Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/T-_cq-VM8nMAbbUBO-xvGkdjJK4.roa
File:                     T-_cq-VM8nMAbbUBO-xvGkdjJK4.roa (raw, json)
Hash identifier:          cOS2iSwDgvcO2cnrHSDU0Njvi+But2sJ/E4NVRNtjKQ=
Subject key identifier:   4F:EF:DC:AB:E5:4C:F2:73:00:6D:B5:01:3B:EC:6F:1A:47:63:24:AE
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       0189DA9D7149AFE50A1E0973BBCD8A890AEA
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/T-_cq-VM8nMAbbUBO-xvGkdjJK4.roa
Signing time:             Wed 09 Aug 2023 14:04:58 +0000
ROA not before:           Wed 09 Aug 2023 14:04:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        185.123.156.0/22 maxlen: 23
                          185.130.40.0/22 maxlen: 23
                          46.161.216.0/22 maxlen: 23
                          2a0c:9e04::/32 maxlen: 32
                          2a0c:fe02::/32 maxlen: 32
                          2a0c:9e03::/32 maxlen: 32
                          2a0c:fe05::/32 maxlen: 32
                          2a0c:fe04::/32 maxlen: 32
                          2a0c:9e07::/32 maxlen: 32
                          2a0c:fe03::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:da:9d:71:49:af:e5:0a:1e:09:73:bb:cd:8a:89:0a:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Aug  9 14:04:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4fefdcabe54cf273006db5013bec6f1a476324ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:27:51:4e:93:6b:c3:f0:ce:f1:5c:23:1f:2c:
                    b7:60:06:8d:a3:3d:67:30:21:54:6a:d6:1d:1a:be:
                    0a:e8:a1:30:0f:3b:f9:e7:8d:d9:05:34:1e:3a:e7:
                    51:12:bf:fd:d2:07:11:98:f9:85:8d:6b:3c:c4:a6:
                    b5:dc:6e:a1:88:37:5a:30:3b:36:1f:44:ff:0d:8c:
                    6b:14:ac:fc:17:38:02:d4:f0:0c:53:ce:2d:73:05:
                    83:2f:94:04:a5:72:dc:13:9a:a9:1b:d5:67:ae:02:
                    ff:7d:dd:85:01:c9:3f:e3:64:0d:1f:dc:c9:53:2f:
                    fb:56:93:af:81:45:90:02:22:c3:b8:dc:a2:28:a5:
                    f5:6d:0c:07:79:ff:22:66:c3:72:5a:5f:55:0b:2f:
                    86:0a:fe:b2:55:22:83:26:3d:e6:57:71:7b:b4:53:
                    fc:bf:5e:d6:c0:70:bd:1a:d3:99:14:82:da:04:c4:
                    71:11:98:fa:2a:42:56:f9:53:63:7d:d0:ba:9f:ba:
                    6e:a1:c4:ef:60:83:ae:8e:3c:e2:a4:91:16:4f:9b:
                    c4:10:61:f7:37:19:54:52:64:84:5a:61:60:8e:8b:
                    84:23:c2:78:76:00:8c:22:a5:e5:84:fe:d7:42:dd:
                    5c:92:2b:a2:4e:28:29:39:04:c6:df:84:a9:12:8d:
                    5c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:EF:DC:AB:E5:4C:F2:73:00:6D:B5:01:3B:EC:6F:1A:47:63:24:AE
