Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/07B951F4065E11ED84B38876C4F9AE02.roa
File:                     07B951F4065E11ED84B38876C4F9AE02.roa (raw, json)
Hash identifier:          uLW9YRNCMt0+zIrM/sDV0OUGsIq3ETC2JUhODOgrCDQ=
Subject key identifier:   F3:30:39:44:04:95:7F:40:0A:38:73:B0:8B:FC:15:07:1D:5F:42:16
Certificate issuer:       /CN=A912BE25/serialNumber=A760ADE0C9D05EE679EC304122BC3350C8D2A439
Certificate serial:       59
Authority key identifier: A7:60:AD:E0:C9:D0:5E:E6:79:EC:30:41:22:BC:33:50:C8:D2:A4:39
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p2Ct4MnQXuZ57DBBIrwzUMjSpDk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/07B951F4065E11ED84B38876C4F9AE02.roa
Signing time:             Mon 18 Jul 2022 05:54:05 +0000
ROA not before:           Mon 18 Jul 2022 05:54:05 +0000
ROA not after:            Thu 01 Dec 2022 00:00:00 +0000
asID:                     23887
IP address blocks:        119.63.0.0/23 maxlen: 23
                          119.63.2.0/24 maxlen: 24
                          202.71.176.0/20 maxlen: 20
                          202.71.176.0/23 maxlen: 23
                          202.71.179.0/24 maxlen: 24
                          202.71.182.0/23 maxlen: 23
                          202.71.186.0/24 maxlen: 24
                          202.71.190.0/24 maxlen: 24
                          202.71.191.0/24 maxlen: 24
                          2406:2a00::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 89 (0x59)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912BE25/serialNumber=A760ADE0C9D05EE679EC304122BC3350C8D2A439
        Validity
            Not Before: Jul 18 05:54:05 2022 GMT
            Not After : Dec  1 00:00:00 2022 GMT
        Subject: CN=62d4f57c-2218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ec:25:44:45:1c:6c:d1:2d:7b:58:21:2a:8b:
                    20:80:2c:81:bb:64:e2:83:77:1b:35:55:d0:13:9d:
                    b3:fe:92:c2:cf:23:2d:8f:e7:26:7d:27:71:9c:78:
                    8a:ab:82:6d:fd:7a:d8:fc:1b:46:4b:49:af:2b:bf:
                    7d:de:d0:85:66:0e:ee:8d:bd:5d:bb:de:99:9d:db:
                    4b:77:1b:44:37:71:b0:7d:e3:a9:bc:ab:c6:5e:92:
                    aa:af:12:7f:35:4f:55:3e:5e:95:c2:b9:53:22:1a:
                    82:fc:f0:62:4d:63:a2:8c:34:00:98:6b:4f:ee:1a:
                    a0:49:c4:87:4a:99:fb:24:5b:9d:77:60:eb:3c:e3:
                    b7:92:cc:a2:0b:8e:c3:2c:f1:ec:13:61:81:eb:6d:
                    fb:f6:33:4c:2a:c5:0b:14:a6:69:b5:c4:ce:d1:41:
                    2d:f8:cd:aa:aa:10:f2:b9:b5:a0:79:7f:97:85:33:
                    d8:52:07:20:ed:3d:be:0e:84:de:2f:e3:3a:52:01:
                    f0:79:36:98:56:58:96:e8:f0:4b:6c:46:02:02:33:
                    d2:da:51:76:a0:9e:60:8a:a2:c0:4c:2c:23:99:85:
                    49:4e:36:e4:51:53:a2:b6:53:71:06:87:71:97:8d:
                    a8:b3:f3:92:05:44:7d:1f:46:94:25:a0:b4:ba:91:
                    0b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:30:39:44:04:95:7F:40:0A:38:73:B0:8B:FC:15:07:1D:5F:42:16
            X509v3 Authority Key Identifier:
                keyid:A7:60:AD:E0:C9:D0:5E:E6:79:EC:30:41:22:BC:33:50:C8:D2:A4:39

