Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/WhKlKFTo9_LSZdJe6RAiY4DoyBk.roa
File:                     WhKlKFTo9_LSZdJe6RAiY4DoyBk.roa (raw, json)
Hash identifier:          HvO1dhnfctf3Pqx9QK0kH4if9THbU794rM0ey6GtjZE=
Subject key identifier:   5A:12:A5:28:54:E8:F7:F2:D2:65:D2:5E:E9:10:22:63:80:E8:C8:19
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       0183130E8B038E10B223B9007C79FBA4B554
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/WhKlKFTo9_LSZdJe6RAiY4DoyBk.roa
Signing time:             Tue 06 Sep 2022 13:47:43 +0000
ROA not before:           Tue 06 Sep 2022 13:47:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     22773
IP address blocks:        45.146.192.0/22 maxlen: 22
                          45.146.60.0/22 maxlen: 22
                          2a10:6080::/29 maxlen: 29
                          2a10:6680::/29 maxlen: 29
                          2a10:5e80::/29 maxlen: 29
                          2a10:6480::/29 maxlen: 29
                          2a10:5f80::/29 maxlen: 29
                          2a10:6280::/29 maxlen: 29
                          2a10:6580::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:13:0e:8b:03:8e:10:b2:23:b9:00:7c:79:fb:a4:b5:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Sep  6 13:47:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5a12a52854e8f7f2d265d25ee910226380e8c819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:f5:46:d0:e9:06:aa:bf:b6:87:30:77:c8:5d:
                    23:ee:60:ab:dc:21:5f:6c:be:39:98:5a:d6:a9:65:
                    e6:de:02:21:97:9b:6b:ab:96:75:8d:18:79:51:eb:
                    b3:2a:74:7d:43:ea:77:fc:9c:43:dc:b7:3b:77:ef:
                    2e:cf:70:92:44:54:ab:67:3d:e5:bd:f8:1f:23:c5:
                    a8:cd:32:15:67:16:22:e4:76:3e:f6:08:35:ec:27:
                    ae:41:9e:6d:77:48:f0:75:5f:fa:99:c5:da:01:b5:
                    3b:76:63:46:e2:77:61:ad:e5:e2:8d:50:24:69:64:
                    0d:fb:78:93:5e:bc:9f:53:64:de:ea:c0:71:d8:b9:
                    9e:b5:d1:b8:53:33:c9:f9:88:36:6c:5b:37:e1:b0:
                    a7:f4:e5:a3:5b:55:a1:cf:43:4a:7e:a7:57:e3:e0:
                    48:b0:df:5c:78:8e:68:d5:ad:e5:0f:8b:d0:24:9a:
                    24:89:ed:de:a5:16:45:ae:a5:bf:ce:1e:6a:95:bb:
                    ff:e6:52:d4:95:c9:8d:e7:ed:ca:c4:8c:54:c6:a6:
                    9c:c1:b5:0e:a5:32:6d:ab:68:c9:c3:3c:d7:05:fc:
                    50:15:7e:b5:30:4a:62:39:05:71:df:40:ed:b3:69:
                    ca:47:8b:ee:13:29:fb:59:d3:7c:a3:2d:32:1f:03:
                    82:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:12:A5:28:54:E8:F7:F2:D2:65:D2:5E:E9:10:22:63:80:E8:C8:19
