Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/B76E8964DF7211EDB0D24244C4F9AE02.roa
File:                     B76E8964DF7211EDB0D24244C4F9AE02.roa (raw, json)
Hash identifier:          z8jYt40INVJ/xke35UeVLH+jebqkvoHj5hfVtHh2yQ0=
Subject key identifier:   E7:13:56:94:1B:07:A0:57:1C:1A:23:A8:57:91:85:09:DA:F5:C8:92
Certificate issuer:       /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial:       0A3E
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/B76E8964DF7211EDB0D24244C4F9AE02.roa
Signing time:             Thu 20 Apr 2023 11:58:52 +0000
ROA not before:           Thu 20 Apr 2023 11:58:52 +0000
ROA not after:            Fri 01 Dec 2023 00:00:00 +0000
asID:                     9387
IP address blocks:        113.203.234.0/24 maxlen: 24
                          113.203.235.0/24 maxlen: 24
                          113.203.236.0/24 maxlen: 24
                          113.203.237.0/24 maxlen: 24
                          113.203.238.0/24 maxlen: 24
                          113.203.239.0/24 maxlen: 24
                          113.203.240.0/24 maxlen: 24
                          113.203.244.0/24 maxlen: 24
                          223.29.224.0/20 maxlen: 20
                          2401:4100::/32 maxlen: 32
                          2401:4100::/33 maxlen: 33
                          2401:4100:8000::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2622 (0xa3e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
        Validity
            Not Before: Apr 20 11:58:52 2023 GMT
            Not After : Dec  1 00:00:00 2023 GMT
        Subject: CN=644128fb-ec17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:84:37:1a:1a:52:cd:37:bb:85:25:f1:99:a2:
                    b0:43:a5:7b:99:e2:7c:ad:dd:ed:5e:bc:db:01:d6:
                    f0:d0:b6:35:f9:1f:9d:40:5e:f4:8c:fb:4a:e9:93:
                    33:35:d1:4e:e9:b5:ab:d3:9c:e9:26:1f:91:07:9b:
                    52:7d:25:34:25:50:a0:45:d6:1e:ad:cd:78:2c:f1:
                    e0:ac:b0:65:46:87:68:ba:fe:59:d1:2d:54:e7:17:
                    1a:58:7b:7d:51:b5:12:54:d1:a3:fd:87:e5:53:cd:
                    c7:15:b1:79:bf:da:35:66:3c:e2:fe:ba:ae:2b:e0:
                    b8:27:ec:02:c0:a1:78:2b:36:1d:2f:4e:68:ef:c4:
                    bb:61:0c:de:03:fd:7f:26:39:54:e2:70:df:6d:86:
                    8e:54:97:5d:0d:d3:7f:e5:e3:11:44:03:6d:43:d9:
                    e6:ba:d0:69:f6:a2:4f:09:72:9d:05:ca:00:80:03:
                    4d:59:3b:19:37:b0:bf:43:0c:33:4c:a5:cb:01:b3:
                    43:32:9e:2b:f0:68:1c:21:de:24:63:7e:02:b5:5f:
                    28:d4:33:f4:3e:e6:7a:b0:e8:ba:d2:95:77:c2:b4:
                    34:b3:a5:ff:58:76:3f:e7:59:4a:98:f7:ba:42:0f:
                    8a:2d:ff:d3:87:04:ac:b6:fb:83:53:da:80:06:a8:
