Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E8CB0/3770124E6BC511ED866A7D5EC4F9AE02/77AC81446BCA11EDAEE8D756C4F9AE02.roa
File:                     77AC81446BCA11EDAEE8D756C4F9AE02.roa (raw, json)
Hash identifier:          kpLyJS4UlYyySX5w+kojfj9rz2eanAoDhNUHbp+2iVs=
Subject key identifier:   46:D8:B9:66:71:BF:41:EE:F7:45:3F:CA:DC:55:D8:A0:74:E8:92:3B
Certificate issuer:       /CN=A91E8CB0/serialNumber=AFA6D7BDC37B64C8F146EEA61736D3D45178FB37
Certificate serial:       02
Authority key identifier: AF:A6:D7:BD:C3:7B:64:C8:F1:46:EE:A6:17:36:D3:D4:51:78:FB:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r6bXvcN7ZMjxRu6mFzbT1FF4-zc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E8CB0/3770124E6BC511ED866A7D5EC4F9AE02/77AC81446BCA11EDAEE8D756C4F9AE02.roa
Signing time:             Thu 24 Nov 2022 07:34:46 +0000
ROA not before:           Thu 24 Nov 2022 07:34:46 +0000
ROA not after:            Thu 02 Mar 2023 00:00:00 +0000
asID:                     133876
IP address blocks:        103.44.148.0/24 maxlen: 24
                          203.16.200.0/24 maxlen: 24
                          203.16.201.0/24 maxlen: 24
                          203.16.202.0/24 maxlen: 24
                          203.16.203.0/24 maxlen: 24
                          2001:df5:c300::/48 maxlen: 48
                          2400:bf20::/36 maxlen: 36
                          2400:bf20:1000::/36 maxlen: 36
                          2400:bf20:2000::/36 maxlen: 36
                          2400:bf20:3000::/36 maxlen: 36

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E8CB0/serialNumber=AFA6D7BDC37B64C8F146EEA61736D3D45178FB37
        Validity
            Not Before: Nov 24 07:34:46 2022 GMT
            Not After : Mar  2 00:00:00 2023 GMT
        Subject: CN=637f1e95-93e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9f:09:b3:94:8c:c9:2e:16:4c:ef:8a:3f:24:
                    d9:26:b0:e9:45:48:43:73:95:21:7e:22:fa:d7:b0:
                    df:60:3d:9e:2b:24:b3:e0:0a:9b:41:6a:11:44:d6:
                    17:27:1b:5f:17:22:db:2c:e1:49:f7:91:70:fe:aa:
                    ab:97:65:6a:fb:b4:22:4b:9a:36:65:95:6f:97:1a:
                    2b:9c:23:04:3b:6f:b4:c3:b9:8d:f4:f5:6a:7e:42:
                    5e:20:9c:18:8a:72:be:1c:26:cc:90:94:0a:db:af:
                    6f:83:d8:b3:9d:3f:7d:93:54:62:2d:4a:c8:f1:94:
                    50:eb:28:35:d6:f1:8a:c9:be:fd:59:47:66:57:81:
                    a1:c6:e2:d4:8d:7d:0f:c3:ba:04:86:c4:fe:8a:08:
                    55:b4:83:c6:3a:81:5f:b5:31:5b:18:2d:26:47:49:
                    1c:82:fb:0e:0c:4a:59:31:10:03:dc:3f:25:19:c6:
                    a7:34:bf:17:3f:0f:50:7b:4b:82:3a:7f:36:b5:8f:
                    be:7a:b9:65:cc:c0:f5:8f:db:5d:3e:91:24:17:dd:
                    d3:3b:6e:ab:ec:e5:89:61:27:0c:7b:3d:90:a5:a3:
                    0d:25:d9:fe:eb:46:c9:2f:4e:0b:69:ee:0f:a7:8d:
                    6c:74:43:c2:de:cb:45:0e:59:47:64:d5:b7:d4:86:
                    cd:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:D8:B9:66:71:BF:41:EE:F7:45:3F:CA:DC:55:D8:A0:74:E8:92:3B
            X509v3 Authority Key Identifier:
                keyid:AF:A6:D7:BD:C3:7B:64:C8:F1:46:EE:A6:17:36:D3:D4:51:78:FB:37

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E8CB0/3770124E6BC511ED866A7D5EC4F9AE02/r6bXvcN7ZMjxRu6mFzbT1FF4-zc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r6bXvcN7ZMjxRu6mFzbT1FF4-zc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E8CB0/3770124E6BC511ED866A7D5EC4F9AE02/77AC81446BCA11EDAEE8D756C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.44.148.0/24
                  203.16.200.0/22
                IPv6:
                  2001:df5:c300::/48
                  2400:bf20::/34

