Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/3cB6K3WCMzHZyjmIEwu40SMtisQ.roa
File:                     3cB6K3WCMzHZyjmIEwu40SMtisQ.roa (raw, json)
Hash identifier:          mW3ewj1BIXqhIBda0P06AB9OgfCgsi1LNTpmDiCldnk=
Subject key identifier:   DD:C0:7A:2B:75:82:33:31:D9:CA:39:88:13:0B:B8:D1:23:2D:8A:C4
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       0187378BB15EA87636B5836087B5C853A485
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/3cB6K3WCMzHZyjmIEwu40SMtisQ.roa
Signing time:             Fri 31 Mar 2023 12:01:54 +0000
ROA not before:           Fri 31 Mar 2023 12:01:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        185.123.156.0/22 maxlen: 23
                          185.130.40.0/22 maxlen: 23
                          46.161.210.0/23 maxlen: 23
                          46.161.216.0/22 maxlen: 23
                          2a0c:9e04::/32 maxlen: 32
                          2a0c:fe02::/32 maxlen: 32
                          2a0c:9e03::/32 maxlen: 32
                          2a0c:fe05::/32 maxlen: 32
                          2a0c:fe04::/32 maxlen: 32
                          2a0c:9e07::/32 maxlen: 32
                          2a0c:fe03::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:37:8b:b1:5e:a8:76:36:b5:83:60:87:b5:c8:53:a4:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Mar 31 12:01:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ddc07a2b75823331d9ca3988130bb8d1232d8ac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a5:c4:2a:31:70:58:a9:2d:10:1a:10:06:8e:
                    d0:32:95:a3:6a:71:b3:08:be:1b:67:d0:7c:8c:88:
                    25:ae:7a:3b:5d:96:84:14:1f:50:f6:31:1c:c7:f8:
                    ba:33:cd:0f:af:f0:ab:14:8e:7b:93:05:e5:b6:2c:
                    65:22:23:08:81:ac:ce:dd:2a:3a:91:63:87:a1:41:
                    77:ee:30:04:95:5f:40:f9:79:f5:65:d6:08:d7:6c:
                    64:e6:f1:df:1e:3a:9c:d5:b2:03:f8:64:d1:d4:f2:
                    0e:57:2c:91:b5:75:71:f5:3b:ed:a1:fe:b2:7f:ba:
                    ae:7f:05:53:33:00:c3:c1:ea:5f:bc:47:22:7c:26:
                    d5:48:91:fc:03:dd:50:36:eb:4a:8a:6e:cb:0e:05:
                    9c:af:92:b7:84:15:65:54:23:17:f9:77:3a:a5:82:
                    e1:14:1c:a7:78:78:c9:17:0a:00:bf:37:af:31:51:
                    92:0c:df:3e:44:10:71:5d:2e:63:b3:e2:01:fb:19:
                    4a:6f:5a:3c:67:df:fb:71:b0:1c:a8:30:85:d7:8c:
                    a3:42:c2:f0:b0:0a:18:e0:5c:00:a7:71:cd:f1:b9:
                    21:8b:58:6a:a1:55:ae:5f:4b:85:08:4f:b4:c2:4f:
                    be:d2:b4:7a:fc:12:49:88:42:a9:a1:ae:cc:b2:6d:
                    3b:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:C0:7A:2B:75:82:33:31:D9:CA:39:88:13:0B:B8:D1:23:2D:8A:C4
