Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C4D7C/4CF65A86DE3C11EC954ECA59C4F9AE02/5FA0220ADE4311EC87E70527C4F9AE02.roa
File:                     5FA0220ADE4311EC87E70527C4F9AE02.roa (raw, json)
Hash identifier:          dxVF97glgnzlaZ/8yYsAWnk5+p3+dGMpIw3BrS9dLLI=
Subject key identifier:   B4:C8:B4:27:1D:3B:6F:C5:3C:2C:EA:2C:14:48:4E:39:4B:C1:D4:D9
Certificate issuer:       /CN=A91C4D7C/serialNumber=CA960B652B78670AFA3E0927C2849989F9F954CE
Certificate serial:       09
Authority key identifier: CA:96:0B:65:2B:78:67:0A:FA:3E:09:27:C2:84:99:89:F9:F9:54:CE
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ypYLZSt4Zwr6PgknwoSZifn5VM4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C4D7C/4CF65A86DE3C11EC954ECA59C4F9AE02/5FA0220ADE4311EC87E70527C4F9AE02.roa
Signing time:             Tue 31 May 2022 14:01:25 +0000
ROA not before:           Tue 31 May 2022 14:01:25 +0000
ROA not after:            Mon 31 Oct 2022 00:00:00 +0000
asID:                     399686
IP address blocks:        103.171.26.0/24 maxlen: 24
                          103.171.27.0/24 maxlen: 24
                          2407:bd40:188::/48 maxlen: 48
                          2407:bd40:8000::/36 maxlen: 36

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9 (0x9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C4D7C/serialNumber=CA960B652B78670AFA3E0927C2849989F9F954CE
        Validity
            Not Before: May 31 14:01:25 2022 GMT
            Not After : Oct 31 00:00:00 2022 GMT
        Subject: CN=62961fb5-19b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:5b:85:50:80:77:d0:0a:1b:26:1a:c2:f3:07:
                    b3:36:30:75:ec:22:60:15:39:e8:69:50:e3:92:ab:
                    c6:df:5c:a5:e5:97:fe:cf:46:2a:a1:e3:63:e3:b7:
                    a5:88:80:3e:54:15:a3:ef:c4:cc:0c:40:36:67:7c:
                    d0:c9:46:04:66:d3:a1:cd:09:3c:56:f7:50:12:2e:
                    a1:34:b9:42:14:21:ac:7f:44:a2:87:8d:27:26:e2:
                    e9:62:76:6e:e0:a9:6b:e2:3d:47:4d:e7:8f:4c:38:
                    ab:d9:8a:d2:2c:6e:f9:0d:42:a6:4c:d7:e5:0f:a6:
                    21:44:ad:18:2a:2d:34:8f:20:0c:14:e6:54:91:71:
                    df:32:bf:2c:99:1c:e3:ee:31:a0:d1:c1:43:0c:91:
                    30:5d:fb:8a:9b:a2:93:33:c4:f9:29:db:f0:c1:aa:
                    98:5f:05:2b:48:45:31:47:41:31:46:ba:89:9d:4a:
                    13:61:66:62:2d:cf:8b:75:cd:4e:9d:c9:7a:60:7c:
                    e4:b6:f1:7d:fb:05:8e:aa:7f:60:c0:cc:a5:0b:a4:
                    bf:bb:a7:44:32:ab:16:3b:45:b4:6a:85:76:a6:1f:
                    1f:1c:64:55:8d:14:7a:82:a4:52:78:f1:0b:00:17:
                    af:9d:3b:93:ca:76:24:38:b6:0f:a2:6c:9e:94:f7:
                    51:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:C8:B4:27:1D:3B:6F:C5:3C:2C:EA:2C:14:48:4E:39:4B:C1:D4:D9
            X509v3 Authority Key Identifier:
