Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/Mpeeeyvll4IYoUoxFm8jPM2w7o0.roa
File:                     Mpeeeyvll4IYoUoxFm8jPM2w7o0.roa (raw, json)
Hash identifier:          evQ//Pv3w8H1JEbHxha1Me4YvseZar4fBrpwYNsLipM=
Subject key identifier:   32:97:9E:7B:2B:E5:97:82:18:A1:4A:31:16:6F:23:3C:CD:B0:EE:8D
Certificate issuer:       /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial:       01893B608D10695FD36D979E458C11C28C2B
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/Mpeeeyvll4IYoUoxFm8jPM2w7o0.roa
Signing time:             Sun 09 Jul 2023 15:58:50 +0000
ROA not before:           Sun 09 Jul 2023 15:58:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47869
IP address blocks:        109.235.48.0/21 maxlen: 21
                          178.239.48.0/20 maxlen: 20
                          94.185.80.0/21 maxlen: 21
                          185.149.56.0/22 maxlen: 22
                          194.110.67.0/24 maxlen: 24
                          37.46.192.0/22 maxlen: 22
                          91.205.232.0/22 maxlen: 22
                          37.46.199.0/24 maxlen: 24
                          91.199.50.0/24 maxlen: 24
                          37.46.196.0/23 maxlen: 23
                          185.24.248.0/22 maxlen: 22
                          31.171.132.0/22 maxlen: 22
                          94.228.208.0/20 maxlen: 20
                          2a00:dd0::/32 maxlen: 48
                          2a00:dd0:bbbb::/48 maxlen: 48
                          2a00:dd0:aaaa::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:3b:60:8d:10:69:5f:d3:6d:97:9e:45:8c:11:c2:8c:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
        Validity
            Not Before: Jul  9 15:58:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=32979e7b2be5978218a14a31166f233ccdb0ee8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f4:d8:33:61:b9:7c:9f:e5:98:e5:94:53:57:
                    7b:38:ce:58:80:d0:2f:19:33:67:7b:cc:18:7c:2b:
                    d5:16:44:15:0a:4a:e9:38:aa:a1:bc:f2:0a:cc:04:
                    bf:c7:ab:03:98:96:a8:b8:e6:f7:3e:70:9c:b5:2a:
                    37:b5:83:62:50:8a:d1:63:49:d4:81:64:64:9b:52:
                    4d:b5:a3:4e:22:37:dd:be:58:5f:4e:30:bd:b5:6c:
                    0c:34:ca:02:17:bd:28:97:2e:5a:7b:50:13:d3:ad:
                    89:13:d0:5e:1f:63:b8:07:1e:a7:71:9f:28:6c:17:
                    1a:0f:92:6a:c0:c1:e6:ee:db:e2:3b:21:70:06:09:
                    6a:9f:39:b5:bf:ab:ba:7d:e8:17:27:49:33:54:8c:
                    17:e0:45:b4:8c:08:a4:b9:df:9e:1d:1c:3e:97:bd:
                    7c:01:bc:d5:a3:72:ad:d4:cb:d4:cb:ff:44:a8:aa:
                    24:55:da:11:f0:7b:24:0c:47:5e:91:54:94:fd:7c:
                    a1:83:8b:d5:6f:70:6a:8f:7f:c8:a3:78:e1:ee:4d:
                    73:85:1a:09:a0:a9:bc:0c:b2:04:68:cb:ce:f7:88:
                    54:89:3f:ca:fb:c1:84:b9:1e:ec:38:a4:7a:a8:46:
                    b8:da:3a:12:a5:27:e7:a2:17:69:c9:dd:1d:be:19:
                    f5:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:97:9E:7B:2B:E5:97:82:18:A1:4A:31:16:6F:23:3C:CD:B0:EE:8D
