Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/yvgxzb7nhMz4NLnfttuL6a6TXzQ.roa
File:                     yvgxzb7nhMz4NLnfttuL6a6TXzQ.roa (raw, json)
Hash identifier:          DQapHsWFvFCe37L9N9a1OPVxEI4/7vBu6pHJ196n4Lo=
Subject key identifier:   CA:F8:31:CD:BE:E7:84:CC:F8:34:B9:DF:B6:DB:8B:E9:AE:93:5F:34
Certificate issuer:       /CN=e123860e20cdb2cfdf2cefb3753a15b822829266
Certificate serial:       1304608A
Authority key identifier: E1:23:86:0E:20:CD:B2:CF:DF:2C:EF:B3:75:3A:15:B8:22:82:92:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4SOGDiDNss_fLO-zdToVuCKCkmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/yvgxzb7nhMz4NLnfttuL6a6TXzQ.roa
Signing time:             Sat 01 Jan 2022 05:02:19 +0000
ROA not before:           Sat 01 Jan 2022 05:02:19 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21104
IP address blocks:        185.44.228.0/22 maxlen: 22
                          80.86.226.0/24 maxlen: 24
                          80.86.225.0/24 maxlen: 24
                          80.86.224.0/24 maxlen: 24
                          80.86.224.0/20 maxlen: 20
                          80.86.230.0/23 maxlen: 24
                          80.86.229.0/24 maxlen: 24
                          80.86.228.0/24 maxlen: 24
                          80.86.227.0/24 maxlen: 24
                          80.86.233.0/24 maxlen: 24
                          80.86.232.0/24 maxlen: 24
                          80.86.237.0/24 maxlen: 24
                          80.86.236.0/24 maxlen: 24
                          80.86.236.0/23 maxlen: 23
                          80.86.235.0/24 maxlen: 24
                          80.86.234.0/24 maxlen: 24
                          80.86.239.0/24 maxlen: 24
                          2a03:3d00::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 319053962 (0x1304608a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e123860e20cdb2cfdf2cefb3753a15b822829266
        Validity
            Not Before: Jan  1 05:02:19 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=caf831cdbee784ccf834b9dfb6db8be9ae935f34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0e:77:67:76:d6:d6:e3:29:d8:14:eb:01:a7:
                    97:21:1b:3f:4e:52:e5:78:05:fa:4b:e4:97:8e:56:
                    8f:67:2b:bf:b6:9b:04:fa:98:a0:88:26:e2:01:fd:
                    b7:09:c2:4e:70:2f:f5:e0:d6:5e:b9:d0:15:4d:13:
                    67:f0:60:a5:78:84:49:f1:c0:93:ae:ec:a1:18:28:
                    a4:b1:1c:22:28:1d:d8:52:89:04:36:a4:bd:1b:70:
                    ac:0f:2e:dd:ce:f0:44:c9:f4:7a:91:0f:da:e5:04:
                    ba:70:27:1b:69:8e:4e:e1:70:f5:65:b4:ce:b7:22:
                    49:72:8e:27:64:3a:d7:82:37:d0:f2:41:3a:45:b2:
                    4d:c4:10:2f:0f:44:7d:69:10:cb:fa:d8:e9:48:ac:
                    c5:bd:e7:4b:64:b6:86:c1:d4:a4:94:1b:de:04:2a:
                    99:29:12:bd:6e:74:3e:5f:a6:c9:8b:9a:22:78:54:
                    68:fa:7a:2e:65:4c:ec:1b:4c:70:87:b3:de:7b:a6:
                    05:d4:0d:67:9d:30:dd:51:78:4d:44:24:f3:ba:ba:
                    e0:a7:10:83:76:90:8b:d5:79:95:56:63:cb:37:ee:
                    ef:58:4c:88:c0:df:3f:45:44:c5:59:0d:a7:10:3a:
                    ec:b5:28:39:60:7b:c2:b6:37:8e:b7:c8:a4:a2:89:
                    a1:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:F8:31:CD:BE:E7:84:CC:F8:34:B9:DF:B6:DB:8B:E9:AE:93:5F:34
            X509v3 Authority Key Identifier:
                keyid:E1:23:86:0E:20:CD:B2:CF:DF:2C:EF:B3:75:3A:15:B8:22:82:92:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4SOGDiDNss_fLO-zdToVuCKCkmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/yvgxzb7nhMz4NLnfttuL6a6TXzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/810599-731a-486a-b23f-47537eb644f5/1/4SOGDiDNss_fLO-zdToVuCKCkmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.86.224.0/20
                  185.44.228.0/22
                IPv6:
                  2a03:3d00::/32

    Signature Algorithm: sha256WithRSAEncryption
         be:44:64:84:a0:bb:a6:f9:67:92:30:83:ff:8f:30:14:a3:c8:
         19:e6:b8:c4:cb:2a:6d:94:be:6d:62:a5:8a:1c:e5:a7:32:5f:
         ac:08:98:50:16:8a:e3:6e:11:d4:98:e1:97:68:a0:a1:b8:f4:
         27:e7:0f:1a:de:82:8d:1e:34:a9:ea:5d:fe:6c:8c:ae:f7:e2:
         d0:93:66:d2:e9:19:dc:3a:72:0a:7f:bf:5f:ee:4f:2a:ae:94:
         e2:4e:46:4a:06:1b:e2:5a:68:f1:34:c8:b7:08:82:74:e3:c5:
         84:7c:1d:25:c7:e2:06:72:d3:d8:d7:47:ab:4e:a8:ad:71:79:
         ec:5d:12:90:5e:f2:64:6e:76:ea:a6:e8:f8:bf:f5:33:cd:2e:
         58:3b:d2:da:6e:18:6a:3a:f7:d6:ba:32:4f:2a:93:15:55:cc:
         1d:98:d9:d8:91:52:c0:14:f4:b9:3e:51:ae:f8:58:f7:cc:0b:
         ac:09:7a:7d:14:c4:06:d7:6c:04:9c:6a:1d:8c:99:45:6e:f2:
         20:b1:86:ad:8c:5e:02:85:7a:5c:32:1e:8e:5a:d0:bf:14:38:
         2a:f8:cc:c1:a6:d0:3e:fd:90:86:9a:40:15:49:69:85:8d:5e:
         d0:d9:fb:ce:8c:03:93:98:82:01:19:c3:14:48:bb:76:4e:ba:
         5d:47:4d:ef
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEEwRgijANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
MTIzODYwZTIwY2RiMmNmZGYyY2VmYjM3NTNhMTViODIyODI5MjY2MB4XDTIyMDEw
MTA1MDIxOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2FmODMxY2RiZWU3
ODRjY2Y4MzRiOWRmYjZkYjhiZTlhZTkzNWYzNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJsOd2d21tbjKdgU6wGnlyEbP05S5XgF+kvkl45Wj2crv7ab
BPqYoIgm4gH9twnCTnAv9eDWXrnQFU0TZ/BgpXiESfHAk67soRgopLEcIigd2FKJ
BDakvRtwrA8u3c7wRMn0epEP2uUEunAnG2mOTuFw9WW0zrciSXKOJ2Q614I30PJB
OkWyTcQQLw9EfWkQy/rY6Uisxb3nS2S2hsHUpJQb3gQqmSkSvW50Pl+myYuaInhU
aPp6LmVM7BtMcIez3numBdQNZ50w3VF4TUQk87q64KcQg3aQi9V5lVZjyzfu71hM
iMDfP0VExVkNpxA67LUoOWB7wrY3jrfIpKKJobkCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBTK+DHNvueEzPg0ud+224vprpNfNDAfBgNVHSMEGDAWgBThI4YOIM2yz98s
77N1OhW4IoKSZjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzRTT0dEaUROc3NfZkxPLXpkVG9WdUNLQ2ttWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTQvODEwNTk5LTczMWEtNDg2YS1iMjNmLTQ3NTM3ZWI2NDRmNS8x
L3l2Z3h6YjduaE16NE5MbmZ0dHVMNmE2VFh6US5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQv
ODEwNTk5LTczMWEtNDg2YS1iMjNmLTQ3NTM3ZWI2NDRmNS8xLzRTT0dEaUROc3Nf
ZkxPLXpkVG9WdUNLQ2ttWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEBFBW4AMEArks5DANBAIAAjAHAwUA
KgM9ADANBgkqhkiG9w0BAQsFAAOCAQEAvkRkhKC7pvlnkjCD/48wFKPIGea4xMsq
bZS+bWKlihzlpzJfrAiYUBaK424R1Jjhl2igobj0J+cPGt6CjR40qepd/myMrvfi
0JNm0ukZ3DpyCn+/X+5PKq6U4k5GSgYb4lpo8TTItwiCdOPFhHwdJcfiBnLT2NdH
q06orXF57F0SkF7yZG526qbo+L/1M80uWDvS2m4Yajr31royTyqTFVXMHZjZ2JFS
wBT0uT5RrvhY98wLrAl6fRTEBtdsBJxqHYyZRW7yILGGrYxeAoV6XDIejlrQvxQ4
KvjMwabQPv2QhppAFUlphY1e0Nn7zowDk5iCARnDFEi7dk66XUdN7w==
-----END CERTIFICATE-----