Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911E2E0/B3E815DC9E4611E588D46016C4F9AE02/2B928FFAC83D11ECA689513FC4F9AE02.roa
File:                     2B928FFAC83D11ECA689513FC4F9AE02.roa (raw, json)
Hash identifier:          bL6hMT1uPmo5AMDOwZEN+cO7lX4KgGmt1v1eDLpUJ8w=
Subject key identifier:   35:0F:A4:7C:54:F7:73:5B:DA:61:55:08:E8:32:12:2F:7B:AF:C9:DF
Certificate issuer:       /CN=A911E2E0/serialNumber=ED68CA6A2D12A88CC7D296A2BC2BF1519A0B5FF3
Certificate serial:       2044
Authority key identifier: ED:68:CA:6A:2D:12:A8:8C:C7:D2:96:A2:BC:2B:F1:51:9A:0B:5F:F3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7WjKai0SqIzH0paivCvxUZoLX_M.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911E2E0/B3E815DC9E4611E588D46016C4F9AE02/2B928FFAC83D11ECA689513FC4F9AE02.roa
Signing time:             Wed 27 Jul 2022 04:42:36 +0000
ROA not before:           Wed 27 Jul 2022 04:42:36 +0000
ROA not after:            Sat 30 Sep 2023 00:00:00 +0000
asID:                     55559
IP address blocks:        103.120.120.0/22 maxlen: 22
                          103.120.120.0/24 maxlen: 24
                          103.120.121.0/24 maxlen: 24
                          103.120.122.0/24 maxlen: 24
                          103.120.123.0/24 maxlen: 24
                          2403:1600::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8260 (0x2044)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911E2E0/serialNumber=ED68CA6A2D12A88CC7D296A2BC2BF1519A0B5FF3
        Validity
            Not Before: Jul 27 04:42:36 2022 GMT
            Not After : Sep 30 00:00:00 2023 GMT
        Subject: CN=62e0c23b-9779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:81:b8:be:ff:5a:b6:3d:04:00:83:8a:0a:0d:
                    17:58:a9:22:c3:51:48:d4:09:97:49:6e:a2:a8:e5:
                    4b:67:5c:57:d4:59:fd:c8:2d:04:e9:76:84:1f:98:
                    d1:65:72:42:a3:50:9d:f8:44:3c:5d:4d:07:b7:fc:
                    e4:ff:b2:34:97:e9:d9:e2:1f:b1:54:22:f8:05:de:
                    65:ae:93:2e:e3:19:ab:95:3c:58:77:79:81:18:a4:
                    61:58:dc:7e:86:bb:9f:33:a9:43:cc:96:87:41:79:
                    f1:e9:5a:6d:18:41:1a:8d:f7:75:30:d1:0d:26:10:
                    e7:45:73:3b:0c:e7:0e:99:7c:f4:15:9c:ba:5f:10:
                    2d:92:bd:cd:78:ac:6a:fe:a4:fd:ab:62:b9:ec:53:
                    f3:9d:c9:32:db:25:8c:eb:43:69:a4:3d:81:16:e4:
                    bc:58:cb:13:2b:5f:06:5a:34:87:8d:75:b3:4f:fa:
                    f9:c2:aa:7b:13:9b:25:db:72:31:b6:ef:dd:37:5b:
                    3f:fa:75:b3:83:89:64:0b:5a:25:61:c9:79:68:7d:
                    7d:8a:1f:da:0b:5c:d5:07:71:dd:22:1f:bc:92:e0:
                    f0:25:f8:c5:bd:5b:34:2e:46:01:8d:51:2a:8a:bc:
                    11:3f:32:2a:51:f7:cb:31:20:4b:47:dd:17:e4:a7:
                    e2:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:0F:A4:7C:54:F7:73:5B:DA:61:55:08:E8:32:12:2F:7B:AF:C9:DF
            X509v3 Authority Key Identifier:
                keyid:ED:68:CA:6A:2D:12:A8:8C:C7:D2:96:A2:BC:2B:F1:51:9A:0B:5F:F3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911E2E0/B3E815DC9E4611E588D46016C4F9AE02/7WjKai0SqIzH0paivCvxUZoLX_M.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7WjKai0SqIzH0paivCvxUZoLX_M.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911E2E0/B3E815DC9E4611E588D46016C4F9AE02/2B928FFAC83D11ECA689513FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.120.120.0/22
                IPv6:
                  2403:1600::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:44:80:c7:c4:d3:8a:46:11:44:4a:c3:07:dd:f3:9b:d3:b6:
         1d:16:f0:43:25:62:3d:b4:cc:7d:4a:04:cb:82:2f:3e:c7:af:
         f4:24:70:d5:f8:cc:68:1d:17:ba:be:43:cc:71:12:71:6d:e3:
         f7:50:7b:01:46:6e:65:a4:d2:08:c7:f9:e1:56:d7:36:76:ce:
         b0:54:72:54:c6:bf:a5:2f:1e:e7:38:ed:79:97:27:9e:c8:20:
         88:fc:82:ff:85:c3:8b:ab:99:f9:74:62:05:24:41:2e:0e:fb:
         da:a6:99:43:a4:5b:60:5f:8a:1a:10:1f:9b:92:f3:6c:90:40:
         c7:05:be:2d:a5:59:c3:3b:f5:ff:18:75:26:5f:ed:4d:e9:44:
         57:70:fe:0c:11:f0:68:35:7d:02:43:e4:7b:e9:4e:4c:ae:aa:
         9d:b4:6c:15:a1:67:6d:47:63:67:12:f7:84:5e:dc:f3:b1:83:
         ca:47:d9:2f:78:c3:85:14:da:09:b3:6c:47:aa:32:23:c7:7f:
         5e:a7:c7:c4:08:f3:43:db:55:44:04:35:df:92:f0:38:8e:ec:
         b0:9d:aa:74:8d:05:23:55:2d:b8:63:8d:07:d5:4f:6e:8e:db:
         04:f6:25:b3:72:ed:5b:9e:f8:8a:47:c3:12:51:10:be:12:fd:
         7d:d4:de:f1
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICIEQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUUyRTAxMTAvBgNVBAUTKEVENjhDQTZBMkQxMkE4OENDN0QyOTZBMkJDMkJGMTUx
OUEwQjVGRjMwHhcNMjIwNzI3MDQ0MjM2WhcNMjMwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmUwYzIzYi05Nzc5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsIG4vv9atj0EAIOKCg0XWKkiw1FI1AmXSW6iqOVLZ1xX1Fn9yC0E6XaEH5jR
ZXJCo1Cd+EQ8XU0Ht/zk/7I0l+nZ4h+xVCL4Bd5lrpMu4xmrlTxYd3mBGKRhWNx+
hrufM6lDzJaHQXnx6VptGEEajfd1MNENJhDnRXM7DOcOmXz0FZy6XxAtkr3NeKxq
/qT9q2K57FPzncky2yWM60NppD2BFuS8WMsTK18GWjSHjXWzT/r5wqp7E5sl23Ix
tu/dN1s/+nWzg4lkC1olYcl5aH19ih/aC1zVB3HdIh+8kuDwJfjFvVs0LkYBjVEq
irwRPzIqUffLMSBLR90X5KfiJwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFDUPpHxU
93Nb2mFVCOgyEi97r8nfMB8GA1UdIwQYMBaAFO1oymotEqiMx9KWorwr8VGaC1/z
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRTJFMC9CM0U4MTVEQzlF
NDYxMUU1ODhENDYwMTZDNEY5QUUwMi83V2pLYWkwU3FJekgwcGFpdkN2eFVab0xY
X00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdXakthaTBTcUl6SDBwYWl2Q3Z4VVpvTFhfTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUUyRTAvQjNFODE1REM5RTQ2MTFFNTg4RDQ2MDE2QzRGOUFFMDIvMkI5MjhGRkFD
ODNEMTFFQ0E2ODk1MTNGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJneHgwDQQCAAIwBwMFACQDFgAwDQYJKoZIhvcNAQELBQAD
ggEBAIxEgMfE04pGEURKwwfd85vTth0W8EMlYj20zH1KBMuCLz7Hr/QkcNX4zGgd
F7q+Q8xxEnFt4/dQewFGbmWk0gjH+eFW1zZ2zrBUclTGv6UvHuc47XmXJ57IIIj8
gv+Fw4urmfl0YgUkQS4O+9qmmUOkW2BfihoQH5uS82yQQMcFvi2lWcM79f8YdSZf
7U3pRFdw/gwR8Gg1fQJD5HvpTkyuqp20bBWhZ21HY2cS94Re3POxg8pH2S94w4UU
2gmzbEeqMiPHf16nx8QI80PbVUQENd+S8DiO7LCdqnSNBSNVLbhjjQfVT26O2wT2
JbNy7Vue+IpHwxJREL4S/X3U3vE=
-----END CERTIFICATE-----