Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/51850B6EC88E11EDBDAF752CC4F9AE02.roa
File:                     51850B6EC88E11EDBDAF752CC4F9AE02.roa (raw, json)
Hash identifier:          Gx28SAEZq33O0wjfnsKf6fdPM8t85AwO6pV2nbchshI=
Subject key identifier:   C3:5F:00:BE:9B:E2:E7:29:93:6C:91:EB:CB:ED:95:BF:6A:15:42:7F
Certificate issuer:       /CN=A91E4CF1/serialNumber=08BD1CC5AEDE7492B2F2257AA194DB08555AF6F2
Certificate serial:       0B8F
Authority key identifier: 08:BD:1C:C5:AE:DE:74:92:B2:F2:25:7A:A1:94:DB:08:55:5A:F6:F2
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CL0cxa7edJKy8iV6oZTbCFVa9vI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/51850B6EC88E11EDBDAF752CC4F9AE02.roa
Signing time:             Sun 08 Oct 2023 16:38:26 +0000
ROA not before:           Sun 08 Oct 2023 16:38:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     135438
IP address blocks:        103.111.12.0/24 maxlen: 24
                          103.111.13.0/24 maxlen: 24
                          2402:91c0::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2959 (0xb8f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E4CF1/serialNumber=08BD1CC5AEDE7492B2F2257AA194DB08555AF6F2
        Validity
            Not Before: Oct  8 16:38:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6522db02-d1a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:26:29:77:d9:b9:49:4f:7a:91:81:2e:12:aa:
                    30:66:ff:a1:01:f7:cb:bc:f6:b0:59:ac:04:0e:1d:
                    aa:57:25:82:4c:ae:bb:7e:83:12:6b:9c:72:91:45:
                    3e:31:e9:7e:2e:f1:83:85:2e:88:7a:95:fc:b7:de:
                    a0:f3:bb:d0:1d:3b:45:33:f0:bd:d7:5d:56:e0:d4:
                    ad:4f:cc:d2:9f:2f:67:89:a4:58:10:d4:a2:ab:a9:
                    5e:47:a2:2e:dc:09:5a:9a:29:37:7e:5f:8d:64:f2:
                    84:d6:8f:aa:0e:ba:76:29:fa:8c:83:0d:5c:52:54:
                    4d:72:3e:49:4d:ce:e5:0c:4f:79:94:8c:41:94:1f:
                    aa:07:ed:eb:5c:8b:09:66:0b:96:cb:f3:6f:2d:41:
                    41:30:29:7d:cf:fc:0e:90:43:1f:8d:5b:b9:56:0a:
                    c1:e6:f3:79:a1:ed:98:99:60:1e:1a:48:6d:96:ca:
                    7d:87:3d:52:ee:ae:50:16:63:29:9d:f6:a0:da:ce:
                    da:91:9b:aa:d9:b1:96:39:91:da:7d:3c:ef:85:f3:
                    48:38:fa:df:62:ce:bb:27:bd:93:b1:0f:4f:08:15:
                    09:56:f0:d1:74:a6:a8:14:bd:18:30:83:5b:ce:3d:
                    84:73:25:6b:66:26:e4:cf:4e:dd:d2:18:c9:b0:70:
                    b7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:5F:00:BE:9B:E2:E7:29:93:6C:91:EB:CB:ED:95:BF:6A:15:42:7F
            X509v3 Authority Key Identifier:
                keyid:08:BD:1C:C5:AE:DE:74:92:B2:F2:25:7A:A1:94:DB:08:55:5A:F6:F2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/CL0cxa7edJKy8iV6oZTbCFVa9vI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CL0cxa7edJKy8iV6oZTbCFVa9vI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/51850B6EC88E11EDBDAF752CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.111.12.0/23