    Signature Algorithm: sha256WithRSAEncryption
         7e:2c:38:d7:39:fc:20:f5:42:ae:47:de:8a:cd:1f:e5:79:89:
         98:a0:96:e2:92:d0:a7:59:ef:aa:c5:f2:91:62:76:b0:04:24:
         ad:63:2f:fb:cf:29:6b:a0:eb:63:f8:d7:d1:31:95:50:67:25:
         00:68:54:72:54:02:89:0c:f8:38:5c:4f:2e:86:03:e3:cb:c7:
         54:48:c0:ed:82:af:ee:c4:f5:1f:8a:2a:b2:c4:ff:c6:2e:81:
         aa:c6:42:91:28:c1:17:45:f7:15:d5:ff:31:23:27:51:b4:cb:
         bb:44:7a:5d:ea:b0:24:db:55:94:ac:eb:46:93:a8:2c:39:db:
         24:06:83:a0:0b:1e:5f:74:7f:da:0b:4d:22:05:34:f9:52:83:
         a7:35:83:f6:32:b9:4e:1a:5d:a6:ea:49:57:04:8f:1d:54:ad:
         a9:f1:49:df:f0:5e:f0:c2:82:fa:5f:9f:d7:f1:d1:11:42:dd:
         b6:f2:70:00:09:66:a9:1b:17:e5:5b:a3:02:db:9b:77:6f:88:
         e7:df:39:cb:7b:ea:9d:bd:1a:66:8a:90:48:e8:04:61:4e:d2:
         2a:87:b7:30:f3:d9:3d:cd:b6:bc:16:48:14:57:a8:b3:87:c8:
         78:69:fa:76:5f:a8:2a:53:94:4b:e8:b9:f4:7d:d0:d9:2f:5e:
         05:99:9c:75
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFF
OENCMDExMC8GA1UEBRMoQUZBNkQ3QkRDMzdCNjRDOEYxNDZFRUE2MTczNkQzRDQ1
MTc4RkIzNzAeFw0yMjExMjQwNzM0NDZaFw0yMzAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzN2YxZTk1LTkzZTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQChnwmzlIzJLhZM74o/JNkmsOlFSENzlSF+IvrXsN9gPZ4rJLPgCptBahFE1hcn
G18XItss4Un3kXD+qquXZWr7tCJLmjZllW+XGiucIwQ7b7TDuY309Wp+Ql4gnBiK
cr4cJsyQlArbr2+D2LOdP32TVGItSsjxlFDrKDXW8YrJvv1ZR2ZXgaHG4tSNfQ/D
ugSGxP6KCFW0g8Y6gV+1MVsYLSZHSRyC+w4MSlkxEAPcPyUZxqc0vxc/D1B7S4I6
fza1j756uWXMwPWP210+kSQX3dM7bqvs5YlhJwx7PZClow0l2f7rRskvTgtp7g+n
jWx0Q8Ley0UOWUdk1bfUhs1JAgMBAAGjggK0MIICsDAdBgNVHQ4EFgQURti5ZnG/
Qe73RT/K3FXYoHTokjswHwYDVR0jBBgwFoAUr6bXvcN7ZMjxRu6mFzbT1FF4+zcw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUU4Q0IwLzM3NzAxMjRFNkJD
NTExRUQ4NjZBN0Q1RUM0RjlBRTAyL3I2Ylh2Y043Wk1qeFJ1Nm1GemJUMUZGNC16
Yy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvcjZiWHZjTjdaTWp4UnU2bUZ6YlQxRkY0LXpjLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFF
OENCMC8zNzcwMTI0RTZCQzUxMUVEODY2QTdENUVDNEY5QUUwMi83N0FDODE0NDZC
Q0ExMUVEQUVFOEQ3NTZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA+BggrBgEFBQcBBwEB/wQv
MC0wEgQCAAEwDAMEAGcslAMEAssQyDAXBAIAAjARAwcAIAEN9cMAAwYGJAC/IAAw
DQYJKoZIhvcNAQELBQADggEBAH4sONc5/CD1Qq5H3orNH+V5iZigluKS0KdZ76rF
8pFidrAEJK1jL/vPKWug62P419ExlVBnJQBoVHJUAokM+DhcTy6GA+PLx1RIwO2C
r+7E9R+KKrLE/8YugarGQpEowRdF9xXV/zEjJ1G0y7tEel3qsCTbVZSs60aTqCw5
2yQGg6ALHl90f9oLTSIFNPlSg6c1g/YyuU4aXabqSVcEjx1UranxSd/wXvDCgvpf
n9fx0RFC3bbycAAJZqkbF+VbowLbm3dviOffOct76p29GmaKkEjoBGFO0iqHtzDz
2T3NtrwWSBRXqLOHyHhp+nZfqCpTlEvoufR90NkvXgWZnHU=
-----END CERTIFICATE-----