Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/TJRERSnL8_ys7bEWd4U9WqgGWPM.roa
File:                     TJRERSnL8_ys7bEWd4U9WqgGWPM.roa (raw, json)
Hash identifier:          R32owhRGEtAYHUV3lfQo4Vo75k6QaxxRMuv9EAvowUo=
Subject key identifier:   4C:94:44:45:29:CB:F3:FC:AC:ED:B1:16:77:85:3D:5A:A8:06:58:F3
Certificate issuer:       /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial:       01862AF512E8DEC4DF121E5876DB68AD0E94
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/TJRERSnL8_ys7bEWd4U9WqgGWPM.roa
Signing time:             Tue 07 Feb 2023 08:19:09 +0000
ROA not before:           Tue 07 Feb 2023 08:19:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        166.108.216.0/23 maxlen: 23
                          166.108.226.0/23 maxlen: 23
                          166.108.220.0/23 maxlen: 23
                          166.108.222.0/23 maxlen: 23
                          166.108.230.0/23 maxlen: 23
                          166.108.232.0/23 maxlen: 23
                          166.108.228.0/23 maxlen: 23
                          166.108.254.0/24 maxlen: 24
                          166.108.160.0/22 maxlen: 22
                          166.108.168.0/22 maxlen: 22
                          166.108.172.0/22 maxlen: 22
                          166.108.184.0/22 maxlen: 22
                          166.108.204.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:2a:f5:12:e8:de:c4:df:12:1e:58:76:db:68:ad:0e:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
        Validity
            Not Before: Feb  7 08:19:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4c94444529cbf3fcacedb11677853d5aa80658f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:cd:ca:02:bb:af:ec:53:44:df:fa:71:7d:21:
                    48:1b:0c:7c:b3:85:76:14:a9:22:3d:90:25:b4:bf:
                    0b:08:db:66:cc:1d:6c:3b:64:1e:b8:a1:98:22:60:
                    25:83:c6:3b:5c:89:46:26:a9:f9:1b:b7:af:ef:34:
                    c3:e6:a8:2e:61:66:60:94:68:06:42:47:7c:77:c6:
                    24:15:ab:44:da:e9:06:1e:2d:f5:84:b3:88:bc:f1:
                    e2:41:cc:cd:51:dc:a5:0e:48:f8:c7:71:80:7c:67:
                    1a:b5:fe:07:c3:e1:98:5a:f9:14:4c:43:1a:ad:ee:
                    6f:e9:be:cb:e4:c8:7c:86:85:fa:ef:60:33:21:b2:
                    e0:0d:2a:b6:30:96:49:f7:67:a2:7f:6c:9c:ff:7c:
                    ea:be:4f:25:02:ba:09:db:75:f0:51:e6:e4:54:02:
                    de:2a:5d:13:da:21:ac:c3:87:92:89:4d:18:fd:2a:
                    9d:73:27:c4:c6:d0:04:af:c5:5d:74:58:ba:7d:ab:
                    8a:b5:83:cf:a6:4c:03:e2:a2:71:4c:48:0b:9f:a6:
                    a3:36:e1:e9:36:99:e2:a0:a3:99:94:9f:fb:e2:75:
                    ae:4d:39:dd:a9:9a:b0:50:ce:88:bf:a2:6b:f5:89:
                    9f:d5:12:88:19:12:03:17:c6:e7:0e:4e:02:9f:1d:
                    8f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:94:44:45:29:CB:F3:FC:AC:ED:B1:16:77:85:3D:5A:A8:06:58:F3
            X509v3 Authority Key Identifier:
                keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/TJRERSnL8_ys7bEWd4U9WqgGWPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.108.160.0/22
                  166.108.168.0/21
                  166.108.184.0/22
                  166.108.204.0/22
                  166.108.216.0/23
                  166.108.220.0/22
                  166.108.226.0-166.108.233.255
                  166.108.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:57:ca:c0:e4:b9:80:64:9b:00:ad:ec:e0:4f:59:5e:6d:02:
         c9:f9:ec:ce:04:9d:49:6c:4e:6f:9c:d9:ff:bc:11:19:3e:3b:
         cc:07:6c:e2:24:13:33:45:2e:2f:03:e5:c0:3a:d1:c6:72:61:
         ba:a4:94:1f:f2:ac:5b:71:de:42:f5:87:35:13:48:d7:7a:c2:
         78:76:c8:d9:26:52:b7:f4:86:80:71:72:b6:ab:88:a3:e1:cd:
         70:ab:72:cc:a7:a7:94:a3:eb:60:f8:b3:58:33:e9:a8:da:71:
         00:05:00:d7:c0:8c:46:88:46:0b:49:2b:3e:10:06:e3:ee:75:
         10:0f:42:77:7a:dd:85:74:12:bc:d1:b6:27:33:b4:75:42:9d:
         0a:a6:50:1b:0d:3c:9b:6e:a8:92:10:15:f0:1d:d1:d4:d7:52:
         fc:38:fa:f1:8a:9b:ec:39:7e:59:30:08:87:cd:3a:8d:aa:85:
         d1:bd:7c:46:0b:57:92:ca:2d:1a:d8:82:4e:05:c5:4c:c6:60:
         a3:53:ff:27:7b:b6:21:57:72:ce:79:80:03:a4:ba:e3:d0:65:
         8e:0e:1b:db:d1:0d:57:62:aa:64:50:24:6f:74:05:7a:1d:01:
         24:ae:30:78:4f:80:1e:54:51:b8:e4:dd:0d:6e:9f:76:73:f6:
         f9:e2:c5:0a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYYq9RLo3sTfEh5YdttorQ6UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjMwMjA3MDgxOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzk0NDQ0NTI5Y2JmM2ZjYWNlZGIxMTY3Nzg1M2Q1YWE4MDY1OGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps3KAruv7FNE3/pxfSFIGwx8s4V2
FKkiPZAltL8LCNtmzB1sO2QeuKGYImAlg8Y7XIlGJqn5G7ev7zTD5qguYWZglGgG
Qkd8d8YkFatE2ukGHi31hLOIvPHiQczNUdylDkj4x3GAfGcatf4Hw+GYWvkUTEMa
re5v6b7L5Mh8hoX672AzIbLgDSq2MJZJ92eif2yc/3zqvk8lAroJ23XwUebkVALe
Kl0T2iGsw4eSiU0Y/SqdcyfExtAEr8VddFi6fauKtYPPpkwD4qJxTEgLn6ajNuHp
NpnioKOZlJ/74nWuTTndqZqwUM6Iv6Jr9Ymf1RKIGRIDF8bnDk4Cnx2PFwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFEyUREUpy/P8rO2xFneFPVqoBljzMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvVEpSRVJTbkw4X3lzN2JFV2Q0VTlXcWdHV1BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCpmygAwQD
pmyoAwQCpmy4AwQCpmzMAwQBpmzYAwQCpmzcMAwDBAGmbOIDBAGmbOgDBACmbP4w
DQYJKoZIhvcNAQELBQADggEBABpXysDkuYBkmwCt7OBPWV5tAsn57M4EnUlsTm+c
2f+8ERk+O8wHbOIkEzNFLi8D5cA60cZyYbqklB/yrFtx3kL1hzUTSNd6wnh2yNkm
Urf0hoBxcrariKPhzXCrcsynp5Sj62D4s1gz6ajacQAFANfAjEaIRgtJKz4QBuPu
dRAPQnd63YV0ErzRticztHVCnQqmUBsNPJtuqJIQFfAd0dTXUvw4+vGKm+w5flkw
CIfNOo2qhdG9fEYLV5LKLRrYgk4FxUzGYKNT/yd7tiFXcs55gAOkuuPQZY4OG9vR
DVdiqmRQJG90BXodASSuMHhPgB5UUbjk3Q1un3Zz9vnixQo=
-----END CERTIFICATE-----