Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/m-YY1J_s3B3StG84pRzmhM2S_l8.roa
File:                     m-YY1J_s3B3StG84pRzmhM2S_l8.roa (raw, json)
Hash identifier:          t+iGq2ectJWo1z0wJ5O5ilk0w6A6+CqM/dGWhgDY/6k=
Subject key identifier:   9B:E6:18:D4:9F:EC:DC:1D:D2:B4:6F:38:A5:1C:E6:84:CD:92:FE:5F
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0183A3168B3A4C69AADE3636652BF484DAE6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/m-YY1J_s3B3StG84pRzmhM2S_l8.roa
Signing time:             Tue 04 Oct 2022 13:01:46 +0000
ROA not before:           Tue 04 Oct 2022 13:01:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     22653
IP address blocks:        31.169.124.0/24 maxlen: 24
                          31.169.125.0/24 maxlen: 24
                          31.169.127.0/24 maxlen: 24
                          31.169.126.0/24 maxlen: 24
                          85.217.128.0/24 maxlen: 24
                          164.40.186.0/23 maxlen: 24
                          84.54.50.0/24 maxlen: 24
                          164.40.184.0/24 maxlen: 24
                          194.48.249.0/24 maxlen: 24
                          185.221.66.0/24 maxlen: 24
                          79.110.49.0/24 maxlen: 24
                          194.180.49.0/24 maxlen: 24
                          185.225.72.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:a3:16:8b:3a:4c:69:aa:de:36:36:65:2b:f4:84:da:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct  4 13:01:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9be618d49fecdc1dd2b46f38a51ce684cd92fe5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:35:4f:f5:1e:76:c2:f1:46:94:f1:28:54:c9:
                    67:49:f7:18:d3:07:5b:b6:3f:11:19:91:02:9a:2f:
                    72:fc:b1:a1:ca:74:48:35:8f:1a:b6:78:a2:f3:00:
                    90:43:d8:ae:df:17:cd:a8:c0:9c:dd:27:05:f2:bf:
                    f1:62:36:cd:1b:eb:de:f5:31:a1:1b:f0:26:fc:84:
                    8e:e7:24:26:85:1d:75:f3:5b:88:57:8c:54:2f:17:
                    3b:67:7a:fd:83:c1:07:9b:9b:98:2c:94:e4:63:ab:
                    1e:c7:5d:ab:5a:de:72:ba:41:54:5b:78:8b:36:1a:
                    82:c3:29:f3:be:81:b3:03:02:03:4c:f7:d9:b5:d7:
                    a8:89:02:fe:51:f1:45:b5:2d:93:49:98:8d:31:33:
                    9f:73:3a:38:20:91:a3:81:27:b5:ff:87:8a:57:a7:
                    74:33:43:6d:11:8a:68:6a:80:d7:f7:c5:cd:39:af:
                    b3:3f:d4:01:31:7a:4a:b0:c9:c5:bd:94:40:10:b8:
                    ed:1a:fa:74:e4:f4:dc:d0:17:b9:c0:fe:a2:d1:22:
                    31:14:6d:8b:9e:a5:23:ba:e2:5c:47:46:70:45:06:
                    83:e1:21:00:05:bb:74:9d:dc:4e:46:ee:39:f5:6d:
                    65:e7:56:59:7c:f2:8e:67:35:b0:7c:0d:d5:e9:26:
                    ee:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:E6:18:D4:9F:EC:DC:1D:D2:B4:6F:38:A5:1C:E6:84:CD:92:FE:5F
