Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/d2OQI9j8MFA4rlacOeNgBr3zDlc.roa
File:                     d2OQI9j8MFA4rlacOeNgBr3zDlc.roa (raw, json)
Hash identifier:          8TKrntBPWRcLwxRgHXw2ABQ/jhdshp35amFFyYjz8zg=
Subject key identifier:   77:63:90:23:D8:FC:30:50:38:AE:56:9C:39:E3:60:06:BD:F3:0E:57
Certificate issuer:       /CN=b011022187e3395a1524fa1a7541ea793285afc2
Certificate serial:       0182C542A67BAEADEA6851852B4BE86B8691
Authority key identifier: B0:11:02:21:87:E3:39:5A:15:24:FA:1A:75:41:EA:79:32:85:AF:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBECIYfjOVoVJPoadUHqeTKFr8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/d2OQI9j8MFA4rlacOeNgBr3zDlc.roa
Signing time:             Mon 22 Aug 2022 11:14:15 +0000
ROA not before:           Mon 22 Aug 2022 11:14:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39308
IP address blocks:        46.21.80.0/20 maxlen: 20
                          185.56.96.0/22 maxlen: 24
                          176.221.16.0/20 maxlen: 20
                          176.12.64.0/20 maxlen: 20
                          109.109.32.0/19 maxlen: 19
                          89.144.128.0/18 maxlen: 20
                          89.144.130.0/24 maxlen: 24
                          37.128.240.0/20 maxlen: 20
                          109.109.48.0/24 maxlen: 24
                          159.20.96.0/20 maxlen: 20
                          2a00:1570::/32 maxlen: 64

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:c5:42:a6:7b:ae:ad:ea:68:51:85:2b:4b:e8:6b:86:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b011022187e3395a1524fa1a7541ea793285afc2
        Validity
            Not Before: Aug 22 11:14:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=77639023d8fc305038ae569c39e36006bdf30e57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:95:a0:ea:4a:1b:46:6f:4b:71:75:ad:34:17:
                    47:f9:0b:d3:29:ba:f7:42:19:d8:db:a8:e5:64:7b:
                    4e:ae:86:3c:26:81:5c:61:91:c7:98:53:a6:2e:49:
                    6e:1b:8c:34:cc:ca:23:00:6d:25:f5:a9:8f:97:7a:
                    ea:57:c6:1c:02:49:c4:1f:3b:c4:fe:2c:13:f7:e8:
                    1d:d7:d5:48:87:71:d5:96:65:47:cc:33:b4:19:a3:
                    83:1c:08:f0:ea:ba:84:78:98:4e:7d:0d:85:dc:4c:
                    31:43:09:32:c1:50:47:ee:8f:74:e4:9a:b0:57:68:
                    db:03:e3:53:7f:88:b7:21:1b:16:47:5b:84:ce:b8:
                    b4:f9:3b:68:63:d8:7f:b9:86:89:c5:03:40:f4:ff:
                    7e:d6:0d:2a:d7:32:aa:1d:e2:1f:6d:63:b7:fd:59:
                    1a:5c:65:f4:21:d1:f9:a4:92:57:d7:4c:34:5d:a3:
                    f4:94:f6:78:06:b2:ff:e3:6e:ec:9f:1f:45:ee:17:
                    64:0d:0c:d2:06:d1:f4:fc:72:91:68:e3:af:5f:12:
                    90:3e:97:60:4c:1f:12:c2:f6:1f:0a:ed:22:9c:c9:
                    41:b3:ee:a6:08:64:d7:2f:f7:d9:4d:61:77:8c:82:
                    ef:2e:2b:c9:99:27:e5:9a:81:39:ee:f7:4a:65:ac:
                    f1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:63:90:23:D8:FC:30:50:38:AE:56:9C:39:E3:60:06:BD:F3:0E:57
            X509v3 Authority Key Identifier:
                keyid:B0:11:02:21:87:E3:39:5A:15:24:FA:1A:75:41:EA:79:32:85:AF:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBECIYfjOVoVJPoadUHqeTKFr8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/d2OQI9j8MFA4rlacOeNgBr3zDlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/sBECIYfjOVoVJPoadUHqeTKFr8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.128.240.0/20
                  46.21.80.0/20
                  89.144.128.0/18
                  109.109.32.0/19
                  159.20.96.0/20
                  176.12.64.0/20
                  176.221.16.0/20
                  185.56.96.0/22
                IPv6:
                  2a00:1570::/32

    Signature Algorithm: sha256WithRSAEncryption
         b9:81:7d:dc:17:e9:dd:ac:6d:8d:85:a3:9c:9b:bd:ab:5e:79:
         e2:e0:c7:e0:e3:10:93:b0:f6:8f:b2:d9:af:17:f4:39:43:68:
         94:f2:ed:e1:63:ac:cd:f7:09:81:54:37:ac:d7:2b:e0:6a:fc:
         d9:1a:de:a2:ff:3d:b1:c6:d9:cb:73:7e:5f:3a:21:08:07:55:
         13:a9:f6:1d:2a:9f:34:f8:e8:0f:94:57:f6:20:83:a6:a0:8c:
         aa:fa:f6:c3:b8:26:1f:f5:28:82:68:70:93:28:23:b5:f2:08:
         21:6d:27:54:a0:38:6c:b8:9b:f2:37:3d:5b:d2:fe:e7:db:4f:
         ed:75:a0:fe:b1:99:5e:80:71:d3:69:3d:30:18:b0:ab:5c:3d:
         e3:a8:5f:7b:f3:3e:17:af:97:c1:0d:07:5b:e3:e1:c0:a9:17:
         7a:b9:7f:87:8f:6f:f5:7d:a5:f0:fd:72:6e:11:97:ad:27:dd:
         39:68:bb:5a:83:cb:4e:6d:50:95:c8:0a:51:3d:95:11:5c:e7:
         e6:49:02:15:54:66:11:64:62:a5:45:4e:af:5b:db:ba:4d:c9:
         68:a5:d3:4b:bb:03:9b:ef:e4:d8:48:0d:03:57:2f:fc:99:43:
         55:fa:56:13:77:ed:43:40:7a:c5:a4:3e:19:70:92:d8:0e:6e:
         00:de:94:6d
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYLFQqZ7rq3qaFGFK0voa4aRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMTEwMjIxODdlMzM5NWExNTI0ZmExYTc1NDFlYTc5MzI4
NWFmYzIwHhcNMjIwODIyMTExNDE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzYzOTAyM2Q4ZmMzMDUwMzhhZTU2OWMzOWUzNjAwNmJkZjMwZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pWg6kobRm9LcXWtNBdH+QvTKbr3
QhnY26jlZHtOroY8JoFcYZHHmFOmLkluG4w0zMojAG0l9amPl3rqV8YcAknEHzvE
/iwT9+gd19VIh3HVlmVHzDO0GaODHAjw6rqEeJhOfQ2F3EwxQwkywVBH7o905Jqw
V2jbA+NTf4i3IRsWR1uEzri0+TtoY9h/uYaJxQNA9P9+1g0q1zKqHeIfbWO3/Vka
XGX0IdH5pJJX10w0XaP0lPZ4BrL/427snx9F7hdkDQzSBtH0/HKRaOOvXxKQPpdg
TB8SwvYfCu0inMlBs+6mCGTXL/fZTWF3jILvLivJmSflmoE57vdKZazxVwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFHdjkCPY/DBQOK5WnDnjYAa98w5XMB8GA1UdIwQY
MBaAFLARAiGH4zlaFST6GnVB6nkyha/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0JFQ0lZZmpPVm9WSlBvYWRVSHFlVEtGcjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9lOGJiZDItMTM2MS00MWEzLTkwZjAt
NTMzNGU2YjhjNWZlLzEvZDJPUUk5ajhNRkE0cmxhY09lTmdCcjN6RGxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9lOGJiZDItMTM2MS00MWEzLTkwZjAtNTMzNGU2YjhjNWZl
LzEvc0JFQ0lZZmpPVm9WSlBvYWRVSHFlVEtGcjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQEJYDwAwQE
LhVQAwQGWZCAAwQFbW0gAwQEnxRgAwQEsAxAAwQEsN0QAwQCuThgMA0EAgACMAcD
BQAqABVwMA0GCSqGSIb3DQEBCwUAA4IBAQC5gX3cF+ndrG2NhaOcm72rXnni4Mfg
4xCTsPaPstmvF/Q5Q2iU8u3hY6zN9wmBVDes1yvgavzZGt6i/z2xxtnLc35fOiEI
B1UTqfYdKp80+OgPlFf2IIOmoIyq+vbDuCYf9SiCaHCTKCO18gghbSdUoDhsuJvy
Nz1b0v7n20/tdaD+sZlegHHTaT0wGLCrXD3jqF978z4Xr5fBDQdb4+HAqRd6uX+H
j2/1faXw/XJuEZetJ905aLtag8tObVCVyApRPZURXOfmSQIVVGYRZGKlRU6vW9u6
TclopdNLuwOb7+TYSA0DVy/8mUNV+lYTd+1DQHrFpD4ZcJLYDm4A3pRt
-----END CERTIFICATE-----