Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EEC3B/6B37E19C841711E785F17080C4F9AE02/1863E71EE86511ED9B3E3257C4F9AE02.roa
File:                     1863E71EE86511ED9B3E3257C4F9AE02.roa (raw, json)
Hash identifier:          ZiD9j3pjiqIeD0knHW04iQEl7+goQtn8wvYeXrrHFLI=
Subject key identifier:   53:7B:9D:B0:0E:BE:AA:A6:17:49:BC:2D:A2:72:60:10:4B:3F:14:83
Certificate issuer:       /CN=A91EEC3B/serialNumber=B7667505BB2042E72B62AE05BE2D1A3B41B4D235
Certificate serial:       06E3
Authority key identifier: B7:66:75:05:BB:20:42:E7:2B:62:AE:05:BE:2D:1A:3B:41:B4:D2:35
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/t2Z1BbsgQucrYq4Fvi0aO0G00jU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EEC3B/6B37E19C841711E785F17080C4F9AE02/1863E71EE86511ED9B3E3257C4F9AE02.roa
Signing time:             Mon 18 Nov 2024 16:34:13 +0000
ROA not before:           Mon 18 Nov 2024 16:34:13 +0000
ROA not after:            Mon 01 Dec 2025 00:00:00 +0000
asID:                     136917
IP address blocks:        103.110.124.0/24 maxlen: 24
                          103.110.125.0/24 maxlen: 24
                          103.110.126.0/24 maxlen: 24
                          2401:a840::/32 maxlen: 32
                          2401:a840::/36 maxlen: 36
                          2401:a840::/40 maxlen: 40
                          2401:a840:100::/40 maxlen: 40
                          2401:a840:200::/40 maxlen: 40
                          2401:a840:300::/40 maxlen: 40
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1763 (0x6e3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EEC3B, serialNumber=B7667505BB2042E72B62AE05BE2D1A3B41B4D235
        Validity
            Not Before: Nov 18 16:34:13 2024 GMT
            Not After : Dec  1 00:00:00 2025 GMT
        Subject: CN=673b6c85-0a7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9c:ed:7b:f8:97:b3:80:bc:02:f0:ec:ae:be:
                    43:51:8b:dc:0e:c5:43:44:87:60:6a:61:20:db:10:
                    4b:28:d2:2e:b6:dd:2f:4b:be:e7:e5:6f:c4:2d:58:
                    69:39:c0:83:c2:a9:10:2a:d7:07:8b:09:b0:ae:fd:
                    d2:c3:24:12:47:25:29:9e:b0:4a:01:b3:fa:20:48:
                    98:58:3c:33:9d:5a:4b:1a:33:13:a8:c2:20:e0:b2:
                    c1:1b:d1:58:f2:5b:b0:83:17:89:af:fe:b6:72:2e:
                    7f:42:86:05:36:04:47:e4:e4:3e:5f:36:5f:7b:ca:
                    71:9a:9e:eb:77:f7:e1:97:72:b1:6f:84:b7:51:07:
                    5b:62:64:3f:26:81:64:38:a4:a7:fa:f7:1e:bb:66:
                    df:38:25:c0:12:0f:ec:5e:80:0f:8d:7d:9f:29:81:
                    ac:f2:81:3b:c3:ff:42:0a:c7:a6:ae:75:ab:11:3e:
                    ee:08:60:38:85:fc:27:d0:de:69:11:1a:27:90:01:
                    ab:0e:97:fe:0c:63:2b:ed:81:03:f9:a6:48:3b:af:
                    eb:1a:70:f1:48:82:f7:b8:50:8c:1d:b8:9e:fd:05:
                    29:d9:7a:58:c4:9f:03:db:d5:b0:48:91:46:4f:e1:
                    3a:b2:29:a7:e6:5d:af:d4:b2:09:52:9c:86:ea:21:
                    f3:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:7B:9D:B0:0E:BE:AA:A6:17:49:BC:2D:A2:72:60:10:4B:3F:14:83
            X509v3 Authority Key Identifier:
