5Mzc0
OERFRUI0RjAeFw0yMzA1MTEwNTQ3NTlaFw0yMzEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0NWM4MThmLTk5YTYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDiIpK7hgoaV5+ohEJ2keUmAYZbJHp46POMLyBL+rfrJauG2nyvjH/QJ/CERLcT
s95efIWWUkOofQZoF9ktI9KTfGitymsCg54+ba+rX3Yqp1gqM7ffUkfzg5XHlmL/
0AWnm+XJJ1w5gp/1wuR53c4xd/jUZLc8aBDd/jtYyzcbptjUGOX19GZXo+bGzyRN
OGAHGH5HXY36QIHGU5ep1P/4KXOjaoA/49FE5dMnHzB7BZU8xStt4j3T1QXI4EkP
MlsMTQcBKxo4unvBjOu/+m4zftKl/yLgifVlM8zq+v14o8efS5pV01Wxgt6CKcZc
T9K3hTrxEeCvnLNHqZ/Bsv/FAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQUu7k6+9CN
nfQEet5OXMiZsJ/jxdwwHwYDVR0jBBgwFoAUDkTRm3yVibI0LQUesJRJN0je608w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUM2NTA0LzkxRTA2RTg0RUZB
NzExRUQ5QjI3MzU2RUM0RjlBRTAyL0RrVFJtM3lWaWJJMExRVWVzSlJKTjBqZTYw
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvRGtUUm0zeVZpYkkwTFFVZXNKUkpOMGplNjA4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
NjUwNC85MUUwNkU4NEVGQTcxMUVEOUIyNzM1NkVDNEY5QUUwMi82MkExRTI4RUVG
QkYxMUVEODc3MjE0NkJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAmdFmAMEArSV7DANBgkqhkiG9w0BAQsFAAOCAQEAVxHRASC7
+i9FjtPWY50gMzz+49ea+TvctKFgM3gtzR5Rf2RhcT2XWzTyQE6Pik5Ec/0uYQUP
/QgVDiIrU73umooiNB5lOcCVFDV/O/AA3ETyg9BpKHadFGbis2c8yC8gd8ikC4q4
bkxsGX5+Uu9m63knGg78oz7agdwbP6+ROejQU/djjKx/4XfRtnNc+Mg3Lwz35W0S
fqvH9FgbK8LneqL3U6bgXNRuTtTVU2ZNDA1MU/mZItVPVo3H0ChHAijmhg6sgRRT
ffMhKHX9CUy0GiV+sS34gfx7nXGcRZ338ctSDTEF1nX4Ugo8ZK7i6y084kJgpfHK
88nVDq9K9puz5Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:25 2024 by rpki-client on console-ams.rpki-client.org