Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/038754A4D20711ECACC12255C4F9AE02.roa
File:                     038754A4D20711ECACC12255C4F9AE02.roa (raw, json)
Hash identifier:          72aqa7vmOaoRNLetfYusK0DQnJ/BkPS7C/o9pn5YsMs=
Subject key identifier:   4B:ED:37:CF:C8:00:1F:7D:87:8C:81:58:9F:03:4C:F7:60:31:A0:CF
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3A25
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/038754A4D20711ECACC12255C4F9AE02.roa
Signing time:             Fri 13 May 2022 06:00:10 +0000
ROA not before:           Fri 13 May 2022 06:00:10 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14885 (0x3a25)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: May 13 06:00:10 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=627df3ea-f969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:c8:1e:60:0d:49:05:8e:a9:8f:91:8d:82:1a:
                    96:9b:1d:66:05:b7:5e:ed:b3:78:2e:da:26:0a:1d:
                    6a:b6:db:e1:c4:d7:00:62:77:37:10:60:42:f1:89:
                    56:cf:14:07:bd:a2:21:59:31:f4:05:3e:c2:e9:71:
                    d5:8d:c4:6a:04:51:40:bd:47:69:15:83:1a:31:83:
                    79:1f:01:28:f4:3c:b0:aa:5e:3c:e3:9c:54:b7:a6:
                    af:be:05:e5:c1:0e:e1:1a:f3:de:bf:0a:bf:18:2a:
                    4e:33:6f:2a:38:8a:f8:55:05:1e:a6:9f:bf:6f:a4:
                    ca:75:a6:71:13:12:83:b4:ff:07:7e:26:9b:de:ed:
                    48:53:29:98:78:a3:0b:96:c2:b1:de:91:b7:12:06:
                    23:ef:8a:1b:10:e9:37:bc:b6:b8:61:2b:71:db:c2:
                    5b:86:be:f5:bb:eb:b5:09:7a:44:8f:1c:90:95:9c:
                    32:5f:35:c1:b9:cd:5c:f6:55:8d:e6:49:42:bc:25:
                    06:1a:36:b8:d5:57:46:e6:99:ec:a1:a6:27:0c:be:
                    73:0a:50:e3:d3:0e:02:eb:aa:98:b1:19:e1:7d:d1:
                    73:88:6e:a5:92:e6:fb:ba:a7:a3:22:57:cc:0a:0b:
                    2d:29:f0:d8:a3:bf:00:a5:6b:26:9a:76:17:a2:39:
                    79:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:ED:37:CF:C8:00:1F:7D:87:8C:81:58:9F:03:4C:F7:60:31:A0:CF
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/038754A4D20711ECACC12255C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         89:2d:0f:53:b3:eb:9c:6a:ea:8d:44:95:10:8f:7a:21:ff:63:
         9f:f8:ff:e3:4b:fd:0c:ff:48:a6:82:cb:46:1c:d3:a0:3e:f8:
         44:bd:26:e8:6d:a2:69:ea:9e:d0:09:c4:f9:87:ae:36:71:5b:
         0b:78:13:0d:41:ec:9f:e6:f7:0d:91:ce:85:10:7c:79:c5:c3:
         8e:c9:2e:42:f8:7e:a3:a9:44:6a:95:53:9b:b6:be:00:68:12:
         b0:98:e2:5d:9d:14:c5:d8:59:3a:4f:63:2d:46:19:32:7e:57:
         67:2d:c0:2f:17:e0:05:61:cf:57:63:43:85:42:d6:43:14:b0:
         2c:98:eb:2e:21:90:12:bd:bf:94:6e:16:79:39:9d:9b:cd:c6:
         d3:17:39:01:d1:63:22:4b:27:84:82:44:31:45:40:88:fc:70:
         87:13:b8:ef:42:04:d2:06:c7:3d:4e:ad:d5:67:6a:e6:28:4d:
         be:01:62:20:3f:5b:57:18:65:91:c7:26:ab:45:75:0f:02:6b:
         6e:52:d3:86:6e:54:d9:c7:e2:9c:58:6a:e3:9f:f7:39:bb:17:
         f9:48:a5:09:47:28:61:1b:1f:a7:c8:9e:4a:08:a6:68:f5:e6:
         3b:54:b4:a2:30:91:32:5c:0e:44:f6:0c:57:80:b6:be:b3:8c:
         03:e9:8e:ab
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICOiUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwNTEzMDYwMDEwWhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjdkZjNlYS1mOTY5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3cgeYA1JBY6pj5GNghqWmx1mBbde7bN4LtomCh1qttvhxNcAYnc3EGBC8YlW
zxQHvaIhWTH0BT7C6XHVjcRqBFFAvUdpFYMaMYN5HwEo9Dywql4845xUt6avvgXl
wQ7hGvPevwq/GCpOM28qOIr4VQUepp+/b6TKdaZxExKDtP8Hfiab3u1IUymYeKML
lsKx3pG3EgYj74obEOk3vLa4YStx28Jbhr71u+u1CXpEjxyQlZwyXzXBuc1c9lWN
5klCvCUGGja41VdG5pnsoaYnDL5zClDj0w4C66qYsRnhfdFziG6lkub7uqejIlfM
CgstKfDYo78ApWsmmnYXojl5QwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFEvtN8/I
AB99h4yBWJ8DTPdgMaDPMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvMDM4NzU0QTRE
MjA3MTFFQ0FDQzEyMjU1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAiS0PU7PrnGrqjUSVEI96If9jn/j/40v9DP9IpoLLRhzToD74RL0m6G2i
aeqe0AnE+YeuNnFbC3gTDUHsn+b3DZHOhRB8ecXDjskuQvh+o6lEapVTm7a+AGgS
sJjiXZ0UxdhZOk9jLUYZMn5XZy3ALxfgBWHPV2NDhULWQxSwLJjrLiGQEr2/lG4W
eTmdm83G0xc5AdFjIksnhIJEMUVAiPxwhxO470IE0gbHPU6t1Wdq5ihNvgFiID9b
Vxhlkccmq0V1DwJrblLThm5U2cfinFhq45/3ObsX+UilCUcoYRsfp8ieSgimaPXm
O1S0ojCRMlwORPYMV4C2vrOMA+mOqw==
-----END CERTIFICATE-----