Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/1423B2C4BC3311EC8B179731C4F9AE02.roa
File:                     1423B2C4BC3311EC8B179731C4F9AE02.roa (raw, json)
Hash identifier:          6WCA31RUMpKTTw9w6qP62SSkyIm3iATw2aNwTzStWx4=
Subject key identifier:   8C:4D:71:6E:FA:98:96:69:7E:75:43:DD:E5:E0:3B:E4:7E:15:59:81
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       38DF
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/1423B2C4BC3311EC8B179731C4F9AE02.roa
Signing time:             Fri 15 Apr 2022 08:20:09 +0000
ROA not before:           Fri 15 Apr 2022 08:20:09 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14559 (0x38df)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Apr 15 08:20:09 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=62592ab9-0035
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:35:2c:2e:ba:0d:5e:39:42:4d:2f:0a:ac:e0:
                    26:c9:21:f8:8e:5f:17:65:e5:1f:9c:e7:c7:70:78:
                    09:05:f6:b2:30:54:8c:38:2a:95:7b:db:2b:40:d3:
                    a9:75:e9:81:e9:f9:71:49:c3:26:28:70:bc:d0:6b:
                    c8:c1:60:48:84:33:31:ab:1d:5a:6a:30:d6:e7:6a:
                    90:09:5e:c7:0e:b8:df:cb:ee:0f:31:23:d1:a2:2b:
                    dc:14:8e:04:81:6a:86:87:df:99:24:70:dc:33:73:
                    82:00:6d:a0:7b:32:2b:de:04:ec:12:88:ec:c3:c4:
                    c0:78:46:68:79:d2:4f:3a:cd:75:bc:9e:c9:0c:09:
                    44:07:4a:7f:1b:c0:10:bc:d9:7e:8b:a3:4c:a3:8d:
                    6e:b5:d8:85:63:ba:e4:c9:66:7e:79:45:7b:b1:ca:
                    22:28:65:ae:d1:b6:df:88:33:41:e9:13:ea:7c:af:
                    79:6d:43:a1:f7:04:79:c5:e1:f5:0f:a6:86:09:c8:
                    7c:74:5b:15:02:d9:95:07:70:32:df:bf:27:47:6d:
                    97:95:16:1a:ee:8d:0f:98:df:d3:da:68:2e:b3:3e:
                    8b:46:b4:29:6c:e1:9c:6f:24:b1:1a:da:3f:c2:c2:
                    3a:96:e7:f8:64:99:a8:87:d5:5e:9d:01:96:7c:59:
                    a7:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:4D:71:6E:FA:98:96:69:7E:75:43:DD:E5:E0:3B:E4:7E:15:59:81
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/1423B2C4BC3311EC8B179731C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         a8:85:d6:90:0e:ed:61:9d:17:08:4b:58:b7:93:b8:05:3c:65:
         cd:21:18:2a:6d:ac:47:25:d0:6b:19:94:25:31:8e:7a:ab:7a:
         bf:db:46:a3:e1:7a:3f:21:0f:95:0e:e1:f9:91:70:fc:fa:4c:
         3e:e9:1b:85:9d:53:97:f2:94:51:5b:8a:d7:6e:4a:f9:15:2b:
         31:31:1b:1d:0d:75:8d:7f:62:a7:e5:0c:43:68:22:ef:c2:ff:
         34:35:36:89:57:e9:74:b5:56:8a:4d:bd:41:20:e7:8e:f9:c4:
         ab:fe:e6:f3:d6:8b:7f:3b:1d:0a:f6:7f:04:96:62:e3:8a:f3:
         29:0d:c2:21:3b:da:c3:ad:eb:e8:a1:35:0a:f4:90:f2:c4:3a:
         ed:5b:48:13:c6:4b:b7:c1:ce:4a:6f:85:e1:31:7a:24:dc:60:
         c7:58:8a:66:23:fd:29:25:c5:c1:0d:94:e1:21:99:54:1d:47:
         b5:7e:e7:13:f9:15:79:43:ba:9d:90:8d:5c:e6:60:8d:60:c3:
         bf:98:d0:33:65:26:39:88:1e:c0:c1:fa:27:bb:94:92:3a:42:
         5f:a7:d2:c9:66:df:ff:24:96:29:93:99:82:fb:6b:c6:63:1f:
         11:96:2b:14:74:15:ff:c0:19:ad:d3:56:e4:e2:fd:1e:60:6b:
         45:57:ad:dd
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICON8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwNDE1MDgyMDA5WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjU5MmFiOS0wMDM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzDUsLroNXjlCTS8KrOAmySH4jl8XZeUfnOfHcHgJBfayMFSMOCqVe9srQNOp
demB6flxScMmKHC80GvIwWBIhDMxqx1aajDW52qQCV7HDrjfy+4PMSPRoivcFI4E
gWqGh9+ZJHDcM3OCAG2gezIr3gTsEojsw8TAeEZoedJPOs11vJ7JDAlEB0p/G8AQ
vNl+i6NMo41utdiFY7rkyWZ+eUV7scoiKGWu0bbfiDNB6RPqfK95bUOh9wR5xeH1
D6aGCch8dFsVAtmVB3Ay378nR22XlRYa7o0PmN/T2mgusz6LRrQpbOGcbySxGto/
wsI6luf4ZJmoh9VenQGWfFmndwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFIxNcW76
mJZpfnVD3eXgO+R+FVmBMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvMTQyM0IyQzRC
QzMzMTFFQzhCMTc5NzMxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAqIXWkA7tYZ0XCEtYt5O4BTxlzSEYKm2sRyXQaxmUJTGOeqt6v9tGo+F6
PyEPlQ7h+ZFw/PpMPukbhZ1Tl/KUUVuK125K+RUrMTEbHQ11jX9ip+UMQ2gi78L/
NDU2iVfpdLVWik29QSDnjvnEq/7m89aLfzsdCvZ/BJZi44rzKQ3CITvaw63r6KE1
CvSQ8sQ67VtIE8ZLt8HOSm+F4TF6JNxgx1iKZiP9KSXFwQ2U4SGZVB1HtX7nE/kV
eUO6nZCNXOZgjWDDv5jQM2UmOYgewMH6J7uUkjpCX6fSyWbf/ySWKZOZgvtrxmMf
EZYrFHQV/8AZrdNW5OL9HmBrRVet3Q==
-----END CERTIFICATE-----