Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/tbzFeACZbrvTbINlpPMoqx_yq6I.roa
File:                     tbzFeACZbrvTbINlpPMoqx_yq6I.roa (raw, json)
Hash identifier:          OcL4MhE4ukLMPaBuaZzRlFP/sG303eiisSy57133zno=
Subject key identifier:   B5:BC:C5:78:00:99:6E:BB:D3:6C:83:65:A4:F3:28:AB:1F:F2:AB:A2
Certificate issuer:       /CN=0b1e72f3d0957f5a6e3bd1b844a12a6147449027
Certificate serial:       019024F463B6831DC05B0471B03C05F60728
Authority key identifier: 0B:1E:72:F3:D0:95:7F:5A:6E:3B:D1:B8:44:A1:2A:61:47:44:90:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cx5y89CVf1puO9G4RKEqYUdEkCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/tbzFeACZbrvTbINlpPMoqx_yq6I.roa
Signing time:             Mon 17 Jun 2024 06:48:34 +0000
ROA not before:           Mon 17 Jun 2024 06:48:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        92.246.82.0/24 maxlen: 24
                          92.246.83.0/24 maxlen: 24
                          103.226.192.0/24 maxlen: 24
                          103.229.170.0/24 maxlen: 24
                          185.145.68.0/22 maxlen: 22
                          185.145.68.0/24 maxlen: 24
                          185.145.69.0/24 maxlen: 24
                          185.237.212.0/22 maxlen: 24
                          185.237.215.0/24 maxlen: 24
                          2a07:4640::/29 maxlen: 29
                          2a0d:c240::/29 maxlen: 29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:24:f4:63:b6:83:1d:c0:5b:04:71:b0:3c:05:f6:07:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b1e72f3d0957f5a6e3bd1b844a12a6147449027
        Validity
            Not Before: Jun 17 06:48:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5bcc57800996ebbd36c8365a4f328ab1ff2aba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5d:e5:01:64:90:c4:d0:6b:57:37:cb:36:e2:
                    bb:ed:6e:f4:94:3c:2c:fd:b0:f2:c4:f9:f9:b1:ad:
                    83:57:d2:a9:42:39:93:92:2a:08:5d:05:90:8d:30:
                    97:bc:08:76:d6:c1:2a:fb:32:fb:0a:e0:e9:ca:5b:
                    70:43:ba:9c:18:32:97:3c:29:48:d7:d8:07:76:f2:
                    3d:9a:dd:27:8f:55:32:37:31:2e:76:75:70:3b:a6:
                    cc:d4:cc:aa:0e:e9:d9:fe:17:d3:17:91:52:be:de:
                    2a:0b:ce:a6:7c:0f:fe:93:58:8f:80:f1:3e:e0:5b:
                    f5:87:87:ad:f1:0e:c3:35:06:49:a2:f1:18:7a:53:
                    a8:4d:9f:f3:d9:ff:c1:a2:84:27:ed:25:04:10:e4:
                    53:0d:d9:99:e5:78:d9:a7:c5:45:30:2a:a1:0f:87:
                    7e:86:af:4f:fc:3e:e8:a6:87:4d:b7:98:5c:0b:6b:
                    5d:f8:7d:ec:9e:5d:22:53:d2:3f:92:25:c8:fe:70:
                    d0:18:48:b5:9d:45:d2:f6:93:ac:30:cb:b6:df:1f:
                    5c:1d:58:8c:cc:af:49:ea:27:d6:b3:2c:73:38:d3:
                    05:67:5d:a9:f3:01:32:5c:7c:1d:ce:58:dc:e7:c6:
                    cc:a5:01:40:68:c5:4f:08:1f:47:aa:bb:2e:f2:da:
                    8c:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:BC:C5:78:00:99:6E:BB:D3:6C:83:65:A4:F3:28:AB:1F:F2:AB:A2
            X509v3 Authority Key Identifier:
