Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9113C02/4C406FB6405611E7AF041A35C4F9AE02/8E4F4FC2D08F11EAB7073D32C4F9AE02.roa
File:                     8E4F4FC2D08F11EAB7073D32C4F9AE02.roa (raw, json)
Hash identifier:          fXJ8U1n4KOyb3H9x5VQuTMUk2281slIBLSceepVG0ws=
Subject key identifier:   8D:17:3D:AB:E9:14:7B:0F:C4:B9:E2:C9:29:21:25:BE:64:7A:E3:D4
Certificate issuer:       /CN=A9113C02/serialNumber=DE78F7BD5924A8067490BFBD32E47E7FFAB67720
Certificate serial:       06B7
Authority key identifier: DE:78:F7:BD:59:24:A8:06:74:90:BF:BD:32:E4:7E:7F:FA:B6:77:20
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3nj3vVkkqAZ0kL-9MuR-f_q2dyA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9113C02/4C406FB6405611E7AF041A35C4F9AE02/8E4F4FC2D08F11EAB7073D32C4F9AE02.roa
Signing time:             Fri 28 Apr 2023 17:34:15 +0000
ROA not before:           Fri 28 Apr 2023 17:34:15 +0000
ROA not after:            Mon 28 Aug 2023 00:00:00 +0000
asID:                     133605
IP address blocks:        43.255.20.0/22 maxlen: 24
                          103.239.4.0/22 maxlen: 24
                          2401:2cc0::/32 maxlen: 36

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1719 (0x6b7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9113C02/serialNumber=DE78F7BD5924A8067490BFBD32E47E7FFAB67720
        Validity
            Not Before: Apr 28 17:34:15 2023 GMT
            Not After : Aug 28 00:00:00 2023 GMT
        Subject: CN=644c0396-9712
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d4:bb:42:8f:6d:9b:de:25:5a:c7:1f:c9:01:
                    53:b1:a6:d1:d2:7c:99:0a:b2:3e:42:0b:74:92:75:
                    c7:51:78:85:0a:4f:42:c3:34:59:48:50:07:52:0c:
                    ec:23:f4:62:62:9c:98:05:e8:0f:57:ab:49:4f:52:
                    a8:dd:02:35:0f:c5:49:a4:c2:87:bc:2c:0e:34:35:
                    30:86:fa:f5:b6:02:4e:be:84:31:89:86:d7:20:46:
                    45:2c:20:22:9c:da:31:68:ee:f6:6f:d7:0a:a5:bd:
                    73:b6:12:ab:db:f1:03:c1:c2:d1:3b:df:f4:18:54:
                    11:a9:ab:88:a1:b5:aa:58:41:76:56:c2:fc:a1:5a:
                    99:2b:c9:7b:5b:0c:06:72:35:f4:fa:ca:b4:9e:52:
                    40:24:a4:d7:39:8b:cb:55:8b:96:bc:bc:ff:40:43:
                    32:b0:30:b9:cf:64:7a:9e:6b:ac:a3:e7:43:2d:5c:
                    e9:66:0c:2a:f5:28:06:a6:ab:b5:f4:59:5a:b6:f9:
                    9a:01:a3:72:39:f3:24:03:0d:c6:bc:f2:62:ee:48:
                    b1:29:39:8e:21:5d:48:fc:6c:30:f9:2f:af:cb:1c:
                    aa:f8:a3:3c:d8:57:ab:b6:7e:92:4e:ca:e8:ca:80:
                    6d:0e:5a:fd:0e:d4:e4:9c:3f:a3:04:7f:2f:5f:09:
                    98:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:17:3D:AB:E9:14:7B:0F:C4:B9:E2:C9:29:21:25:BE:64:7A:E3:D4
            X509v3 Authority Key Identifier:
                keyid:DE:78:F7:BD:59:24:A8:06:74:90:BF:BD:32:E4:7E:7F:FA:B6:77:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9113C02/4C406FB6405611E7AF041A35C4F9AE02/3nj3vVkkqAZ0kL-9MuR-f_q2dyA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3nj3vVkkqAZ0kL-9MuR-f_q2dyA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9113C02/4C406FB6405611E7AF041A35C4F9AE02/8E4F4FC2D08F11EAB7073D32C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.255.20.0/22
                  103.239.4.0/22
                IPv6:
                  2401:2cc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:e2:b4:11:cd:16:eb:cf:4d:81:03:59:ec:9b:be:78:08:2f:
         ac:dd:37:b9:c2:de:90:c1:50:aa:8e:79:19:b0:14:55:07:dc:
         cf:86:2a:2f:4d:cd:f9:ea:6d:ef:fb:34:48:7a:9a:b3:f5:df:
         5f:58:50:e6:34:e5:ef:2a:b8:19:e9:40:dd:f3:c6:fa:5d:92:
         4f:5d:9f:8b:12:15:fc:1a:bc:66:3c:99:d3:ee:91:f6:0d:23:
         33:d1:63:70:4a:d9:c4:69:ee:0f:2c:3f:ba:28:ac:97:a5:84:
         3b:af:dc:0c:b4:ff:c3:9b:56:4c:38:a7:fd:b3:90:ec:73:cc:
         28:67:2e:40:e1:de:78:80:b8:34:16:7c:a2:84:32:8e:68:09:
         27:d2:b5:e4:bb:5a:db:c6:48:d3:21:33:22:48:c0:51:28:ab:
         54:ec:02:21:a4:47:52:53:e9:55:d7:48:6e:e2:cd:96:92:a8:
         4c:59:c2:2c:4f:e0:1c:bd:61:a0:a7:e9:6a:f5:bc:20:ad:3e:
         14:29:09:b7:0c:cf:9e:5d:79:7e:73:42:39:a8:81:d2:46:b6:
         c8:aa:de:7c:f8:57:0f:da:2e:17:8e:21:d7:78:2a:f5:bf:3b:
         5f:1b:cf:21:6c:d4:74:80:93:c8:49:42:ee:aa:f9:6a:ec:be:
         18:1f:59:dd
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICBrcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTNDMDIxMTAvBgNVBAUTKERFNzhGN0JENTkyNEE4MDY3NDkwQkZCRDMyRTQ3RTdG
RkFCNjc3MjAwHhcNMjMwNDI4MTczNDE1WhcNMjMwODI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NDRjMDM5Ni05NzEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAp9S7Qo9tm94lWscfyQFTsabR0nyZCrI+Qgt0knXHUXiFCk9CwzRZSFAHUgzs
I/RiYpyYBegPV6tJT1Ko3QI1D8VJpMKHvCwONDUwhvr1tgJOvoQxiYbXIEZFLCAi
nNoxaO72b9cKpb1zthKr2/EDwcLRO9/0GFQRqauIobWqWEF2VsL8oVqZK8l7WwwG
cjX0+sq0nlJAJKTXOYvLVYuWvLz/QEMysDC5z2R6nmuso+dDLVzpZgwq9SgGpqu1
9FlatvmaAaNyOfMkAw3GvPJi7kixKTmOIV1I/Gww+S+vyxyq+KM82Fertn6STsro
yoBtDlr9DtTknD+jBH8vXwmYvQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFI0XPavp
FHsPxLniySkhJb5keuPUMB8GA1UdIwQYMBaAFN54971ZJKgGdJC/vTLkfn/6tncg
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExM0MwMi80QzQwNkZCNjQw
NTYxMUU3QUYwNDFBMzVDNEY5QUUwMi8zbmozdlZra3FBWjBrTC05TXVSLWZfcTJk
eUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzNuajN2VmtrcUFaMGtMLTlNdVItZl9xMmR5QS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTNDMDIvNEM0MDZGQjY0MDU2MTFFN0FGMDQxQTM1QzRGOUFFMDIvOEU0RjRGQzJE
MDhGMTFFQUI3MDczRDMyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAIr/xQDBAJn7wQwDQQCAAIwBwMFACQBLMAwDQYJKoZIhvcN
AQELBQADggEBADjitBHNFuvPTYEDWeybvngIL6zdN7nC3pDBUKqOeRmwFFUH3M+G
Ki9Nzfnqbe/7NEh6mrP1319YUOY05e8quBnpQN3zxvpdkk9dn4sSFfwavGY8mdPu
kfYNIzPRY3BK2cRp7g8sP7oorJelhDuv3Ay0/8ObVkw4p/2zkOxzzChnLkDh3niA
uDQWfKKEMo5oCSfSteS7WtvGSNMhMyJIwFEoq1TsAiGkR1JT6VXXSG7izZaSqExZ
wixP4By9YaCn6Wr1vCCtPhQpCbcMz55deX5zQjmogdJGtsiq3nz4Vw/aLheOIdd4
KvW/O18bzyFs1HSAk8hJQu6q+WrsvhgfWd0=
-----END CERTIFICATE-----