Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/8067103ACACC11EEBCD3586AC4F9AE02.roa
File:                     8067103ACACC11EEBCD3586AC4F9AE02.roa (raw, json)
Hash identifier:          SM1IjCWmbiNDH3U7NCPFVbQvV8tGWaoGRV6v/8hc43M=
Subject key identifier:   CF:99:24:C8:D2:5E:1D:48:F3:5F:9D:10:3D:D3:4C:A5:0D:96:C6:7D
Certificate issuer:       /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial:       071D
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/8067103ACACC11EEBCD3586AC4F9AE02.roa
Signing time:             Wed 14 Feb 2024 00:03:37 +0000
ROA not before:           Wed 14 Feb 2024 00:03:37 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        202.139.236.0/22 maxlen: 24
                          202.139.252.0/24 maxlen: 24
                          202.148.147.0/24 maxlen: 24
                          203.27.226.0/23 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1821 (0x71d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CB7AB
        Validity
            Not Before: Feb 14 00:03:37 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65cc0359-1e94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bd:19:50:5e:f2:f0:16:9b:eb:42:23:81:a6:
                    c5:10:6a:2d:5d:f5:62:29:ea:26:02:ec:28:06:26:
                    eb:57:3d:78:f5:aa:0a:8d:e5:06:7e:40:03:02:c5:
                    49:c8:5f:a8:69:1c:19:0d:0a:e5:f0:76:41:fc:7c:
                    0b:e7:9f:d7:f0:b7:f4:5a:71:a6:95:db:3d:e5:38:
                    a5:3a:90:03:33:79:ae:7a:ba:25:5c:2e:ee:02:35:
                    65:76:eb:03:c7:04:6e:9e:e2:38:c0:de:df:14:ed:
                    f4:63:4f:b0:1f:da:4d:85:50:c6:cf:fc:ab:7b:b1:
                    d2:f1:e1:f6:04:b1:a6:33:69:e9:cd:5d:af:32:b3:
                    32:a8:9d:e2:e1:10:65:e6:fd:1f:62:7f:a0:2a:7f:
                    b8:56:2a:80:4f:e2:f9:0e:00:3e:2b:67:1b:c3:15:
                    0c:cb:c7:76:94:29:a0:63:4b:53:a4:09:c8:13:b2:
                    90:c1:e7:4e:2f:04:8d:1d:ac:e8:ac:07:67:3d:09:
                    fd:a4:94:f9:ae:93:76:df:2f:50:ef:3a:12:0a:8f:
                    51:a7:54:60:11:5f:68:5b:7f:46:7e:0b:75:88:79:
                    26:6b:61:de:26:8b:11:ef:59:4b:ef:75:98:c3:57:
                    ce:e4:69:f4:d1:b4:89:81:60:aa:bf:82:85:86:c3:
                    8b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:99:24:C8:D2:5E:1D:48:F3:5F:9D:10:3D:D3:4C:A5:0D:96:C6:7D
            X509v3 Authority Key Identifier:
                keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/8067103ACACC11EEBCD3586AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.139.236.0/22
                  202.139.252.0/24
                  202.148.147.0/24
                  203.27.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:92:11:37:8e:71:e2:15:f8:c8:33:ec:3d:09:f5:04:4d:5f:
         41:71:9e:45:3c:99:77:a4:f3:0e:ba:f4:fb:b2:33:f5:12:b6:
         7d:a5:48:69:6f:47:12:24:cf:1d:d2:8b:01:5e:73:a5:4c:71:
         c2:59:34:63:8e:af:9d:dd:d8:f7:0f:1c:ee:bf:8d:a1:28:9f:
         83:f1:46:c3:be:bf:44:2c:b7:0e:65:3b:ec:d3:96:48:89:7a:
         4c:6b:ca:81:64:77:85:af:cf:fe:1a:16:93:01:8b:f7:1d:7e:
         2e:22:fa:7e:76:ff:ae:e8:0e:2f:bd:2c:24:8e:a3:f9:2f:57:
         0d:b4:4a:72:5c:ab:b8:c5:47:86:96:5e:b5:d2:4c:94:2e:bb:
         69:24:f0:0e:c4:c1:86:9d:f0:7e:8e:6c:93:49:97:66:79:2f:
         81:4f:67:6d:b6:a6:c8:d3:51:22:15:78:c2:f6:7a:c1:5e:86:
         db:fe:0b:49:e5:af:02:86:83:b4:9d:ab:11:e1:82:0b:b7:03:
         46:a0:55:25:62:75:f0:09:43:74:3d:e2:67:74:92:44:88:43:
         b7:0a:87:09:87:67:3e:ab:ac:f2:65:24:ce:c1:f6:71:58:19:
         17:1f:8a:ed:ad:c3:63:62:7b:fc:01:45:7d:8a:18:23:55:33:
         99:78:09:38
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICBx0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjQwMjE0MDAwMzM3WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWNjMDM1OS0xZTk0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtb0ZUF7y8Bab60IjgabFEGotXfViKeomAuwoBibrVz149aoKjeUGfkADAsVJ
yF+oaRwZDQrl8HZB/HwL55/X8Lf0WnGmlds95TilOpADM3muerolXC7uAjVldusD
xwRunuI4wN7fFO30Y0+wH9pNhVDGz/yre7HS8eH2BLGmM2npzV2vMrMyqJ3i4RBl
5v0fYn+gKn+4ViqAT+L5DgA+K2cbwxUMy8d2lCmgY0tTpAnIE7KQwedOLwSNHazo
rAdnPQn9pJT5rpN23y9Q7zoSCo9Rp1RgEV9oW39Gfgt1iHkma2HeJosR71lL73WY
w1fO5Gn00bSJgWCqv4KFhsOL1wIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFM+ZJMjS
Xh1I81+dED3TTKUNlsZ9MB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvODA2NzEwM0FD
QUNDMTFFRUJDRDM1ODZBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBALKi+wDBADKi/wDBADKlJMDBAHLG+IwDQYJKoZIhvcNAQEL
BQADggEBAGOSETeOceIV+Mgz7D0J9QRNX0FxnkU8mXek8w669PuyM/UStn2lSGlv
RxIkzx3SiwFec6VMccJZNGOOr53d2PcPHO6/jaEon4PxRsO+v0Qstw5lO+zTlkiJ
ekxryoFkd4Wvz/4aFpMBi/cdfi4i+n52/67oDi+9LCSOo/kvVw20SnJcq7jFR4aW
XrXSTJQuu2kk8A7EwYad8H6ObJNJl2Z5L4FPZ222psjTUSIVeML2esFehtv+C0nl
rwKGg7SdqxHhggu3A0agVSVidfAJQ3Q94md0kkSIQ7cKhwmHZz6rrPJlJM7B9nFY
GRcfiu2tw2Nie/wBRX2KGCNVM5l4CTg=
-----END CERTIFICATE-----