Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/7b0aae-9d27-4951-bab7-da394384e925/1/d-aWwRGyb0H3o4WANVqmwh7Qb-Y.roa
File:                     d-aWwRGyb0H3o4WANVqmwh7Qb-Y.roa (raw, json)
Hash identifier:          3l04VbqA+5zZCFIamjCg4/HDa5DCiwITvDpHr+JxPS8=
Subject key identifier:   77:E6:96:C1:11:B2:6F:41:F7:A3:85:80:35:5A:A6:C2:1E:D0:6F:E6
Certificate issuer:       /CN=63f14f8e144c6d50c38ab4faff5ac6e547fe1d47
Certificate serial:       079657F4
Authority key identifier: 63:F1:4F:8E:14:4C:6D:50:C3:8A:B4:FA:FF:5A:C6:E5:47:FE:1D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y_FPjhRMbVDDirT6_1rG5Uf-HUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/7b0aae-9d27-4951-bab7-da394384e925/1/d-aWwRGyb0H3o4WANVqmwh7Qb-Y.roa
Signing time:             Sat 01 Jan 2022 03:55:49 +0000
ROA not before:           Sat 01 Jan 2022 03:55:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     51984
IP address blocks:        46.253.36.0/24 maxlen: 24
                          46.253.35.0/24 maxlen: 24
                          46.253.34.0/24 maxlen: 24
                          46.253.33.0/24 maxlen: 24
                          46.253.32.0/24 maxlen: 24
                          46.253.38.0/24 maxlen: 24
                          46.253.37.0/24 maxlen: 24
                          46.253.43.0/24 maxlen: 24
                          46.253.42.0/24 maxlen: 24
                          46.253.41.0/24 maxlen: 24
                          46.253.40.0/24 maxlen: 24
                          46.253.39.0/24 maxlen: 24
                          46.253.44.0/24 maxlen: 24
                          46.253.47.0/24 maxlen: 24
                          46.253.46.0/24 maxlen: 24
                          46.253.45.0/24 maxlen: 24
                          185.58.172.0/24 maxlen: 24
                          185.58.175.0/24 maxlen: 24
                          185.58.174.0/24 maxlen: 24
                          185.58.173.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 127293428 (0x79657f4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63f14f8e144c6d50c38ab4faff5ac6e547fe1d47
        Validity
            Not Before: Jan  1 03:55:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=77e696c111b26f41f7a38580355aa6c21ed06fe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:60:0e:40:c8:1e:e7:f1:c8:0b:f0:07:61:f8:
                    e7:a3:b7:30:e3:4c:c2:e8:fb:38:e7:68:b1:d0:cc:
                    d6:fe:b0:fc:55:e1:1b:c9:7a:5a:3a:da:77:d5:2c:
                    92:96:21:53:fe:92:b0:c9:79:37:b1:ae:97:b0:8c:
                    98:c8:3a:e4:8a:26:8f:c4:70:99:3b:6d:27:ae:67:
                    5f:b7:3f:a2:c3:0f:84:f4:ec:d7:49:b0:13:19:41:
                    0b:6f:62:0f:fd:c3:a4:86:a0:16:26:04:f7:50:ec:
                    93:47:3e:98:dc:2c:e6:d7:01:4f:15:f2:22:7a:22:
                    fe:b6:58:d0:7e:d0:f9:02:1b:df:33:fb:99:78:87:
                    9c:1d:27:b4:d3:9a:04:81:d3:d0:e8:1f:32:65:7d:
                    97:84:2a:45:27:ab:e4:af:62:39:db:44:93:ab:6e:
                    44:50:29:62:8a:7e:50:7a:98:ed:7f:9c:38:87:a5:
                    71:cd:c1:af:7c:9e:9e:de:1d:09:e3:52:9b:7d:0f:
                    52:4c:b3:4a:df:df:7b:8a:88:f5:22:8d:96:9c:89:
                    b8:a7:d4:63:bc:23:3c:0e:0b:4f:45:c1:d9:79:d7:
                    ae:f1:6f:5e:cd:09:78:16:cd:9f:e2:e7:a7:13:e9:
