Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/WWy0EKBLhLTEkWApVDYF2vvfiUw.roa
File:                     WWy0EKBLhLTEkWApVDYF2vvfiUw.roa (raw, json)
Hash identifier:          /uSAra4LT4oVK4NLMwFdHQLb3wmt5dYJx07qe7YGcjI=
Subject key identifier:   59:6C:B4:10:A0:4B:84:B4:C4:91:60:29:54:36:05:DA:FB:DF:89:4C
Certificate issuer:       /CN=94d98e8fec680775a157266e0c6b78b141a34f5e
Certificate serial:       01856CCADF228C6E166676ACF011EE25FA9D
Authority key identifier: 94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/WWy0EKBLhLTEkWApVDYF2vvfiUw.roa
Signing time:             Sun 01 Jan 2023 10:05:12 +0000
ROA not before:           Sun 01 Jan 2023 10:05:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34248
IP address blocks:        185.169.16.0/22 maxlen: 22
                          85.90.213.0/24 maxlen: 24
                          85.90.209.0/24 maxlen: 24
                          85.90.208.0/24 maxlen: 24
                          85.90.210.0/24 maxlen: 24
                          85.90.219.0/24 maxlen: 24
                          85.90.218.0/24 maxlen: 24
                          85.90.214.0/24 maxlen: 24
                          85.90.221.0/24 maxlen: 24
                          85.90.220.0/24 maxlen: 24
                          82.117.242.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:ca:df:22:8c:6e:16:66:76:ac:f0:11:ee:25:fa:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94d98e8fec680775a157266e0c6b78b141a34f5e
        Validity
            Not Before: Jan  1 10:05:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=596cb410a04b84b4c4916029543605dafbdf894c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7b:48:67:2b:a9:e3:c6:ed:cc:12:7d:e0:fc:
                    23:c3:a1:0a:7b:7f:12:c2:fa:27:00:e4:97:da:ce:
                    95:b9:8a:c5:f1:83:67:0b:98:bd:d1:3f:e7:4d:2c:
                    b6:da:44:a8:7d:47:17:fc:eb:ec:37:0f:ae:d4:92:
                    63:b4:e2:40:33:ab:76:d1:74:f1:6f:02:34:83:e9:
                    91:18:fe:27:c3:2f:1f:66:f2:7e:e3:f5:0e:dc:ad:
                    6f:a9:9a:8d:cf:6f:2d:2e:05:6a:98:f4:7b:e6:48:
                    10:1c:49:f8:45:98:28:a9:a0:6b:82:89:bd:00:34:
                    29:c2:07:f7:d2:32:20:c6:d0:72:0d:57:e9:92:d5:
                    45:0d:e2:c8:b2:82:d1:96:e4:58:be:22:7d:4c:20:
                    a3:57:28:e9:69:08:24:bc:5f:61:d4:73:54:96:5f:
                    cf:f0:13:20:41:7e:d6:74:d8:56:3b:58:2f:f6:0e:
                    ad:a5:1f:2e:29:14:e5:f1:24:63:bb:d8:63:e0:b1:
                    44:23:89:f9:40:31:65:6a:ad:ce:bc:29:f6:ab:fd:
                    83:fa:c1:4d:cf:e9:78:41:28:44:e4:6d:a9:28:3e:
                    77:bc:35:f3:f9:27:a6:0f:3e:ea:4a:8a:81:ce:ed:
                    d2:d3:6f:23:72:b9:9b:b0:d1:a3:34:c1:dc:8f:02:
                    14:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:6C:B4:10:A0:4B:84:B4:C4:91:60:29:54:36:05:DA:FB:DF:89:4C
            X509v3 Authority Key Identifier:
