Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/C9B7A306810B11ECAF614353C4F9AE02.roa
File:                     C9B7A306810B11ECAF614353C4F9AE02.roa (raw, json)
Hash identifier:          EPFBu31QbQPPeNxm/Dz88THfopYCKXsOzh7uPvSPL6M=
Subject key identifier:   A7:10:C7:57:88:A3:4A:8F:EA:AA:2F:39:BA:CF:74:BE:0C:9B:1C:3D
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       3625
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/C9B7A306810B11ECAF614353C4F9AE02.roa
Signing time:             Sun 30 Jan 2022 02:40:09 +0000
ROA not before:           Sun 30 Jan 2022 02:40:09 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13861 (0x3625)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Jan 30 02:40:09 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=61f5fa88-6a87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:e7:80:ae:c3:31:47:f5:69:cb:74:8b:65:34:
                    b0:cc:16:9c:68:67:de:7a:bc:d1:e7:59:b6:f3:d6:
                    f8:00:75:a5:0d:21:aa:c3:f4:b3:27:2a:94:89:f7:
                    2c:19:ca:39:f2:22:f6:fd:92:05:e5:1d:c8:01:42:
                    bf:31:b7:17:ef:55:bc:63:a6:51:11:f0:39:4c:ec:
                    7c:7a:3e:e0:fa:d6:d3:2a:07:9e:cb:da:b6:16:31:
                    e7:19:e9:09:4f:65:55:1e:f3:41:06:09:85:83:42:
                    09:01:46:e2:c8:0f:77:16:5e:51:aa:89:20:c2:df:
                    f8:7c:5c:d7:b6:f7:e8:c7:ee:08:c0:63:cd:b4:d2:
                    09:8c:42:6f:ae:66:45:2a:06:03:12:fb:33:2f:3d:
                    8e:b0:0c:e9:df:3d:1c:d5:55:88:d0:0e:da:af:bc:
                    f4:39:d3:8d:63:2f:1c:ce:86:0c:75:b0:c0:af:e6:
                    bb:a8:df:92:50:31:15:39:57:f6:5b:68:58:95:b9:
                    b6:e8:c7:04:84:53:52:6a:15:bb:80:0c:e9:29:7b:
                    43:3a:bf:b9:fb:1c:b3:b6:25:82:40:f1:29:da:46:
                    5b:3d:7b:1d:b3:41:cf:be:2c:3a:b2:e4:8b:2e:b0:
                    a8:b7:dd:f6:1f:a9:91:16:97:94:8e:e6:f3:bf:99:
                    b7:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:10:C7:57:88:A3:4A:8F:EA:AA:2F:39:BA:CF:74:BE:0C:9B:1C:3D
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/C9B7A306810B11ECAF614353C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         ca:72:e2:6c:ef:49:76:d7:d0:53:09:ea:0d:41:6c:03:b7:30:
         cc:29:a1:f5:d5:0f:92:5f:c4:42:ee:1d:6e:3d:7f:eb:3c:e1:
         17:35:4c:65:5a:db:88:3f:95:17:3b:de:cc:b9:23:07:7a:72:
         28:29:54:2a:55:68:3c:a3:bc:02:5f:24:d0:b8:b2:67:42:4b:
         6f:33:fa:c4:2b:2d:e3:2b:0c:7c:2f:f3:f4:e5:1c:03:a7:08:
         46:88:cf:9a:b1:25:5e:27:87:dc:28:c7:78:c4:07:86:09:7b:
         0b:d6:bf:f8:b2:6d:89:1b:f5:df:54:fa:50:3a:e8:e9:ac:67:
         9a:40:52:48:63:fa:1d:2d:ad:4c:e1:e5:8f:2b:86:2d:6e:70:
         de:e4:a8:7f:49:99:d9:2f:89:05:fd:e2:39:4c:e4:17:52:c9:
         29:a3:33:14:58:9f:fe:7e:7f:a1:5c:4f:82:9f:21:4b:16:49:
         57:54:42:68:02:87:46:0a:4a:16:73:cf:b6:3b:eb:93:30:53:
         b2:59:ce:20:a5:a1:91:a2:14:cf:ce:22:e5:9a:87:91:4a:be:
         62:74:9c:be:92:59:cb:c8:c3:31:b0:d9:48:f4:9c:be:32:59:
         f4:17:50:97:d0:e8:a9:26:8b:b7:b7:90:37:3e:da:d5:df:77:
         9e:b4:4e:85
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICNiUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwMTMwMDI0MDA5WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWY1ZmE4OC02YTg3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1+eArsMxR/Vpy3SLZTSwzBacaGfeerzR51m289b4AHWlDSGqw/SzJyqUifcs
Gco58iL2/ZIF5R3IAUK/MbcX71W8Y6ZREfA5TOx8ej7g+tbTKgeey9q2FjHnGekJ
T2VVHvNBBgmFg0IJAUbiyA93Fl5Rqokgwt/4fFzXtvfox+4IwGPNtNIJjEJvrmZF
KgYDEvszLz2OsAzp3z0c1VWI0A7ar7z0OdONYy8czoYMdbDAr+a7qN+SUDEVOVf2
W2hYlbm26McEhFNSahW7gAzpKXtDOr+5+xyztiWCQPEp2kZbPXsds0HPviw6suSL
LrCot932H6mRFpeUjubzv5m3pwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFKcQx1eI
o0qP6qovObrPdL4Mmxw9MB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvQzlCN0EzMDY4
MTBCMTFFQ0FGNjE0MzUzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAynLibO9JdtfQUwnqDUFsA7cwzCmh9dUPkl/EQu4dbj1/6zzhFzVMZVrb
iD+VFzvezLkjB3pyKClUKlVoPKO8Al8k0LiyZ0JLbzP6xCst4ysMfC/z9OUcA6cI
RojPmrElXieH3CjHeMQHhgl7C9a/+LJtiRv131T6UDro6axnmkBSSGP6HS2tTOHl
jyuGLW5w3uSof0mZ2S+JBf3iOUzkF1LJKaMzFFif/n5/oVxPgp8hSxZJV1RCaAKH
RgpKFnPPtjvrkzBTslnOIKWhkaIUz84i5ZqHkUq+YnScvpJZy8jDMbDZSPScvjJZ
9BdQl9DoqSaLt7eQNz7a1d93nrROhQ==
-----END CERTIFICATE-----