Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4d6ede-77fc-40fa-8767-84efaf90486c/1/BzBiEed9-vhYF42lcYk2wghVpEs.roa
File:                     BzBiEed9-vhYF42lcYk2wghVpEs.roa (raw, json)
Hash identifier:          U0IhVG4pcKv4LzHSlRh3WDx3A6IlExxy6GRqfDC38W8=
Subject key identifier:   07:30:62:11:E7:7D:FA:F8:58:17:8D:A5:71:89:36:C2:08:55:A4:4B
Certificate issuer:       /CN=6aebc95381af87a34aee42e6854cc608a90b4acc
Certificate serial:       01856E266699A38E30AC99686B8A2C3360A0
Authority key identifier: 6A:EB:C9:53:81:AF:87:A3:4A:EE:42:E6:85:4C:C6:08:A9:0B:4A:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/auvJU4Gvh6NK7kLmhUzGCKkLSsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4d6ede-77fc-40fa-8767-84efaf90486c/1/BzBiEed9-vhYF42lcYk2wghVpEs.roa
Signing time:             Sun 01 Jan 2023 16:24:48 +0000
ROA not before:           Sun 01 Jan 2023 16:24:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25521
IP address blocks:        185.223.112.0/22 maxlen: 22
                          46.30.160.0/21 maxlen: 21
                          93.188.32.0/21 maxlen: 21
                          176.115.96.0/21 maxlen: 21
                          193.106.136.0/22 maxlen: 22
                          193.0.216.0/22 maxlen: 22
                          193.0.220.0/23 maxlen: 23
                          91.224.24.0/23 maxlen: 23
                          82.193.96.0/19 maxlen: 19
                          195.64.148.0/23 maxlen: 23
                          2a02:2610::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:26:66:99:a3:8e:30:ac:99:68:6b:8a:2c:33:60:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aebc95381af87a34aee42e6854cc608a90b4acc
        Validity
            Not Before: Jan  1 16:24:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=07306211e77dfaf858178da5718936c20855a44b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:31:9e:f5:00:3a:b3:fc:0c:8e:20:2b:14:1b:
                    bf:1c:e9:0c:4f:53:84:83:2c:6f:30:8a:5c:a7:3d:
                    e8:c5:7e:5c:ff:98:f4:fa:41:41:69:2e:4b:f7:ec:
                    11:b5:0b:f5:e0:4c:de:2d:b7:1a:58:2c:f9:ea:04:
                    c1:af:df:2a:df:b2:64:cd:bb:ba:70:20:f1:f2:68:
                    98:a5:44:9b:f5:fa:b8:d3:f8:e5:4c:3a:15:7f:90:
                    f9:f0:e1:92:d2:f8:41:0a:14:11:68:07:09:09:7f:
                    3e:c8:96:5b:ba:eb:5e:85:07:e7:0f:08:0e:7b:f4:
                    ba:1a:06:f8:18:c6:bd:98:0e:20:bc:fd:0d:d5:83:
                    f0:3f:b0:13:ee:d9:27:29:87:9a:77:9d:0e:ed:2a:
                    31:81:4a:22:18:ea:8f:2c:f9:94:41:4a:86:6e:3b:
                    b7:b6:ac:d0:5f:b0:39:66:ec:33:e1:05:54:68:eb:
                    8c:6d:4a:c6:ef:f1:4e:34:2c:cf:23:4c:c6:d5:05:
                    e0:0d:04:df:28:9b:87:ee:a1:10:68:5d:04:01:cd:
                    b6:5e:2d:65:23:29:bf:b7:8a:0a:dd:b9:4e:05:ce:
                    bf:3c:7e:ea:a3:55:d6:89:60:ff:78:b9:19:81:c3:
                    46:e5:fc:30:04:6b:e7:4d:be:4d:75:e1:da:a1:81:
                    e6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:30:62:11:E7:7D:FA:F8:58:17:8D:A5:71:89:36:C2:08:55:A4:4B
            X509v3 Authority Key Identifier:
                keyid:6A:EB:C9:53:81:AF:87:A3:4A:EE:42:E6:85:4C:C6:08:A9:0B:4A:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/auvJU4Gvh6NK7kLmhUzGCKkLSsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4d6ede-77fc-40fa-8767-84efaf90486c/1/BzBiEed9-vhYF42lcYk2wghVpEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4d6ede-77fc-40fa-8767-84efaf90486c/1/auvJU4Gvh6NK7kLmhUzGCKkLSsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.30.160.0/21
                  82.193.96.0/19
                  91.224.24.0/23
                  93.188.32.0/21
                  176.115.96.0/21
                  185.223.112.0/22
                  193.0.216.0-193.0.221.255
                  193.106.136.0/22
                  195.64.148.0/23
                IPv6:
                  2a02:2610::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:41:1a:c6:b6:d9:7b:70:82:a4:d8:bf:ad:0a:40:47:78:8d:
         74:fd:44:41:f6:e5:20:e7:c5:a9:9d:81:d2:ad:83:33:d2:8a:
         54:fb:ec:fb:d5:10:e7:d2:65:52:62:5e:9c:32:c1:5d:4b:e2:
         a9:81:08:c1:d4:bc:b6:ae:fc:ac:db:5d:d4:ad:e2:1d:61:1b:
         e7:b9:d5:ab:d5:5e:2c:20:ce:e9:69:22:ae:a9:28:e7:79:68:
         0c:c6:2c:e6:35:be:92:c2:20:b8:fa:c3:15:d3:ff:88:22:e2:
         a8:f1:ee:2f:f9:12:e3:f3:f1:40:72:71:b9:ba:76:72:c4:fe:
         2b:cc:80:8a:a3:30:68:6d:2a:10:d4:80:85:97:70:3a:3a:dc:
         4c:88:c1:86:7b:49:80:c6:31:e8:53:8c:2c:10:72:f4:c3:22:
         83:f8:f9:f9:31:a5:52:b9:de:e9:17:e2:66:4d:e8:7f:c8:a8:
         95:a3:7f:c4:58:91:8b:30:e0:f8:b7:36:7e:2e:30:00:3b:ab:
         60:bc:32:3b:2e:85:8a:1a:3c:a9:e1:1b:51:50:de:a5:70:f3:
         46:e2:e1:ee:f5:f4:08:5c:28:f4:cf:35:eb:54:f7:3b:81:8c:
         43:96:e1:20:24:8e:c4:c9:1b:24:20:11:57:57:21:29:f5:93:
         54:02:5f:63
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYVuJmaZo44wrJloa4osM2CgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhZWJjOTUzODFhZjg3YTM0YWVlNDJlNjg1NGNjNjA4YTkw
YjRhY2MwHhcNMjMwMTAxMTYyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzMwNjIxMWU3N2RmYWY4NTgxNzhkYTU3MTg5MzZjMjA4NTVhNDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTGe9QA6s/wMjiArFBu/HOkMT1OE
gyxvMIpcpz3oxX5c/5j0+kFBaS5L9+wRtQv14EzeLbcaWCz56gTBr98q37Jkzbu6
cCDx8miYpUSb9fq40/jlTDoVf5D58OGS0vhBChQRaAcJCX8+yJZbuutehQfnDwgO
e/S6Ggb4GMa9mA4gvP0N1YPwP7AT7tknKYead50O7SoxgUoiGOqPLPmUQUqGbju3
tqzQX7A5Zuwz4QVUaOuMbUrG7/FONCzPI0zG1QXgDQTfKJuH7qEQaF0EAc22Xi1l
Iym/t4oK3blOBc6/PH7qo1XWiWD/eLkZgcNG5fwwBGvnTb5NdeHaoYHmsQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFAcwYhHnffr4WBeNpXGJNsIIVaRLMB8GA1UdIwQY
MBaAFGrryVOBr4ejSu5C5oVMxgipC0rMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXV2SlU0R3ZoNk5LN2tMbWhVekdDS2tMU3N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZDZlZGUtNzdmYy00MGZhLTg3Njct
ODRlZmFmOTA0ODZjLzEvQnpCaUVlZDktdmhZRjQybGNZazJ3Z2hWcEVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZDZlZGUtNzdmYy00MGZhLTg3NjctODRlZmFmOTA0ODZj
LzEvYXV2SlU0R3ZoNk5LN2tMbWhVekdDS2tMU3N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQDLh6gAwQF
UsFgAwQBW+AYAwQDXbwgAwQDsHNgAwQCud9wMAwDBAPBANgDBAHBANwDBALBaogD
BAHDQJQwDQQCAAIwBwMFACoCJhAwDQYJKoZIhvcNAQELBQADggEBAEBBGsa22Xtw
gqTYv60KQEd4jXT9REH25SDnxamdgdKtgzPSilT77PvVEOfSZVJiXpwywV1L4qmB
CMHUvLau/KzbXdSt4h1hG+e51avVXiwgzulpIq6pKOd5aAzGLOY1vpLCILj6wxXT
/4gi4qjx7i/5EuPz8UBycbm6dnLE/ivMgIqjMGhtKhDUgIWXcDo63EyIwYZ7SYDG
MehTjCwQcvTDIoP4+fkxpVK53ukX4mZN6H/IqJWjf8RYkYsw4Pi3Nn4uMAA7q2C8
MjsuhYoaPKnhG1FQ3qVw80bi4e719AhcKPTPNetU9zuBjEOW4SAkjsTJGyQgEVdX
ISn1k1QCX2M=
-----END CERTIFICATE-----