                keyid:94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/WWy0EKBLhLTEkWApVDYF2vvfiUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.117.242.0/23
                  85.90.208.0-85.90.210.255
                  85.90.213.0-85.90.214.255
                  85.90.218.0-85.90.221.255
                  185.169.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:36:85:0c:6d:6e:45:fb:4c:e2:d3:95:0f:7a:2f:39:63:1f:
         89:9c:68:9c:ae:e3:b8:3e:88:5d:45:12:d4:32:99:e7:76:df:
         91:67:58:fd:ca:ec:4e:f0:c4:2f:df:d5:2b:d4:20:c5:2b:48:
         f3:0c:d0:06:02:29:1b:94:6f:3b:53:21:0d:94:d3:59:be:10:
         57:69:f8:53:69:2a:3e:2c:7d:ac:41:92:fd:2e:e8:a6:c1:dd:
         db:ed:42:69:f5:4e:f8:2b:fc:ab:90:28:f7:cb:06:20:62:a4:
         eb:49:9b:ed:2a:0e:19:52:4e:18:40:fe:8b:4b:26:2e:27:09:
         bd:0f:e9:e9:ba:12:e7:e9:0a:a9:37:04:fe:de:46:7d:bd:eb:
         8f:cd:6a:e6:73:4c:74:a8:bd:c9:69:dc:0b:5e:b1:60:be:b1:
         91:22:46:cb:35:cd:ca:b6:27:8e:54:7f:e9:18:51:dd:95:23:
         16:4a:3e:7d:73:e5:22:ee:80:6e:02:dd:f6:5f:59:5d:9c:29:
         7e:c7:72:bc:91:54:aa:f8:b0:6a:dd:7a:70:21:f8:7c:bb:5b:
         2f:46:b3:f9:fe:43:f3:04:2e:7f:bf:70:3f:f3:ee:80:80:57:
         a9:f0:17:97:82:cf:7c:12:bd:a9:cf:0e:db:7a:28:d8:79:d4:
         1c:d7:f3:c3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVsyt8ijG4WZnas8BHuJfqdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZDk4ZThmZWM2ODA3NzVhMTU3MjY2ZTBjNmI3OGIxNDFh
MzRmNWUwHhcNMjMwMTAxMTAwNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTZjYjQxMGEwNGI4NGI0YzQ5MTYwMjk1NDM2MDVkYWZiZGY4OTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3tIZyup48btzBJ94Pwjw6EKe38S
wvonAOSX2s6VuYrF8YNnC5i90T/nTSy22kSofUcX/OvsNw+u1JJjtOJAM6t20XTx
bwI0g+mRGP4nwy8fZvJ+4/UO3K1vqZqNz28tLgVqmPR75kgQHEn4RZgoqaBrgom9
ADQpwgf30jIgxtByDVfpktVFDeLIsoLRluRYviJ9TCCjVyjpaQgkvF9h1HNUll/P
8BMgQX7WdNhWO1gv9g6tpR8uKRTl8SRju9hj4LFEI4n5QDFlaq3OvCn2q/2D+sFN
z+l4QShE5G2pKD53vDXz+SemDz7qSoqBzu3S028jcrmbsNGjNMHcjwIUPQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFFlstBCgS4S0xJFgKVQ2Bdr734lMMB8GA1UdIwQY
MBaAFJTZjo/saAd1oVcmbgxreLFBo09eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE5tT2oteG9CM1doVnladURHdDRzVUdqVDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83YWUzYzctNjdlNC00NGRlLWIxMzkt
ODdkMTdkZjc0YzdlLzEvV1d5MEVLQkxoTFRFa1dBcFZEWUYydnZmaVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83YWUzYzctNjdlNC00NGRlLWIxMzktODdkMTdkZjc0Yzdl
LzEvbE5tT2oteG9CM1doVnladURHdDRzVUdqVDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBUnXyMAwD
BARVWtADBABVWtIwDAMEAFVa1QMEAFVa1jAMAwQBVVraAwQBVVrcAwQCuakQMA0G
CSqGSIb3DQEBCwUAA4IBAQB2NoUMbW5F+0zi05UPei85Yx+JnGicruO4PohdRRLU
Mpnndt+RZ1j9yuxO8MQv39Ur1CDFK0jzDNAGAikblG87UyENlNNZvhBXafhTaSo+
LH2sQZL9Luimwd3b7UJp9U74K/yrkCj3ywYgYqTrSZvtKg4ZUk4YQP6LSyYuJwm9
D+npuhLn6QqpNwT+3kZ9veuPzWrmc0x0qL3JadwLXrFgvrGRIkbLNc3KtieOVH/p
GFHdlSMWSj59c+Ui7oBuAt32X1ldnCl+x3K8kVSq+LBq3XpwIfh8u1svRrP5/kPz
BC5/v3A/8+6AgFep8BeXgs98Er2pzw7beijYedQc1/PD
-----END CERTIFICATE-----