Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/1F1C48AE8BFE11EC88528B0CC4F9AE02.roa
File:                     1F1C48AE8BFE11EC88528B0CC4F9AE02.roa (raw, json)
Hash identifier:          p2Q9DjnPjYD+7M14k0nW8fkVdAhHxAW67re/Ks19BQw=
Subject key identifier:   1B:05:CF:B2:4C:56:1A:4B:E1:BD:13:2A:B5:47:68:2A:00:5C:E8:C5
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       36BB
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/1F1C48AE8BFE11EC88528B0CC4F9AE02.roa
Signing time:             Sat 12 Feb 2022 12:20:10 +0000
ROA not before:           Sat 12 Feb 2022 12:20:10 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14011 (0x36bb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Feb 12 12:20:10 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=6207a5fa-462b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:04:c8:4b:2c:8c:9b:45:55:bb:3b:51:26:6a:
                    ac:fa:97:93:c2:de:ab:03:41:2e:75:2e:a3:c5:71:
                    77:a1:94:f1:9a:9c:df:48:2c:00:c9:47:b5:d9:8d:
                    4a:6f:b9:68:87:a8:7e:15:de:66:4d:e5:81:20:98:
                    2f:b9:29:7b:10:fa:03:5e:db:29:a4:e9:00:ad:e7:
                    7c:9b:c8:79:f2:3f:af:27:e1:8d:d1:21:76:82:12:
                    15:ba:0d:0a:8d:ce:f2:86:19:35:5a:90:75:25:ef:
                    7f:0f:d1:a5:c2:6a:a9:a1:7e:85:7d:31:37:e4:99:
                    54:41:5f:8d:17:52:ca:c6:a8:ad:e4:da:f9:ad:df:
                    d3:e1:eb:09:a8:92:fb:0e:9f:a1:24:d9:db:6f:4b:
                    bb:0f:24:0e:23:a8:f1:3a:c1:7d:1f:de:0f:e8:29:
                    4d:a4:b6:72:e1:47:75:df:0f:f2:2b:9e:ba:fb:de:
                    c7:b6:90:29:10:5e:87:d1:d0:28:1f:78:ed:64:32:
                    49:11:38:6e:88:21:34:b2:7e:ee:87:92:aa:b4:20:
                    28:5e:b3:15:b6:bb:00:96:55:99:16:37:28:e2:1b:
                    96:c4:95:f2:12:19:ff:c7:f0:a2:4f:ab:e7:29:b7:
                    3e:2f:aa:d6:3c:30:ee:e6:3c:44:2e:70:9a:7e:cf:
                    28:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:05:CF:B2:4C:56:1A:4B:E1:BD:13:2A:B5:47:68:2A:00:5C:E8:C5
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/1F1C48AE8BFE11EC88528B0CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:86:ac:b5:7d:8d:b9:40:7f:d3:92:f5:b3:1d:44:c1:4c:f4:
         e2:85:5f:20:51:77:aa:b7:f4:9c:b8:dd:99:a4:82:db:2f:48:
         7e:da:89:32:02:35:7d:e3:9f:85:fe:9d:2a:1a:37:27:e1:5a:
         87:1f:d9:02:a1:95:96:5d:4a:dd:9c:61:45:42:91:78:e8:57:
         25:ac:9d:ec:4f:b1:d0:88:12:44:f5:18:47:20:b1:7d:32:e9:
         be:72:fd:1e:9e:d9:f8:4d:2f:5a:10:e7:22:8d:71:5a:cb:c0:
         f9:31:7b:a3:89:e6:fe:c1:74:e9:ab:13:c6:db:a9:5b:58:c6:
         cc:60:15:00:71:bb:38:31:2f:47:7d:db:da:e0:de:d3:f7:68:
         11:88:32:ef:21:8e:25:6a:82:cc:4d:47:3e:ef:39:49:7d:ae:
         9b:26:0b:b3:58:97:bc:9a:f8:76:66:6f:41:10:80:a6:99:4d:
         c2:45:1b:74:de:ff:a6:53:ab:9a:b0:dd:f2:0f:66:35:0f:a3:
         bd:06:0b:1d:6a:50:46:d7:c3:5c:60:5c:d7:44:43:25:48:2c:
         5d:48:5c:4e:9f:05:a5:e7:12:c2:61:ed:7d:a3:ba:b7:c2:f4:
         75:c7:de:3b:9f:d7:c8:21:aa:b1:f1:05:c3:72:87:c7:94:be:
         ce:17:63:2a
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICNrswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMjEyMTIyMDEwWhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjA3YTVmYS00NjJiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3QTISyyMm0VVuztRJmqs+peTwt6rA0EudS6jxXF3oZTxmpzfSCwAyUe12Y1K
b7loh6h+Fd5mTeWBIJgvuSl7EPoDXtsppOkAred8m8h58j+vJ+GN0SF2ghIVug0K
jc7yhhk1WpB1Je9/D9GlwmqpoX6FfTE35JlUQV+NF1LKxqit5Nr5rd/T4esJqJL7
Dp+hJNnbb0u7DyQOI6jxOsF9H94P6ClNpLZy4Ud13w/yK566+97HtpApEF6H0dAo
H3jtZDJJEThuiCE0sn7uh5KqtCAoXrMVtrsAllWZFjco4huWxJXyEhn/x/CiT6vn
Kbc+L6rWPDDu5jxELnCafs8otQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFBsFz7JM
VhpL4b0TKrVHaCoAXOjFMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvMUYxQzQ4QUU4
QkZFMTFFQzg4NTI4QjBDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHACABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAe4astX2NuUB/05L1sx1EwUz04oVfIFF3qrf0nLjdmaSC2y9IftqJMgI1
feOfhf6dKho3J+Fahx/ZAqGVll1K3ZxhRUKReOhXJayd7E+x0IgSRPUYRyCxfTLp
vnL9Hp7Z+E0vWhDnIo1xWsvA+TF7o4nm/sF06asTxtupW1jGzGAVAHG7ODEvR33b
2uDe0/doEYgy7yGOJWqCzE1HPu85SX2umyYLs1iXvJr4dmZvQRCApplNwkUbdN7/
plOrmrDd8g9mNQ+jvQYLHWpQRtfDXGBc10RDJUgsXUhcTp8FpecSwmHtfaO6t8L0
dcfeO5/XyCGqsfEFw3KHx5S+zhdjKg==
-----END CERTIFICATE-----