                IPv6:
                  2402:91c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         2f:5c:db:81:6a:83:33:6f:27:42:7f:1b:6d:72:7c:67:1f:31:
         ab:f6:56:e1:1a:60:5c:c9:11:84:e6:84:b9:85:6c:cb:1c:06:
         3b:74:9e:c7:2b:6f:b3:d3:30:44:b2:fe:5b:28:36:b0:58:06:
         ae:51:65:8f:84:1f:b4:fe:0f:60:6e:71:5d:54:cf:c2:4b:9d:
         22:75:c4:5d:4b:ca:f5:20:31:09:61:8e:04:9a:57:3c:64:b9:
         7d:f8:37:6c:39:58:c8:3e:0f:78:ab:18:f1:a9:88:d8:ea:08:
         ca:89:72:2d:87:f7:2f:f7:07:e9:38:e4:ea:3f:c8:b4:6c:2f:
         de:4f:07:7f:a9:41:dc:81:cd:a5:72:c3:98:f6:57:7c:6d:f8:
         1c:3e:d7:03:69:72:a4:e4:75:87:87:98:0d:d3:20:11:ff:19:
         be:7b:3d:25:4d:90:cb:3a:60:ce:5a:62:00:5c:4d:d5:30:0c:
         a2:65:55:f1:64:92:93:cc:08:e9:cf:d0:6c:c3:4d:3e:20:90:
         37:99:98:ac:7b:83:ad:27:c6:21:83:43:99:b0:49:93:2d:52:
         a9:0b:6d:e2:57:46:9c:69:fa:ea:98:9f:67:5f:1a:0e:ad:a5:
         7d:2f:61:12:42:23:81:4c:4d:b2:47:2b:5e:06:d6:44:62:7d:
         0a:7f:39:86
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICC48wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTRDRjExMTAvBgNVBAUTKDA4QkQxQ0M1QUVERTc0OTJCMkYyMjU3QUExOTREQjA4
NTU1QUY2RjIwHhcNMjMxMDA4MTYzODI2WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTIyZGIwMi1kMWE2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoCYpd9m5SU96kYEuEqowZv+hAffLvPawWawEDh2qVyWCTK67foMSa5xykUU+
Mel+LvGDhS6IepX8t96g87vQHTtFM/C9111W4NStT8zSny9niaRYENSiq6leR6Iu
3Alamik3fl+NZPKE1o+qDrp2KfqMgw1cUlRNcj5JTc7lDE95lIxBlB+qB+3rXIsJ
ZguWy/NvLUFBMCl9z/wOkEMfjVu5VgrB5vN5oe2YmWAeGkhtlsp9hz1S7q5QFmMp
nfag2s7akZuq2bGWOZHafTzvhfNIOPrfYs67J72TsQ9PCBUJVvDRdKaoFL0YMINb
zj2EcyVrZibkz07d0hjJsHC34QIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFMNfAL6b
4ucpk2yR68vtlb9qFUJ/MB8GA1UdIwQYMBaAFAi9HMWu3nSSsvIleqGU2whVWvby
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNENGMS9BRDkwNDZGRTA1
ODYxMUVBOTJFNTY1NTJDNEY5QUUwMi9DTDBjeGE3ZWRKS3k4aVY2b1pUYkNGVmE5
dkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0NMMGN4YTdlZEpLeThpVjZvWlRiQ0ZWYTl2SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTRDRjEvQUQ5MDQ2RkUwNTg2MTFFQTkyRTU2NTUyQzRGOUFFMDIvNTE4NTBCNkVD
ODhFMTFFREJEQUY3NTJDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAFnbwwwDQQCAAIwBwMFACQCkcAwDQYJKoZIhvcNAQELBQAD
ggEBAC9c24FqgzNvJ0J/G21yfGcfMav2VuEaYFzJEYTmhLmFbMscBjt0nscrb7PT
MESy/lsoNrBYBq5RZY+EH7T+D2BucV1Uz8JLnSJ1xF1LyvUgMQlhjgSaVzxkuX34
N2w5WMg+D3irGPGpiNjqCMqJci2H9y/3B+k45Oo/yLRsL95PB3+pQdyBzaVyw5j2
V3xt+Bw+1wNpcqTkdYeHmA3TIBH/Gb57PSVNkMs6YM5aYgBcTdUwDKJlVfFkkpPM
COnP0GzDTT4gkDeZmKx7g60nxiGDQ5mwSZMtUqkLbeJXRpxp+uqYn2dfGg6tpX0v
YRJCI4FMTbJHK14G1kRifQp/OYY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:44 2024 by rpki-client on console-fra.rpki-client.org