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/T-_cq-VM8nMAbbUBO-xvGkdjJK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.161.216.0/22
                  185.123.156.0/22
                  185.130.40.0/22
                IPv6:
                  2a0c:9e03::-2a0c:9e04:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0c:9e07::/32
                  2a0c:fe02::-2a0c:fe05:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         43:f5:00:86:ed:12:a1:f7:97:82:89:9e:d3:46:99:d1:51:d4:
         f7:bf:30:f4:b8:df:4e:b7:fd:da:9b:b1:9f:ca:3e:86:df:3b:
         60:a3:ef:69:a8:9f:b3:88:6f:2f:3e:fb:35:c1:4b:91:ad:53:
         ea:5e:0d:07:60:20:99:89:34:8b:3f:6a:1c:9f:25:13:03:e1:
         cd:8d:17:b9:fa:6a:7e:df:87:bc:dc:26:09:44:3f:c9:7d:76:
         ec:97:98:5d:ab:25:07:41:28:06:ad:03:b1:97:6e:c4:7c:8c:
         5a:2d:bb:ad:f8:40:e9:d6:de:06:a3:02:64:95:c3:bf:cd:6b:
         7e:0c:db:dd:b5:f1:6e:a1:58:d0:c6:7e:ac:41:9c:a6:22:e7:
         de:33:64:77:27:f3:0c:67:01:32:3c:34:cc:c7:80:9e:48:ed:
         c0:0f:31:36:f0:59:63:46:9b:0c:59:61:a1:88:e1:96:16:f9:
         08:2a:ef:eb:4f:65:85:17:66:d8:d6:d7:b5:f2:82:54:9a:f7:
         74:e6:9a:2b:c0:43:59:68:3b:7e:a5:ae:60:a6:9b:3c:6d:55:
         55:4d:78:54:24:a4:a7:d0:3c:9a:7a:6e:8c:f0:aa:94:e9:93:
         cc:a9:d9:67:59:53:ac:90:99:77:3e:3e:ee:b5:e2:cf:b3:65:
         0f:69:c6:fb
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYnanXFJr+UKHglzu82KiQrqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjMwODA5MTQwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmVmZGNhYmU1NGNmMjczMDA2ZGI1MDEzYmVjNmYxYTQ3NjMyNGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoydRTpNrw/DO8VwjHyy3YAaNoz1n
MCFUatYdGr4K6KEwDzv5543ZBTQeOudREr/90gcRmPmFjWs8xKa13G6hiDdaMDs2
H0T/DYxrFKz8FzgC1PAMU84tcwWDL5QEpXLcE5qpG9VnrgL/fd2FAck/42QNH9zJ
Uy/7VpOvgUWQAiLDuNyiKKX1bQwHef8iZsNyWl9VCy+GCv6yVSKDJj3mV3F7tFP8
v17WwHC9GtOZFILaBMRxEZj6KkJW+VNjfdC6n7puocTvYIOujjzipJEWT5vEEGH3
NxlUUmSEWmFgjouEI8J4dgCMIqXlhP7XQt1ckiuiTigpOQTG34SpEo1cxwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFE/v3KvlTPJzAG21ATvsbxpHYySuMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvVC1fY3EtVk04bk1BYmJVQk8teHZHa2RqSks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTAYBAIAATASAwQCLqHYAwQC
uXucAwQCuYIoMC0EAgACMCcwDgMFACoMngMDBQAqDJ4EAwUAKgyeBzAOAwUBKgz+
AgMFASoM/gQwDQYJKoZIhvcNAQELBQADggEBAEP1AIbtEqH3l4KJntNGmdFR1Pe/
MPS43063/dqbsZ/KPobfO2Cj72mon7OIby8++zXBS5GtU+peDQdgIJmJNIs/ahyf
JRMD4c2NF7n6an7fh7zcJglEP8l9duyXmF2rJQdBKAatA7GXbsR8jFotu634QOnW
3gajAmSVw7/Na34M29218W6hWNDGfqxBnKYi594zZHcn8wxnATI8NMzHgJ5I7cAP
MTbwWWNGmwxZYaGI4ZYW+Qgq7+tPZYUXZtjW17XyglSa93TmmivAQ1loO36lrmCm
mzxtVVVNeFQkpKfQPJp6bozwqpTpk8yp2WdZU6yQmXc+Pu614s+zZQ9pxvs=
-----END CERTIFICATE-----