Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/DC229788CE0511ED868B4E20C4F9AE02.roa
File:                     DC229788CE0511ED868B4E20C4F9AE02.roa (raw, json)
Hash identifier:          ipkTMnOKLb5lPuDw1i+Xf0udlOG9vUAmTCThruK9oPw=
Subject key identifier:   FC:B4:23:DA:F3:19:DA:F5:84:88:C0:C0:F0:2C:FD:EE:C2:93:E1:71
Certificate issuer:       /CN=A91E4CF1/serialNumber=08BD1CC5AEDE7492B2F2257AA194DB08555AF6F2
Certificate serial:       0B39
Authority key identifier: 08:BD:1C:C5:AE:DE:74:92:B2:F2:25:7A:A1:94:DB:08:55:5A:F6:F2
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CL0cxa7edJKy8iV6oZTbCFVa9vI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/DC229788CE0511ED868B4E20C4F9AE02.roa
Signing time:             Thu 08 Jun 2023 20:30:23 +0000
ROA not before:           Thu 08 Jun 2023 20:30:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     137526
IP address blocks:        103.111.12.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2873 (0xb39)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E4CF1/serialNumber=08BD1CC5AEDE7492B2F2257AA194DB08555AF6F2
        Validity
            Not Before: Jun  8 20:30:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=64823a5f-1656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f0:2f:67:fe:c4:a1:c0:ad:6d:04:af:12:7e:
                    f6:5a:a3:36:66:0e:3c:c2:d3:5a:a8:eb:0d:de:0a:
                    e0:1c:40:a4:6f:84:3c:8f:dd:a1:11:b0:a7:3e:22:
                    47:9f:4e:c1:79:b7:6e:4e:8c:fa:db:28:5c:cb:99:
                    1a:38:e0:ac:a3:ba:4f:c3:e0:77:bd:c8:92:ba:e9:
                    8b:d6:f3:74:1f:e8:be:ea:8f:1f:c6:e9:4c:60:ab:
                    29:7f:7b:52:e3:7d:43:de:e9:46:ae:f2:72:14:e4:
                    25:e1:23:08:c7:f3:c3:c8:d9:b8:2b:ca:2f:a5:b8:
                    8f:fd:86:ea:e4:65:6e:4a:c6:b8:7a:c6:c2:d5:97:
                    a4:f5:5a:56:e7:95:38:86:26:c5:18:a7:de:53:03:
                    22:cd:e6:eb:f8:a7:7b:77:b5:aa:a0:0f:53:ca:42:
                    d1:27:83:3f:e4:c8:c5:4b:82:49:e4:4e:c6:df:10:
                    7f:95:e1:72:a4:e8:0a:02:9f:9a:5a:f8:c8:cf:32:
                    5a:72:a7:11:9a:60:72:5f:f7:f7:04:20:f3:64:ca:
                    30:b2:5f:16:2d:34:9a:75:81:3a:d7:2d:91:0b:f1:
                    50:fb:29:37:6f:52:9b:92:c8:d8:7a:19:0d:01:42:
                    07:8d:9c:a2:58:b1:1c:17:6d:8a:bd:d6:44:14:fa:
                    96:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:B4:23:DA:F3:19:DA:F5:84:88:C0:C0:F0:2C:FD:EE:C2:93:E1:71
            X509v3 Authority Key Identifier:
                keyid:08:BD:1C:C5:AE:DE:74:92:B2:F2:25:7A:A1:94:DB:08:55:5A:F6:F2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/CL0cxa7edJKy8iV6oZTbCFVa9vI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CL0cxa7edJKy8iV6oZTbCFVa9vI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E4CF1/AD9046FE058611EA92E56552C4F9AE02/DC229788CE0511ED868B4E20C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.111.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:d0:bf:b3:ca:4f:07:3d:fc:10:e2:1c:60:f9:f0:31:27:75:
         c9:29:ed:b3:ac:aa:f7:93:99:ab:4e:2b:8c:27:44:a8:eb:47:
         82:b6:b6:c7:d6:87:09:af:18:4c:6c:0d:47:d5:09:04:9f:79:
         c2:15:d9:5c:42:27:68:2c:79:0a:db:5c:fd:8e:58:f8:14:c6:
         25:39:53:f7:3f:00:7a:8c:47:b6:c3:4e:2a:73:9a:a7:4a:1b:
         2d:40:f7:15:1c:33:ea:5c:12:fb:dc:2b:11:ea:9b:a4:b9:a1:
         f8:77:c8:5f:60:c4:ea:14:34:32:51:32:72:e3:dd:de:1f:90:
         31:d1:e0:c2:6d:27:d2:3e:cc:5f:52:10:3e:09:00:a3:10:8b:
         61:62:33:d5:40:42:6e:23:ef:ff:8f:cb:02:c2:cc:0c:39:18:
         10:a4:4c:05:e0:52:28:55:8b:37:3b:0f:80:36:76:82:43:34:
         2e:3b:69:7c:ca:5c:58:26:f3:3c:40:ea:6b:ce:11:46:08:e3:
         61:aa:b6:e8:ac:a3:f2:f2:16:f3:7a:34:4f:14:f3:4d:0c:f4:
         42:91:31:3e:0a:36:ca:31:e9:2f:37:d7:bb:4c:1e:c8:9b:1a:
         33:07:5a:f1:5a:89:30:73:56:f3:fb:6c:5f:bf:3c:88:de:32:
         ed:29:83:f8
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCzkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTRDRjExMTAvBgNVBAUTKDA4QkQxQ0M1QUVERTc0OTJCMkYyMjU3QUExOTREQjA4
NTU1QUY2RjIwHhcNMjMwNjA4MjAzMDIzWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDgyM2E1Zi0xNjU2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt/AvZ/7EocCtbQSvEn72WqM2Zg48wtNaqOsN3grgHECkb4Q8j92hEbCnPiJH
n07BebduToz62yhcy5kaOOCso7pPw+B3vciSuumL1vN0H+i+6o8fxulMYKspf3tS
431D3ulGrvJyFOQl4SMIx/PDyNm4K8ovpbiP/Ybq5GVuSsa4esbC1Zek9VpW55U4
hibFGKfeUwMizebr+Kd7d7WqoA9TykLRJ4M/5MjFS4JJ5E7G3xB/leFypOgKAp+a
WvjIzzJacqcRmmByX/f3BCDzZMowsl8WLTSadYE61y2RC/FQ+yk3b1KbksjYehkN
AUIHjZyiWLEcF22KvdZEFPqWZwIDAQABo4IClTCCApEwHQYDVR0OBBYEFPy0I9rz
Gdr1hIjAwPAs/e7Ck+FxMB8GA1UdIwQYMBaAFAi9HMWu3nSSsvIleqGU2whVWvby
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNENGMS9BRDkwNDZGRTA1
ODYxMUVBOTJFNTY1NTJDNEY5QUUwMi9DTDBjeGE3ZWRKS3k4aVY2b1pUYkNGVmE5
dkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0NMMGN4YTdlZEpLeThpVjZvWlRiQ0ZWYTl2SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTRDRjEvQUQ5MDQ2RkUwNTg2MTFFQTkyRTU2NTUyQzRGOUFFMDIvREMyMjk3ODhD
RTA1MTFFRDg2OEI0RTIwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnbwwwDQYJKoZIhvcNAQELBQADggEBAJnQv7PKTwc9/BDi
HGD58DEndckp7bOsqveTmatOK4wnRKjrR4K2tsfWhwmvGExsDUfVCQSfecIV2VxC
J2gseQrbXP2OWPgUxiU5U/c/AHqMR7bDTipzmqdKGy1A9xUcM+pcEvvcKxHqm6S5
ofh3yF9gxOoUNDJRMnLj3d4fkDHR4MJtJ9I+zF9SED4JAKMQi2FiM9VAQm4j7/+P
ywLCzAw5GBCkTAXgUihVizc7D4A2doJDNC47aXzKXFgm8zxA6mvOEUYI42Gqtuis
o/LyFvN6NE8U800M9EKRMT4KNsox6S8317tMHsibGjMHWvFaiTBzVvP7bF+/PIje
Mu0pg/g=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:44 2024 by rpki-client on console-fra.rpki-client.org