Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/8217BE1ABE7B11EDBA909319C4F9AE02.roa
File:                     8217BE1ABE7B11EDBA909319C4F9AE02.roa (raw, json)
Hash identifier:          /o2yMJIdM1L7EKaEHU/DQDnGkL5Lo8BmyLbQUx7aj9g=
Subject key identifier:   0F:30:5A:10:74:92:5C:A5:09:31:C8:C8:F2:DA:39:72:BC:8A:10:BE
Certificate issuer:       /CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
Certificate serial:       09A7
Authority key identifier: 5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/8217BE1ABE7B11EDBA909319C4F9AE02.roa
Signing time:             Thu 09 Mar 2023 13:08:39 +0000
ROA not before:           Thu 09 Mar 2023 13:08:39 +0000
ROA not after:            Fri 01 Dec 2023 00:00:00 +0000
asID:                     132165
IP address blocks:        113.203.224.0/24 maxlen: 24
                          113.203.225.0/24 maxlen: 24
                          113.203.226.0/24 maxlen: 24
                          113.203.227.0/24 maxlen: 24
                          113.203.228.0/24 maxlen: 24
                          113.203.229.0/24 maxlen: 24
                          113.203.230.0/24 maxlen: 24
                          113.203.231.0/24 maxlen: 24
                          113.203.252.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2471 (0x9a7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F69E7/serialNumber=5E105E0EF90D18B9FA4B88FAE3410C6A1DEF7190
        Validity
            Not Before: Mar  9 13:08:39 2023 GMT
            Not After : Dec  1 00:00:00 2023 GMT
        Subject: CN=6409da57-a471
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:8c:34:cd:86:b0:96:70:84:86:82:af:b4:ec:
                    c8:c6:b4:ac:9c:f4:eb:b0:fb:62:55:7d:85:a0:96:
                    7d:64:00:1c:52:b4:24:49:a7:f6:31:46:6e:89:66:
                    38:dd:d2:0a:cc:6b:6e:5e:4f:f0:ac:0d:23:5b:25:
                    a5:34:98:7d:81:80:f4:1e:db:e8:97:e1:cf:28:6b:
                    a5:89:68:c9:4d:2f:d5:6c:be:c2:9c:5f:01:de:40:
                    36:ce:64:9a:2a:08:6a:fe:26:94:00:27:cd:bb:0d:
                    1e:66:6c:45:d0:53:ad:59:75:02:f7:8e:3e:8b:f4:
                    e8:47:2f:23:af:ea:05:dd:0b:20:a8:4c:d5:53:5c:
                    8f:3f:9b:ed:3c:65:24:84:95:c6:71:1d:ed:75:3d:
                    bc:3b:1a:62:f0:75:5c:b1:dd:64:ff:f8:c1:28:bc:
                    f0:52:df:a2:4f:14:42:f2:ec:11:75:9d:0b:4a:cb:
                    a2:9a:5b:88:0e:00:f0:76:ab:a3:1b:3e:c5:d9:4d:
                    f0:66:bb:b7:23:4a:a6:fa:9c:5a:f6:84:f8:71:a7:
                    ed:f9:93:8d:cf:0d:95:b3:50:5a:33:54:8d:21:0d:
                    ee:e7:d6:55:8c:bf:3f:6a:cc:6c:05:64:68:18:10:
                    ff:f9:c0:7b:a6:a1:2c:13:d1:0f:37:8a:62:a1:ca:
                    99:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:30:5A:10:74:92:5C:A5:09:31:C8:C8:F2:DA:39:72:BC:8A:10:BE
            X509v3 Authority Key Identifier:
                keyid:5E:10:5E:0E:F9:0D:18:B9:FA:4B:88:FA:E3:41:0C:6A:1D:EF:71:90