                keyid:0B:1E:72:F3:D0:95:7F:5A:6E:3B:D1:B8:44:A1:2A:61:47:44:90:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cx5y89CVf1puO9G4RKEqYUdEkCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/tbzFeACZbrvTbINlpPMoqx_yq6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/Cx5y89CVf1puO9G4RKEqYUdEkCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.246.82.0/23
                  103.226.192.0/24
                  103.229.170.0/24
                  185.145.68.0/22
                  185.237.212.0/22
                IPv6:
                  2a07:4640::/29
                  2a0d:c240::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:c2:ea:96:47:8e:e3:06:dd:ba:c4:29:65:70:7c:5e:ff:c4:
         5a:1f:23:16:97:b5:5f:9a:68:ba:6b:26:1a:62:10:2f:6c:d9:
         40:fe:b1:10:7a:5f:e4:c9:d5:3a:18:7b:0c:7c:ee:12:ec:9c:
         ba:15:0b:e3:22:2c:cd:0b:bc:9b:dc:99:c6:7b:55:b6:ae:d8:
         c3:18:93:8a:9f:6d:eb:86:4e:0c:3a:a3:f1:49:3b:78:42:52:
         82:af:34:ce:ec:44:3a:38:a6:f3:87:b4:28:ed:ae:5b:47:56:
         0a:75:66:e0:f9:a0:86:19:fa:62:ae:ea:63:8f:4a:84:44:8b:
         f2:ee:af:6c:f0:ef:b1:51:6f:dd:f1:8f:e8:1e:3a:21:f6:2f:
         65:d9:e1:8f:0a:8b:ee:7c:33:bc:d6:6c:46:48:37:36:5f:ab:
         0c:5b:69:59:3d:9e:70:39:73:27:54:54:a8:4c:6c:46:8a:44:
         a8:c3:c2:32:f2:d0:5f:0d:e0:09:26:b2:bc:bf:a4:3a:6c:ac:
         d6:d7:0f:60:a7:45:3e:cf:8f:d0:df:d8:2c:60:ad:d1:df:df:
         09:ce:e7:4f:b6:51:f8:95:3d:e5:55:71:2b:82:a1:a4:3b:c3:
         08:54:82:c5:21:22:55:e6:dd:ba:4d:f2:16:7f:74:b7:bb:a5:
         71:6b:fd:a6
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZAk9GO2gx3AWwRxsDwF9gcoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMWU3MmYzZDA5NTdmNWE2ZTNiZDFiODQ0YTEyYTYxNDc0
NDkwMjcwHhcNMjQwNjE3MDY0ODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWJjYzU3ODAwOTk2ZWJiZDM2YzgzNjVhNGYzMjhhYjFmZjJhYmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArV3lAWSQxNBrVzfLNuK77W70lDws
/bDyxPn5sa2DV9KpQjmTkioIXQWQjTCXvAh21sEq+zL7CuDpyltwQ7qcGDKXPClI
19gHdvI9mt0nj1UyNzEudnVwO6bM1MyqDunZ/hfTF5FSvt4qC86mfA/+k1iPgPE+
4Fv1h4et8Q7DNQZJovEYelOoTZ/z2f/BooQn7SUEEORTDdmZ5XjZp8VFMCqhD4d+
hq9P/D7opodNt5hcC2td+H3snl0iU9I/kiXI/nDQGEi1nUXS9pOsMMu23x9cHViM
zK9J6ifWsyxzONMFZ12p8wEyXHwdzljc58bMpQFAaMVPCB9Hqrsu8tqM4wIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFLW8xXgAmW6702yDZaTzKKsf8quiMB8GA1UdIwQY
MBaAFAsecvPQlX9abjvRuEShKmFHRJAnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3g1eTg5Q1ZmMXB1TzlHNFJLRXFZVWRFa0NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8xYTVhOTYtZDM2ZS00ZjNhLTliMzQt
MDU0OGQzODk1YTU1LzEvdGJ6RmVBQ1picnZUYklObHBQTW9xeF95cTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8xYTVhOTYtZDM2ZS00ZjNhLTliMzQtMDU0OGQzODk1YTU1
LzEvQ3g1eTg5Q1ZmMXB1TzlHNFJLRXFZVWRFa0NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQBXPZSAwQA
Z+LAAwQAZ+WqAwQCuZFEAwQCue3UMBQEAgACMA4DBQMqB0ZAAwUDKg3CQDANBgkq
hkiG9w0BAQsFAAOCAQEAMsLqlkeO4wbdusQpZXB8Xv/EWh8jFpe1X5poumsmGmIQ
L2zZQP6xEHpf5MnVOhh7DHzuEuycuhUL4yIszQu8m9yZxntVtq7YwxiTip9t64ZO
DDqj8Uk7eEJSgq80zuxEOjim84e0KO2uW0dWCnVm4Pmghhn6Yq7qY49KhESL8u6v
bPDvsVFv3fGP6B46IfYvZdnhjwqL7nwzvNZsRkg3Nl+rDFtpWT2ecDlzJ1RUqExs
RopEqMPCMvLQXw3gCSayvL+kOmys1tcPYKdFPs+P0N/YLGCt0d/fCc7nT7ZR+JU9
5VVxK4KhpDvDCFSCxSEiVebduk3yFn90t7ulcWv9pg==
-----END CERTIFICATE-----