Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E923A/C9B3CC54EC1111E98E0F8647C4F9AE02/4ED04A6497FA11EEB2D75874C4F9AE02.roa
File:                     4ED04A6497FA11EEB2D75874C4F9AE02.roa (raw, json)
Hash identifier:          H9MVF0LbEM0q5P+ErCjyQlxoqgSo/DRTZ8YReYbb4gc=
Subject key identifier:   3C:96:F0:F6:14:EC:BB:82:68:EA:E5:02:31:AA:6D:CC:16:08:43:55
Certificate issuer:       /CN=A91E923A/serialNumber=6638A604260FCCF2E9D8B20C1792ECA15DC76D5C
Certificate serial:       21
Authority key identifier: 66:38:A6:04:26:0F:CC:F2:E9:D8:B2:0C:17:92:EC:A1:5D:C7:6D:5C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZjimBCYPzPLp2LIMF5LsoV3HbVw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E923A/C9B3CC54EC1111E98E0F8647C4F9AE02/4ED04A6497FA11EEB2D75874C4F9AE02.roa
Signing time:             Mon 11 Dec 2023 07:53:01 +0000
ROA not before:           Mon 11 Dec 2023 07:53:01 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     137871
IP address blocks:        103.139.178.0/24 maxlen: 24
                          2406:1dc0::/32 maxlen: 36

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 33 (0x21)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E923A/serialNumber=6638A604260FCCF2E9D8B20C1792ECA15DC76D5C
        Validity
            Not Before: Dec 11 07:53:01 2023 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=6576bfdd-6954
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c2:aa:10:5e:9b:af:a2:46:8e:99:23:a0:7b:
                    28:7f:a1:bc:6a:2a:61:11:f7:9f:61:1e:0c:f4:f3:
                    54:b3:cb:93:2e:b2:80:db:03:44:7b:c4:3f:29:77:
                    6c:c1:62:de:a5:a8:45:66:7e:36:67:6d:27:e9:fc:
                    f3:b1:83:6f:1a:9f:c0:95:12:e6:20:94:99:3a:93:
                    b4:29:ea:c3:23:64:90:ad:1e:b6:39:91:03:bb:72:
                    0e:f8:b3:9e:82:37:a1:f6:45:e6:54:52:b9:06:22:
                    10:7e:b9:1c:7a:a4:49:82:ff:78:4a:00:08:2a:4b:
                    5c:35:ea:12:1d:98:4a:4f:2d:21:92:72:ae:6e:1e:
                    42:4e:84:28:44:a2:7a:61:d5:a8:1f:72:dd:da:12:
                    be:dc:fb:9f:0a:82:9c:6c:4d:5a:bb:85:47:b9:e5:
                    50:06:30:04:09:7b:bc:70:92:03:72:59:af:68:e9:
                    73:b5:3b:98:71:3d:43:6e:4d:47:dd:81:a3:73:19:
                    66:f8:60:7c:51:23:2d:7d:75:ec:af:4e:11:43:3b:
                    45:dd:a8:a6:34:0b:a6:77:24:68:11:1c:52:37:a8:
                    a6:3e:d8:2a:2d:e8:d1:fb:ce:db:84:a2:72:44:b7:
                    6c:09:dc:58:26:06:e9:44:fa:66:67:55:d9:1f:43:
                    a3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:96:F0:F6:14:EC:BB:82:68:EA:E5:02:31:AA:6D:CC:16:08:43:55
            X509v3 Authority Key Identifier:
                keyid:66:38:A6:04:26:0F:CC:F2:E9:D8:B2:0C:17:92:EC:A1:5D:C7:6D:5C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E923A/C9B3CC54EC1111E98E0F8647C4F9AE02/ZjimBCYPzPLp2LIMF5LsoV3HbVw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZjimBCYPzPLp2LIMF5LsoV3HbVw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E923A/C9B3CC54EC1111E98E0F8647C4F9AE02/4ED04A6497FA11EEB2D75874C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.139.178.0/24
