Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/S2gsmuGftke0iFx2-T2AkPhz9k8.roa
File:                     S2gsmuGftke0iFx2-T2AkPhz9k8.roa (raw, json)
Hash identifier:          YVsR+MVgxp1ghO0XpJ9uIRrpQy3gxaVmbvllcUU1GNE=
Subject key identifier:   4B:68:2C:9A:E1:9F:B6:47:B4:88:5C:76:F9:3D:80:90:F8:73:F6:4F
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       0183FC024E1E46F631AA61A445231408DE7B
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/S2gsmuGftke0iFx2-T2AkPhz9k8.roa
Signing time:             Fri 21 Oct 2022 19:25:52 +0000
ROA not before:           Fri 21 Oct 2022 19:25:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        155.193.229.0/24 maxlen: 24
                          192.6.252.0/22 maxlen: 22
                          155.193.32.0/19 maxlen: 19
                          155.193.250.0/24 maxlen: 24
                          155.193.251.0/24 maxlen: 24
                          155.193.248.0/24 maxlen: 24
                          155.193.249.0/24 maxlen: 24
                          192.25.232.0/22 maxlen: 22
                          192.137.24.0/22 maxlen: 22
                          192.25.244.0/22 maxlen: 22
                          192.6.172.0/22 maxlen: 22
                          155.193.163.0/24 maxlen: 24
                          155.193.161.0/24 maxlen: 24
                          155.193.162.0/24 maxlen: 24
                          155.193.160.0/24 maxlen: 24
                          192.25.180.0/22 maxlen: 22
                          192.25.200.0/22 maxlen: 22
                          192.25.208.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:fc:02:4e:1e:46:f6:31:aa:61:a4:45:23:14:08:de:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Oct 21 19:25:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4b682c9ae19fb647b4885c76f93d8090f873f64f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:08:2e:ac:9e:a3:d9:d8:83:88:d2:bf:15:c6:
                    43:70:ab:2f:a1:eb:17:cc:4b:ed:1a:52:7d:6e:b8:
                    88:2a:98:e0:33:4f:63:67:77:c9:af:c8:b6:8d:15:
                    a8:25:25:25:bf:fa:83:41:96:11:1f:fe:bf:e7:da:
                    30:a4:97:ab:b2:31:2b:b9:f3:1a:8d:eb:e7:50:25:
                    4e:41:06:69:9e:de:22:9f:75:f5:f2:13:5f:4e:bc:
                    a6:b0:ed:9c:81:b6:6a:cf:2b:28:2f:5a:cf:45:d7:
                    0d:c8:85:41:ad:98:e7:b9:8e:7c:85:b3:2e:17:3e:
                    fc:e6:ed:3d:2c:b3:ee:37:5c:03:98:23:63:91:45:
                    fe:ba:a5:28:c8:6b:94:95:b5:64:a8:6c:f1:c0:57:
                    cc:4f:d6:b2:a4:e2:a3:38:bf:ac:5c:5a:f6:31:fa:
                    4d:b1:79:8f:87:b1:81:87:0e:15:73:56:69:e0:b0:
                    35:80:94:3e:25:4f:be:cc:ca:5f:78:bd:6c:1f:a8:
                    e3:0e:4b:86:8c:0e:9b:ac:b1:d2:01:f0:f7:a2:84:
                    ac:33:a6:dc:5a:ea:02:f1:d2:16:62:a6:e6:e9:b1:
                    22:cd:c3:89:39:8e:f6:95:b0:b2:5d:0b:7b:01:34:
                    71:79:25:7a:f2:66:fd:e7:57:5f:53:23:21:bd:8a:
                    f7:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:68:2C:9A:E1:9F:B6:47:B4:88:5C:76:F9:3D:80:90:F8:73:F6:4F
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/S2gsmuGftke0iFx2-T2AkPhz9k8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.193.32.0/19
                  155.193.160.0/22
                  155.193.229.0/24
                  155.193.248.0/22
                  192.6.172.0/22
                  192.6.252.0/22
                  192.25.180.0/22
                  192.25.200.0/22
                  192.25.208.0/22
                  192.25.232.0/22
                  192.25.244.0/22
                  192.137.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:e7:7d:07:6c:76:5a:04:b9:44:f4:df:3f:2d:25:4d:f8:1d:
         7c:ee:4e:a2:a6:e6:fc:be:b3:7c:fc:a9:fa:21:01:02:4d:97:
         eb:14:ce:71:be:30:6a:1e:d7:3a:b2:ad:90:ae:85:a9:62:5e:
         4b:7c:ca:08:b2:24:21:82:a9:39:d4:cb:6d:18:5a:63:5d:87:
         dc:d5:58:37:2e:6c:ba:a5:f5:6f:22:4d:9c:3c:d3:fa:31:86:
         64:bf:56:47:29:a5:2d:00:32:f0:16:f0:fa:d6:cd:a8:c6:6b:
         7c:69:d8:8f:42:84:55:41:67:43:a7:5a:06:5a:50:a0:ae:43:
         cc:58:99:a6:a3:64:c7:ce:78:36:fa:3b:98:93:6d:a2:b9:f4:
         67:45:19:1a:3f:39:01:cd:f7:c0:cb:42:d7:a0:70:01:0f:dc:
         07:2d:c8:25:6c:e0:43:54:0a:bd:94:c4:52:6b:e4:dc:b4:fb:
         7d:c1:60:d7:8a:8a:f5:08:ba:ee:96:79:ff:e2:39:73:39:ff:
         8d:f8:cc:ca:bf:c6:34:4a:3f:45:26:0d:3c:1e:db:06:ce:14:
         e2:2a:96:4d:43:92:58:31:b3:c8:97:77:af:e6:df:ac:86:86:
         c9:b1:81:f9:59:2d:a2:60:7e:be:bc:72:6f:58:3b:6c:b0:cc:
         cd:02:db:e0
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYP8Ak4eRvYxqmGkRSMUCN57MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjIxMDIxMTkyNTUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjY4MmM5YWUxOWZiNjQ3YjQ4ODVjNzZmOTNkODA5MGY4NzNmNjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAgurJ6j2diDiNK/FcZDcKsvoesX
zEvtGlJ9briIKpjgM09jZ3fJr8i2jRWoJSUlv/qDQZYRH/6/59owpJersjErufMa
jevnUCVOQQZpnt4in3X18hNfTrymsO2cgbZqzysoL1rPRdcNyIVBrZjnuY58hbMu
Fz785u09LLPuN1wDmCNjkUX+uqUoyGuUlbVkqGzxwFfMT9aypOKjOL+sXFr2MfpN
sXmPh7GBhw4Vc1Zp4LA1gJQ+JU++zMpfeL1sH6jjDkuGjA6brLHSAfD3ooSsM6bc
WuoC8dIWYqbm6bEizcOJOY72lbCyXQt7ATRxeSV68mb951dfUyMhvYr3NQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFEtoLJrhn7ZHtIhcdvk9gJD4c/ZPMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvUzJnc211R2Z0a2UwaUZ4Mi1UMkFrUGh6OWs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQFm8EgAwQC
m8GgAwQAm8HlAwQCm8H4AwQCwAasAwQCwAb8AwQCwBm0AwQCwBnIAwQCwBnQAwQC
wBnoAwQCwBn0AwQCwIkYMA0GCSqGSIb3DQEBCwUAA4IBAQCK530HbHZaBLlE9N8/
LSVN+B187k6ipub8vrN8/Kn6IQECTZfrFM5xvjBqHtc6sq2QroWpYl5LfMoIsiQh
gqk51MttGFpjXYfc1Vg3Lmy6pfVvIk2cPNP6MYZkv1ZHKaUtADLwFvD61s2oxmt8
adiPQoRVQWdDp1oGWlCgrkPMWJmmo2THzng2+juYk22iufRnRRkaPzkBzffAy0LX
oHABD9wHLcglbOBDVAq9lMRSa+TctPt9wWDXior1CLrulnn/4jlzOf+N+MzKv8Y0
Sj9FJg08HtsGzhTiKpZNQ5JYMbPIl3ev5t+shobJsYH5WS2iYH6+vHJvWDtssMzN
Atvg
-----END CERTIFICATE-----