Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/uyNAUq4qsCGym5PqLJEe6eOGCDA.roa
File:                     uyNAUq4qsCGym5PqLJEe6eOGCDA.roa (raw, json)
Hash identifier:          udyTJoi9kI289Cs8D3+qXEEmHmWS/HqR9CPPYQqweaM=
Subject key identifier:   BB:23:40:52:AE:2A:B0:21:B2:9B:93:EA:2C:91:1E:E9:E3:86:08:30
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       01849F37490B1E68CAF290A9FC6AC170A242
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/uyNAUq4qsCGym5PqLJEe6eOGCDA.roa
Signing time:             Tue 22 Nov 2022 12:01:51 +0000
ROA not before:           Tue 22 Nov 2022 12:01:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     57844
IP address blocks:        194.113.34.0/24 maxlen: 24
                          45.83.180.0/24 maxlen: 24
                          45.83.181.0/24 maxlen: 24
                          45.83.182.0/24 maxlen: 24
                          45.83.183.0/24 maxlen: 24
                          2.58.124.0/22 maxlen: 22
                          194.110.246.0/24 maxlen: 24
                          45.143.165.0/24 maxlen: 24
                          139.28.73.0/24 maxlen: 24
                          139.28.74.0/24 maxlen: 24
                          139.28.75.0/24 maxlen: 24
                          139.28.72.0/24 maxlen: 24
                          45.150.109.0/24 maxlen: 24
                          45.150.110.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9f:37:49:0b:1e:68:ca:f2:90:a9:fc:6a:c1:70:a2:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Nov 22 12:01:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bb234052ae2ab021b29b93ea2c911ee9e3860830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:b0:7a:44:f7:af:21:13:ec:22:2a:d4:f5:45:
                    d5:d1:9c:6b:93:20:5d:ab:a2:4a:bb:0d:e1:80:dc:
                    a0:10:63:40:7e:15:e5:bd:49:e9:f2:b6:63:4d:91:
                    fd:aa:b4:49:4a:a8:56:d8:00:21:90:90:d7:ba:67:
                    7d:35:18:a6:fa:96:83:e6:6a:d6:d8:9b:4d:08:56:
                    e4:ca:b7:08:4d:eb:f4:f3:a1:85:dc:6a:18:04:e3:
                    b9:b9:89:30:38:68:e2:b8:46:ab:ed:e5:66:3b:47:
                    27:e5:bd:d7:5f:03:c5:04:de:b8:81:fd:38:05:ad:
                    02:07:e1:2e:0c:9f:d5:a4:42:e0:03:e7:5f:20:6c:
                    0e:64:61:0c:3a:a8:85:25:d2:d5:06:22:4f:fb:44:
                    d2:b7:5a:1a:96:a2:4a:92:75:01:ea:0e:61:5a:ee:
                    ac:ea:fc:93:74:6b:1e:d4:9d:06:64:5c:7b:f5:00:
                    76:cd:57:90:be:be:83:62:03:ea:e4:3f:29:45:0d:
                    8f:6e:29:ee:21:4c:f5:d2:3c:1e:4b:c8:4a:df:bb:
                    d8:20:32:42:dc:53:21:66:48:d7:c7:e1:a6:93:ba:
                    fc:8b:fc:46:b0:1c:92:60:f8:18:69:a2:7c:e3:56:
                    0e:12:d1:6b:73:35:af:c9:de:d8:8a:44:f7:a3:fa:
                    a1:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:23:40:52:AE:2A:B0:21:B2:9B:93:EA:2C:91:1E:E9:E3:86:08:30
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/uyNAUq4qsCGym5PqLJEe6eOGCDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.124.0/22
                  45.83.180.0/22
                  45.143.165.0/24
                  45.150.109.0-45.150.111.255
                  139.28.72.0/22
                  194.110.246.0/24
                  194.113.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:68:1c:45:d4:71:9b:96:d4:83:8e:04:17:f3:24:94:32:a1:
         f3:4f:f8:3f:29:6b:1d:15:85:a5:0e:7f:94:b5:71:b1:ba:f2:
         88:f4:14:19:7a:3c:6d:97:f3:33:1d:1c:57:85:af:c0:37:03:
         bf:2f:60:33:83:0b:e3:18:38:d3:2f:d6:81:fb:a1:91:61:38:
         b9:41:92:21:92:cd:be:69:9d:2e:08:3d:2a:7e:e7:d2:d7:a3:
         b7:98:1b:71:7c:66:1a:be:eb:f7:a4:41:8b:7a:ec:2f:f0:aa:
         57:ec:cd:42:88:2b:84:03:69:33:42:7a:f9:93:17:c7:c0:27:
         eb:59:69:09:c7:db:98:4e:f4:4f:3f:d3:8f:df:b6:63:35:9c:
         af:a6:cb:2a:e6:43:cc:0a:b7:41:65:5b:af:10:4f:56:0f:89:
         60:ad:81:56:fc:8a:61:69:40:0f:d1:d2:37:91:72:64:a7:99:
         9c:c1:96:25:90:af:46:3b:f5:e2:7b:79:bb:82:6b:de:9d:06:
         a6:16:02:d4:65:a3:1f:8a:ca:a7:44:dc:58:c7:57:ac:93:37:
         d8:41:7f:41:f3:41:e7:4d:f7:0a:74:d1:c2:5e:b9:60:f5:cb:
         42:30:8f:91:f4:f0:a9:a5:83:41:b9:85:2f:6e:f7:03:19:74:
         a1:cb:ee:1e
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYSfN0kLHmjK8pCp/GrBcKJCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjIxMTIyMTIwMTUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjIzNDA1MmFlMmFiMDIxYjI5YjkzZWEyYzkxMWVlOWUzODYwODMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrB6RPevIRPsIirU9UXV0ZxrkyBd
q6JKuw3hgNygEGNAfhXlvUnp8rZjTZH9qrRJSqhW2AAhkJDXumd9NRim+paD5mrW
2JtNCFbkyrcITev086GF3GoYBOO5uYkwOGjiuEar7eVmO0cn5b3XXwPFBN64gf04
Ba0CB+EuDJ/VpELgA+dfIGwOZGEMOqiFJdLVBiJP+0TSt1oalqJKknUB6g5hWu6s
6vyTdGse1J0GZFx79QB2zVeQvr6DYgPq5D8pRQ2PbinuIUz10jweS8hK37vYIDJC
3FMhZkjXx+Gmk7r8i/xGsBySYPgYaaJ841YOEtFrczWvyd7YikT3o/qhdwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFLsjQFKuKrAhspuT6iyRHunjhggwMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvdXlOQVVxNHFzQ0d5bTVQcUxKRWU2ZU9HQ0RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCAjp8AwQC
LVO0AwQALY+lMAwDBAAtlm0DBAQtlmADBAKLHEgDBADCbvYDBADCcSIwDQYJKoZI
hvcNAQELBQADggEBAF1oHEXUcZuW1IOOBBfzJJQyofNP+D8pax0VhaUOf5S1cbG6
8oj0FBl6PG2X8zMdHFeFr8A3A78vYDODC+MYONMv1oH7oZFhOLlBkiGSzb5pnS4I
PSp+59LXo7eYG3F8Zhq+6/ekQYt67C/wqlfszUKIK4QDaTNCevmTF8fAJ+tZaQnH
25hO9E8/04/ftmM1nK+myyrmQ8wKt0FlW68QT1YPiWCtgVb8imFpQA/R0jeRcmSn
mZzBliWQr0Y79eJ7ebuCa96dBqYWAtRlox+KyqdE3FjHV6yTN9hBf0HzQedN9wp0
0cJeuWD1y0Iwj5H08Kmlg0G5hS9u9wMZdKHL7h4=
-----END CERTIFICATE-----