            X509v3 Authority Key Identifier:
                keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/Mpeeeyvll4IYoUoxFm8jPM2w7o0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.171.132.0/22
                  37.46.192.0-37.46.197.255
                  37.46.199.0/24
                  91.199.50.0/24
                  91.205.232.0/22
                  94.185.80.0/21
                  94.228.208.0/20
                  109.235.48.0/21
                  178.239.48.0/20
                  185.24.248.0/22
                  185.149.56.0/22
                  194.110.67.0/24
                IPv6:
                  2a00:dd0::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:e1:83:13:62:f4:d2:a8:f2:33:c4:f8:f7:f1:46:e8:60:96:
         a1:0e:5f:50:98:06:2f:50:63:df:fd:04:4d:88:18:84:0d:bb:
         83:f9:38:1b:45:33:79:8b:30:95:38:fe:b8:62:71:a0:c5:2f:
         12:be:3e:f7:d2:0a:42:07:b9:53:52:e8:04:58:4a:71:6a:26:
         e1:0f:2e:22:0d:a3:52:19:ca:61:9c:54:15:b0:8e:06:1f:08:
         6a:2a:36:48:97:f6:06:6e:f1:25:c6:54:97:4a:9c:0b:c4:7b:
         f1:a4:5c:30:2e:e4:dd:f7:22:44:6c:be:10:73:cb:29:41:0f:
         b5:0f:d5:b8:94:ad:f4:b4:94:68:22:08:0a:40:c6:f5:fd:cf:
         15:df:3f:12:92:a3:7d:54:50:5e:94:5d:66:0a:9a:00:87:00:
         3c:63:dd:85:0f:96:1c:94:fa:4c:6b:6f:9a:db:1a:7e:8a:dc:
         49:d7:6a:ef:3f:97:fc:27:9e:17:92:72:da:44:e6:59:33:ba:
         a1:45:6a:0e:af:c7:10:fa:33:36:0b:bc:6f:ba:bb:9b:69:8f:
         5a:45:c7:c7:41:84:a2:2a:a9:dc:d0:ed:c3:44:fc:24:84:17:
         36:da:5c:e4:94:2f:2c:dd:89:de:0d:2a:2f:ca:df:b9:68:e1:
         06:08:1c:0e
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAYk7YI0QaV/TbZeeRYwRwowrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjMwNzA5MTU1ODUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjk3OWU3YjJiZTU5NzgyMThhMTRhMzExNjZmMjMzY2NkYjBlZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/TYM2G5fJ/lmOWUU1d7OM5YgNAv
GTNne8wYfCvVFkQVCkrpOKqhvPIKzAS/x6sDmJaouOb3PnCctSo3tYNiUIrRY0nU
gWRkm1JNtaNOIjfdvlhfTjC9tWwMNMoCF70oly5ae1AT062JE9BeH2O4Bx6ncZ8o
bBcaD5JqwMHm7tviOyFwBglqnzm1v6u6fegXJ0kzVIwX4EW0jAikud+eHRw+l718
AbzVo3Kt1MvUy/9EqKokVdoR8HskDEdekVSU/Xyhg4vVb3Bqj3/Io3jh7k1zhRoJ
oKm8DLIEaMvO94hUiT/K+8GEuR7sOKR6qEa42joSpSfnohdpyd0dvhn11wIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFDKXnnsr5ZeCGKFKMRZvIzzNsO6NMB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvTXBlZWV5dmxsNElZb1VveEZtOGpQTTJ3N28wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBWBAIAATBQAwQCH6uEMAwD
BAYlLsADBAElLsQDBAAlLscDBABbxzIDBAJbzegDBANeuVADBARe5NADBANt6zAD
BASy7zADBAK5GPgDBAK5lTgDBADCbkMwDQQCAAIwBwMFACoADdAwDQYJKoZIhvcN
AQELBQADggEBAGjhgxNi9NKo8jPE+PfxRuhglqEOX1CYBi9QY9/9BE2IGIQNu4P5
OBtFM3mLMJU4/rhicaDFLxK+PvfSCkIHuVNS6ARYSnFqJuEPLiINo1IZymGcVBWw
jgYfCGoqNkiX9gZu8SXGVJdKnAvEe/GkXDAu5N33IkRsvhBzyylBD7UP1biUrfS0
lGgiCApAxvX9zxXfPxKSo31UUF6UXWYKmgCHADxj3YUPlhyU+kxrb5rbGn6K3EnX
au8/l/wnnheSctpE5lkzuqFFag6vxxD6MzYLvG+6u5tpj1pFx8dBhKIqqdzQ7cNE
/CSEFzbaXOSULyzdid4NKi/K37lo4QYIHA4=
-----END CERTIFICATE-----