Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/1261D1B6B83A11EC9308EA58C4F9AE02.roa
File:                     1261D1B6B83A11EC9308EA58C4F9AE02.roa (raw, json)
Hash identifier:          +JJ7UgwLoFg/ZxKUjMrDZjE21RopZPcK/HBUNBgR18M=
Subject key identifier:   70:00:82:CC:FF:7D:80:BE:89:78:90:B5:9A:FA:C1:40:13:A2:48:99
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       38A7
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/1261D1B6B83A11EC9308EA58C4F9AE02.roa
Signing time:             Sun 10 Apr 2022 10:20:09 +0000
ROA not before:           Sun 10 Apr 2022 10:20:09 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14503 (0x38a7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Apr 10 10:20:09 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=6252af59-f0a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:03:81:da:90:74:ac:3b:26:03:40:21:b8:f1:
                    4e:6b:b4:4d:a1:30:95:c1:d5:81:72:70:3b:50:03:
                    8e:f1:ae:19:69:ef:c9:3c:5c:9e:9c:df:30:18:39:
                    d4:77:9a:3c:51:e7:3a:52:05:be:60:0e:7c:0b:99:
                    68:6e:f9:08:05:27:c2:c7:43:04:53:a0:82:b5:2d:
                    ba:99:91:d8:81:93:16:ea:d6:03:56:1a:8b:09:8b:
                    de:bd:15:a3:9e:30:ea:3e:47:f6:0e:b9:8d:fe:ba:
                    ca:b2:16:0f:fd:9b:39:83:d7:7c:5d:67:df:50:69:
                    ef:60:7f:12:b4:a9:06:66:ae:ee:94:f4:f1:6e:69:
                    de:47:05:ad:d9:98:cb:8a:97:9e:87:f4:b3:c8:8b:
                    98:80:87:6d:d4:31:9c:bc:03:cc:4f:b1:48:28:32:
                    7c:6c:62:40:9a:d5:d8:35:fd:f7:e1:44:f7:53:ce:
                    15:a8:e5:a5:ab:ec:d6:75:cc:e7:28:ea:d7:c3:d8:
                    d9:a3:c2:05:bb:de:89:58:38:f1:6f:42:d7:0b:0b:
                    71:08:a8:bd:b6:1d:f8:84:81:fb:b6:3a:a4:26:5f:
                    a4:c9:60:7b:f3:af:13:8e:a7:58:59:91:da:99:cb:
                    4c:37:81:a1:70:43:fd:2c:d6:72:54:de:10:14:21:
                    9e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:00:82:CC:FF:7D:80:BE:89:78:90:B5:9A:FA:C1:40:13:A2:48:99
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/1261D1B6B83A11EC9308EA58C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         bf:a8:ad:a8:80:aa:9d:2e:1d:2c:54:e9:23:ac:93:4f:1c:37:
         f7:31:e7:06:a6:41:4d:e7:b9:6d:37:12:59:61:ec:a4:48:ee:
         86:89:3f:c6:e1:2f:63:77:40:85:32:3b:fa:73:f9:c2:87:04:
         8b:7d:18:2b:1e:24:02:2a:78:e1:15:29:17:3f:d1:0e:90:8b:
         25:58:37:57:ef:c0:ca:4a:c4:8f:c8:94:71:62:cc:e1:50:35:
         39:34:61:05:8b:9c:63:4a:76:23:c3:df:3f:e0:f4:ea:1a:c4:
         85:c6:2c:46:e2:e7:43:70:63:50:ed:e1:81:d1:73:c7:04:8c:
         39:51:0a:72:fa:04:da:f1:86:20:9c:3c:b0:30:32:fe:64:43:
         a6:4b:d7:1c:8d:05:b2:0d:0d:78:0e:58:29:20:15:ed:be:5e:
         7a:8d:d0:39:4e:9a:aa:79:42:5d:2d:b3:79:b8:cd:14:81:a0:
         1a:3f:9e:ca:51:76:cf:01:4a:45:5b:ab:d3:a4:1a:1a:4c:27:
         1e:a3:1f:cc:37:e5:56:6f:aa:c7:95:5a:97:8c:0a:b5:ae:3e:
         29:70:eb:12:86:45:02:1e:7c:35:48:b2:05:c7:b1:93:ef:28:
         70:14:9f:22:9d:f0:1e:52:7d:31:11:a6:84:a0:6b:06:33:1b:
         4b:30:6d:6d
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICOKcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwNDEwMTAyMDA5WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjUyYWY1OS1mMGEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6AOB2pB0rDsmA0AhuPFOa7RNoTCVwdWBcnA7UAOO8a4Zae/JPFyenN8wGDnU
d5o8Uec6UgW+YA58C5lobvkIBSfCx0MEU6CCtS26mZHYgZMW6tYDVhqLCYvevRWj
njDqPkf2DrmN/rrKshYP/Zs5g9d8XWffUGnvYH8StKkGZq7ulPTxbmneRwWt2ZjL
ipeeh/SzyIuYgIdt1DGcvAPMT7FIKDJ8bGJAmtXYNf334UT3U84VqOWlq+zWdczn
KOrXw9jZo8IFu96JWDjxb0LXCwtxCKi9th34hIH7tjqkJl+kyWB7868TjqdYWZHa
mctMN4GhcEP9LNZyVN4QFCGeRQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFHAAgsz/
fYC+iXiQtZr6wUATokiZMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvMTI2MUQxQjZC
ODNBMTFFQzkzMDhFQTU4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAv6itqICqnS4dLFTpI6yTTxw39zHnBqZBTee5bTcSWWHspEjuhok/xuEv
Y3dAhTI7+nP5wocEi30YKx4kAip44RUpFz/RDpCLJVg3V+/AykrEj8iUcWLM4VA1
OTRhBYucY0p2I8PfP+D06hrEhcYsRuLnQ3BjUO3hgdFzxwSMOVEKcvoE2vGGIJw8
sDAy/mRDpkvXHI0Fsg0NeA5YKSAV7b5eeo3QOU6aqnlCXS2zebjNFIGgGj+eylF2
zwFKRVur06QaGkwnHqMfzDflVm+qx5Val4wKta4+KXDrEoZFAh58NUiyBcexk+8o
cBSfIp3wHlJ9MRGmhKBrBjMbSzBtbQ==
-----END CERTIFICATE-----