                    32:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:13:56:94:1B:07:A0:57:1C:1A:23:A8:57:91:85:09:DA:F5:C8:92
            X509v3 Authority Key Identifier:
                keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/B76E8964DF7211EDB0D24244C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  113.203.234.0-113.203.240.255
                  113.203.244.0/24
                  223.29.224.0/20
                IPv6:
                  2401:4100::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:f4:9c:25:70:26:6c:5a:04:70:1a:cc:1b:a4:4e:6d:96:f7:
         72:1d:75:c4:99:16:86:03:aa:1e:f0:c0:9d:d8:45:ca:a3:25:
         70:69:5e:32:5e:22:f7:c2:01:3e:59:84:2e:2f:62:78:b3:32:
         a2:71:c5:01:55:cf:1a:df:96:ca:c5:23:a2:d8:5e:43:38:05:
         11:91:0e:50:d5:19:b0:4f:3a:70:8c:de:49:03:59:a9:4d:d9:
         34:43:12:62:a5:8c:ae:5a:28:cd:54:c2:b1:9f:8d:aa:ee:95:
         3f:ee:fe:ba:97:06:15:51:a1:d1:fe:b7:5d:bd:33:c3:79:5d:
         e7:ab:3d:eb:92:f6:c7:cd:08:24:90:14:fa:72:5e:14:e3:6c:
         7d:ad:64:8b:0b:b3:62:80:f0:d1:95:69:4a:1f:d0:78:bb:dc:
         cd:e4:69:74:1d:b8:c5:72:82:6e:ec:b1:87:e3:ac:ac:2d:e0:
         89:9f:71:33:ac:78:d1:7d:dc:a7:4f:1c:ca:04:55:69:f3:2f:
         b8:f3:b0:b4:4c:3b:02:03:12:03:e6:40:2f:48:71:d7:6e:e7:
         90:28:75:fd:0b:65:6f:c1:8e:95:83:aa:75:45:cb:0a:d3:94:
         d9:90:96:82:b5:e4:00:23:d3:cc:b5:ca:78:d3:25:52:02:82:
         95:56:05:e5
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgICCj4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwNDIwMTE1ODUyWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDQxMjhmYi1lYzE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtoQ3GhpSzTe7hSXxmaKwQ6V7meJ8rd3tXrzbAdbw0LY1+R+dQF70jPtK6ZMz
NdFO6bWr05zpJh+RB5tSfSU0JVCgRdYerc14LPHgrLBlRodouv5Z0S1U5xcaWHt9
UbUSVNGj/YflU83HFbF5v9o1Zjzi/rquK+C4J+wCwKF4KzYdL05o78S7YQzeA/1/
JjlU4nDfbYaOVJddDdN/5eMRRANtQ9nmutBp9qJPCXKdBcoAgANNWTsZN7C/Qwwz
TKXLAbNDMp4r8GgcId4kY34CtV8o1DP0PuZ6sOi60pV3wrQ0s6X/WHY/51lKmPe6
Qg+KLf/ThwSstvuDU9qABqgyUwIDAQABo4ICuDCCArQwHQYDVR0OBBYEFOcTVpQb
B6BXHBojqFeRhQna9ciSMB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvQjc2RTg5NjRE
RjcyMTFFREIwRDI0MjQ0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQgYIKwYBBQUHAQcBAf8E
MzAxMCAEAgABMBowDAMEAXHL6gMEAHHL8AMEAHHL9AMEBN8d4DANBAIAAjAHAwUA
JAFBADANBgkqhkiG9w0BAQsFAAOCAQEATvScJXAmbFoEcBrMG6RObZb3ch11xJkW
hgOqHvDAndhFyqMlcGleMl4i98IBPlmELi9ieLMyonHFAVXPGt+WysUjotheQzgF
EZEOUNUZsE86cIzeSQNZqU3ZNEMSYqWMrloozVTCsZ+Nqu6VP+7+upcGFVGh0f63
Xb0zw3ld56s965L2x80IJJAU+nJeFONsfa1kiwuzYoDw0ZVpSh/QeLvczeRpdB24
xXKCbuyxh+OsrC3giZ9xM6x40X3cp08cygRVafMvuPOwtEw7AgMSA+ZAL0hx127n
kCh1/Qtlb8GOlYOqdUXLCtOU2ZCWgrXkACPTzLXKeNMlUgKClVYF5Q==
-----END CERTIFICATE-----