Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/S6C5rAG5vZynvsSX4EI6sxRjPWA.roa
File:                     S6C5rAG5vZynvsSX4EI6sxRjPWA.roa (raw, json)
Hash identifier:          /JlW1t3EMEKiOezEIeeC2Dxw/cwEZQzRpe2cp7zjWR0=
Subject key identifier:   4B:A0:B9:AC:01:B9:BD:9C:A7:BE:C4:97:E0:42:3A:B3:14:63:3D:60
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       0C073221
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/S6C5rAG5vZynvsSX4EI6sxRjPWA.roa
Signing time:             Tue 01 Feb 2022 16:23:00 +0000
ROA not before:           Tue 01 Feb 2022 16:23:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34549
IP address blocks:        195.180.132.0/22 maxlen: 22
                          195.180.140.0/22 maxlen: 22
                          194.64.88.0/21 maxlen: 24
                          212.224.0.0/22 maxlen: 24
                          195.252.160.0/22 maxlen: 24
                          194.233.16.0/22 maxlen: 24
                          194.233.20.0/22 maxlen: 22
                          194.163.68.0/22 maxlen: 22
                          194.163.72.0/22 maxlen: 22
                          194.163.76.0/22 maxlen: 22
                          194.64.148.0/22 maxlen: 22
                          195.179.32.0/21 maxlen: 24
                          194.64.156.0/22 maxlen: 22
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 201798177 (0xc073221)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Feb  1 16:23:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4ba0b9ac01b9bd9ca7bec497e0423ab314633d60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:43:5c:61:95:cf:d4:e1:77:19:46:d0:5a:02:
                    a7:77:49:fd:eb:98:1b:c4:8b:fc:d0:57:3a:e6:58:
                    d1:0d:f6:c6:ba:82:5b:19:f0:73:49:34:59:b4:9a:
                    a7:38:dd:6f:48:a6:38:c3:61:10:d8:66:c8:c8:f2:
                    81:93:a8:d1:68:bb:50:99:58:e5:1e:09:74:f2:64:
                    35:e0:bf:28:7d:b1:db:88:61:24:58:25:b6:60:83:
                    e7:c6:87:ce:8d:2d:99:a8:52:a0:48:01:60:eb:6a:
                    d4:06:dd:85:cb:30:e5:1e:bd:fa:c3:43:7f:45:e0:
                    75:41:62:1d:25:cc:25:d8:e8:80:43:ee:3c:80:a3:
                    c6:34:05:54:85:ed:8d:c6:95:45:64:6a:22:12:2a:
                    88:1e:8c:80:f6:e5:dd:de:b4:7b:a8:49:7e:05:de:
                    66:fc:51:69:ed:68:10:99:e4:ff:d1:ea:43:8b:71:
                    64:b8:a1:05:d0:68:03:48:e1:a1:eb:cb:5d:bb:d7:
                    66:68:36:d7:20:fd:04:ee:d2:6c:63:54:63:8e:be:
                    7c:c7:99:e5:7b:50:b8:38:b3:b6:94:b1:f1:4f:c9:
                    ef:55:1c:97:31:35:0e:0a:12:98:d9:53:21:72:e8:
                    6c:95:29:40:b8:46:7d:e2:ed:3c:0d:c8:8c:6b:3a:
                    4a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:A0:B9:AC:01:B9:BD:9C:A7:BE:C4:97:E0:42:3A:B3:14:63:3D:60
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/S6C5rAG5vZynvsSX4EI6sxRjPWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.64.88.0/21
                  194.64.148.0/22
