Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/RT7AEURi4v5dezJMOfKAsTQAiSo.roa
File:                     RT7AEURi4v5dezJMOfKAsTQAiSo.roa (raw, json)
Hash identifier:          9v6wPbLiQ/NguaT5+/+Rw/SxEqdZECfvk+ssh9DdMJo=
Subject key identifier:   45:3E:C0:11:44:62:E2:FE:5D:7B:32:4C:39:F2:80:B1:34:00:89:2A
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       0CB6A641
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/RT7AEURi4v5dezJMOfKAsTQAiSo.roa
Signing time:             Fri 01 Apr 2022 08:53:08 +0000
ROA not before:           Fri 01 Apr 2022 08:53:08 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        195.180.128.0/22 maxlen: 24
                          194.163.192.0/19 maxlen: 24
                          194.163.96.0/19 maxlen: 24
                          62.138.64.0/22 maxlen: 22
                          62.138.72.0/22 maxlen: 22
                          195.180.224.0/20 maxlen: 24
                          194.233.28.0/23 maxlen: 23
                          194.163.64.0/22 maxlen: 22
                          194.163.80.0/22 maxlen: 22
                          195.180.192.0/20 maxlen: 24
                          194.64.152.0/22 maxlen: 22
                          194.195.32.0/19 maxlen: 24
                          194.233.224.0/20 maxlen: 20
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 213296705 (0xcb6a641)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Apr  1 08:53:08 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=453ec0114462e2fe5d7b324c39f280b13400892a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:a0:0e:6e:30:0e:d3:50:d4:f0:1c:c9:d5:43:
                    e8:01:42:61:58:5b:8d:b5:fc:63:d7:8e:8a:84:e7:
                    c7:79:d6:7b:05:19:a8:24:f5:21:17:2e:7b:82:50:
                    e3:74:dd:c3:c6:9d:e1:1f:8c:9c:70:16:90:f9:b6:
                    4c:de:a2:a0:d2:39:cd:55:19:fc:f2:84:73:a1:0b:
                    9d:90:de:7c:06:ef:8b:19:2f:bf:03:28:d8:46:ff:
                    c2:b1:f9:93:66:1a:08:c1:14:6a:03:6d:a1:82:c6:
                    1e:99:5e:b2:95:f0:d4:6f:0e:d6:b2:32:f1:ae:fb:
                    7d:34:26:6e:95:92:6d:74:ed:97:6d:10:d8:9b:c4:
                    50:fe:f7:4a:c4:13:19:09:ca:79:bd:84:83:51:d4:
                    9d:f2:1d:5f:c4:80:64:ab:3a:e0:71:7c:fb:ea:2a:
                    50:1f:39:5b:8d:56:e6:36:64:8c:3b:47:6f:95:70:
                    16:18:88:d6:14:00:e3:33:94:b3:ec:65:50:43:55:
                    16:11:5d:50:57:1d:f6:14:ae:da:d2:21:f1:66:b2:
                    79:8f:d2:a5:c3:db:46:ac:72:cf:96:9d:25:6e:6e:
                    d0:c4:79:8c:79:39:3f:a4:c5:8e:8b:64:91:27:05:
                    02:d2:b6:56:ed:55:e3:ae:82:40:ff:b8:91:67:dd:
                    39:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:3E:C0:11:44:62:E2:FE:5D:7B:32:4C:39:F2:80:B1:34:00:89:2A
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/RT7AEURi4v5dezJMOfKAsTQAiSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.138.64.0/22
                  62.138.72.0/22
                  194.64.152.0/22
                  194.163.64.0/22
