Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/fepSCHaT7bWdmlnrZ5x3Hbj7t5g.roa
File:                     fepSCHaT7bWdmlnrZ5x3Hbj7t5g.roa (raw, json)
Hash identifier:          G+FPb5jy+aGVKfRxLe5bcFwXNCJWZunTVcPQHvqJRh4=
Subject key identifier:   7D:EA:52:08:76:93:ED:B5:9D:9A:59:EB:67:9C:77:1D:B8:FB:B7:98
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       01826CA19050CD71D611610AAA4C5EF38867
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/fepSCHaT7bWdmlnrZ5x3Hbj7t5g.roa
Signing time:             Fri 05 Aug 2022 06:11:43 +0000
ROA not before:           Fri 05 Aug 2022 06:11:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     35913
IP address blocks:        194.110.247.0/24 maxlen: 24
                          194.113.35.0/24 maxlen: 24
                          5.181.3.0/24 maxlen: 24
                          5.181.1.0/24 maxlen: 24
                          5.181.2.0/24 maxlen: 24
                          5.181.0.0/24 maxlen: 24
                          45.143.164.0/24 maxlen: 24
                          37.44.192.0/24 maxlen: 24
                          37.44.195.0/24 maxlen: 24
                          37.44.193.0/24 maxlen: 24
                          37.44.194.0/24 maxlen: 24
                          2a09:fb86::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:6c:a1:90:50:cd:71:d6:11:61:0a:aa:4c:5e:f3:88:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Aug  5 06:11:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7dea52087693edb59d9a59eb679c771db8fbb798
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6b:ac:2e:30:fb:ae:01:1b:7d:c2:78:8a:25:
                    56:39:b5:0f:c7:9f:22:b2:4a:cb:d8:3a:ae:3d:f6:
                    60:3e:ee:68:21:71:ba:a6:1b:b4:bc:10:a1:3e:e3:
                    34:ec:b5:c6:7f:06:4f:b6:9c:e1:f8:cf:4d:29:e7:
                    dd:88:7d:55:66:ca:fb:f4:b2:44:0c:b8:11:2c:b2:
                    99:fb:36:e4:8c:71:45:39:c0:ca:16:9f:4d:fa:76:
                    c8:2a:27:84:16:fa:d3:db:b2:51:a8:7f:9c:4b:9a:
                    eb:18:a4:ed:4a:24:58:f7:30:3d:6f:8d:e5:1c:e9:
                    ec:1a:7b:15:61:78:03:07:1c:74:81:97:65:9a:35:
                    16:aa:bc:41:54:16:e3:3f:4a:43:c7:16:f1:8a:5c:
                    22:28:28:f7:b0:ec:1e:87:d2:30:85:c6:fa:ba:6f:
                    34:4a:8d:fc:4b:3f:f8:ae:4c:d0:69:02:23:f8:6c:
                    20:ef:fb:fc:3b:5f:47:a6:95:60:38:fa:a9:7b:3a:
                    c1:e9:ca:20:1e:a0:55:81:8e:0d:36:11:85:8c:1f:
                    6d:eb:a9:78:d4:cd:30:bc:44:ca:bf:b6:31:c1:1c:
                    d9:04:2e:55:58:15:bf:86:1a:42:06:0a:ef:c3:0e:
                    7f:d8:a8:ca:44:f9:31:6f:4d:9e:cc:ae:53:58:96:
                    f1:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:EA:52:08:76:93:ED:B5:9D:9A:59:EB:67:9C:77:1D:B8:FB:B7:98
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/fepSCHaT7bWdmlnrZ5x3Hbj7t5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.0.0/22
                  37.44.192.0/22
                  45.143.164.0/24
                  194.110.247.0/24
                  194.113.35.0/24
                IPv6:
                  2a09:fb86::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:9f:b9:5a:a2:e1:c1:70:a0:36:cc:db:b8:c7:2e:58:10:bb:
         2f:33:9d:da:50:c6:e9:29:7f:61:0e:d4:a7:6c:ec:da:eb:66:
         97:dd:46:08:eb:be:43:06:d6:06:95:f9:5c:b7:d5:1b:fe:20:
         03:95:56:96:5b:9e:f6:44:b0:bf:6e:29:8f:38:86:23:a4:07:
         c0:77:e5:89:88:e5:f5:9a:84:93:d2:5a:2e:72:4a:3b:d0:09:
         1b:e0:a3:fb:0e:f5:b1:78:20:a3:24:b1:73:c4:fd:ac:fa:f4:
         fd:5b:d9:be:d5:59:09:20:30:70:6e:26:bf:cb:99:44:a2:6c:
         79:5e:48:7b:7b:a0:b6:c9:4a:ea:26:75:06:54:a8:31:e8:3a:
         bb:bb:38:c2:67:76:f4:c3:5f:65:7f:a7:d2:e3:df:aa:2a:14:
         e4:3d:84:2e:36:6d:a1:0c:7c:da:ff:65:dc:51:e1:33:de:84:
         44:03:9e:9b:21:7d:10:b8:f0:98:95:aa:99:d9:8f:37:1b:6b:
         e3:af:4a:14:46:73:e9:5e:de:6a:84:c8:e2:5e:22:59:7a:3f:
         a3:43:a8:54:49:7d:04:31:c0:c1:da:15:18:18:ae:ec:f1:6a:
         cc:3f:f0:50:d2:30:96:42:b1:7f:2f:63:d4:67:2f:f7:54:3b:
         20:f6:9f:2e
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYJsoZBQzXHWEWEKqkxe84hnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjIwODA1MDYxMTQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGVhNTIwODc2OTNlZGI1OWQ5YTU5ZWI2NzljNzcxZGI4ZmJiNzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWusLjD7rgEbfcJ4iiVWObUPx58i
skrL2DquPfZgPu5oIXG6phu0vBChPuM07LXGfwZPtpzh+M9NKefdiH1VZsr79LJE
DLgRLLKZ+zbkjHFFOcDKFp9N+nbIKieEFvrT27JRqH+cS5rrGKTtSiRY9zA9b43l
HOnsGnsVYXgDBxx0gZdlmjUWqrxBVBbjP0pDxxbxilwiKCj3sOweh9Iwhcb6um80
So38Sz/4rkzQaQIj+Gwg7/v8O19HppVgOPqpezrB6cogHqBVgY4NNhGFjB9t66l4
1M0wvETKv7YxwRzZBC5VWBW/hhpCBgrvww5/2KjKRPkxb02ezK5TWJbxewIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFH3qUgh2k+21nZpZ62ecdx24+7eYMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvZmVwU0NIYVQ3YldkbWxuclo1eDNIYmo3dDVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCBbUAAwQC
JSzAAwQALY+kAwQAwm73AwQAwnEjMA0EAgACMAcDBQAqCfuGMA0GCSqGSIb3DQEB
CwUAA4IBAQBOn7laouHBcKA2zNu4xy5YELsvM53aUMbpKX9hDtSnbOza62aX3UYI
675DBtYGlflct9Ub/iADlVaWW572RLC/bimPOIYjpAfAd+WJiOX1moST0loucko7
0Akb4KP7DvWxeCCjJLFzxP2s+vT9W9m+1VkJIDBwbia/y5lEomx5Xkh7e6C2yUrq
JnUGVKgx6Dq7uzjCZ3b0w19lf6fS49+qKhTkPYQuNm2hDHza/2XcUeEz3oREA56b
IX0QuPCYlaqZ2Y83G2vjr0oURnPpXt5qhMjiXiJZej+jQ6hUSX0EMcDB2hUYGK7s
8WrMP/BQ0jCWQrF/L2PUZy/3VDsg9p8u
-----END CERTIFICATE-----