Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/E1702E04400D11EBAD0E821FC4F9AE02.roa
File:                     E1702E04400D11EBAD0E821FC4F9AE02.roa (raw, json)
Hash identifier:          TabDwe+MpbbT/1pEswn/HMTI7Pe5qVKBrlIysbEYFe0=
Subject key identifier:   42:86:C2:10:6A:D7:25:B2:4F:81:B7:4E:97:36:68:B9:10:B9:C5:0C
Certificate issuer:       /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial:       06DD
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/E1702E04400D11EBAD0E821FC4F9AE02.roa
Signing time:             Tue 12 Dec 2023 04:11:13 +0000
ROA not before:           Tue 12 Dec 2023 04:11:13 +0000
ROA not after:            Sun 31 Mar 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        202.139.236.0/22 maxlen: 24
                          202.139.252.0/24 maxlen: 24
                          202.139.254.0/23 maxlen: 23
                          202.148.147.0/24 maxlen: 24
                          203.27.226.0/23 maxlen: 24
                          203.147.248.0/23 maxlen: 23
                          210.247.144.0/20 maxlen: 24
                          210.247.238.0/23 maxlen: 23
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1757 (0x6dd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CB7AB
        Validity
            Not Before: Dec 12 04:11:13 2023 GMT
            Not After : Mar 31 00:00:00 2024 GMT
        Subject: CN=6577dd61-d3f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:be:ae:3b:c0:8d:7b:21:5f:41:9b:0a:78:9d:
                    39:99:11:a4:31:77:64:94:e0:a2:73:7c:0f:42:5f:
                    51:3e:77:7c:e4:ae:be:46:b3:bd:94:4e:98:96:2f:
                    27:4f:d0:3b:e0:67:0e:b4:2a:66:01:ed:86:f0:a4:
                    36:8a:a1:e1:81:3b:81:86:5a:7f:51:0c:24:ea:39:
                    b7:a0:f2:06:a4:23:47:1e:59:b6:8e:c6:6c:5e:42:
                    61:83:1e:ba:c5:4c:9f:73:56:23:58:1f:17:e4:ee:
                    8a:93:0a:ec:50:d0:3e:4b:8c:6a:b2:38:c4:16:cc:
                    b5:95:dd:e5:3b:25:e3:4a:3c:a1:fa:62:81:95:b3:
                    ec:2a:58:c8:a7:96:4b:d9:b9:4e:77:3a:30:e0:39:
                    a6:60:44:63:e0:4c:37:a4:07:11:70:f1:14:bb:b4:
                    fd:7f:4b:c8:b8:9e:42:8f:89:06:61:61:3d:36:3d:
                    33:d3:1d:fa:00:3d:c9:75:a1:ce:c5:79:ae:45:bf:
                    ac:76:dd:6b:d6:83:44:0a:69:7a:e4:fd:dd:2b:9b:
                    17:e6:8f:8a:10:c0:ed:27:3e:97:cd:5d:a3:50:cf:
                    84:95:a3:44:fc:47:88:ab:0f:85:f2:d4:2c:dc:8c:
                    1f:e7:e7:b7:93:f7:05:18:26:da:37:e4:55:58:a7:
                    76:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:86:C2:10:6A:D7:25:B2:4F:81:B7:4E:97:36:68:B9:10:B9:C5:0C
            X509v3 Authority Key Identifier:
                keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/E1702E04400D11EBAD0E821FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.139.236.0/22
                  202.139.252.0/24
                  202.139.254.0/23
                  202.148.147.0/24
                  203.27.226.0/23
                  203.147.248.0/23
                  210.247.144.0/20
                  210.247.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:e5:e2:4b:ca:c1:ea:19:71:2a:1b:69:34:f1:8f:d4:e2:4f:
         a4:23:39:a0:b8:e9:6e:f4:9a:e2:70:db:ea:7b:c9:17:3b:06:
         48:bd:13:30:fb:88:d1:e3:ca:9e:85:84:66:72:e5:62:15:a5:
         c6:16:2a:53:e5:fc:42:1b:9f:a7:4d:bd:b1:96:9c:65:3f:df:
         1e:d5:3b:62:4a:8d:ae:6c:83:f9:4f:c7:86:32:c6:71:38:1e:
         00:26:db:27:90:54:b9:de:18:84:62:d9:5f:8f:6d:29:4d:e3:
         a3:63:12:51:73:78:44:89:71:26:c8:00:e7:fa:e4:0e:1a:4d:
         ed:08:6e:c1:f4:2f:1e:e4:22:db:f9:22:69:16:7e:13:e2:2a:
         20:ef:1e:6d:d5:40:6d:98:48:5b:8e:6e:bf:f0:20:b6:47:bc:
         4b:67:08:cd:98:60:57:69:50:09:cb:0e:6a:84:75:f3:63:a2:
         29:97:02:37:63:0f:17:36:c2:ab:75:b4:83:64:3c:60:e7:bb:
         3c:d6:cb:08:59:d4:f7:e0:71:12:23:64:3e:a9:c6:4f:85:bb:
         07:05:2a:41:12:2f:b0:3d:f6:c9:cc:9d:d5:11:71:3e:f9:c1:
         1a:3f:a8:b1:30:1f:cf:4a:19:a6:f9:db:97:81:e7:e0:a4:01:
         3d:02:9a:02
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgICBt0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjMxMjEyMDQxMTEzWhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTc3ZGQ2MS1kM2Y4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAp76uO8CNeyFfQZsKeJ05mRGkMXdklOCic3wPQl9RPnd85K6+RrO9lE6Yli8n
T9A74GcOtCpmAe2G8KQ2iqHhgTuBhlp/UQwk6jm3oPIGpCNHHlm2jsZsXkJhgx66
xUyfc1YjWB8X5O6KkwrsUNA+S4xqsjjEFsy1ld3lOyXjSjyh+mKBlbPsKljIp5ZL
2blOdzow4DmmYERj4Ew3pAcRcPEUu7T9f0vIuJ5Cj4kGYWE9Nj0z0x36AD3JdaHO
xXmuRb+sdt1r1oNECml65P3dK5sX5o+KEMDtJz6XzV2jUM+ElaNE/EeIqw+F8tQs
3Iwf5+e3k/cFGCbaN+RVWKd22wIDAQABo4ICvzCCArswHQYDVR0OBBYEFEKGwhBq
1yWyT4G3Tpc2aLkQucUMMB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvRTE3MDJFMDQ0
MDBEMTFFQkFEMEU4MjFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSQYIKwYBBQUHAQcBAf8E
OjA4MDYEAgABMDADBALKi+wDBADKi/wDBAHKi/4DBADKlJMDBAHLG+IDBAHLk/gD
BATS95ADBAHS9+4wDQYJKoZIhvcNAQELBQADggEBAFnl4kvKweoZcSobaTTxj9Ti
T6QjOaC46W70muJw2+p7yRc7Bki9EzD7iNHjyp6FhGZy5WIVpcYWKlPl/EIbn6dN
vbGWnGU/3x7VO2JKja5sg/lPx4YyxnE4HgAm2yeQVLneGIRi2V+PbSlN46NjElFz
eESJcSbIAOf65A4aTe0IbsH0Lx7kItv5ImkWfhPiKiDvHm3VQG2YSFuObr/wILZH
vEtnCM2YYFdpUAnLDmqEdfNjoimXAjdjDxc2wqt1tINkPGDnuzzWywhZ1PfgcRIj
ZD6pxk+FuwcFKkESL7A99snMndURcT75wRo/qLEwH89KGab525eB5+CkAT0CmgI=
-----END CERTIFICATE-----