                    d9:37:ce:b1:4d:a8:87:ea:e7:32:65:ba:aa:77:b1:
                    ed:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E6:96:C1:11:B2:6F:41:F7:A3:85:80:35:5A:A6:C2:1E:D0:6F:E6
            X509v3 Authority Key Identifier:
                keyid:63:F1:4F:8E:14:4C:6D:50:C3:8A:B4:FA:FF:5A:C6:E5:47:FE:1D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y_FPjhRMbVDDirT6_1rG5Uf-HUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/7b0aae-9d27-4951-bab7-da394384e925/1/d-aWwRGyb0H3o4WANVqmwh7Qb-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/7b0aae-9d27-4951-bab7-da394384e925/1/Y_FPjhRMbVDDirT6_1rG5Uf-HUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.32.0/20
                  185.58.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:76:44:30:b5:35:45:cf:e1:66:9e:11:05:a4:11:0e:c9:cb:
         ee:56:f6:07:82:97:1a:d0:f9:f0:86:56:33:14:27:45:f8:65:
         d4:d4:5e:e0:6e:ce:e7:54:e9:85:04:83:4e:46:fd:8c:70:0c:
         36:24:bb:ed:50:9d:35:e5:46:96:28:ac:e8:3b:72:b4:1f:df:
         ea:ad:26:53:9e:f3:16:8c:11:08:6c:5c:98:31:ef:21:4c:49:
         bd:4a:53:b0:cd:ba:e5:ba:3c:50:95:a1:78:fc:8a:a7:75:33:
         22:ee:a6:ba:fd:13:04:7b:f6:1d:63:a9:27:47:8a:d9:14:8d:
         b3:0e:36:79:7d:03:24:b8:2b:1a:e7:5c:f3:93:85:70:6a:29:
         d5:38:2f:bf:93:bb:e4:87:e2:1a:90:97:d7:f0:9a:73:19:d4:
         a9:d7:37:15:db:17:68:70:01:6d:0c:b7:a4:fc:58:20:d4:25:
         93:c4:49:da:a9:c0:9a:b6:c3:62:46:d6:77:b4:14:f9:cb:e5:
         32:83:bb:2c:9f:4b:c4:65:8e:d8:78:09:cb:87:ae:30:f6:39:
         93:82:7c:92:02:3d:f2:e7:28:5b:9e:34:9f:c3:b7:36:b6:eb:
         18:ff:32:ed:cd:36:63:c8:31:46:b1:6d:68:05:fc:fe:a9:73:
         76:70:28:c6
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEB5ZX9DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
M2YxNGY4ZTE0NGM2ZDUwYzM4YWI0ZmFmZjVhYzZlNTQ3ZmUxZDQ3MB4XDTIyMDEw
MTAzNTU0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzdlNjk2YzExMWIy
NmY0MWY3YTM4NTgwMzU1YWE2YzIxZWQwNmZlNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK1gDkDIHufxyAvwB2H456O3MONMwuj7OOdosdDM1v6w/FXh
G8l6Wjrad9UskpYhU/6SsMl5N7Gul7CMmMg65Iomj8RwmTttJ65nX7c/osMPhPTs
10mwExlBC29iD/3DpIagFiYE91Dsk0c+mNws5tcBTxXyInoi/rZY0H7Q+QIb3zP7
mXiHnB0ntNOaBIHT0OgfMmV9l4QqRSer5K9iOdtEk6tuRFApYop+UHqY7X+cOIel
cc3Br3yent4dCeNSm30PUkyzSt/fe4qI9SKNlpyJuKfUY7wjPA4LT0XB2XnXrvFv
Xs0JeBbNn+LnpxPp2TfOsU2oh+rnMmW6qnex7dECAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBR35pbBEbJvQfejhYA1WqbCHtBv5jAfBgNVHSMEGDAWgBRj8U+OFExtUMOK
tPr/WsblR/4dRzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lfRlBqaFJNYlZERGlyVDZfMXJHNVVmLUhVYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTEvN2IwYWFlLTlkMjctNDk1MS1iYWI3LWRhMzk0Mzg0ZTkyNS8x
L2QtYVd3Ukd5YjBIM280V0FOVnFtd2g3UWItWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEv
N2IwYWFlLTlkMjctNDk1MS1iYWI3LWRhMzk0Mzg0ZTkyNS8xL1lfRlBqaFJNYlZE
RGlyVDZfMXJHNVVmLUhVYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEBC79IAMEArk6rDANBgkqhkiG9w0B
AQsFAAOCAQEAOXZEMLU1Rc/hZp4RBaQRDsnL7lb2B4KXGtD58IZWMxQnRfhl1NRe
4G7O51TphQSDTkb9jHAMNiS77VCdNeVGliis6DtytB/f6q0mU57zFowRCGxcmDHv
IUxJvUpTsM265bo8UJWhePyKp3UzIu6muv0TBHv2HWOpJ0eK2RSNsw42eX0DJLgr
Gudc85OFcGop1Tgvv5O75IfiGpCX1/CacxnUqdc3FdsXaHABbQy3pPxYINQlk8RJ
2qnAmrbDYkbWd7QU+cvlMoO7LJ9LxGWO2HgJy4euMPY5k4J8kgI98ucoW540n8O3
NrbrGP8y7c02Y8gxRrFtaAX8/qlzdnAoxg==
-----END CERTIFICATE-----