Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/B6CD05748FFC11EC9BB3480BC4F9AE02.roa
File:                     B6CD05748FFC11EC9BB3480BC4F9AE02.roa (raw, json)
Hash identifier:          xVt2ASB51o4uMgtFnj7NIlLBFkHoD0a72kkQ3QAzhuM=
Subject key identifier:   32:AA:9B:F4:66:E7:E3:4E:14:B1:5A:78:07:4B:1D:ED:78:76:35:61
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       36F9
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/B6CD05748FFC11EC9BB3480BC4F9AE02.roa
Signing time:             Fri 18 Feb 2022 05:00:12 +0000
ROA not before:           Fri 18 Feb 2022 05:00:12 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14073 (0x36f9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Feb 18 05:00:12 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=620f27dc-0f10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:52:ab:d4:ef:2c:96:89:27:68:75:be:54:53:
                    1a:3c:12:8d:76:ac:35:82:b9:03:84:fb:e5:5f:fe:
                    fa:26:ab:2a:f4:22:a7:da:bf:cf:6a:ba:b0:57:22:
                    e0:e4:70:78:8e:04:0d:c8:c9:a9:3a:13:0d:ec:84:
                    da:9a:2e:c4:cd:50:75:69:9b:7a:d9:c8:07:f1:0a:
                    bc:6f:a8:cb:15:2c:4d:74:48:cf:78:44:6c:b7:3f:
                    e9:fe:1c:a1:ff:ee:82:74:eb:44:50:6c:66:ff:a2:
                    b6:71:e9:f6:b8:97:fc:b4:5e:6c:5e:d8:ca:17:20:
                    56:a8:83:58:11:0b:3d:16:6e:38:c6:9d:a6:b2:12:
                    a6:1f:1e:01:0a:61:5d:25:20:9e:13:ba:82:8b:5d:
                    4c:b1:dd:6c:63:31:a2:ea:a8:c0:cd:f3:22:f5:4d:
                    d5:45:a9:02:07:5e:3f:4a:82:3d:d5:ee:fb:ac:b0:
                    8a:43:77:c6:a7:bf:1e:5f:34:93:3e:26:46:2e:d2:
                    f2:ec:84:3a:34:14:df:99:13:b3:16:46:6a:c3:9a:
                    fe:a8:38:6f:3f:90:73:55:5a:73:04:76:a8:8a:48:
                    35:cc:62:2c:ae:7a:77:a7:e1:4e:0c:5e:96:19:44:
                    77:d4:27:c3:c7:a2:e3:5b:be:62:db:b9:f6:25:f8:
                    85:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:AA:9B:F4:66:E7:E3:4E:14:B1:5A:78:07:4B:1D:ED:78:76:35:61
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/B6CD05748FFC11EC9BB3480BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         21:ec:8a:34:40:a3:a5:70:79:8b:76:c7:0c:19:63:8a:3d:5e:
         fa:45:4e:a1:35:bc:67:26:77:9d:d1:cd:6b:95:34:b6:2d:a4:
         ca:a0:e9:47:2f:64:f6:ce:fa:f7:d3:a7:eb:f3:ce:88:03:42:
         96:d0:83:82:4d:ff:d5:4c:22:4f:b3:88:9e:e7:a6:e7:7e:c3:
         bd:e2:46:33:be:d6:33:83:2f:d2:02:09:fc:e5:28:9a:b9:50:
         59:67:1f:d4:e9:96:c5:7e:1a:ec:6c:a3:7c:54:7c:60:80:5b:
         36:ad:1d:b1:91:3f:32:30:af:91:75:f5:86:54:82:59:db:8b:
         28:64:04:26:9b:c0:eb:61:86:eb:44:e2:da:f8:43:d8:a1:42:
         5f:c5:ae:ed:e1:6f:50:11:57:70:fe:69:15:1f:38:96:b5:46:
         66:b5:83:36:4f:06:03:09:2a:73:f0:10:fa:a7:35:0e:7c:fa:
         c4:96:e3:0b:46:65:87:29:60:35:0b:76:b7:9e:b3:6c:d9:e9:
         96:3b:91:0b:d1:3b:2a:76:94:e2:c7:0b:31:2e:ce:25:3a:79:
         45:f1:a4:2f:bb:04:45:91:61:de:33:c8:b7:3c:f3:fe:92:0f:
         ff:66:cd:fe:17:4f:33:d4:f8:f5:7c:fb:d8:83:b3:6f:82:fb:
         cc:8c:26:40
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICNvkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMjE4MDUwMDEyWhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjBmMjdkYy0wZjEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3VKr1O8sloknaHW+VFMaPBKNdqw1grkDhPvlX/76Jqsq9CKn2r/ParqwVyLg
5HB4jgQNyMmpOhMN7ITami7EzVB1aZt62cgH8Qq8b6jLFSxNdEjPeERstz/p/hyh
/+6CdOtEUGxm/6K2cen2uJf8tF5sXtjKFyBWqINYEQs9Fm44xp2mshKmHx4BCmFd
JSCeE7qCi11Msd1sYzGi6qjAzfMi9U3VRakCB14/SoI91e77rLCKQ3fGp78eXzST
PiZGLtLy7IQ6NBTfmROzFkZqw5r+qDhvP5BzVVpzBHaoikg1zGIsrnp3p+FODF6W
GUR31CfDx6LjW75i27n2JfiFnQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFDKqm/Rm
5+NOFLFaeAdLHe14djVhMB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvQjZDRDA1NzQ4
RkZDMTFFQzlCQjM0ODBCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAIeyKNECjpXB5i3bHDBljij1e+kVOoTW8ZyZ3ndHNa5U0ti2kyqDpRy9k
9s7699On6/POiANCltCDgk3/1UwiT7OInuem537DveJGM77WM4Mv0gIJ/OUomrlQ
WWcf1OmWxX4a7GyjfFR8YIBbNq0dsZE/MjCvkXX1hlSCWduLKGQEJpvA62GG60Ti
2vhD2KFCX8Wu7eFvUBFXcP5pFR84lrVGZrWDNk8GAwkqc/AQ+qc1Dnz6xJbjC0Zl
hylgNQt2t56zbNnpljuRC9E7KnaU4scLMS7OJTp5RfGkL7sERZFh3jPItzzz/pIP
/2bN/hdPM9T49Xz72IOzb4L7zIwmQA==
-----END CERTIFICATE-----