Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/jkaJ1fI2CKPpnzN4QL_yZ5JK7L4.roa
File:                     jkaJ1fI2CKPpnzN4QL_yZ5JK7L4.roa (raw, json)
Hash identifier:          M8EMbapYr5LMBCV+y5PyGvni/0WKPrAKCOyQddJ1Jj8=
Subject key identifier:   8E:46:89:D5:F2:36:08:A3:E9:9F:33:78:40:BF:F2:67:92:4A:EC:BE
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       01849FBE3ECED75094E1F3ED08915BAA04BD
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/jkaJ1fI2CKPpnzN4QL_yZ5JK7L4.roa
Signing time:             Tue 22 Nov 2022 14:29:16 +0000
ROA not before:           Tue 22 Nov 2022 14:29:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39650
IP address blocks:        185.239.0.0/24 maxlen: 24
                          188.240.196.0/24 maxlen: 24
                          185.3.200.0/24 maxlen: 24
                          45.94.213.0/24 maxlen: 24
                          89.38.212.0/24 maxlen: 24
                          89.38.213.0/24 maxlen: 24
                          45.94.215.0/24 maxlen: 24
                          89.46.217.0/24 maxlen: 24
                          89.38.214.0/24 maxlen: 24
                          89.38.215.0/24 maxlen: 24
                          188.212.96.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:9f:be:3e:ce:d7:50:94:e1:f3:ed:08:91:5b:aa:04:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Nov 22 14:29:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8e4689d5f23608a3e99f337840bff267924aecbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:45:6c:33:73:df:aa:48:df:29:a3:66:08:ef:
                    15:8d:d6:fd:3f:6b:f4:47:bf:aa:13:10:52:80:ff:
                    37:72:c4:52:f3:5e:05:29:ff:20:f6:dc:50:4d:83:
                    f0:7e:b9:41:b3:28:23:a6:5f:f0:44:6f:ab:f7:8f:
                    d6:71:02:a2:67:05:cc:96:bc:8f:bc:c1:80:4f:04:
                    ba:ff:2f:08:6f:12:8c:ef:44:d5:2d:f6:b8:75:2c:
                    54:2b:8d:84:de:89:0b:41:22:43:05:94:12:45:49:
                    55:32:cb:6f:fa:68:38:6c:85:76:b3:04:07:f8:c3:
                    ff:cc:5c:37:08:31:31:b6:50:64:e3:ee:e2:54:c1:
                    5e:b2:44:82:c6:ac:94:31:e1:68:32:de:d8:21:03:
                    71:92:a3:08:33:dc:15:9e:6e:d8:64:01:2f:26:a6:
                    af:fd:f9:a9:b8:ad:5a:53:53:7f:e0:53:68:44:3a:
                    ce:d6:f9:4f:08:71:1c:66:14:91:83:62:95:9e:c5:
                    8a:0d:75:1b:0a:7d:40:c1:df:9b:0a:cf:eb:d2:1e:
                    34:05:36:b4:94:25:16:b3:41:a8:2e:d8:18:b7:7b:
                    4a:1a:3e:54:18:20:a1:38:76:df:be:67:50:b6:f1:
                    83:76:1f:1d:9a:08:b2:37:58:ef:89:c6:65:e4:d3:
                    39:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:46:89:D5:F2:36:08:A3:E9:9F:33:78:40:BF:F2:67:92:4A:EC:BE
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/jkaJ1fI2CKPpnzN4QL_yZ5JK7L4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.213.0/24
                  45.94.215.0/24
                  89.38.212.0/22
                  89.46.217.0/24
                  185.3.200.0/24
                  185.239.0.0/24
                  188.212.96.0/22
                  188.240.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:29:d2:ac:3c:4f:7e:8c:2a:8c:7c:b1:b7:bf:49:5e:9a:e4:
         7e:39:03:6e:5c:96:8d:a7:34:b8:13:9a:f5:30:f2:54:75:f5:
         ff:14:0e:b5:6e:3e:20:bc:ae:b5:9d:c4:69:d7:dc:cc:8d:62:
         39:91:db:9e:93:51:37:3c:7d:80:79:cd:9c:06:aa:e1:54:50:
         86:95:b8:76:26:15:77:49:73:f1:6a:ae:11:35:ce:18:b0:c0:
         35:2f:b1:10:84:43:c8:b2:1e:84:8e:f4:d6:7a:fa:d4:a3:e1:
         11:3f:94:fa:3c:11:8c:da:e4:3f:b2:bf:40:94:2a:92:2d:3f:
         88:25:3f:63:2c:ec:f0:39:96:b8:dc:6c:52:15:18:3f:24:82:
         54:7c:0e:7d:b4:cc:b1:8f:18:ba:81:3d:52:de:74:d6:bf:5a:
         0d:cc:05:4a:dd:e4:52:89:87:8b:06:c8:23:3c:93:f2:ed:97:
         fc:ac:51:86:53:2c:0c:d8:62:4b:1a:b4:eb:b1:d0:da:2e:bb:
         96:bd:f7:01:d3:00:03:91:f8:f9:3e:d4:1b:7b:a5:65:b3:df:
         f0:8c:83:1a:9c:51:cb:f3:96:92:64:df:e5:48:36:b4:57:c7:
         d3:e3:db:8c:9f:26:e4:77:fe:ec:13:f3:9e:5b:f6:8d:3e:f6:
         67:e1:2e:f8
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYSfvj7O11CU4fPtCJFbqgS9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjIxMTIyMTQyOTE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTQ2ODlkNWYyMzYwOGEzZTk5ZjMzNzg0MGJmZjI2NzkyNGFlY2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0VsM3PfqkjfKaNmCO8Vjdb9P2v0
R7+qExBSgP83csRS814FKf8g9txQTYPwfrlBsygjpl/wRG+r94/WcQKiZwXMlryP
vMGATwS6/y8IbxKM70TVLfa4dSxUK42E3okLQSJDBZQSRUlVMstv+mg4bIV2swQH
+MP/zFw3CDExtlBk4+7iVMFeskSCxqyUMeFoMt7YIQNxkqMIM9wVnm7YZAEvJqav
/fmpuK1aU1N/4FNoRDrO1vlPCHEcZhSRg2KVnsWKDXUbCn1Awd+bCs/r0h40BTa0
lCUWs0GoLtgYt3tKGj5UGCChOHbfvmdQtvGDdh8dmgiyN1jvicZl5NM5aQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFI5GidXyNgij6Z8zeEC/8meSSuy+MB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvamthSjFmSTJDS1BwbnpONFFMX3laNUpLN0w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALV7VAwQA
LV7XAwQCWSbUAwQAWS7ZAwQAuQPIAwQAue8AAwQCvNRgAwQAvPDEMA0GCSqGSIb3
DQEBCwUAA4IBAQBYKdKsPE9+jCqMfLG3v0lemuR+OQNuXJaNpzS4E5r1MPJUdfX/
FA61bj4gvK61ncRp19zMjWI5kduek1E3PH2Aec2cBqrhVFCGlbh2JhV3SXPxaq4R
Nc4YsMA1L7EQhEPIsh6EjvTWevrUo+ERP5T6PBGM2uQ/sr9AlCqSLT+IJT9jLOzw
OZa43GxSFRg/JIJUfA59tMyxjxi6gT1S3nTWv1oNzAVK3eRSiYeLBsgjPJPy7Zf8
rFGGUywM2GJLGrTrsdDaLruWvfcB0wADkfj5PtQbe6Vls9/wjIManFHL85aSZN/l
SDa0V8fT49uMnybkd/7sE/OeW/aNPvZn4S74
-----END CERTIFICATE-----