Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/l6vVgy7IncORhNwqPaYudyG4ReE.roa
File:                     l6vVgy7IncORhNwqPaYudyG4ReE.roa (raw, json)
Hash identifier:          Wu8EfyplNppAgZjLyJpyYtucuSLHUu02HoYiO76EGmo=
Subject key identifier:   97:AB:D5:83:2E:C8:9D:C3:91:84:DC:2A:3D:A6:2E:77:21:B8:45:E1
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       1ABE9CE7
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/l6vVgy7IncORhNwqPaYudyG4ReE.roa
Signing time:             Sat 01 Jan 2022 00:54:14 +0000
ROA not before:           Sat 01 Jan 2022 00:54:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198357
IP address blocks:        5.159.48.0/24 maxlen: 24
                          5.159.50.0/24 maxlen: 24
                          5.159.51.0/24 maxlen: 24
                          5.159.53.0/24 maxlen: 24
                          5.159.55.0/24 maxlen: 24
                          5.159.52.0/24 maxlen: 24
                          188.240.212.0/24 maxlen: 24
                          185.3.202.0/24 maxlen: 24
                          185.3.201.0/24 maxlen: 24
                          185.3.203.0/24 maxlen: 24
                          89.46.219.0/24 maxlen: 24
                          89.46.216.0/24 maxlen: 24
                          89.46.216.0/22 maxlen: 22
                          89.46.218.0/24 maxlen: 24
                          188.209.116.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 448699623 (0x1abe9ce7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jan  1 00:54:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=97abd5832ec89dc39184dc2a3da62e7721b845e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ba:32:8f:09:c0:a5:22:88:a8:54:57:67:4a:
                    c7:7b:a6:88:73:f1:37:92:d2:d4:13:0d:bf:2b:70:
                    b3:7e:ae:a2:c0:c1:d7:88:16:f0:b4:bb:6f:5b:84:
                    5a:03:14:9a:20:b1:37:57:48:23:37:a8:55:c9:8c:
                    14:3c:26:ff:d9:62:6d:85:6c:39:ea:cd:ff:43:4a:
                    f2:d4:c3:b3:a6:7f:ed:20:cd:b1:c6:19:e5:1b:36:
                    87:b9:24:03:40:0d:07:86:2b:e8:fb:84:0b:83:c6:
                    56:f0:29:fb:7a:66:47:76:11:b9:da:f1:9b:25:eb:
                    b7:4f:a7:99:ed:2f:7d:e0:76:d6:4f:2e:ae:ee:25:
                    7b:16:b3:29:27:59:37:2c:c1:97:dc:f4:2a:8e:c0:
                    46:75:09:57:42:61:f8:51:ee:0b:bb:2e:21:30:f3:
                    4e:f6:7c:14:e1:8f:7b:d1:f0:22:5f:05:c7:36:ad:
                    de:42:e1:49:c2:8b:c7:86:a9:2e:d2:56:aa:69:ea:
                    ad:08:45:79:30:8a:db:8e:0d:17:c2:8a:60:0a:7d:
                    f1:87:49:b8:36:b8:f8:a7:68:d7:69:94:5c:d0:f7:
                    7c:ec:80:e9:1a:b1:fe:f3:4f:ad:ea:3a:f7:dc:7d:
                    08:0e:96:07:e0:20:00:22:e3:39:24:82:b8:0d:ce:
                    6e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:AB:D5:83:2E:C8:9D:C3:91:84:DC:2A:3D:A6:2E:77:21:B8:45:E1
