Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/b02-JwrIKLjRr1PU14Yzi_twQKI.roa
File:                     b02-JwrIKLjRr1PU14Yzi_twQKI.roa (raw, json)
Hash identifier:          kJRdRY3hI5plVMk0Hoaa4qlZgBQdbliD7QdZts5AK/k=
Subject key identifier:   6F:4D:BE:27:0A:C8:28:B8:D1:AF:53:D4:D7:86:33:8B:FB:70:40:A2
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       018709F46E6AEF3FAB922E8E43BDD112926A
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/b02-JwrIKLjRr1PU14Yzi_twQKI.roa
Signing time:             Wed 22 Mar 2023 15:33:46 +0000
ROA not before:           Wed 22 Mar 2023 15:33:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     996
IP address blocks:        217.144.55.0/24 maxlen: 24
                          217.144.52.0/24 maxlen: 24
                          217.144.57.0/24 maxlen: 24
                          217.144.58.0/24 maxlen: 24
                          185.63.17.0/24 maxlen: 24
                          185.63.18.0/24 maxlen: 24
                          185.63.19.0/24 maxlen: 24
                          213.181.216.0/24 maxlen: 24
                          84.21.4.0/24 maxlen: 24
                          84.21.12.0/24 maxlen: 24
                          84.21.13.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:09:f4:6e:6a:ef:3f:ab:92:2e:8e:43:bd:d1:12:92:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Mar 22 15:33:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6f4dbe270ac828b8d1af53d4d786338bfb7040a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:12:a2:df:84:d4:1e:50:4e:0c:b5:55:ed:09:
                    b7:bf:b5:6c:29:ab:71:78:2a:3c:c8:dd:1b:01:ed:
                    ac:2f:e8:24:79:5c:31:4c:86:51:c0:57:4a:46:aa:
                    ed:8b:b1:6d:03:96:d1:4a:a0:32:88:b2:05:72:06:
                    bb:d2:78:0d:82:07:a4:38:bf:13:49:ec:91:c6:4d:
                    ad:7f:24:29:aa:49:a2:59:a5:67:aa:82:54:e6:c3:
                    85:dd:30:79:7b:c8:f8:0a:5e:8b:43:e3:a9:95:ca:
                    7a:36:19:9d:27:dc:88:75:ee:79:d4:f7:3b:25:85:
                    20:be:3f:92:12:4e:ec:79:81:02:28:34:fd:f5:f9:
                    ae:86:45:84:64:96:8d:85:62:ef:8d:bd:94:8b:8e:
                    7f:e0:94:8f:35:67:86:77:27:fa:de:12:13:f7:73:
                    4c:20:f0:eb:64:bd:8c:56:aa:4d:3e:18:64:c5:91:
                    7c:8f:e4:81:c5:91:9e:c2:7c:b3:cc:3a:fb:d8:6f:
                    fa:23:ac:51:bb:14:2f:8c:a6:76:64:fb:56:65:0c:
                    e8:ff:7c:b0:28:2c:f7:ea:b6:09:38:e1:df:03:7e:
                    5b:f3:69:ed:e1:a7:e3:af:59:51:4a:a5:9b:77:3b:
                    f9:44:22:de:90:3f:a0:df:5c:46:f0:e6:b2:fb:d4:
                    65:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:4D:BE:27:0A:C8:28:B8:D1:AF:53:D4:D7:86:33:8B:FB:70:40:A2