                keyid:B7:66:75:05:BB:20:42:E7:2B:62:AE:05:BE:2D:1A:3B:41:B4:D2:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EEC3B/6B37E19C841711E785F17080C4F9AE02/t2Z1BbsgQucrYq4Fvi0aO0G00jU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/t2Z1BbsgQucrYq4Fvi0aO0G00jU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EEC3B/6B37E19C841711E785F17080C4F9AE02/1863E71EE86511ED9B3E3257C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.110.124.0-103.110.126.255
                IPv6:
                  2401:a840::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:d4:03:ca:0c:a4:2a:b3:3f:e0:45:5f:95:5a:30:01:dc:2e:
         9f:61:e5:1b:98:7e:35:6f:36:fc:a1:24:26:15:1c:98:20:cb:
         18:46:33:76:91:85:bc:d5:5f:2a:d5:33:94:fc:c5:0a:fe:e1:
         2f:1a:c9:bc:2e:e1:37:aa:98:df:0b:8c:cd:fe:f2:a0:e4:9a:
         72:48:ac:34:a4:b6:d6:19:96:4e:3f:65:91:d6:31:db:09:7a:
         c5:1b:33:9b:1c:54:58:38:a6:40:1e:f2:cf:f4:89:35:93:62:
         36:f5:9b:fe:68:f4:82:f9:5e:7b:9b:cd:e2:6c:4d:11:12:c5:
         48:d6:48:6e:fe:45:80:b6:3e:ef:7d:0f:29:6a:95:d0:56:1e:
         e1:69:5b:df:72:2b:94:12:dc:4b:ff:e1:17:ae:29:30:87:fe:
         5a:c7:73:3a:d1:35:36:16:b2:cc:8b:a1:fb:c7:4e:fe:4f:6a:
         09:b9:82:d5:0c:e1:4c:81:57:a9:d9:d5:7e:f2:ad:66:35:bb:
         70:45:bc:a1:c6:bf:50:69:57:f1:73:af:02:8d:b6:b4:54:35:
         fe:99:5f:d2:f4:c4:bb:86:cb:13:0d:0f:07:18:92:18:33:d4:
         a3:d8:3b:b7:51:8a:f9:25:10:d0:2d:a2:b5:12:fd:b7:6a:3e:
         5d:42:35:57
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICBuMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUVDM0IxMTAvBgNVBAUTKEI3NjY3NTA1QkIyMDQyRTcyQjYyQUUwNUJFMkQxQTNC
NDFCNEQyMzUwHhcNMjQxMTE4MTYzNDEzWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzNiNmM4NS0wYTdhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAppzte/iXs4C8AvDsrr5DUYvcDsVDRIdgamEg2xBLKNIutt0vS77n5W/ELVhp
OcCDwqkQKtcHiwmwrv3SwyQSRyUpnrBKAbP6IEiYWDwznVpLGjMTqMIg4LLBG9FY
8luwgxeJr/62ci5/QoYFNgRH5OQ+XzZfe8pxmp7rd/fhl3Kxb4S3UQdbYmQ/JoFk
OKSn+vceu2bfOCXAEg/sXoAPjX2fKYGs8oE7w/9CCsemrnWrET7uCGA4hfwn0N5p
ERonkAGrDpf+DGMr7YED+aZIO6/rGnDxSIL3uFCMHbie/QUp2XpYxJ8D29WwSJFG
T+E6simn5l2v1LIJUpyG6iHzHwIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFFN7nbAO
vqqmF0m8LaJyYBBLPxSDMB8GA1UdIwQYMBaAFLdmdQW7IELnK2KuBb4tGjtBtNI1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFRUMzQi82QjM3RTE5Qzg0
MTcxMUU3ODVGMTcwODBDNEY5QUUwMi90MloxQmJzZ1F1Y3JZcTRGdmkwYU8wRzAw
alUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3QyWjFCYnNnUXVjcllxNEZ2aTBhTzBHMDBqVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUVDM0IvNkIzN0UxOUM4NDE3MTFFNzg1RjE3MDgwQzRGOUFFMDIvMTg2M0U3MUVF
ODY1MTFFRDlCM0UzMjU3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBQEAgABMA4wDAMEAmdufAMEAGdufjANBAIAAjAHAwUAJAGoQDANBgkqhkiG
9w0BAQsFAAOCAQEABtQDygykKrM/4EVflVowAdwun2HlG5h+NW82/KEkJhUcmCDL
GEYzdpGFvNVfKtUzlPzFCv7hLxrJvC7hN6qY3wuMzf7yoOSackisNKS21hmWTj9l
kdYx2wl6xRszmxxUWDimQB7yz/SJNZNiNvWb/mj0gvlee5vN4mxNERLFSNZIbv5F
gLY+730PKWqV0FYe4Wlb33IrlBLcS//hF64pMIf+WsdzOtE1NhayzIuh+8dO/k9q
CbmC1QzhTIFXqdnVfvKtZjW7cEW8oca/UGlX8XOvAo22tFQ1/plf0vTEu4bLEw0P
BxiSGDPUo9g7t1GK+SUQ0C2itRL9t2o+XUI1Vw==
-----END CERTIFICATE-----