Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B2D29/F71E7166552111E5ADB2092AC4F9AE02/F7A7D258E0AC11EC975F2553C4F9AE02.roa
File:                     F7A7D258E0AC11EC975F2553C4F9AE02.roa (raw, json)
Hash identifier:          j0g6btsib5J9TUuLEXe0XaOT7GRsq3mgaz2ZFJa6Qh8=
Subject key identifier:   A1:3A:02:C4:99:40:30:FC:7D:6B:27:D5:DB:9E:19:E2:98:2F:27:C2
Certificate issuer:       /CN=A91B2D29/serialNumber=B8E96C6A0D9548A2A040CBE7199745BA7DB1ED28
Certificate serial:       06B7
Authority key identifier: B8:E9:6C:6A:0D:95:48:A2:A0:40:CB:E7:19:97:45:BA:7D:B1:ED:28
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uOlsag2VSKKgQMvnGZdFun2x7Sg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B2D29/F71E7166552111E5ADB2092AC4F9AE02/F7A7D258E0AC11EC975F2553C4F9AE02.roa
Signing time:             Tue 31 May 2022 07:13:23 +0000
ROA not before:           Tue 31 May 2022 07:13:23 +0000
ROA not after:            Thu 01 Dec 2022 00:00:00 +0000
asID:                     58895
IP address blocks:        43.246.220.0/22 maxlen: 24
                          43.246.224.0/22 maxlen: 22
                          43.246.224.0/24 maxlen: 24
                          43.246.225.0/24 maxlen: 24
                          43.246.226.0/24 maxlen: 24
                          43.246.227.0/24 maxlen: 24
                          103.35.208.0/22 maxlen: 24
                          103.35.212.0/22 maxlen: 22
                          103.35.212.0/24 maxlen: 24
                          103.35.213.0/24 maxlen: 24
                          103.35.214.0/24 maxlen: 24
                          103.35.215.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1719 (0x6b7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B2D29/serialNumber=B8E96C6A0D9548A2A040CBE7199745BA7DB1ED28
        Validity
            Not Before: May 31 07:13:23 2022 GMT
            Not After : Dec  1 00:00:00 2022 GMT
        Subject: CN=6295c013-7ef0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:94:5d:79:4a:da:59:82:53:7b:06:f4:74:fd:
                    c5:fd:24:f6:fa:f8:be:f0:0f:8f:f9:73:d8:00:2e:
                    f0:9a:0b:09:40:d0:31:a9:08:95:0a:fd:c4:90:5e:
                    fd:4a:dd:21:d0:df:a7:05:1b:1a:c3:6a:00:54:4f:
                    c5:85:e6:5c:40:c8:ea:7c:c8:bd:93:d0:7f:bd:f0:
                    8d:c2:1e:e6:3c:67:5e:b4:f0:2d:15:f8:25:ac:e4:
                    fd:a8:f5:70:46:fd:bb:9f:2b:25:4b:33:3f:7f:fc:
                    58:75:4e:33:ae:c1:c6:3d:8b:89:ac:ee:ba:6c:fe:
                    7e:3a:d3:f7:24:fd:94:a9:7e:96:e8:0f:ca:77:62:
                    cc:2b:75:20:a5:f5:46:bf:7f:cd:2f:46:94:d4:38:
                    70:9e:8f:7d:61:d4:c2:6d:7a:f0:c6:2b:8d:a7:8d:
                    08:b1:05:70:7d:17:d4:a9:85:53:d6:97:c0:d1:03:
                    eb:fe:27:4b:3d:ad:7c:50:c3:69:b4:7d:99:ab:da:
                    1d:96:98:d9:15:9a:11:b0:ab:26:6b:44:32:d2:f6:
                    e5:ce:85:d7:33:07:bf:eb:56:95:c1:62:4e:2f:4f:
                    ca:86:9f:4d:38:64:62:6a:d9:f8:de:d1:c0:47:ea:
                    93:5c:c5:fd:18:ec:3a:ba:b0:2a:59:e1:58:77:fb:
                    76:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:3A:02:C4:99:40:30:FC:7D:6B:27:D5:DB:9E:19:E2:98:2F:27:C2