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/p2Ct4MnQXuZ57DBBIrwzUMjSpDk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p2Ct4MnQXuZ57DBBIrwzUMjSpDk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912BE25/D90526E4EE1111EC95299982C4F9AE02/07B951F4065E11ED84B38876C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.63.0.0-119.63.2.255
                  202.71.176.0/20
                IPv6:
                  2406:2a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:df:7a:5c:27:86:2e:d4:8a:da:ef:3f:c5:a9:34:86:ad:8d:
         e0:30:57:3d:bb:fb:af:64:73:85:99:ba:ef:94:91:73:91:38:
         5f:2a:fe:48:40:44:f2:89:18:72:10:91:94:39:48:f7:4b:3b:
         c4:44:54:89:92:ae:a1:69:60:2c:23:9b:2b:0b:31:e0:38:6d:
         4a:9b:94:69:45:45:04:d8:9b:b3:b8:fc:89:dc:58:86:87:86:
         af:d5:6c:b8:7f:01:ce:ed:24:cd:a1:98:bd:01:6f:8d:b1:15:
         95:07:bb:85:4e:0a:fe:47:f3:4a:b4:17:09:7d:d7:6c:df:fd:
         e2:3a:f0:71:98:e2:a1:50:89:a5:d6:63:b5:b6:77:ed:c7:43:
         45:ab:ee:85:76:c6:94:97:39:01:2e:3c:84:ae:ae:86:ae:e1:
         93:eb:67:fc:36:8f:21:00:64:e6:55:4d:35:7c:6e:ab:7f:d6:
         eb:e4:08:8c:10:35:d0:ac:75:93:57:c1:0a:c1:b6:5f:b4:4a:
         97:6c:8e:a0:6b:8c:5d:aa:c5:a7:74:8d:f3:79:d4:4c:01:70:
         40:18:c7:a4:55:d4:3a:7d:10:45:f4:a3:90:a7:26:84:6b:18:
         dd:fd:49:e8:c6:1b:79:2a:ee:62:bb:f0:d7:71:22:49:b3:d4:
         d2:03:61:5a
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgIBWTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEy
QkUyNTExMC8GA1UEBRMoQTc2MEFERTBDOUQwNUVFNjc5RUMzMDQxMjJCQzMzNTBD
OEQyQTQzOTAeFw0yMjA3MTgwNTU0MDVaFw0yMjEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYyZDRmNTdjLTIyMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCh7CVERRxs0S17WCEqiyCALIG7ZOKDdxs1VdATnbP+ksLPIy2P5yZ9J3GceIqr
gm39etj8G0ZLSa8rv33e0IVmDu6NvV273pmd20t3G0Q3cbB946m8q8ZekqqvEn81
T1U+XpXCuVMiGoL88GJNY6KMNACYa0/uGqBJxIdKmfskW513YOs847eSzKILjsMs
8ewTYYHrbfv2M0wqxQsUpmm1xM7RQS34zaqqEPK5taB5f5eFM9hSByDtPb4OhN4v
4zpSAfB5NphWWJbo8EtsRgICM9LaUXagnmCKosBMLCOZhUlONuRRU6K2U3EGh3GX
jaiz85IFRH0fRpQloLS6kQv5AgMBAAGjggKxMIICrTAdBgNVHQ4EFgQU8zA5RASV
f0AKOHOwi/wVBx1fQhYwHwYDVR0jBBgwFoAUp2Ct4MnQXuZ57DBBIrwzUMjSpDkw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTJCRTI1L0Q5MDUyNkU0RUUx
MTExRUM5NTI5OTk4MkM0RjlBRTAyL3AyQ3Q0TW5RWHVaNTdEQkJJcnd6VU1qU3BE
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvcDJDdDRNblFYdVo1N0RCQklyd3pVTWpTcERrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEy
QkUyNS9EOTA1MjZFNEVFMTExMUVDOTUyOTk5ODJDNEY5QUUwMi8wN0I5NTFGNDA2
NUUxMUVEODRCMzg4NzZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA7BggrBgEFBQcBBwEB/wQs
MCowGQQCAAEwEzALAwMAdz8DBAB3PwIDBATKR7AwDQQCAAIwBwMFACQGKgAwDQYJ
KoZIhvcNAQELBQADggEBAF3felwnhi7UitrvP8WpNIatjeAwVz27+69kc4WZuu+U
kXOROF8q/khARPKJGHIQkZQ5SPdLO8REVImSrqFpYCwjmysLMeA4bUqblGlFRQTY
m7O4/IncWIaHhq/VbLh/Ac7tJM2hmL0Bb42xFZUHu4VOCv5H80q0Fwl912zf/eI6
8HGY4qFQiaXWY7W2d+3HQ0Wr7oV2xpSXOQEuPISuroau4ZPrZ/w2jyEAZOZVTTV8
bqt/1uvkCIwQNdCsdZNXwQrBtl+0SpdsjqBrjF2qxad0jfN51EwBcEAYx6RV1Dp9
EEX0o5CnJoRrGN39SejGG3kq7mK78NdxIkmz1NIDYVo=
-----END CERTIFICATE-----