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/m-YY1J_s3B3StG84pRzmhM2S_l8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.124.0/22
                  79.110.49.0/24
                  84.54.50.0/24
                  85.217.128.0/24
                  164.40.184.0/24
                  164.40.186.0/23
                  185.221.66.0/24
                  185.225.72.0/24
                  194.48.249.0/24
                  194.180.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:2c:f4:60:a9:bb:14:ed:ce:e0:45:d5:73:a8:80:d5:04:c9:
         ec:64:6b:24:6a:70:75:49:fe:42:e5:25:ae:34:23:41:0a:80:
         de:a3:f1:fa:a9:82:45:b1:de:9d:a8:a2:fa:bb:09:82:56:cb:
         2c:4a:e1:a5:c6:61:a0:6f:a3:28:7a:38:8a:67:d1:f5:17:46:
         aa:e7:4e:93:c9:a2:7b:8d:f7:64:63:c9:16:e1:ac:e9:06:b1:
         cd:3f:be:a3:db:cb:3e:68:73:2e:a1:dc:4c:52:14:c5:f0:f2:
         69:36:97:d0:de:73:da:89:70:59:c9:07:c2:50:49:d4:4a:cb:
         06:df:de:2e:a4:bc:f1:f9:51:12:99:cd:d3:37:e7:02:cc:1b:
         df:c9:da:50:ab:95:c7:91:91:1a:31:8b:1f:43:3e:c0:19:78:
         12:67:f7:ac:fe:8b:d5:f0:a1:03:aa:26:28:e2:c6:b0:a8:fa:
         3b:68:4b:89:16:e5:b3:08:51:22:dd:87:21:b1:50:c6:f9:3c:
         81:76:84:cc:31:0c:e0:fc:ed:37:36:5a:ee:c2:25:9c:1f:f5:
         b0:a4:bf:68:96:c3:b7:cc:c6:f8:61:4f:e4:2d:9b:cf:21:7b:
         e1:09:21:a9:11:5b:86:eb:e8:3c:38:30:be:8d:f3:1c:9c:ba:
         b7:f6:76:73
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYOjFos6TGmq3jY2ZSv0hNrmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMDA0MTMwMTQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmU2MThkNDlmZWNkYzFkZDJiNDZmMzhhNTFjZTY4NGNkOTJmZTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDVP9R52wvFGlPEoVMlnSfcY0wdb
tj8RGZECmi9y/LGhynRINY8atnii8wCQQ9iu3xfNqMCc3ScF8r/xYjbNG+ve9TGh
G/Am/ISO5yQmhR1181uIV4xULxc7Z3r9g8EHm5uYLJTkY6sex12rWt5yukFUW3iL
NhqCwynzvoGzAwIDTPfZtdeoiQL+UfFFtS2TSZiNMTOfczo4IJGjgSe1/4eKV6d0
M0NtEYpoaoDX98XNOa+zP9QBMXpKsMnFvZRAELjtGvp05PTc0Be5wP6i0SIxFG2L
nqUjuuJcR0ZwRQaD4SEABbt0ndxORu459W1l51ZZfPKOZzWwfA3V6SbuUQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFJvmGNSf7Nwd0rRvOKUc5oTNkv5fMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbS1ZWTFKX3MzQjNTdEc4NHBSem1oTTJTX2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCH6l8AwQA
T24xAwQAVDYyAwQAVdmAAwQApCi4AwQBpCi6AwQAud1CAwQAueFIAwQAwjD5AwQA
wrQxMA0GCSqGSIb3DQEBCwUAA4IBAQAlLPRgqbsU7c7gRdVzqIDVBMnsZGskanB1
Sf5C5SWuNCNBCoDeo/H6qYJFsd6dqKL6uwmCVsssSuGlxmGgb6MoejiKZ9H1F0aq
506TyaJ7jfdkY8kW4azpBrHNP76j28s+aHMuodxMUhTF8PJpNpfQ3nPaiXBZyQfC
UEnUSssG394upLzx+VESmc3TN+cCzBvfydpQq5XHkZEaMYsfQz7AGXgSZ/es/ovV
8KEDqiYo4sawqPo7aEuJFuWzCFEi3YchsVDG+TyBdoTMMQzg/O03NlruwiWcH/Ww
pL9olsO3zMb4YU/kLZvPIXvhCSGpEVuG6+g8ODC+jfMcnLq39nZz
-----END CERTIFICATE-----