Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/8BD6456297E311EC9B0E602AC4F9AE02.roa
File:                     8BD6456297E311EC9B0E602AC4F9AE02.roa (raw, json)
Hash identifier:          oaTbBeP/ArKFOZz2fmW7+yeqyiluUJdeobWv557rUYI=
Subject key identifier:   87:B6:BB:5B:39:90:37:F3:BE:BC:A0:7E:AC:D3:BF:C3:C4:B9:73:20
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       376A
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/8BD6456297E311EC9B0E602AC4F9AE02.roa
Signing time:             Mon 28 Feb 2022 02:20:09 +0000
ROA not before:           Mon 28 Feb 2022 02:20:09 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14186 (0x376a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Feb 28 02:20:09 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=621c3159-efae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:7a:9a:f1:9b:74:1f:22:8f:b8:94:b2:dc:bd:
                    95:f1:94:1e:c6:54:38:ec:2a:37:f8:4c:55:9c:01:
                    ef:2f:1c:88:fc:b1:7a:6e:42:85:75:ce:6d:86:42:
                    78:6d:83:83:73:ad:96:81:0b:76:0d:55:58:21:18:
                    1c:2f:11:8b:1a:f2:ad:c5:fb:f6:f8:4c:6d:f0:7e:
                    2b:b3:63:45:21:c8:48:1f:9f:e4:4e:99:0c:2d:82:
                    24:07:05:17:d7:d6:08:bf:bc:16:48:d1:7f:ca:08:
                    ce:0a:50:2d:42:f2:b9:0f:d1:d5:f9:b0:01:5e:75:
                    d4:68:51:b5:86:56:be:ae:1c:cd:1f:c9:6b:46:71:
                    a2:52:6d:90:13:cf:0f:f8:a3:34:4f:b1:e3:a6:42:
                    54:1b:02:77:a3:49:e8:ee:21:44:59:c1:d3:6c:e0:
                    a8:d2:5a:b8:f3:80:f9:af:f4:dc:f5:f6:63:06:5c:
                    ad:f3:1a:ef:98:75:c0:1e:c3:09:12:aa:77:3b:a9:
                    47:00:ec:10:7f:70:3d:e4:73:4d:c3:68:de:7f:44:
                    a1:a2:53:df:42:1b:e9:15:53:4a:20:28:c4:27:6f:
                    f1:fe:7b:dc:48:bf:b4:a7:ad:e1:16:28:54:17:1d:
                    7f:7d:e8:e4:f1:04:62:7f:84:8e:c6:be:5f:83:a2:
                    df:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:B6:BB:5B:39:90:37:F3:BE:BC:A0:7E:AC:D3:BF:C3:C4:B9:73:20
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/8BD6456297E311EC9B0E602AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         1c:0c:bf:e2:52:fd:6d:31:12:b9:b2:90:27:5a:d7:67:82:73:
         a5:2c:90:3b:14:14:5d:31:05:0c:bd:a4:db:ac:ca:a9:84:16:
         ac:fd:b5:c1:c6:10:3a:64:2b:2a:50:a8:ac:16:d3:84:ed:9b:
         79:7a:b0:84:cb:23:b0:34:b5:18:e8:71:65:a0:30:12:45:97:
         de:1d:57:0d:0e:34:90:ee:d5:fc:ea:4b:26:d8:5c:4f:b8:81:
         20:4b:aa:0e:ea:de:b0:6a:f9:0a:d3:a0:cb:a0:a4:89:14:67:
         c3:26:0f:aa:ff:1a:89:c8:da:ca:d5:81:f0:59:82:18:c7:70:
         99:63:50:3f:1a:16:f4:dd:10:d2:10:40:2a:b5:84:ac:e1:71:
         72:77:35:45:76:5d:d2:89:a4:e6:c3:1d:58:94:2a:c2:00:61:
         d4:1b:9f:57:94:5e:eb:b7:df:50:ef:f5:99:83:df:bc:db:9b:
         28:7f:3e:2a:83:78:d1:38:ed:13:f9:0f:a9:65:6c:c8:6c:3e:
         e8:6e:63:b7:4d:08:c9:84:1a:48:06:ae:98:dd:2b:57:aa:67:
         89:8f:5d:a7:19:ae:24:f6:02:99:3d:93:61:bf:b3:29:ab:0e:
         5f:8a:b2:16:20:05:23:d9:48:30:30:df:97:9a:7e:43:7e:57:
         fc:84:1e:94
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICN2owDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMjI4MDIyMDA5WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjFjMzE1OS1lZmFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4nqa8Zt0HyKPuJSy3L2V8ZQexlQ47Co3+ExVnAHvLxyI/LF6bkKFdc5thkJ4
bYODc62WgQt2DVVYIRgcLxGLGvKtxfv2+Ext8H4rs2NFIchIH5/kTpkMLYIkBwUX
19YIv7wWSNF/ygjOClAtQvK5D9HV+bABXnXUaFG1hla+rhzNH8lrRnGiUm2QE88P
+KM0T7HjpkJUGwJ3o0no7iFEWcHTbOCo0lq484D5r/Tc9fZjBlyt8xrvmHXAHsMJ
Eqp3O6lHAOwQf3A95HNNw2jef0SholPfQhvpFVNKICjEJ2/x/nvcSL+0p63hFihU
Fx1/fejk8QRif4SOxr5fg6LfKQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFIe2u1s5
kDfzvrygfqzTv8PEuXMgMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvOEJENjQ1NjI5
N0UzMTFFQzlCMEU2MDJBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAHAy/4lL9bTESubKQJ1rXZ4JzpSyQOxQUXTEFDL2k26zKqYQWrP21wcYQ
OmQrKlCorBbThO2beXqwhMsjsDS1GOhxZaAwEkWX3h1XDQ40kO7V/OpLJthcT7iB
IEuqDuresGr5CtOgy6CkiRRnwyYPqv8aicjaytWB8FmCGMdwmWNQPxoW9N0Q0hBA
KrWErOFxcnc1RXZd0omk5sMdWJQqwgBh1BufV5Re67ffUO/1mYPfvNubKH8+KoN4
0TjtE/kPqWVsyGw+6G5jt00IyYQaSAaumN0rV6pniY9dpxmuJPYCmT2TYb+zKasO
X4qyFiAFI9lIMDDfl5p+Q35X/IQelA==
-----END CERTIFICATE-----