Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/LZ0yw2yWk9f8APjgdskeNWRWoB0.roa
File:                     LZ0yw2yWk9f8APjgdskeNWRWoB0.roa (raw, json)
Hash identifier:          tT5uvCUNl425kouFLEUYUGbmR8fYPoGMRSbepg1bl54=
Subject key identifier:   2D:9D:32:C3:6C:96:93:D7:FC:00:F8:E0:76:C9:1E:35:64:56:A0:1D
Certificate issuer:       /CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Certificate serial:       01841DD1893765F0073E1A29526463CA57E4
Authority key identifier: 45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/LZ0yw2yWk9f8APjgdskeNWRWoB0.roa
Signing time:             Fri 28 Oct 2022 08:59:42 +0000
ROA not before:           Fri 28 Oct 2022 08:59:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     49289
IP address blocks:        185.63.132.0/23 maxlen: 23
                          159.255.136.0/22 maxlen: 22
                          185.63.135.0/24 maxlen: 24
                          185.63.134.0/24 maxlen: 24
                          159.255.144.0/22 maxlen: 22
                          188.94.120.0/21 maxlen: 21
                          171.22.233.0/24 maxlen: 24
                          171.22.232.0/24 maxlen: 24
                          171.22.235.0/24 maxlen: 24
                          171.22.234.0/24 maxlen: 24
                          93.185.112.0/20 maxlen: 20
                          178.239.32.0/20 maxlen: 20
                          159.255.151.0/24 maxlen: 24
                          2a00:c50::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:1d:d1:89:37:65:f0:07:3e:1a:29:52:64:63:ca:57:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
        Validity
            Not Before: Oct 28 08:59:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2d9d32c36c9693d7fc00f8e076c91e356456a01d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:34:d1:59:31:5a:4c:24:a5:76:66:b0:c5:de:
                    55:89:5d:8a:d9:9f:a4:3a:63:73:5f:86:b9:b0:1f:
                    a8:e3:2c:57:22:ab:e9:44:7d:1e:e3:df:a8:5d:d3:
                    e1:fd:1b:81:c7:98:58:2b:7d:f4:b5:d4:83:99:2c:
                    44:0e:b3:47:48:87:41:55:59:4e:7c:62:04:76:b3:
                    ae:62:02:12:fd:30:64:78:2d:a8:ce:f5:d4:34:4a:
                    f6:fa:77:1e:53:4a:46:ae:e7:5b:f9:2f:77:38:1b:
                    44:ad:5f:20:d9:fd:7f:34:d0:94:55:5c:13:dd:65:
                    74:2b:7a:42:a8:14:f1:89:bf:d4:ac:cc:84:54:03:
                    40:6c:7a:04:dd:bc:8f:44:e6:50:30:15:d0:8e:6c:
                    28:87:82:c7:19:56:38:bc:c5:1f:b9:14:88:8d:6b:
                    9e:b3:6a:4d:bd:5d:78:6a:a7:49:f3:73:d9:4e:26:
                    d1:e3:26:8a:65:1b:df:84:3f:76:76:9f:a2:02:d5:
                    59:5d:d4:46:35:ab:23:a7:7d:03:1b:29:a0:52:ed:
                    bf:83:28:20:42:0c:f7:dd:32:e2:10:9b:03:a7:9b:
                    09:a4:5d:f6:76:bb:0b:0c:c1:2c:47:34:ba:46:33:
                    6c:e8:0e:de:fc:82:54:95:70:e6:dc:90:43:ac:48:
                    ed:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:9D:32:C3:6C:96:93:D7:FC:00:F8:E0:76:C9:1E:35:64:56:A0:1D
            X509v3 Authority Key Identifier:
                keyid:45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/LZ0yw2yWk9f8APjgdskeNWRWoB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/RfnjL_avPV5dd727mNo30LjkRRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.185.112.0/20
                  159.255.136.0/22
                  159.255.144.0/22
                  159.255.151.0/24
                  171.22.232.0/22
                  178.239.32.0/20
                  185.63.132.0/22
                  188.94.120.0/21
                IPv6:
                  2a00:c50::/29

    Signature Algorithm: sha256WithRSAEncryption
         99:d9:20:88:1b:5a:36:2d:31:e5:f2:25:24:f9:2f:32:34:20:
         99:ba:03:26:ff:98:77:91:49:97:58:78:a0:12:0f:38:af:7b:
         a8:97:5c:93:c6:1f:ac:fb:c2:1f:d3:e7:e4:6f:31:3e:64:b1:
         6a:bc:97:bf:0d:73:e3:3f:d5:e5:fe:6b:a4:b1:01:7a:f7:06:
         2b:cb:2b:14:a4:e3:ab:3b:dc:db:ef:68:ad:37:d3:15:40:6e:
         e9:3a:a2:60:4f:d4:da:59:e8:3b:aa:e7:47:0d:bd:9f:88:d6:
         80:45:aa:e5:cd:78:35:9a:68:bb:a2:ca:9f:93:81:5a:dd:c8:
         26:99:9e:ef:d4:54:0c:09:61:e5:3b:f9:4d:1b:5e:41:5f:41:
         6f:5c:42:b0:f4:8a:d8:07:40:6a:33:ed:c4:8e:6c:6b:e2:27:
         e8:73:c6:00:96:e0:8b:b4:0f:5b:dd:14:62:41:14:08:45:7a:
         f3:a5:35:81:b2:f5:ca:c4:56:1c:99:ec:84:ee:ca:bf:ba:81:
         da:e5:1c:d5:0d:17:61:c1:f6:5b:03:17:a7:23:94:70:0f:89:
         1e:2b:26:69:8f:41:29:e6:5c:52:b3:13:ec:37:2c:13:0b:27:
         59:0e:63:22:08:1f:39:26:93:02:c4:7d:3c:13:4c:96:fe:06:
         f1:53:72:ef
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYQd0Yk3ZfAHPhopUmRjylfkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZjllMzJmZjZhZjNkNWU1ZDc3YmRiYjk4ZGEzN2QwYjhl
NDQ1MTkwHhcNMjIxMDI4MDg1OTQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDlkMzJjMzZjOTY5M2Q3ZmMwMGY4ZTA3NmM5MWUzNTY0NTZhMDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDTRWTFaTCSldmawxd5ViV2K2Z+k
OmNzX4a5sB+o4yxXIqvpRH0e49+oXdPh/RuBx5hYK330tdSDmSxEDrNHSIdBVVlO
fGIEdrOuYgIS/TBkeC2ozvXUNEr2+nceU0pGrudb+S93OBtErV8g2f1/NNCUVVwT
3WV0K3pCqBTxib/UrMyEVANAbHoE3byPROZQMBXQjmwoh4LHGVY4vMUfuRSIjWue
s2pNvV14aqdJ83PZTibR4yaKZRvfhD92dp+iAtVZXdRGNasjp30DGymgUu2/gygg
Qgz33TLiEJsDp5sJpF32drsLDMEsRzS6RjNs6A7e/IJUlXDm3JBDrEjtWwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFC2dMsNslpPX/AD44HbJHjVkVqAdMB8GA1UdIwQY
MBaAFEX54y/2rz1eXXe9u5jaN9C45EUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYt
OGVlMGExMmEzNTliLzEvTFoweXcyeVdrOWY4QVBqZ2Rza2VOV1JXb0IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYtOGVlMGExMmEzNTli
LzEvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQEXblwAwQC
n/+IAwQCn/+QAwQAn/+XAwQCqxboAwQEsu8gAwQCuT+EAwQDvF54MA0EAgACMAcD
BQMqAAxQMA0GCSqGSIb3DQEBCwUAA4IBAQCZ2SCIG1o2LTHl8iUk+S8yNCCZugMm
/5h3kUmXWHigEg84r3uol1yTxh+s+8If0+fkbzE+ZLFqvJe/DXPjP9Xl/muksQF6
9wYryysUpOOrO9zb72itN9MVQG7pOqJgT9TaWeg7qudHDb2fiNaARarlzXg1mmi7
osqfk4Fa3cgmmZ7v1FQMCWHlO/lNG15BX0FvXEKw9IrYB0BqM+3Ejmxr4ifoc8YA
luCLtA9b3RRiQRQIRXrzpTWBsvXKxFYcmeyE7sq/uoHa5RzVDRdhwfZbAxenI5Rw
D4keKyZpj0Ep5lxSsxPsNywTCydZDmMiCB85JpMCxH08E0yW/gbxU3Lv
-----END CERTIFICATE-----