Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BkyrlMBZoMJecp3znqu2JFwd5Kw.roa
File:                     BkyrlMBZoMJecp3znqu2JFwd5Kw.roa (raw, json)
Hash identifier:          EaLir44YHEG3OVbdfwpMXuNFSI9tfODS4s3J23LmW9c=
Subject key identifier:   06:4C:AB:94:C0:59:A0:C2:5E:72:9D:F3:9E:AB:B6:24:5C:1D:E4:AC
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018AA72E2C458E5EBFB3EE6963B5F8E2262D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BkyrlMBZoMJecp3znqu2JFwd5Kw.roa
Signing time:             Mon 18 Sep 2023 07:25:35 +0000
ROA not before:           Mon 18 Sep 2023 07:25:35 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50225
IP address blocks:        85.217.145.0/24 maxlen: 24
                          79.110.50.0/24 maxlen: 24
                          185.222.163.0/24 maxlen: 24
                          93.123.85.0/24 maxlen: 24
                          80.76.50.0/24 maxlen: 24
                          193.42.34.0/24 maxlen: 24
                          193.47.63.0/24 maxlen: 24
                          176.125.252.0/24 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          45.84.90.0/24 maxlen: 24
                          194.48.251.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:a7:2e:2c:45:8e:5e:bf:b3:ee:69:63:b5:f8:e2:26:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Sep 18 07:25:35 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=064cab94c059a0c25e729df39eabb6245c1de4ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:91:d3:51:41:cf:d5:f2:fe:a7:0e:af:01:2f:
                    53:da:ed:67:4b:02:d9:44:62:b1:9e:8c:c0:97:fa:
                    e6:14:c1:c2:cd:c5:01:a8:d0:97:08:bc:65:d6:c6:
                    b8:9b:ac:4f:48:6a:2d:8e:20:36:b3:be:6d:c0:36:
                    b8:72:42:b5:b3:32:53:ea:e4:02:a8:39:e7:c3:f3:
                    7e:1d:eb:2e:bc:86:77:a4:ba:69:bc:81:ca:5b:22:
                    45:da:34:9a:0f:6e:b7:3d:4f:b6:86:88:16:f8:0d:
                    ec:f6:d9:4d:56:99:6f:c2:68:c9:bc:7b:a4:e4:4e:
                    b4:a5:9b:12:8f:43:02:1b:23:79:67:51:50:96:55:
                    89:09:60:a0:9f:cf:9d:e4:7b:ff:24:54:36:15:6e:
                    7a:20:f3:28:39:6b:be:29:25:e5:53:1a:be:74:0c:
                    5c:62:1e:47:8e:d7:22:98:01:dc:e9:97:19:b3:c3:
                    b6:fd:49:82:ab:09:d9:a2:f7:13:4e:94:01:52:b7:
                    d0:6e:ed:d9:7a:e5:6d:7a:3b:a9:28:51:37:a6:ac:
                    6b:d6:ad:2b:11:af:bc:88:ed:54:6e:06:5c:cb:b2:
                    86:2a:f8:c5:6e:b4:1b:bd:ec:eb:48:1a:3d:c3:bd:
                    70:76:79:d4:76:da:51:e2:a6:ff:e6:7f:b9:ab:2b:
                    70:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:4C:AB:94:C0:59:A0:C2:5E:72:9D:F3:9E:AB:B6:24:5C:1D:E4:AC
