Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/5A6AE356927111ECB79A332CC4F9AE02.roa
File:                     5A6AE356927111ECB79A332CC4F9AE02.roa (raw, json)
Hash identifier:          v62PTIJg04eEU7phs+HBo99COqKguvGFA0eb99DMLOk=
Subject key identifier:   1F:6D:C3:61:D3:A5:AD:C1:AA:2F:71:27:5E:30:D3:80:73:67:D2:CD
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       371D
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/5A6AE356927111ECB79A332CC4F9AE02.roa
Signing time:             Mon 21 Feb 2022 05:20:08 +0000
ROA not before:           Mon 21 Feb 2022 05:20:08 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14109 (0x371d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Feb 21 05:20:08 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=62132108-0106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:1d:c4:3e:38:59:2a:61:40:b4:2d:15:ba:6f:
                    c9:4f:7a:8e:02:83:69:31:43:68:4e:d3:8e:76:db:
                    b1:b0:21:5e:be:ad:6c:e6:8e:21:48:0a:37:fe:02:
                    cf:c7:61:29:ae:76:e5:e8:29:48:e4:80:02:b6:90:
                    d6:28:81:9c:85:20:0b:1d:b6:6a:a4:ca:b1:57:89:
                    26:af:5e:90:80:8c:79:24:f8:52:1c:82:3d:f5:ca:
                    8c:6b:b1:7d:0d:4a:51:1e:48:bf:8f:82:2e:f7:7e:
                    fc:d8:0c:f9:8c:66:7d:87:5e:10:06:43:73:26:28:
                    76:77:37:bb:28:04:e3:18:1d:71:ff:6a:21:13:0d:
                    bc:64:0a:10:c9:8d:55:07:6e:75:a7:bc:c0:fc:93:
                    34:66:1f:e1:25:2c:b1:89:41:f9:79:bb:87:25:d3:
                    fa:75:ff:62:aa:bb:5e:7b:47:98:41:a9:c4:ee:0e:
                    0e:42:69:a0:d1:ae:75:63:2c:32:23:d2:c4:ab:06:
                    75:74:00:27:9b:ea:e8:fc:31:1e:01:8a:71:e3:db:
                    ea:64:21:7e:8e:2c:db:a0:35:00:b0:33:5f:d1:96:
                    56:c5:c4:bb:9a:aa:5b:e1:a3:0d:7f:e9:15:32:09:
                    e4:47:a7:1b:1f:d8:5f:63:ce:25:c3:b3:52:00:5d:
                    9d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:6D:C3:61:D3:A5:AD:C1:AA:2F:71:27:5E:30:D3:80:73:67:D2:CD
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/5A6AE356927111ECB79A332CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         a3:03:ad:6c:47:be:62:ce:2f:b5:c0:7b:9e:d6:11:86:e0:87:
         2f:c4:e0:7c:23:03:4d:8b:14:a6:9d:e7:8d:fb:2a:d5:40:60:
         b0:0b:95:e0:00:25:6c:f6:70:6b:f0:6d:95:ac:be:35:4c:41:
         54:ed:17:8d:9b:e4:ef:ed:40:e5:71:5f:6a:7e:39:76:ce:cb:
         c8:6d:27:70:70:e6:cf:7d:67:b0:38:ba:d8:6d:e2:91:1c:93:
         9c:cf:6f:44:f7:9b:cf:27:79:c9:82:6e:ae:e0:5e:68:a6:6c:
         74:2a:5c:ad:aa:fe:04:eb:46:4e:a5:aa:c7:d2:b2:98:71:59:
         c8:73:31:37:64:90:9c:2c:3f:f3:e0:ff:af:de:3e:75:6e:7a:
         ee:a6:85:ea:a0:7c:f8:17:6f:97:a9:b2:a6:d1:0d:99:57:17:
         cb:34:f0:f1:bd:53:0b:a7:73:b4:cd:c6:ef:0b:ec:1e:71:b9:
         92:84:46:d0:5b:56:cf:e7:9d:25:6c:6e:c7:b3:76:b4:2f:f6:
         0c:88:23:47:2b:df:68:87:e8:8e:6e:8b:20:60:74:ef:21:9f:
         06:8f:a7:d7:92:7a:41:45:d1:b6:07:d3:f1:78:ae:4a:63:bd:
         7d:bf:a2:18:47:d5:8d:6b:ea:19:7e:d1:1e:01:59:c0:a8:58:
         b0:74:73:fb
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICNx0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMjIxMDUyMDA4WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjEzMjEwOC0wMTA2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvR3EPjhZKmFAtC0Vum/JT3qOAoNpMUNoTtOOdtuxsCFevq1s5o4hSAo3/gLP
x2Eprnbl6ClI5IACtpDWKIGchSALHbZqpMqxV4kmr16QgIx5JPhSHII99cqMa7F9
DUpRHki/j4Iu93782Az5jGZ9h14QBkNzJih2dze7KATjGB1x/2ohEw28ZAoQyY1V
B251p7zA/JM0Zh/hJSyxiUH5ebuHJdP6df9iqrtee0eYQanE7g4OQmmg0a51Yywy
I9LEqwZ1dAAnm+ro/DEeAYpx49vqZCF+jizboDUAsDNf0ZZWxcS7mqpb4aMNf+kV
MgnkR6cbH9hfY84lw7NSAF2dHQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFB9tw2HT
pa3Bqi9xJ14w04BzZ9LNMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvNUE2QUUzNTY5
MjcxMTFFQ0I3OUEzMzJDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAowOtbEe+Ys4vtcB7ntYRhuCHL8TgfCMDTYsUpp3njfsq1UBgsAuV4AAl
bPZwa/Btlay+NUxBVO0XjZvk7+1A5XFfan45ds7LyG0ncHDmz31nsDi62G3ikRyT
nM9vRPebzyd5yYJuruBeaKZsdCpcrar+BOtGTqWqx9KymHFZyHMxN2SQnCw/8+D/
r94+dW567qaF6qB8+Bdvl6myptENmVcXyzTw8b1TC6dztM3G7wvsHnG5koRG0FtW
z+edJWxux7N2tC/2DIgjRyvfaIfojm6LIGB07yGfBo+n15J6QUXRtgfT8XiuSmO9
fb+iGEfVjWvqGX7RHgFZwKhYsHRz+w==
-----END CERTIFICATE-----