            X509v3 Authority Key Identifier:
                keyid:B8:E9:6C:6A:0D:95:48:A2:A0:40:CB:E7:19:97:45:BA:7D:B1:ED:28

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B2D29/F71E7166552111E5ADB2092AC4F9AE02/uOlsag2VSKKgQMvnGZdFun2x7Sg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uOlsag2VSKKgQMvnGZdFun2x7Sg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B2D29/F71E7166552111E5ADB2092AC4F9AE02/F7A7D258E0AC11EC975F2553C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.246.220.0-43.246.227.255
                  103.35.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         84:5f:bc:ce:87:49:a4:93:f3:52:40:b6:7f:6b:d5:56:ce:09:
         be:bf:03:10:40:8f:eb:62:e2:3f:05:df:e5:29:92:db:24:0e:
         2d:82:86:4d:cb:04:b0:62:be:c8:96:27:2b:18:50:1f:cf:4b:
         ae:26:f2:8a:c4:96:43:c5:bb:7e:da:28:c4:85:02:fd:67:4e:
         31:10:c0:03:48:45:ee:19:67:f0:88:3f:4a:ef:10:57:69:3a:
         09:4e:3d:5d:0f:01:34:1a:55:c4:5d:98:fd:a9:7a:fb:23:70:
         60:b3:bc:2d:b6:35:01:6a:50:5f:30:72:55:2a:34:9e:a5:21:
         5c:41:61:21:2a:77:c7:86:68:72:cb:ab:67:22:2d:5e:f5:cf:
         88:91:da:f3:e5:44:d9:4e:13:89:2a:41:05:c9:41:15:b7:f2:
         e1:89:2a:92:51:cb:f4:f5:46:48:fd:1c:97:cc:57:35:e1:17:
         f2:c7:03:80:1d:f7:39:48:a4:68:66:ca:99:5e:ea:a6:39:75:
         ec:0a:01:6b:59:96:c3:08:1a:fc:18:02:05:4c:c4:a8:18:3e:
         34:53:16:69:c1:1f:db:8f:e2:f6:45:d2:d0:f1:d4:29:f3:50:
         25:10:88:b4:c0:27:2b:c9:39:9e:99:53:d3:56:ac:c2:f4:df:
         e1:03:f4:10
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICBrcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjJEMjkxMTAvBgNVBAUTKEI4RTk2QzZBMEQ5NTQ4QTJBMDQwQ0JFNzE5OTc0NUJB
N0RCMUVEMjgwHhcNMjIwNTMxMDcxMzIzWhcNMjIxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Mjk1YzAxMy03ZWYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsZRdeUraWYJTewb0dP3F/ST2+vi+8A+P+XPYAC7wmgsJQNAxqQiVCv3EkF79
St0h0N+nBRsaw2oAVE/FheZcQMjqfMi9k9B/vfCNwh7mPGdetPAtFfglrOT9qPVw
Rv27nyslSzM/f/xYdU4zrsHGPYuJrO66bP5+OtP3JP2UqX6W6A/Kd2LMK3UgpfVG
v3/NL0aU1Dhwno99YdTCbXrwxiuNp40IsQVwfRfUqYVT1pfA0QPr/idLPa18UMNp
tH2Zq9odlpjZFZoRsKsma0Qy0vblzoXXMwe/61aVwWJOL0/Khp9NOGRiatn43tHA
R+qTXMX9GOw6urAqWeFYd/t2uwIDAQABo4ICozCCAp8wHQYDVR0OBBYEFKE6AsSZ
QDD8fWsn1dueGeKYLyfCMB8GA1UdIwQYMBaAFLjpbGoNlUiioEDL5xmXRbp9se0o
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMkQyOS9GNzFFNzE2NjU1
MjExMUU1QURCMjA5MkFDNEY5QUUwMi91T2xzYWcyVlNLS2dRTXZuR1pkRnVuMng3
U2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3VPbHNhZzJWU0tLZ1FNdm5HWmRGdW4yeDdTZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjJEMjkvRjcxRTcxNjY1NTIxMTFFNUFEQjIwOTJBQzRGOUFFMDIvRjdBN0QyNThF
MEFDMTFFQzk3NUYyNTUzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQwDAMEAiv23AMEAiv24AMEA2cj0DANBgkqhkiG9w0BAQsFAAOC
AQEAhF+8zodJpJPzUkC2f2vVVs4Jvr8DEECP62LiPwXf5SmS2yQOLYKGTcsEsGK+
yJYnKxhQH89LribyisSWQ8W7ftooxIUC/WdOMRDAA0hF7hln8Ig/Su8QV2k6CU49
XQ8BNBpVxF2Y/al6+yNwYLO8LbY1AWpQXzByVSo0nqUhXEFhISp3x4ZocsurZyIt
XvXPiJHa8+VE2U4TiSpBBclBFbfy4YkqklHL9PVGSP0cl8xXNeEX8scDgB33OUik
aGbKmV7qpjl17AoBa1mWwwga/BgCBUzEqBg+NFMWacEf24/i9kXS0PHUKfNQJRCI
tMAnK8k5nplT01aswvTf4QP0EA==
-----END CERTIFICATE-----