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/3cB6K3WCMzHZyjmIEwu40SMtisQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.161.210.0/23
                  46.161.216.0/22
                  185.123.156.0/22
                  185.130.40.0/22
                IPv6:
                  2a0c:9e03::-2a0c:9e04:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0c:9e07::/32
                  2a0c:fe02::-2a0c:fe05:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         aa:fc:ff:23:1a:30:7a:fc:47:ea:d4:57:80:d5:b6:45:1d:10:
         13:f7:c2:a8:e7:44:85:72:e6:0e:f9:19:38:26:0b:20:ae:b1:
         81:5e:da:c9:13:8f:ca:83:9c:65:e9:af:64:ce:62:d2:c9:0d:
         55:1b:d5:ea:63:d2:a9:42:b4:b8:c0:ad:f8:22:f2:c6:fa:c7:
         47:85:58:fd:c3:84:cb:ce:7b:38:4a:d8:90:4e:2f:f9:1b:ad:
         6d:87:39:01:4d:c4:51:6e:5f:0a:9d:70:3f:af:63:a8:df:f3:
         69:b5:bc:b8:e0:d8:a2:6a:6c:fb:af:f8:ff:d7:40:73:a1:4b:
         18:2b:27:c7:9b:22:8a:42:48:78:57:a4:da:19:b6:da:7d:ac:
         75:89:c7:45:2d:15:e6:44:a4:ef:a1:86:19:62:4d:02:88:dd:
         ac:5f:7e:df:e5:ef:6f:09:05:6e:d0:46:25:36:93:5b:78:ae:
         c9:a0:9a:e0:67:fd:17:1a:75:14:09:c2:03:74:c0:31:cf:21:
         80:ea:8d:00:67:a0:42:3f:f9:8a:63:c7:db:d2:90:93:c9:93:
         d9:12:c8:30:01:1a:fa:d8:db:6b:95:2a:0d:7f:76:98:1f:d2:
         1d:45:7e:26:10:24:17:62:75:66:8e:ed:9b:87:ae:e7:82:60:
         3d:13:c5:dd
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYc3i7FeqHY2tYNgh7XIU6SFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjMwMzMxMTIwMTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGMwN2EyYjc1ODIzMzMxZDljYTM5ODgxMzBiYjhkMTIzMmQ4YWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaXEKjFwWKktEBoQBo7QMpWjanGz
CL4bZ9B8jIglrno7XZaEFB9Q9jEcx/i6M80Pr/CrFI57kwXltixlIiMIgazO3So6
kWOHoUF37jAElV9A+Xn1ZdYI12xk5vHfHjqc1bID+GTR1PIOVyyRtXVx9Tvtof6y
f7qufwVTMwDDwepfvEcifCbVSJH8A91QNutKim7LDgWcr5K3hBVlVCMX+Xc6pYLh
FByneHjJFwoAvzevMVGSDN8+RBBxXS5js+IB+xlKb1o8Z9/7cbAcqDCF14yjQsLw
sAoY4FwAp3HN8bkhi1hqoVWuX0uFCE+0wk++0rR6/BJJiEKpoa7Msm07VwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFN3Aeit1gjMx2co5iBMLuNEjLYrEMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvM2NCNkszV0NNekhaeWptSUV3dTQwU010aXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAeBAIAATAYAwQBLqHSAwQC
LqHYAwQCuXucAwQCuYIoMC0EAgACMCcwDgMFACoMngMDBQAqDJ4EAwUAKgyeBzAO
AwUBKgz+AgMFASoM/gQwDQYJKoZIhvcNAQELBQADggEBAKr8/yMaMHr8R+rUV4DV
tkUdEBP3wqjnRIVy5g75GTgmCyCusYFe2skTj8qDnGXpr2TOYtLJDVUb1epj0qlC
tLjArfgi8sb6x0eFWP3DhMvOezhK2JBOL/kbrW2HOQFNxFFuXwqdcD+vY6jf82m1
vLjg2KJqbPuv+P/XQHOhSxgrJ8ebIopCSHhXpNoZttp9rHWJx0UtFeZEpO+hhhli
TQKI3axfft/l728JBW7QRiU2k1t4rsmgmuBn/RcadRQJwgN0wDHPIYDqjQBnoEI/
+Ypjx9vSkJPJk9kSyDABGvrY22uVKg1/dpgf0h1FfiYQJBdidWaO7ZuHrueCYD0T
xd0=
-----END CERTIFICATE-----