Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/4B6A476485E411EC9B4C9F5DC4F9AE02.roa
File:                     4B6A476485E411EC9B4C9F5DC4F9AE02.roa (raw, json)
Hash identifier:          8KnMBfMjW5a+xH2trL3lcMXa+u5YvRsXR6oWwlemuBY=
Subject key identifier:   C9:9F:E4:76:62:6A:5F:35:C3:9D:CD:7C:E9:50:D5:65:BA:07:6D:05
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3667
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/4B6A476485E411EC9B4C9F5DC4F9AE02.roa
Signing time:             Sat 05 Feb 2022 06:00:10 +0000
ROA not before:           Sat 05 Feb 2022 06:00:10 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13927 (0x3667)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Feb  5 06:00:10 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=61fe126a-7ea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c2:a4:e7:4c:2e:06:d8:cd:22:c5:e2:98:9b:
                    9e:cf:b0:ac:8d:08:88:8e:a5:fd:8b:98:7c:8c:02:
                    4e:ff:f3:0f:bd:23:e0:e9:b5:62:35:ad:b0:79:f8:
                    5e:64:8d:f0:d3:c9:71:53:0b:95:10:3f:5f:09:1a:
                    e8:1b:81:24:db:ed:7c:20:50:f0:f8:d0:f0:2c:9c:
                    83:3c:e5:4f:39:50:74:8e:01:06:8a:1e:bb:09:6a:
                    87:06:2a:f4:86:fd:d7:3d:f6:56:6e:32:d4:80:dd:
                    77:c8:db:9a:0a:6e:cd:87:72:aa:c1:e7:50:b4:a6:
                    63:d0:46:67:10:08:a2:1b:0a:14:ef:90:ec:30:73:
                    8b:2a:67:60:07:0e:6e:5b:fb:5b:fd:67:c8:e7:19:
                    08:25:59:56:55:c1:58:9d:f9:46:a5:d3:86:fe:55:
                    db:b0:55:19:34:56:8e:c9:5b:6f:f3:22:d0:58:74:
                    1a:5d:08:61:96:8b:8e:77:30:75:9e:af:7a:b6:d5:
                    12:1d:91:88:aa:d1:57:9e:9f:c7:cc:d2:85:77:73:
                    7e:22:c0:b8:69:fa:a0:b8:5d:b7:70:e5:e8:96:5d:
                    16:ed:2a:ca:78:90:05:e7:d4:f8:f4:e9:d5:83:95:
                    ba:a0:5a:b9:26:0e:d8:c2:d5:c3:2c:44:6d:67:24:
                    e9:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:9F:E4:76:62:6A:5F:35:C3:9D:CD:7C:E9:50:D5:65:BA:07:6D:05
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/4B6A476485E411EC9B4C9F5DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         d1:82:39:5b:dd:f4:8d:18:bc:1c:e8:78:5d:ed:29:4e:74:ec:
         34:c7:fe:3e:58:6f:43:a5:c8:91:22:ae:d2:d1:50:be:ca:88:
         3c:94:bb:11:de:98:ff:25:b9:4f:9c:f4:c7:56:95:49:08:6f:
         cc:e1:49:11:24:77:21:0d:3e:e1:ee:df:a7:e6:9b:75:1c:73:
         f4:36:63:61:ae:a5:46:e2:35:81:9f:4b:be:b5:4c:c0:da:cc:
         e1:59:00:df:cc:0d:8c:85:eb:c1:c5:ef:e0:54:98:78:a6:03:
         ef:0a:d1:f7:b0:db:12:ec:5f:12:d4:38:ce:e5:6e:f1:63:e0:
         25:9d:7c:7e:31:88:4e:f0:22:72:22:70:31:0d:8d:7c:66:8e:
         76:02:6f:d3:80:fa:b0:79:2b:88:78:5e:62:61:ca:d4:49:40:
         ec:56:85:32:5f:8a:8c:a2:d1:f0:f3:a6:71:b8:d8:03:a1:71:
         5e:aa:71:75:1f:74:85:f7:69:5e:bb:af:d0:5b:5d:c5:1c:c5:
         2c:bf:dc:aa:f5:26:cf:f6:2b:68:35:a9:74:c4:e3:2e:38:da:
         15:1d:49:2f:11:3d:89:2d:2d:bd:2b:5b:9f:f2:94:d6:52:55:
         34:4f:02:8f:dd:99:47:9b:29:9a:fa:1e:3e:96:d5:b1:8e:d6:
         7a:c7:0b:aa
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICNmcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMjA1MDYwMDEwWhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWZlMTI2YS03ZWE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAusKk50wuBtjNIsXimJuez7CsjQiIjqX9i5h8jAJO//MPvSPg6bViNa2wefhe
ZI3w08lxUwuVED9fCRroG4Ek2+18IFDw+NDwLJyDPOVPOVB0jgEGih67CWqHBir0
hv3XPfZWbjLUgN13yNuaCm7Nh3KqwedQtKZj0EZnEAiiGwoU75DsMHOLKmdgBw5u
W/tb/WfI5xkIJVlWVcFYnflGpdOG/lXbsFUZNFaOyVtv8yLQWHQaXQhhlouOdzB1
nq96ttUSHZGIqtFXnp/HzNKFd3N+IsC4afqguF23cOXoll0W7SrKeJAF59T49OnV
g5W6oFq5Jg7YwtXDLERtZyTpmwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFMmf5HZi
al81w53NfOlQ1WW6B20FMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvNEI2QTQ3NjQ4
NUU0MTFFQzlCNEM5RjVEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEA0YI5W930jRi8HOh4Xe0pTnTsNMf+PlhvQ6XIkSKu0tFQvsqIPJS7Ed6Y
/yW5T5z0x1aVSQhvzOFJESR3IQ0+4e7fp+abdRxz9DZjYa6lRuI1gZ9LvrVMwNrM
4VkA38wNjIXrwcXv4FSYeKYD7wrR97DbEuxfEtQ4zuVu8WPgJZ18fjGITvAiciJw
MQ2NfGaOdgJv04D6sHkriHheYmHK1ElA7FaFMl+KjKLR8POmcbjYA6FxXqpxdR90
hfdpXruv0FtdxRzFLL/cqvUmz/YraDWpdMTjLjjaFR1JLxE9iS0tvStbn/KU1lJV
NE8Cj92ZR5spmvoePpbVsY7WescLqg==
-----END CERTIFICATE-----