                  194.163.80.0/22
                  194.163.96.0/19
                  194.163.192.0/19
                  194.195.32.0/19
                  194.233.28.0/23
                  194.233.224.0/20
                  195.180.128.0/22
                  195.180.192.0/20
                  195.180.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         76:34:2c:60:af:85:75:c1:64:31:9e:8f:95:aa:9c:d0:be:b9:
         92:fd:e2:e6:9c:f7:67:65:b4:4e:68:5a:b2:68:74:d1:44:86:
         87:92:2b:46:c6:a1:1b:64:e0:5b:3e:9f:a6:ab:08:71:8a:ef:
         9c:68:b3:f0:75:57:50:c5:2c:ca:48:c8:81:09:b4:44:f5:87:
         91:22:b9:94:4d:33:43:61:c2:26:13:40:12:f7:8a:ad:96:ee:
         8e:27:68:1d:9f:25:2c:dc:c8:e0:f9:20:7d:12:e4:3f:03:73:
         e4:9d:5d:f5:5d:bd:9c:f7:4f:50:91:48:a4:5f:e5:09:51:0a:
         cc:29:0e:8c:d0:ed:ba:e3:97:ba:cd:3f:13:7b:b8:79:ba:b9:
         e4:bf:1d:34:52:2c:6e:a4:37:04:40:da:0e:ab:f4:22:c9:df:
         2c:61:ff:f4:d3:10:0c:80:27:2a:12:73:59:e1:30:1c:ec:a6:
         3a:04:b3:0d:2b:4a:94:71:60:d4:b2:b3:e2:b2:36:82:b4:f8:
         d4:e8:cd:e2:b1:8f:b0:46:e3:c4:b8:50:03:b7:5d:6b:7c:41:
         16:ac:f1:20:d2:a7:54:da:84:de:d2:60:44:e9:49:e6:bf:d6:
         2b:58:7c:21:9f:66:63:e2:20:49:e3:66:69:94:1b:ad:9d:14:
         11:76:6b:75
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIEDLamQTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NzQ3MDE3NTY0YzcxMWJjYmQ1NzY4MGEwZGZkMDBmMmE1ZDA5OWRiMB4XDTIyMDQw
MTA4NTMwOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDUzZWMwMTE0NDYy
ZTJmZTVkN2IzMjRjMzlmMjgwYjEzNDAwODkyYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANigDm4wDtNQ1PAcydVD6AFCYVhbjbX8Y9eOioTnx3nWewUZ
qCT1IRcue4JQ43Tdw8ad4R+MnHAWkPm2TN6ioNI5zVUZ/PKEc6ELnZDefAbvixkv
vwMo2Eb/wrH5k2YaCMEUagNtoYLGHplespXw1G8O1rIy8a77fTQmbpWSbXTtl20Q
2JvEUP73SsQTGQnKeb2Eg1HUnfIdX8SAZKs64HF8++oqUB85W41W5jZkjDtHb5Vw
FhiI1hQA4zOUs+xlUENVFhFdUFcd9hSu2tIh8WayeY/SpcPbRqxyz5adJW5u0MR5
jHk5P6TFjotkkScFAtK2Vu1V466CQP+4kWfdOZsCAwEAAaOCAlEwggJNMB0GA1Ud
DgQWBBRFPsARRGLi/l17Mkw58oCxNACJKjAfBgNVHSMEGDAWgBTXRwF1ZMcRvL1X
aAoN/QDypdCZ2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEwY0JkV1RIRWJ5OVYyZ0tEZjBBOHFYUW1kcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTgvYmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8x
L1JUN0FFVVJpNHY1ZGV6Sk1PZktBc1RRQWlTby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgv
YmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8xLzEwY0JkV1RIRWJ5
OVYyZ0tEZjBBOHFYUW1kcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBn
BggrBgEFBQcBBwEB/wRYMFYwVAQCAAEwTgMEAj6KQAMEAj6KSAMEAsJAmAMEAsKj
QAMEAsKjUAMEBcKjYAMEBcKjwAMEBcLDIAMEAcLpHAMEBMLp4AMEAsO0gAMEBMO0
wAMEBMO04DANBgkqhkiG9w0BAQsFAAOCAQEAdjQsYK+FdcFkMZ6Plaqc0L65kv3i
5pz3Z2W0Tmhasmh00USGh5IrRsahG2TgWz6fpqsIcYrvnGiz8HVXUMUsykjIgQm0
RPWHkSK5lE0zQ2HCJhNAEveKrZbujidoHZ8lLNzI4PkgfRLkPwNz5J1d9V29nPdP
UJFIpF/lCVEKzCkOjNDtuuOXus0/E3u4ebq55L8dNFIsbqQ3BEDaDqv0IsnfLGH/
9NMQDIAnKhJzWeEwHOymOgSzDStKlHFg1LKz4rI2grT41OjN4rGPsEbjxLhQA7dd
a3xBFqzxINKnVNqE3tJgROlJ5r/WK1h8IZ9mY+IgSeNmaZQbrZ0UEXZrdQ==
-----END CERTIFICATE-----