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/WhKlKFTo9_LSZdJe6RAiY4DoyBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.60.0/22
                  45.146.192.0/22
                IPv6:
                  2a10:5e80::/29
                  2a10:5f80::/29
                  2a10:6080::/29
                  2a10:6280::/29
                  2a10:6480::/29
                  2a10:6580::/29
                  2a10:6680::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:47:89:d9:6a:1d:5b:20:67:16:3a:ab:45:63:e0:21:8c:9a:
         3e:ff:a7:0d:9d:64:9a:a4:45:33:fd:ce:22:ac:4a:06:7c:34:
         07:c4:4f:0d:d3:07:7c:fc:c4:e4:ae:8b:18:30:ba:ad:ae:01:
         d1:fa:66:12:1e:e5:32:cb:68:54:04:86:b3:2a:59:dd:0c:d2:
         05:40:99:bc:f6:ea:b7:72:29:10:a8:ca:49:0e:f3:fa:ef:12:
         96:67:99:37:c8:d7:a3:71:8b:77:6d:ef:27:d5:bb:a1:1e:91:
         8c:f9:44:74:5b:7e:e2:e4:5f:55:ee:a1:1b:f7:73:95:2b:75:
         6d:7d:83:5b:b2:46:70:aa:01:56:b2:ae:d2:65:ea:41:e4:bf:
         19:fa:35:68:03:58:ce:30:0f:69:d2:80:63:65:64:08:e5:c5:
         9d:c9:dd:9c:47:d0:8a:8e:f3:f7:55:5b:61:54:fa:2f:74:5e:
         d4:11:f3:5d:9f:80:f4:fd:0c:52:e7:53:44:0d:03:6c:3a:ed:
         7f:e7:49:b2:c3:c8:74:5b:12:1a:a5:37:0a:5b:49:3d:1c:b8:
         a1:2a:27:de:31:9d:95:47:c9:e4:aa:43:e9:5e:e3:d1:80:d0:
         d2:fb:af:67:ad:c1:9b:d4:d7:54:1e:2e:4c:1d:86:70:eb:e6:
         cb:5e:d2:dc
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYMTDosDjhCyI7kAfHn7pLVUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjIwOTA2MTM0NzQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTEyYTUyODU0ZThmN2YyZDI2NWQyNWVlOTEwMjI2MzgwZThjODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPVG0OkGqr+2hzB3yF0j7mCr3CFf
bL45mFrWqWXm3gIhl5trq5Z1jRh5UeuzKnR9Q+p3/JxD3Lc7d+8uz3CSRFSrZz3l
vfgfI8WozTIVZxYi5HY+9gg17CeuQZ5td0jwdV/6mcXaAbU7dmNG4ndhreXijVAk
aWQN+3iTXryfU2Te6sBx2LmetdG4UzPJ+Yg2bFs34bCn9OWjW1Whz0NKfqdX4+BI
sN9ceI5o1a3lD4vQJJokie3epRZFrqW/zh5qlbv/5lLUlcmN5+3KxIxUxqacwbUO
pTJtq2jJwzzXBfxQFX61MEpiOQVx30Dts2nKR4vuEyn7WdN8oy0yHwOCSQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFFoSpShU6Pfy0mXSXukQImOA6MgZMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvV2hLbEtGVG85X0xTWmRKZTZSQWlZNERveUJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTASBAIAATAMAwQCLZI8AwQC
LZLAMDcEAgACMDEDBQMqEF6AAwUDKhBfgAMFAyoQYIADBQMqEGKAAwUDKhBkgAMF
AyoQZYADBQMqEGaAMA0GCSqGSIb3DQEBCwUAA4IBAQBsR4nZah1bIGcWOqtFY+Ah
jJo+/6cNnWSapEUz/c4irEoGfDQHxE8N0wd8/MTkrosYMLqtrgHR+mYSHuUyy2hU
BIazKlndDNIFQJm89uq3cikQqMpJDvP67xKWZ5k3yNejcYt3be8n1buhHpGM+UR0
W37i5F9V7qEb93OVK3VtfYNbskZwqgFWsq7SZepB5L8Z+jVoA1jOMA9p0oBjZWQI
5cWdyd2cR9CKjvP3VVthVPovdF7UEfNdn4D0/QxS51NEDQNsOu1/50myw8h0WxIa
pTcKW0k9HLihKifeMZ2VR8nkqkPpXuPRgNDS+69nrcGb1NdUHi5MHYZw6+bLXtLc
-----END CERTIFICATE-----