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/l6vVgy7IncORhNwqPaYudyG4ReE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.48.0/24
                  5.159.50.0-5.159.53.255
                  5.159.55.0/24
                  89.46.216.0/22
                  185.3.201.0-185.3.203.255
                  188.209.116.0/22
                  188.240.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:c8:14:39:10:81:84:2a:eb:76:fe:6f:65:58:81:ff:4e:76:
         f9:83:bd:b9:1d:dd:dc:b0:4e:67:fe:66:f8:32:04:c0:85:05:
         71:29:ee:56:c0:ea:9d:71:a0:09:22:d3:75:a6:02:05:c8:f4:
         f1:5e:b6:4f:58:49:c7:75:a4:d9:74:2e:b3:c1:b8:15:f5:93:
         b2:23:84:8d:ed:65:81:04:bd:e0:30:6f:50:30:f8:9b:29:7a:
         59:40:df:8b:af:9e:87:eb:f1:64:23:20:b0:da:23:5f:84:33:
         6e:cb:c3:ae:bb:91:26:bd:2a:2b:31:09:8a:16:33:68:d1:57:
         f2:8d:ea:bf:fd:c6:56:72:b2:4f:08:e7:e4:35:2f:16:16:8d:
         fa:09:86:22:2d:f6:fc:f8:a0:ff:5c:58:07:49:7c:9e:8b:15:
         43:c1:dd:81:a5:b3:77:6a:84:09:2f:9f:7a:69:e9:72:2e:49:
         eb:b4:fb:7e:e7:c8:e8:02:f2:0c:5c:94:44:30:4d:9f:c9:2e:
         74:6e:85:fd:2e:71:81:78:53:37:fc:44:1a:3c:94:9f:9c:da:
         18:0e:51:2b:bf:c7:82:6a:40:7e:c7:63:7e:a1:88:5e:79:50:
         07:70:ed:2b:a0:c9:f7:0c:82:7c:f0:c6:99:fe:aa:0b:f0:33:
         fc:e8:77:a4
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIEGr6c5zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZGRiMzhiMzQzZGEyZDExOTMwOWVkYWExOWM3YTc4ODcwMzI3ZWJlMB4XDTIyMDEw
MTAwNTQxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTdhYmQ1ODMyZWM4
OWRjMzkxODRkYzJhM2RhNjJlNzcyMWI4NDVlMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOO6Mo8JwKUiiKhUV2dKx3umiHPxN5LS1BMNvytws36uosDB
14gW8LS7b1uEWgMUmiCxN1dIIzeoVcmMFDwm/9libYVsOerN/0NK8tTDs6Z/7SDN
scYZ5Rs2h7kkA0ANB4Yr6PuEC4PGVvAp+3pmR3YRudrxmyXrt0+nme0vfeB21k8u
ru4lexazKSdZNyzBl9z0Ko7ARnUJV0Jh+FHuC7suITDzTvZ8FOGPe9HwIl8Fxzat
3kLhScKLx4apLtJWqmnqrQhFeTCK244NF8KKYAp98YdJuDa4+Kdo12mUXND3fOyA
6Rqx/vNPreo699x9CA6WB+AgACLjOSSCuA3OblsCAwEAAaOCAj0wggI5MB0GA1Ud
DgQWBBSXq9WDLsidw5GE3Co9pi53IbhF4TAfBgNVHSMEGDAWgBRt2zizQ9otEZMJ
7aoZx6eIcDJ+vjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JkczRzMFBhTFJHVENlMnFHY2VuaUhBeWZyNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTIvYzk2MWEwLTRmNTMtNDIyYS1iN2RkLTNkZmE1MTBkNmIxNi8x
L2w2dlZneTdJbmNPUmhOd3FQYVl1ZHlHNFJlRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTIv
Yzk2MWEwLTRmNTMtNDIyYS1iN2RkLTNkZmE1MTBkNmIxNi8xL2JkczRzMFBhTFJH
VENlMnFHY2VuaUhBeWZyNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBT
BggrBgEFBQcBBwEB/wREMEIwQAQCAAEwOgMEAAWfMDAMAwQBBZ8yAwQBBZ80AwQA
BZ83AwQCWS7YMAwDBAC5A8kDBAK5A8gDBAK80XQDBAC88NQwDQYJKoZIhvcNAQEL
BQADggEBADvIFDkQgYQq63b+b2VYgf9OdvmDvbkd3dywTmf+ZvgyBMCFBXEp7lbA
6p1xoAki03WmAgXI9PFetk9YScd1pNl0LrPBuBX1k7IjhI3tZYEEveAwb1Aw+Jsp
ellA34uvnofr8WQjILDaI1+EM27Lw667kSa9KisxCYoWM2jRV/KN6r/9xlZysk8I
5+Q1LxYWjfoJhiIt9vz4oP9cWAdJfJ6LFUPB3YGls3dqhAkvn3pp6XIuSeu0+37n
yOgC8gxclEQwTZ/JLnRuhf0ucYF4Uzf8RBo8lJ+c2hgOUSu/x4JqQH7HY36hiF55
UAdw7SugyfcMgnzwxpn+qgvwM/zod6Q=
-----END CERTIFICATE-----