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/XhBeDvkNGLn6S4j640EMah3vcZA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XhBeDvkNGLn6S4j640EMah3vcZA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F69E7/46AAD6B2904011EAA688BE45C4F9AE02/8217BE1ABE7B11EDBA909319C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  113.203.224.0/21
                  113.203.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:41:fc:89:24:b9:35:8a:bb:15:c7:a8:00:46:b2:00:47:2b:
         23:0a:72:db:72:e3:79:3e:3e:2f:cb:87:23:5b:d9:73:35:30:
         63:16:0a:d5:fd:e7:bd:a8:85:16:0a:59:d5:ab:5c:f4:8d:df:
         b7:0c:ec:44:eb:c2:23:5c:27:a2:92:51:56:f5:4f:b4:18:22:
         0d:6a:bc:fe:a0:ff:b2:e9:dc:e2:a1:7d:49:a8:c2:d9:14:9f:
         9d:fc:6a:47:1b:78:28:5b:92:7f:7b:a8:ea:9f:c4:65:f9:a7:
         ca:41:c8:0d:cf:c4:9b:8e:69:0a:7e:4f:06:fb:ed:d7:c8:8c:
         54:95:41:dd:3e:da:02:38:e4:0a:b9:b4:e5:b3:a3:b7:9f:6f:
         c6:2b:e4:db:75:8e:56:a4:10:a7:6d:0b:ab:40:90:69:b9:aa:
         de:a1:48:36:d3:5b:32:c2:87:47:ed:e1:c2:4e:6c:c0:34:ac:
         2e:88:ba:9d:54:b7:0d:d2:ea:2a:2e:26:62:cc:ff:e2:6b:b5:
         b2:33:65:46:70:49:b2:c6:48:9b:4c:8e:8b:62:a0:b9:aa:d9:
         06:a4:c6:4b:1c:50:f4:01:41:8e:df:e4:d4:e5:b3:6f:1d:7b:
         02:b3:1a:67:57:20:e0:46:58:81:aa:b8:4e:9e:93:3c:48:98:
         34:72:ed:3a
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICCacwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjY5RTcxMTAvBgNVBAUTKDVFMTA1RTBFRjkwRDE4QjlGQTRCODhGQUUzNDEwQzZB
MURFRjcxOTAwHhcNMjMwMzA5MTMwODM5WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDA5ZGE1Ny1hNDcxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA14w0zYawlnCEhoKvtOzIxrSsnPTrsPtiVX2FoJZ9ZAAcUrQkSaf2MUZuiWY4
3dIKzGtuXk/wrA0jWyWlNJh9gYD0Htvol+HPKGuliWjJTS/VbL7CnF8B3kA2zmSa
Kghq/iaUACfNuw0eZmxF0FOtWXUC944+i/ToRy8jr+oF3QsgqEzVU1yPP5vtPGUk
hJXGcR3tdT28Oxpi8HVcsd1k//jBKLzwUt+iTxRC8uwRdZ0LSsuimluIDgDwdquj
Gz7F2U3wZru3I0qm+pxa9oT4caft+ZONzw2Vs1BaM1SNIQ3u59ZVjL8/asxsBWRo
GBD/+cB7pqEsE9EPN4piocqZnwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFA8wWhB0
klylCTHIyPLaOXK8ihC+MB8GA1UdIwQYMBaAFF4QXg75DRi5+kuI+uNBDGod73GQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNjlFNy80NkFBRDZCMjkw
NDAxMUVBQTY4OEJFNDVDNEY5QUUwMi9YaEJlRHZrTkdMbjZTNGo2NDBFTWFoM3Zj
WkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hoQmVEdmtOR0xuNlM0ajY0MEVNYWgzdmNaQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjY5RTcvNDZBQUQ2QjI5MDQwMTFFQUE2ODhCRTQ1QzRGOUFFMDIvODIxN0JFMUFC
RTdCMTFFREJBOTA5MzE5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBANxy+ADBAJxy/wwDQYJKoZIhvcNAQELBQADggEBAAVB/Ikk
uTWKuxXHqABGsgBHKyMKctty43k+Pi/LhyNb2XM1MGMWCtX9572ohRYKWdWrXPSN
37cM7ETrwiNcJ6KSUVb1T7QYIg1qvP6g/7Lp3OKhfUmowtkUn538akcbeChbkn97
qOqfxGX5p8pByA3PxJuOaQp+Twb77dfIjFSVQd0+2gI45Aq5tOWzo7efb8Yr5Nt1
jlakEKdtC6tAkGm5qt6hSDbTWzLCh0ft4cJObMA0rC6Iup1Utw3S6iouJmLM/+Jr
tbIzZUZwSbLGSJtMjotioLmq2QakxkscUPQBQY7f5NTls28dewKzGmdXIOBGWIGq
uE6ekzxImDRy7To=
-----END CERTIFICATE-----