                IPv6:
                  2406:1dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:a3:d2:01:43:50:0f:fc:7c:02:48:8d:07:9e:3b:3d:c6:46:
         db:e9:b5:56:75:ae:d4:54:e9:39:fe:08:6c:a9:12:88:09:33:
         e1:cc:66:89:6c:7f:04:b4:8e:20:58:4d:9a:f0:ff:73:3a:70:
         ed:02:27:f0:5f:e9:1d:54:a3:b0:26:7d:ef:14:8b:c5:23:d6:
         81:20:da:2d:00:a9:dc:8a:a9:fb:aa:00:f1:65:e2:2e:b0:34:
         78:27:47:0b:01:46:4e:12:b1:b5:df:49:23:6e:ab:00:ae:f6:
         6d:fd:af:57:bf:72:0a:69:d3:15:93:a3:ab:e7:d0:30:24:e3:
         17:a7:e3:9f:ad:6d:86:53:5a:49:a2:30:26:38:1f:b2:d7:43:
         ef:ef:4d:11:c4:1d:f2:30:de:ac:87:25:2f:98:78:e6:e7:c9:
         04:23:fc:5d:8a:2c:b6:6d:cf:d8:2a:3c:09:a9:0e:35:80:67:
         88:e6:72:88:aa:58:b9:c7:15:0a:d1:2e:19:08:28:80:fd:51:
         79:58:85:b2:11:ba:30:f8:62:49:1f:2c:b9:ac:a0:34:58:0a:
         e0:81:a2:dc:fc:c2:9d:7b:5c:a6:8b:1e:89:6a:8a:43:bb:54:
         a2:d1:26:de:33:a1:6f:b3:35:8f:fd:99:7d:1c:c3:e6:88:e8:
         00:7f:72:4a
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBITANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFF
OTIzQTExMC8GA1UEBRMoNjYzOEE2MDQyNjBGQ0NGMkU5RDhCMjBDMTc5MkVDQTE1
REM3NkQ1QzAeFw0yMzEyMTEwNzUzMDFaFw0yNDA4MzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1NzZiZmRkLTY5NTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDEwqoQXpuvokaOmSOgeyh/obxqKmER959hHgz081Szy5MusoDbA0R7xD8pd2zB
Yt6lqEVmfjZnbSfp/POxg28an8CVEuYglJk6k7Qp6sMjZJCtHrY5kQO7cg74s56C
N6H2ReZUUrkGIhB+uRx6pEmC/3hKAAgqS1w16hIdmEpPLSGScq5uHkJOhChEonph
1agfct3aEr7c+58KgpxsTVq7hUe55VAGMAQJe7xwkgNyWa9o6XO1O5hxPUNuTUfd
gaNzGWb4YHxRIy19deyvThFDO0XdqKY0C6Z3JGgRHFI3qKY+2Cot6NH7ztuEonJE
t2wJ3FgmBulE+mZnVdkfQ6PxAgMBAAGjggKkMIICoDAdBgNVHQ4EFgQUPJbw9hTs
u4Jo6uUCMaptzBYIQ1UwHwYDVR0jBBgwFoAUZjimBCYPzPLp2LIMF5LsoV3HbVww
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUU5MjNBL0M5QjNDQzU0RUMx
MTExRTk4RTBGODY0N0M0RjlBRTAyL1pqaW1CQ1lQelBMcDJMSU1GNUxzb1YzSGJW
dy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvWmppbUJDWVB6UExwMkxJTUY1THNvVjNIYlZ3LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFF
OTIzQS9DOUIzQ0M1NEVDMTExMUU5OEUwRjg2NDdDNEY5QUUwMi80RUQwNEE2NDk3
RkExMUVFQjJENzU4NzRDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAGeLsjANBAIAAjAHAwUAJAYdwDANBgkqhkiG9w0BAQsFAAOC
AQEAE6PSAUNQD/x8AkiNB547PcZG2+m1VnWu1FTpOf4IbKkSiAkz4cxmiWx/BLSO
IFhNmvD/czpw7QIn8F/pHVSjsCZ97xSLxSPWgSDaLQCp3Iqp+6oA8WXiLrA0eCdH
CwFGThKxtd9JI26rAK72bf2vV79yCmnTFZOjq+fQMCTjF6fjn61thlNaSaIwJjgf
stdD7+9NEcQd8jDerIclL5h45ufJBCP8XYostm3P2Co8CakONYBniOZyiKpYuccV
CtEuGQgogP1ReViFshG6MPhiSR8suaygNFgK4IGi3PzCnXtcposeiWqKQ7tUotEm
3jOhb7M1j/2ZfRzD5ojoAH9ySg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:46 2024 by rpki-client on console-fra.rpki-client.org