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/b02-JwrIKLjRr1PU14Yzi_twQKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.21.4.0/24
                  84.21.12.0/23
                  185.63.17.0-185.63.19.255
                  213.181.216.0/24
                  217.144.52.0/24
                  217.144.55.0/24
                  217.144.57.0-217.144.58.255

    Signature Algorithm: sha256WithRSAEncryption
         20:71:e6:d3:16:82:8a:94:31:8c:80:b2:12:2b:93:89:dd:17:
         c3:23:b7:a4:d5:fb:c5:72:38:1b:55:43:09:86:a4:57:53:bc:
         34:02:53:64:87:89:40:fc:16:c9:49:9d:30:06:9c:80:e6:02:
         e2:37:f3:5f:eb:52:e1:65:05:93:2f:f7:fd:aa:db:85:7a:d2:
         b9:e0:30:13:7b:42:49:80:ee:cd:2e:77:56:d2:b2:f0:fc:3b:
         2b:ce:5c:cc:d0:ae:e9:6c:5f:db:58:f2:f1:c0:29:10:34:7d:
         c4:5c:b8:5d:cb:f9:f3:55:94:3f:fa:f2:dd:e0:f2:2e:cc:80:
         e1:8a:68:5f:df:b7:dc:16:8d:a4:dc:71:bd:89:62:63:7e:91:
         ce:2a:28:2d:0e:7a:c1:55:57:ee:20:49:47:e0:4d:ab:8f:61:
         32:19:d6:28:b4:c1:4a:57:2d:80:4a:05:57:bc:ab:e2:8e:1e:
         49:fc:f2:53:d7:34:0e:a8:85:2e:ec:8c:3f:63:28:70:8c:b6:
         98:dd:fa:bc:b9:6a:1e:58:05:a8:99:6e:22:39:f9:32:f5:ce:
         f2:fe:b8:d4:88:98:84:ed:44:23:13:b3:f0:a3:ad:9d:42:e3:
         a3:e5:24:2b:fe:11:0b:19:2c:1a:b6:6e:e6:ef:b4:ed:c7:36:
         af:ca:84:66
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYcJ9G5q7z+rki6OQ73REpJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjMwMzIyMTUzMzQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjRkYmUyNzBhYzgyOGI4ZDFhZjUzZDRkNzg2MzM4YmZiNzA0MGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6xKi34TUHlBODLVV7Qm3v7VsKatx
eCo8yN0bAe2sL+gkeVwxTIZRwFdKRqrti7FtA5bRSqAyiLIFcga70ngNggekOL8T
SeyRxk2tfyQpqkmiWaVnqoJU5sOF3TB5e8j4Cl6LQ+Oplcp6NhmdJ9yIde551Pc7
JYUgvj+SEk7seYECKDT99fmuhkWEZJaNhWLvjb2Ui45/4JSPNWeGdyf63hIT93NM
IPDrZL2MVqpNPhhkxZF8j+SBxZGewnyzzDr72G/6I6xRuxQvjKZ2ZPtWZQzo/3yw
KCz36rYJOOHfA35b82nt4afjr1lRSqWbdzv5RCLekD+g31xG8Oay+9Rl1QIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFG9NvicKyCi40a9T1NeGM4v7cECiMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvYjAyLUp3cklLTGpScjFQVTE0WXppX3R3UUtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQAVBUEAwQB
VBUMMAwDBAC5PxEDBAK5PxADBADVtdgDBADZkDQDBADZkDcwDAMEANmQOQMEANmQ
OjANBgkqhkiG9w0BAQsFAAOCAQEAIHHm0xaCipQxjICyEiuTid0XwyO3pNX7xXI4
G1VDCYakV1O8NAJTZIeJQPwWyUmdMAacgOYC4jfzX+tS4WUFky/3/arbhXrSueAw
E3tCSYDuzS53VtKy8Pw7K85czNCu6Wxf21jy8cApEDR9xFy4Xcv581WUP/ry3eDy
LsyA4YpoX9+33BaNpNxxvYliY36RziooLQ56wVVX7iBJR+BNq49hMhnWKLTBSlct
gEoFV7yr4o4eSfzyU9c0DqiFLuyMP2MocIy2mN36vLlqHlgFqJluIjn5MvXO8v64
1IiYhO1EIxOz8KOtnULjo+UkK/4RCxksGrZu5u+07cc2r8qEZg==
-----END CERTIFICATE-----