Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/79CF904C8C1411ECB1084626C4F9AE02.roa
File:                     79CF904C8C1411ECB1084626C4F9AE02.roa (raw, json)
Hash identifier:          paFMQrXcyzMAkJXqbOlqQIEX4HHRAFkRppokCCltcI8=
Subject key identifier:   D7:1B:19:E7:14:3B:B2:64:D9:1C:1F:22:7C:1A:7B:97:AC:DF:9F:94
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       36C4
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/79CF904C8C1411ECB1084626C4F9AE02.roa
Signing time:             Sun 13 Feb 2022 02:40:11 +0000
ROA not before:           Sun 13 Feb 2022 02:40:11 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14020 (0x36c4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Feb 13 02:40:11 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=62086f8b-e05f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:24:51:d7:fb:a2:8b:e9:3d:e0:52:eb:47:67:
                    32:60:00:cf:f0:2f:82:7e:e1:ac:44:61:b8:a5:5a:
                    4e:02:8a:ef:97:e7:c6:29:8a:b1:dc:26:1e:44:c8:
                    31:0a:fd:ec:99:04:5a:15:57:e8:ac:a5:99:8e:aa:
                    65:7d:7e:62:53:8d:74:6e:3a:1c:de:b4:09:84:80:
                    a4:5b:ca:1b:e4:31:7a:a3:b0:d6:21:1c:a2:f1:09:
                    7f:f0:6d:bc:60:95:67:b4:c7:87:a5:26:90:0e:19:
                    99:59:04:ec:88:f3:1f:d6:48:ff:55:21:c1:6a:28:
                    59:e1:ac:8f:54:a6:ac:ea:2f:00:92:bc:45:3e:b9:
                    b9:a9:61:5a:ee:c3:1b:0f:f8:ef:d2:72:51:19:d7:
                    f4:2c:33:de:94:67:cf:ea:05:af:df:d7:d4:5c:47:
                    0a:95:2b:99:81:e7:04:37:a5:d6:2b:c6:4b:f0:b4:
                    cf:a4:e6:23:66:ff:5e:59:69:92:88:7f:b7:61:8f:
                    e0:52:ec:1c:95:9c:b8:12:af:e6:cd:6b:0e:f3:31:
                    91:84:e6:4e:9d:2f:1f:52:c8:a7:99:e4:ac:29:9c:
                    46:60:fc:24:88:a3:b8:93:31:4c:bd:d3:42:04:7c:
                    0d:27:c9:e5:52:ea:2d:db:bb:79:a7:e4:b2:85:8f:
                    2e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:1B:19:E7:14:3B:B2:64:D9:1C:1F:22:7C:1A:7B:97:AC:DF:9F:94
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/79CF904C8C1411ECB1084626C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         76:c4:47:73:0c:e6:bc:30:74:7c:3e:db:14:71:9b:0a:d5:33:
         dc:f6:86:ee:3a:ae:b0:39:f1:e4:8e:c1:41:6b:06:e4:95:c7:
         1e:b8:b7:96:6d:c9:33:89:82:5d:99:72:70:30:d8:87:d1:b3:
         fe:ba:4e:cb:05:99:95:f3:73:98:22:5e:21:0e:b5:08:36:0a:
         96:21:88:c3:dd:d8:17:ad:a4:7f:45:fe:cd:3d:73:85:4a:1b:
         ad:33:9e:5e:25:78:85:5e:72:d8:25:9d:fd:ac:3b:9d:db:ac:
         9b:e2:9a:9f:64:6e:eb:97:64:d0:7c:7b:98:fc:27:f3:85:ce:
         cd:c0:d6:6c:c1:02:88:ba:1b:6e:f3:bf:4d:b9:19:fa:b8:1e:
         3a:61:a9:6e:17:96:d6:71:97:96:2c:54:fd:14:9b:e7:56:0e:
         2c:e1:bf:da:01:ec:e4:92:1b:b1:e5:67:3f:cb:58:9b:77:6d:
         63:49:03:1f:8b:5d:4f:cb:6c:ee:1e:d8:de:1e:90:bc:d8:8f:
         2a:02:8f:e6:32:39:07:71:0b:13:8b:86:0f:03:71:e7:84:f8:
         50:9d:33:3a:75:b9:a1:28:06:4b:34:01:9d:c8:cd:f1:74:92:
         a3:fe:01:8e:48:91:9b:11:8b:dc:21:fb:92:e6:27:61:ac:65:
         55:4b:77:2c
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICNsQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMjEzMDI0MDExWhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjA4NmY4Yi1lMDVmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAniRR1/uii+k94FLrR2cyYADP8C+CfuGsRGG4pVpOAorvl+fGKYqx3CYeRMgx
Cv3smQRaFVforKWZjqplfX5iU410bjoc3rQJhICkW8ob5DF6o7DWIRyi8Ql/8G28
YJVntMeHpSaQDhmZWQTsiPMf1kj/VSHBaihZ4ayPVKas6i8AkrxFPrm5qWFa7sMb
D/jv0nJRGdf0LDPelGfP6gWv39fUXEcKlSuZgecEN6XWK8ZL8LTPpOYjZv9eWWmS
iH+3YY/gUuwclZy4Eq/mzWsO8zGRhOZOnS8fUsinmeSsKZxGYPwkiKO4kzFMvdNC
BHwNJ8nlUuot27t5p+SyhY8uawIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFNcbGecU
O7Jk2RwfInwae5es35+UMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvNzlDRjkwNEM4
QzE0MTFFQ0IxMDg0NjI2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAdsRHcwzmvDB0fD7bFHGbCtUz3PaG7jqusDnx5I7BQWsG5JXHHri3lm3J
M4mCXZlycDDYh9Gz/rpOywWZlfNzmCJeIQ61CDYKliGIw93YF62kf0X+zT1zhUob
rTOeXiV4hV5y2CWd/aw7ndusm+Kan2Ru65dk0Hx7mPwn84XOzcDWbMECiLobbvO/
TbkZ+rgeOmGpbheW1nGXlixU/RSb51YOLOG/2gHs5JIbseVnP8tYm3dtY0kDH4td
T8ts7h7Y3h6QvNiPKgKP5jI5B3ELE4uGDwNx54T4UJ0zOnW5oSgGSzQBncjN8XSS
o/4BjkiRmxGL3CH7kuYnYaxlVUt3LA==
-----END CERTIFICATE-----