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BkyrlMBZoMJecp3znqu2JFwd5Kw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.90.0/24
                  79.110.50.0/24
                  80.76.50.0/24
                  85.217.145.0/24
                  93.123.85.0/24
                  176.125.252.0/24
                  185.222.163.0/24
                  193.42.34.0/24
                  193.47.63.0/24
                  194.48.249.0/24
                  194.48.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:48:f1:6a:ed:27:1a:ee:26:77:aa:e8:3f:be:2e:2e:f4:5e:
         59:e6:e4:a5:67:77:14:91:66:1e:34:5f:5e:81:c6:1a:1a:96:
         74:fe:80:a0:a3:ad:2e:a9:43:25:9c:91:80:00:dd:52:d2:0b:
         bd:be:4a:e2:01:ee:0e:68:3c:b3:3e:d4:2b:ad:8f:7c:51:da:
         fd:29:45:6c:e8:a3:99:9a:8d:66:d4:c2:6c:6a:ef:b8:54:b6:
         f1:18:9d:e0:15:08:62:e0:0f:e0:0b:4f:a1:0c:2f:1d:bf:74:
         60:09:09:06:c5:24:4e:0f:fe:7e:53:b9:d6:74:9a:4b:28:ba:
         ae:cd:9e:a8:cd:23:13:98:86:d4:8e:ae:a0:5a:fd:ef:97:39:
         00:ad:c5:3c:0a:04:9e:94:39:7c:f6:7f:56:14:20:76:8f:58:
         b7:f6:ee:c4:17:2d:d7:e9:ae:a7:87:79:34:00:ee:9d:86:31:
         bb:ce:98:d1:8a:7e:01:e7:4d:b9:75:d0:a5:7b:29:3f:59:2c:
         c4:13:46:f3:ea:ff:52:1d:58:aa:27:3c:a7:a9:ec:d5:65:23:
         e3:ff:ba:92:6b:11:59:32:f0:6f:d2:b3:8f:6a:09:58:2a:2d:
         4b:b3:4c:80:f6:b6:0d:e5:07:69:37:9d:04:d9:ec:1a:37:f2:
         39:82:30:a7
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYqnLixFjl6/s+5pY7X44iYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTE4MDcyNTM1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjRjYWI5NGMwNTlhMGMyNWU3MjlkZjM5ZWFiYjYyNDVjMWRlNGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpHTUUHP1fL+pw6vAS9T2u1nSwLZ
RGKxnozAl/rmFMHCzcUBqNCXCLxl1sa4m6xPSGotjiA2s75twDa4ckK1szJT6uQC
qDnnw/N+HesuvIZ3pLppvIHKWyJF2jSaD263PU+2hogW+A3s9tlNVplvwmjJvHuk
5E60pZsSj0MCGyN5Z1FQllWJCWCgn8+d5Hv/JFQ2FW56IPMoOWu+KSXlUxq+dAxc
Yh5HjtcimAHc6ZcZs8O2/UmCqwnZovcTTpQBUrfQbu3ZeuVtejupKFE3pqxr1q0r
Ea+8iO1UbgZcy7KGKvjFbrQbvezrSBo9w71wdnnUdtpR4qb/5n+5qytwYQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFAZMq5TAWaDCXnKd856rtiRcHeSsMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQmt5cmxNQlpvTUplY3Azem5xdTJKRndkNUt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALVRaAwQA
T24yAwQAUEwyAwQAVdmRAwQAXXtVAwQAsH38AwQAud6jAwQAwSoiAwQAwS8/AwQA
wjD5AwQAwjD7MA0GCSqGSIb3DQEBCwUAA4IBAQCzSPFq7Sca7iZ3qug/vi4u9F5Z
5uSlZ3cUkWYeNF9egcYaGpZ0/oCgo60uqUMlnJGAAN1S0gu9vkriAe4OaDyzPtQr
rY98Udr9KUVs6KOZmo1m1MJsau+4VLbxGJ3gFQhi4A/gC0+hDC8dv3RgCQkGxSRO
D/5+U7nWdJpLKLquzZ6ozSMTmIbUjq6gWv3vlzkArcU8CgSelDl89n9WFCB2j1i3
9u7EFy3X6a6nh3k0AO6dhjG7zpjRin4B5025ddCleyk/WSzEE0bz6v9SHViqJzyn
qezVZSPj/7qSaxFZMvBv0rOPaglYKi1Ls0yA9rYN5QdpN50E2ewaN/I5gjCn
-----END CERTIFICATE-----