Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/WBB5TI-7IIiyHUMiWhvCX8ouBt8.roa
File:                     WBB5TI-7IIiyHUMiWhvCX8ouBt8.roa (raw, json)
Hash identifier:          /fl+DdPF2xNapAA1oQQd2b8pLeKVV5UeTyewDYaaZvU=
Subject key identifier:   58:10:79:4C:8F:BB:20:88:B2:1D:43:22:5A:1B:C2:5F:CA:2E:06:DF
Certificate issuer:       /CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Certificate serial:       0185724C8C2FEC6F66B160450AD042832045
Authority key identifier: 45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/WBB5TI-7IIiyHUMiWhvCX8ouBt8.roa
Signing time:             Mon 02 Jan 2023 11:44:57 +0000
ROA not before:           Mon 02 Jan 2023 11:44:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49289
IP address blocks:        185.63.132.0/23 maxlen: 23
                          159.255.136.0/22 maxlen: 22
                          185.63.135.0/24 maxlen: 24
                          185.63.134.0/24 maxlen: 24
                          159.255.144.0/22 maxlen: 22
                          188.94.120.0/21 maxlen: 21
                          171.22.233.0/24 maxlen: 24
                          171.22.232.0/24 maxlen: 24
                          171.22.235.0/24 maxlen: 24
                          171.22.234.0/24 maxlen: 24
                          93.185.112.0/20 maxlen: 20
                          178.239.32.0/20 maxlen: 20
                          2a00:c50::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:4c:8c:2f:ec:6f:66:b1:60:45:0a:d0:42:83:20:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
        Validity
            Not Before: Jan  2 11:44:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5810794c8fbb2088b21d43225a1bc25fca2e06df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:c0:57:1e:4b:58:3f:3f:f6:e2:c3:38:6e:40:
                    41:49:3f:84:0f:02:f0:a7:0f:cd:ab:5b:1b:4f:85:
                    19:1d:5e:d2:2d:5a:93:d4:7c:eb:42:23:21:15:db:
                    03:ad:f6:6b:47:40:4e:f7:67:38:73:f0:62:81:a8:
                    2b:4c:9a:9c:76:c3:97:f2:ec:6a:b4:ab:3a:b0:57:
                    5a:5e:93:a7:a0:37:60:be:59:66:67:93:d4:0c:32:
                    03:68:63:5a:c8:bf:8a:b2:a4:98:a8:f9:34:a8:63:
                    3a:a1:e0:22:99:8a:a9:bc:6c:63:c5:b0:88:13:03:
                    49:24:dd:51:08:77:e1:13:db:d5:cf:69:bf:d3:74:
                    6a:55:b2:4d:80:6d:cd:17:c8:d2:57:10:bb:f4:87:
                    3e:2c:d7:77:6a:53:32:19:69:39:46:af:f9:27:76:
                    53:e4:18:d5:ec:87:f7:73:d6:b4:6a:ac:f4:65:6a:
                    2c:8a:2e:89:f2:18:bf:31:80:46:8e:4a:40:c3:42:
                    bd:29:76:7d:84:79:9a:a9:85:6d:65:e0:0a:83:ec:
                    61:77:e3:a4:30:60:6e:13:a0:aa:19:ba:d4:6a:92:
                    e3:03:22:bc:68:01:ea:fc:76:4e:b1:22:42:b3:50:
                    28:75:30:78:57:c9:a3:47:b6:2d:12:4a:fb:5d:f2:
                    dc:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:10:79:4C:8F:BB:20:88:B2:1D:43:22:5A:1B:C2:5F:CA:2E:06:DF
            X509v3 Authority Key Identifier:
                keyid:45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/WBB5TI-7IIiyHUMiWhvCX8ouBt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/RfnjL_avPV5dd727mNo30LjkRRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.112.0/20
                  159.255.136.0/22
                  159.255.144.0/22
                  171.22.232.0/22
                  178.239.32.0/20
                  185.63.132.0/22
                  188.94.120.0/21
                IPv6:
                  2a00:c50::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:c6:9f:12:a6:f0:b6:94:7b:4f:14:7a:bd:a1:3c:6a:38:d3:
         db:0c:bc:71:66:86:3a:98:9f:fb:21:d5:46:3a:a7:80:c0:22:
         c9:82:da:b6:2b:d4:a7:0a:6e:ce:30:0d:be:da:d5:8b:22:b5:
         49:3f:99:17:db:61:6a:69:dc:45:37:88:94:dc:f8:b4:1f:c1:
         93:e6:4f:e1:dd:11:86:4c:ec:27:3a:a4:3b:ad:58:0d:40:dc:
         04:16:b6:47:38:d1:a5:6e:b9:36:45:71:c2:80:4f:7b:20:dc:
         0f:31:36:70:60:4a:ff:35:9f:b0:e7:f6:b4:53:44:74:8e:8a:
         92:b2:9a:11:4c:97:85:68:23:20:f8:25:00:1e:a7:e1:5b:6b:
         02:a3:d1:f8:dc:36:23:36:fa:d6:04:9d:c7:6a:32:eb:2b:22:
         33:36:2c:53:46:8f:ba:61:e4:51:32:21:41:15:43:bc:c1:ed:
         d9:61:4a:d6:44:49:b0:fb:d1:6e:7d:e6:8d:a4:39:1e:a0:9f:
         40:42:14:af:8d:44:ff:28:50:25:91:d2:d4:3d:12:e0:86:ff:
         c6:4a:71:7f:75:65:b7:20:4c:af:4a:39:4e:bf:07:39:d4:50:
         d8:6c:a9:dd:2e:b8:e8:87:c1:9c:8e:c7:c9:e4:c0:4b:6a:1a:
         20:ac:e2:8e
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVyTIwv7G9msWBFCtBCgyBFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZjllMzJmZjZhZjNkNWU1ZDc3YmRiYjk4ZGEzN2QwYjhl
NDQ1MTkwHhcNMjMwMTAyMTE0NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODEwNzk0YzhmYmIyMDg4YjIxZDQzMjI1YTFiYzI1ZmNhMmUwNmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6cBXHktYPz/24sM4bkBBST+EDwLw
pw/Nq1sbT4UZHV7SLVqT1HzrQiMhFdsDrfZrR0BO92c4c/BigagrTJqcdsOX8uxq
tKs6sFdaXpOnoDdgvllmZ5PUDDIDaGNayL+KsqSYqPk0qGM6oeAimYqpvGxjxbCI
EwNJJN1RCHfhE9vVz2m/03RqVbJNgG3NF8jSVxC79Ic+LNd3alMyGWk5Rq/5J3ZT
5BjV7If3c9a0aqz0ZWosii6J8hi/MYBGjkpAw0K9KXZ9hHmaqYVtZeAKg+xhd+Ok
MGBuE6CqGbrUapLjAyK8aAHq/HZOsSJCs1AodTB4V8mjR7YtEkr7XfLctwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFFgQeUyPuyCIsh1DIlobwl/KLgbfMB8GA1UdIwQY
MBaAFEX54y/2rz1eXXe9u5jaN9C45EUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYt
OGVlMGExMmEzNTliLzEvV0JCNVRJLTdJSWl5SFVNaVdodkNYOG91QnQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYtOGVlMGExMmEzNTli
LzEvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEXblwAwQC
n/+IAwQCn/+QAwQCqxboAwQEsu8gAwQCuT+EAwQDvF54MA0EAgACMAcDBQMqAAxQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBKxp8SpvC2lHtPFHq9oTxqONPbDLxxZoY6mJ/7
IdVGOqeAwCLJgtq2K9SnCm7OMA2+2tWLIrVJP5kX22FqadxFN4iU3Pi0H8GT5k/h
3RGGTOwnOqQ7rVgNQNwEFrZHONGlbrk2RXHCgE97INwPMTZwYEr/NZ+w5/a0U0R0
joqSspoRTJeFaCMg+CUAHqfhW2sCo9H43DYjNvrWBJ3HajLrKyIzNixTRo+6YeRR
MiFBFUO8we3ZYUrWREmw+9FufeaNpDkeoJ9AQhSvjUT/KFAlkdLUPRLghv/GSnF/
dWW3IEyvSjlOvwc51FDYbKndLrjoh8GcjsfJ5MBLahogrOKO
-----END CERTIFICATE-----