Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/LMgoZQVwVnsikew4ub0S3jHm5fA.roa
File:                     LMgoZQVwVnsikew4ub0S3jHm5fA.roa (raw, json)
Hash identifier:          je/bb1wTbC6rWDTOtcEakp2WGY+eqqy4VK5v0OsmI5o=
Subject key identifier:   2C:C8:28:65:05:70:56:7B:22:91:EC:38:B9:BD:12:DE:31:E6:E5:F0
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018340D752012DEAC8E42C92BC38B1203951
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/LMgoZQVwVnsikew4ub0S3jHm5fA.roa
Signing time:             Thu 15 Sep 2022 11:09:56 +0000
ROA not before:           Thu 15 Sep 2022 11:09:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     22773
IP address blocks:        45.146.192.0/22 maxlen: 22
                          45.146.60.0/22 maxlen: 22
                          2a10:6080::/29 maxlen: 29
                          2a10:6680::/29 maxlen: 29
                          2a10:5e80::/29 maxlen: 29
                          2a10:6480::/29 maxlen: 29
                          2a10:6780::/29 maxlen: 29
                          2a10:5f80::/29 maxlen: 29
                          2a10:6580::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:40:d7:52:01:2d:ea:c8:e4:2c:92:bc:38:b1:20:39:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Sep 15 11:09:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2cc828650570567b2291ec38b9bd12de31e6e5f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:da:13:1d:12:ea:12:5e:d8:d3:d2:b0:41:02:
                    72:9a:92:c3:2e:9f:f7:90:ac:1f:fa:bb:67:66:90:
                    d3:1a:62:b2:b4:cb:0e:bc:70:26:79:91:33:99:08:
                    24:92:ec:a6:fa:24:86:c4:4f:89:a5:16:14:55:d0:
                    3e:23:b0:b4:c5:78:bb:1e:96:df:6b:06:fb:e7:c7:
                    41:42:f8:a1:e5:90:3e:01:8a:86:fc:12:8b:2f:ea:
                    c2:3a:ff:4a:4c:d4:8f:55:c6:f5:1b:67:45:96:78:
                    00:3c:11:ef:13:b7:25:45:f1:e8:77:49:53:3e:28:
                    25:1b:94:d7:5a:d4:6a:11:eb:89:8f:7e:3e:e1:d2:
                    21:44:b6:b6:76:34:2c:65:76:60:03:55:8b:6d:2d:
                    11:77:98:a2:3d:9f:d6:d6:07:06:d5:d0:bd:12:38:
                    d8:80:02:20:b6:6b:e9:fd:e8:6a:bd:ec:07:f7:cc:
                    60:8a:de:95:08:db:6a:33:73:6e:6c:a2:56:44:e6:
                    cc:0a:d8:f6:8b:b7:42:ab:45:6d:60:b7:65:41:e7:
                    a8:c7:e7:f7:91:e0:d5:41:3d:49:96:fc:d2:dd:ee:
                    32:f2:8a:43:cc:a0:4f:90:0b:8b:6f:17:81:e1:45:
                    10:b9:58:32:7e:26:d4:70:c5:3b:0c:27:64:5d:12:
                    f3:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:C8:28:65:05:70:56:7B:22:91:EC:38:B9:BD:12:DE:31:E6:E5:F0
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/LMgoZQVwVnsikew4ub0S3jHm5fA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.60.0/22
                  45.146.192.0/22
                IPv6:
                  2a10:5e80::/29
                  2a10:5f80::/29
                  2a10:6080::/29
                  2a10:6480::/29
                  2a10:6580::/29
                  2a10:6680::/29
                  2a10:6780::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:69:3f:08:7a:21:60:5a:27:1b:36:0d:5d:0b:2f:0b:7a:d5:
         5b:3c:37:0b:48:82:47:9b:a8:70:6f:09:c0:15:94:8e:bc:2a:
         69:58:70:b0:ee:19:74:aa:62:f3:57:5b:ea:73:fa:d7:67:7a:
         fd:07:76:12:dc:03:f2:fa:5a:f9:40:8a:31:58:0f:c4:ee:56:
         08:3b:9a:af:0f:cb:07:f0:dc:79:d1:f7:23:bd:5a:a9:20:e9:
         34:e3:45:41:b6:6d:62:85:ec:12:c9:f1:45:de:ed:40:9d:cf:
         cb:10:ee:e5:04:83:89:6a:d5:d8:83:5f:b6:b4:e1:9b:f4:7b:
         43:32:09:99:59:48:9f:86:b1:b2:5d:41:29:4a:75:dd:d9:28:
         9e:bc:1a:43:19:39:94:d8:fa:61:f0:38:31:07:e4:1c:9c:40:
         5d:22:ba:f5:16:27:44:88:82:67:d6:98:17:bc:ca:6f:15:96:
         6e:67:a1:57:11:e4:dd:e3:df:79:c4:e4:51:86:f5:39:ab:06:
         ad:c8:26:45:97:4f:db:0f:45:2c:8e:67:0e:47:07:dd:85:aa:
         4a:36:3d:b7:0e:f6:30:e7:1f:d7:a0:5b:6b:20:84:58:60:1b:
         1b:7c:60:a1:59:cd:19:da:d4:86:46:f7:41:13:8e:51:b5:8a:
         4f:6e:65:8b
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYNA11IBLerI5CySvDixIDlRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjIwOTE1MTEwOTU2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2M4Mjg2NTA1NzA1NjdiMjI5MWVjMzhiOWJkMTJkZTMxZTZlNWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydoTHRLqEl7Y09KwQQJympLDLp/3
kKwf+rtnZpDTGmKytMsOvHAmeZEzmQgkkuym+iSGxE+JpRYUVdA+I7C0xXi7Hpbf
awb758dBQvih5ZA+AYqG/BKLL+rCOv9KTNSPVcb1G2dFlngAPBHvE7clRfHod0lT
PiglG5TXWtRqEeuJj34+4dIhRLa2djQsZXZgA1WLbS0Rd5iiPZ/W1gcG1dC9EjjY
gAIgtmvp/ehqvewH98xgit6VCNtqM3NubKJWRObMCtj2i7dCq0VtYLdlQeeox+f3
keDVQT1JlvzS3e4y8opDzKBPkAuLbxeB4UUQuVgyfibUcMU7DCdkXRLz5QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFCzIKGUFcFZ7IpHsOLm9Et4x5uXwMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvTE1nb1pRVndWbnNpa2V3NHViMFMzakhtNWZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTASBAIAATAMAwQCLZI8AwQC
LZLAMDcEAgACMDEDBQMqEF6AAwUDKhBfgAMFAyoQYIADBQMqEGSAAwUDKhBlgAMF
AyoQZoADBQMqEGeAMA0GCSqGSIb3DQEBCwUAA4IBAQApaT8IeiFgWicbNg1dCy8L
etVbPDcLSIJHm6hwbwnAFZSOvCppWHCw7hl0qmLzV1vqc/rXZ3r9B3YS3APy+lr5
QIoxWA/E7lYIO5qvD8sH8Nx50fcjvVqpIOk040VBtm1ihewSyfFF3u1Anc/LEO7l
BIOJatXYg1+2tOGb9HtDMgmZWUifhrGyXUEpSnXd2SievBpDGTmU2Pph8DgxB+Qc
nEBdIrr1FidEiIJn1pgXvMpvFZZuZ6FXEeTd4995xORRhvU5qwatyCZFl0/bD0Us
jmcORwfdhapKNj23DvYw5x/XoFtrIIRYYBsbfGChWc0Z2tSGRvdBE45RtYpPbmWL
-----END CERTIFICATE-----