Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4AC2FEAAF96811EA918B1A0CC4F9AE02.roa
File:                     4AC2FEAAF96811EA918B1A0CC4F9AE02.roa (raw, json)
Hash identifier:          1itU+20JEH78JBVJrbksKNdpHTLL2kYb7Zltw/XxcNM=
Subject key identifier:   51:33:0B:47:7E:B7:72:BA:9C:4A:19:67:4B:95:7D:C6:E8:9F:5A:C3
Certificate issuer:       /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial:       30FD
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4AC2FEAAF96811EA918B1A0CC4F9AE02.roa
Signing time:             Tue 25 May 2021 16:12:12 +0000
ROA not before:           Tue 25 May 2021 16:12:12 +0000
ROA not after:            Fri 01 Jul 2022 00:00:00 +0000
asID:                     138257
IP address blocks:        45.250.216.0/24 maxlen: 24
                          45.250.217.0/24 maxlen: 24
                          45.250.218.0/24 maxlen: 24
                          45.250.219.0/24 maxlen: 24
                          103.219.136.0/24 maxlen: 24
                          103.219.137.0/24 maxlen: 24
                          103.219.138.0/24 maxlen: 24
                          103.219.139.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12541 (0x30fd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
        Validity
            Not Before: May 25 16:12:12 2021 GMT
            Not After : Jul  1 00:00:00 2022 GMT
        Subject: CN=60ad21dc-4dba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:44:6a:e1:c5:77:0c:d6:0e:88:4e:0d:02:c3:
                    e5:56:33:cd:4a:be:e9:a4:96:25:c4:ac:34:e2:25:
                    1c:fc:b4:0a:81:cf:7c:d6:88:c7:9b:75:b9:0b:08:
                    1c:32:8e:30:15:36:00:54:76:dc:b1:27:0c:2e:1e:
                    4e:af:a3:89:4f:8e:f6:8a:c6:3c:bc:d9:c3:d6:ee:
                    23:d2:cb:3e:b9:fc:6c:99:b6:7f:eb:fc:05:a0:a1:
                    ff:dd:2f:9e:2d:1c:fe:3b:dc:4a:d9:3c:63:cd:22:
                    18:8f:bf:12:87:9f:c2:d9:3d:73:93:52:3d:c2:e5:
                    69:22:de:99:8e:34:b2:45:1b:d9:b0:f2:94:f1:8a:
                    b8:4c:06:f9:35:8a:86:86:22:26:2e:3c:9d:c3:7c:
                    70:5b:f8:f6:31:7d:5a:c7:74:cd:fb:dd:2d:50:91:
                    4a:a7:ae:66:71:c0:9b:6f:6f:a6:74:d1:3f:58:e0:
                    87:c2:5e:fe:58:3f:ca:cc:46:30:8d:45:11:9e:f9:
                    bf:59:49:3f:c9:dd:4c:45:42:c3:18:cc:55:aa:da:
                    8b:5d:e1:96:7f:7c:3e:2c:60:55:ea:f9:47:00:85:
                    3c:ff:17:16:cd:af:2e:00:f4:3a:aa:3b:ed:ab:98:
                    96:9d:25:e7:8d:53:2b:4b:e2:c2:53:0b:6b:8c:a8:
                    70:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:33:0B:47:7E:B7:72:BA:9C:4A:19:67:4B:95:7D:C6:E8:9F:5A:C3
            X509v3 Authority Key Identifier:
                keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4AC2FEAAF96811EA918B1A0CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.250.216.0/22
                  103.219.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:09:1d:dd:bc:3e:8b:15:84:c9:42:4e:b2:4d:85:6d:8b:e1:
         86:48:70:d5:64:36:34:9e:4f:0a:ea:1c:57:e5:ae:33:b1:a7:
         02:88:fa:47:90:26:2c:bd:e0:d7:a8:8a:15:83:f7:5b:20:9d:
         d9:55:70:3b:49:3b:ba:8a:47:4e:c7:6d:9e:56:0d:fb:c8:68:
         4d:be:49:5c:49:dd:84:b4:8c:f4:aa:d7:55:c8:cd:79:91:5d:
         07:eb:e3:58:7f:5b:8f:4c:ee:97:97:11:72:1b:a1:5a:22:88:
         a3:f6:c8:72:e9:62:6e:17:cb:d7:31:bf:1b:fc:d2:60:c1:ba:
         e6:b3:32:96:35:53:10:d6:5b:74:6d:46:f6:37:44:d1:3b:a4:
         4b:cb:91:53:50:19:fc:bf:22:19:9f:7e:f9:3c:e9:4d:eb:1a:
         45:9c:ef:55:c1:19:d6:1a:fd:4e:69:10:d5:59:f9:4d:4f:d6:
         c5:b0:e5:cb:f6:12:39:58:08:3a:77:e9:c8:e2:2d:62:3a:e3:
         a5:8b:63:c7:2e:fb:9e:da:98:22:e8:c8:fa:a6:e8:6b:2f:09:
         2d:ec:9d:02:8e:c5:4e:7f:03:06:42:66:cf:3c:77:c5:e4:84:
         79:96:b0:c4:0c:79:29:73:5a:79:16:05:ea:ff:77:45:30:10:
         ee:0d:9e:95
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICMP0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjEwNTI1MTYxMjEyWhcNMjIwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MGFkMjFkYy00ZGJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzURq4cV3DNYOiE4NAsPlVjPNSr7ppJYlxKw04iUc/LQKgc981ojHm3W5Cwgc
Mo4wFTYAVHbcsScMLh5Or6OJT472isY8vNnD1u4j0ss+ufxsmbZ/6/wFoKH/3S+e
LRz+O9xK2TxjzSIYj78Sh5/C2T1zk1I9wuVpIt6ZjjSyRRvZsPKU8Yq4TAb5NYqG
hiImLjydw3xwW/j2MX1ax3TN+90tUJFKp65mccCbb2+mdNE/WOCHwl7+WD/KzEYw
jUURnvm/WUk/yd1MRULDGMxVqtqLXeGWf3w+LGBV6vlHAIU8/xcWza8uAPQ6qjvt
q5iWnSXnjVMrS+LCUwtrjKhwgQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFFEzC0d+
t3K6nEoZZ0uVfcbon1rDMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvNEFDMkZFQUFG
OTY4MTFFQTkxOEIxQTBDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIt+tgDBAJn24gwDQYJKoZIhvcNAQELBQADggEBAAMJHd28
PosVhMlCTrJNhW2L4YZIcNVkNjSeTwrqHFflrjOxpwKI+keQJiy94NeoihWD91sg
ndlVcDtJO7qKR07HbZ5WDfvIaE2+SVxJ3YS0jPSq11XIzXmRXQfr41h/W49M7peX
EXIboVoiiKP2yHLpYm4Xy9cxvxv80mDBuuazMpY1UxDWW3RtRvY3RNE7pEvLkVNQ
Gfy/Ihmffvk86U3rGkWc71XBGdYa/U5pENVZ+U1P1sWw5cv2EjlYCDp36cjiLWI6
46WLY8cu+57amCLoyPqm6GsvCS3snQKOxU5/AwZCZs88d8XkhHmWsMQMeSlzWnkW
Ber/d0UwEO4NnpU=
-----END CERTIFICATE-----