                keyid:CA:96:0B:65:2B:78:67:0A:FA:3E:09:27:C2:84:99:89:F9:F9:54:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C4D7C/4CF65A86DE3C11EC954ECA59C4F9AE02/ypYLZSt4Zwr6PgknwoSZifn5VM4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ypYLZSt4Zwr6PgknwoSZifn5VM4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C4D7C/4CF65A86DE3C11EC954ECA59C4F9AE02/5FA0220ADE4311EC87E70527C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.26.0/23
                IPv6:
                  2407:bd40:188::/48
                  2407:bd40:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         7e:21:89:76:29:06:9f:3f:51:f2:ce:f9:2d:39:ec:60:78:46:
         46:6c:1a:7f:fb:3f:63:36:c0:1e:72:f5:24:7e:a1:4d:52:07:
         3b:02:85:ea:e3:39:7e:d3:a3:d7:99:9b:40:ae:b7:4c:8c:16:
         3e:2d:04:db:58:b7:23:34:d2:dd:e2:67:69:f9:d7:7c:1d:8f:
         87:af:7d:b6:bd:76:d2:d9:39:6c:ee:67:7c:14:6b:7c:b6:14:
         e4:8c:24:e9:c2:1c:c5:8e:5d:9a:ef:f0:d5:ba:0e:5d:f8:4e:
         1a:86:6c:f3:ab:12:c6:96:47:9b:e9:48:5b:42:a7:d3:1d:14:
         1b:59:d4:9c:3f:60:ba:e8:21:12:92:d5:a2:36:a5:c1:cf:e0:
         56:52:a8:ca:e7:39:80:ef:6c:82:91:1c:06:fa:c1:e4:dc:ec:
         8d:95:6d:71:06:d0:f3:6d:d7:03:c8:22:5b:e7:74:91:cc:75:
         3f:b3:4e:45:b6:a8:8a:68:5e:f1:6e:bb:f1:fd:a4:9d:3d:3d:
         e6:65:8d:63:2b:c3:ea:ba:79:eb:b5:e6:11:f0:d6:48:81:7c:
         ac:88:b9:14:fd:13:c0:8d:17:96:00:6b:79:0f:7f:8f:5f:12:
         6f:02:b8:c1:0e:c7:e7:bb:3d:e7:92:37:7b:09:0e:00:67:8e:
         42:34:98:8e
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
NEQ3QzExMC8GA1UEBRMoQ0E5NjBCNjUyQjc4NjcwQUZBM0UwOTI3QzI4NDk5ODlG
OUY5NTRDRTAeFw0yMjA1MzExNDAxMjVaFw0yMjEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYyOTYxZmI1LTE5YjYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJW4VQgHfQChsmGsLzB7M2MHXsImAVOehpUOOSq8bfXKXll/7PRiqh42Pjt6WI
gD5UFaPvxMwMQDZnfNDJRgRm06HNCTxW91ASLqE0uUIUIax/RKKHjScm4ulidm7g
qWviPUdN549MOKvZitIsbvkNQqZM1+UPpiFErRgqLTSPIAwU5lSRcd8yvyyZHOPu
MaDRwUMMkTBd+4qbopMzxPkp2/DBqphfBStIRTFHQTFGuomdShNhZmItz4t1zU6d
yXpgfOS28X37BY6qf2DAzKULpL+7p0QyqxY7RbRqhXamHx8cZFWNFHqCpFJ48QsA
F6+dO5PKdiQ4tg+ibJ6U91FnAgMBAAGjggKuMIICqjAdBgNVHQ4EFgQUtMi0Jx07
b8U8LOosFEhOOUvB1NkwHwYDVR0jBBgwFoAUypYLZSt4Zwr6PgknwoSZifn5VM4w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUM0RDdDLzRDRjY1QTg2REUz
QzExRUM5NTRFQ0E1OUM0RjlBRTAyL3lwWUxaU3Q0WndyNlBna253b1NaaWZuNVZN
NC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIveXBZTFpTdDRad3I2UGdrbndvU1ppZm41Vk00LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
NEQ3Qy80Q0Y2NUE4NkRFM0MxMUVDOTU0RUNBNTlDNEY5QUUwMi81RkEwMjIwQURF
NDMxMUVDODdFNzA1MjdDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA4BggrBgEFBQcBBwEB/wQp
MCcwDAQCAAEwBgMEAWerGjAXBAIAAjARAwcAJAe9QAGIAwYEJAe9QIAwDQYJKoZI
hvcNAQELBQADggEBAH4hiXYpBp8/UfLO+S057GB4RkZsGn/7P2M2wB5y9SR+oU1S
BzsCherjOX7To9eZm0Cut0yMFj4tBNtYtyM00t3iZ2n513wdj4evfba9dtLZOWzu
Z3wUa3y2FOSMJOnCHMWOXZrv8NW6Dl34ThqGbPOrEsaWR5vpSFtCp9MdFBtZ1Jw/
YLroIRKS1aI2pcHP4FZSqMrnOYDvbIKRHAb6weTc7I2VbXEG0PNt1wPIIlvndJHM
dT+zTkW2qIpoXvFuu/H9pJ09PeZljWMrw+q6eeu15hHw1kiBfKyIuRT9E8CNF5YA
a3kPf49fEm8CuMEOx+e7PeeSN3sJDgBnjkI0mI4=
-----END CERTIFICATE-----