                  194.64.156.0/22
                  194.163.68.0-194.163.79.255
                  194.233.16.0/21
                  195.179.32.0/21
                  195.180.132.0/22
                  195.180.140.0/22
                  195.252.160.0/22
                  212.224.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:f1:08:ca:da:f8:95:28:28:48:66:90:30:68:25:18:f7:06:
         f1:ca:fc:fb:e9:48:db:d5:3f:db:da:d8:4b:16:b0:10:84:02:
         76:75:00:a9:52:9b:7b:8a:33:f5:44:41:f2:3a:a0:42:ae:97:
         ec:55:a5:3a:db:69:e5:0e:87:08:7c:2c:1b:1a:04:f5:0d:67:
         0c:a3:60:c6:15:d4:e1:9d:63:12:ac:f7:b9:67:0b:77:6e:92:
         13:fd:c5:11:67:bc:fd:b1:ac:67:92:9b:e5:c6:c6:3f:74:e3:
         14:d5:e4:8e:c3:d1:39:b7:51:ce:9a:83:f7:74:72:e9:3c:4a:
         5d:6e:8d:c9:06:b5:e9:31:8d:c1:9a:ae:da:b8:29:97:b7:05:
         49:16:e9:a9:8e:fe:c9:e9:f7:73:b9:81:63:32:94:24:fc:00:
         62:4e:ff:ea:0b:bc:c4:df:f5:7d:6a:08:34:89:25:2c:2c:e3:
         30:f3:f9:46:b7:02:5f:26:55:a5:3c:c0:b5:e8:3b:95:38:78:
         ee:6b:4a:14:aa:90:1c:8f:78:8f:20:90:2e:72:b6:d6:d3:0a:
         cd:64:b0:64:76:a5:1a:81:fe:79:e3:ac:13:e9:45:c8:da:b2:
         5a:a7:21:1e:61:62:16:44:a1:be:e5:c5:e3:5d:05:53:b5:1f:
         b7:ef:7b:f0
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIEDAcyITANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NzQ3MDE3NTY0YzcxMWJjYmQ1NzY4MGEwZGZkMDBmMmE1ZDA5OWRiMB4XDTIyMDIw
MTE2MjMwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGJhMGI5YWMwMWI5
YmQ5Y2E3YmVjNDk3ZTA0MjNhYjMxNDYzM2Q2MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOBDXGGVz9ThdxlG0FoCp3dJ/euYG8SL/NBXOuZY0Q32xrqC
Wxnwc0k0WbSapzjdb0imOMNhENhmyMjygZOo0Wi7UJlY5R4JdPJkNeC/KH2x24hh
JFgltmCD58aHzo0tmahSoEgBYOtq1Abdhcsw5R69+sNDf0XgdUFiHSXMJdjogEPu
PICjxjQFVIXtjcaVRWRqIhIqiB6MgPbl3d60e6hJfgXeZvxRae1oEJnk/9HqQ4tx
ZLihBdBoA0jhoevLXbvXZmg21yD9BO7SbGNUY46+fMeZ5XtQuDiztpSx8U/J71Uc
lzE1DgoSmNlTIXLobJUpQLhGfeLtPA3IjGs6SrECAwEAAaOCAkcwggJDMB0GA1Ud
DgQWBBRLoLmsAbm9nKe+xJfgQjqzFGM9YDAfBgNVHSMEGDAWgBTXRwF1ZMcRvL1X
aAoN/QDypdCZ2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEwY0JkV1RIRWJ5OVYyZ0tEZjBBOHFYUW1kcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTgvYmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8x
L1M2QzVyQUc1dlp5bnZzU1g0RUk2c3hSalBXQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgv
YmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8xLzEwY0JkV1RIRWJ5
OVYyZ0tEZjBBOHFYUW1kcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBd
BggrBgEFBQcBBwEB/wROMEwwSgQCAAEwRAMEA8JAWAMEAsJAlAMEAsJAnDAMAwQC
wqNEAwQEwqNAAwQDwukQAwQDw7MgAwQCw7SEAwQCw7SMAwQCw/ygAwQC1OAAMA0G
CSqGSIb3DQEBCwUAA4IBAQCr8QjK2viVKChIZpAwaCUY9wbxyvz76Ujb1T/b2thL
FrAQhAJ2dQCpUpt7ijP1REHyOqBCrpfsVaU622nlDocIfCwbGgT1DWcMo2DGFdTh
nWMSrPe5Zwt3bpIT/cURZ7z9saxnkpvlxsY/dOMU1eSOw9E5t1HOmoP3dHLpPEpd
bo3JBrXpMY3Bmq7auCmXtwVJFumpjv7J6fdzuYFjMpQk/ABiTv/qC7zE3/V9agg0
iSUsLOMw8/lGtwJfJlWlPMC16DuVOHjua0oUqpAcj3iPIJAucrbW0wrNZLBkdqUa
gf5546wT6UXI2rJapyEeYWIWRKG+5cXjXQVTtR+373vw
-----END CERTIFICATE-----