Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/vZMiim46ImzrhJTVyOaS5FwIpbM.roa
File:                     vZMiim46ImzrhJTVyOaS5FwIpbM.roa (raw, json)
Hash identifier:          ZqOnknF5CMffo4rygPx9vv6TfmZTZzfH/otCf+mnTaI=
Subject key identifier:   BD:93:22:8A:6E:3A:22:6C:EB:84:94:D5:C8:E6:92:E4:5C:08:A5:B3
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       0185639EFD4FCD629EAF73BD6B8CE9A1C278
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/vZMiim46ImzrhJTVyOaS5FwIpbM.roa
Signing time:             Fri 30 Dec 2022 15:20:42 +0000
ROA not before:           Fri 30 Dec 2022 15:20:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12325
IP address blocks:        89.46.42.0/24 maxlen: 24
                          94.177.28.0/24 maxlen: 24
                          188.213.212.0/24 maxlen: 24
                          188.213.216.0/24 maxlen: 24
                          94.176.213.0/24 maxlen: 24
                          89.47.36.0/24 maxlen: 24
                          92.114.32.0/24 maxlen: 24
                          89.40.222.0/23 maxlen: 24
                          92.114.54.0/24 maxlen: 24
                          89.35.124.0/23 maxlen: 24
                          89.44.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:63:9e:fd:4f:cd:62:9e:af:73:bd:6b:8c:e9:a1:c2:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Dec 30 15:20:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bd93228a6e3a226ceb8494d5c8e692e45c08a5b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c6:bf:59:a0:06:c6:50:ac:29:35:9c:7f:46:
                    52:cd:ae:76:1f:62:94:7a:e9:65:26:50:df:8e:4e:
                    cc:22:cf:89:45:cd:a5:79:3c:81:d8:36:1b:c1:6c:
                    27:d5:12:bd:21:41:c0:b2:22:c4:f6:6d:76:82:4b:
                    ab:1b:fe:d5:58:bb:d9:be:f4:57:fe:a3:94:f9:95:
                    df:b4:18:e7:cd:f1:9f:5c:eb:d8:10:75:f6:82:12:
                    0e:ae:e5:fc:c3:d8:3d:b3:47:90:75:14:fc:6d:ca:
                    31:37:76:04:4e:90:c2:ad:8c:0f:81:6e:2a:d6:22:
                    37:79:42:8b:21:0d:30:c3:8c:39:15:4b:9f:99:8b:
                    03:cc:55:5d:90:fe:75:0b:bd:d2:2e:be:1a:33:cd:
                    5b:b7:b8:ef:4c:e0:4a:71:64:e1:87:5a:e3:90:6d:
                    4a:85:0c:f7:36:6f:82:8a:95:9e:fa:1b:62:e6:ad:
                    0a:44:63:1e:db:8f:a3:01:b1:65:bc:c3:c1:60:56:
                    d0:f8:59:29:26:40:f9:cf:6a:87:93:c8:89:a7:56:
                    4e:2f:de:74:a6:f4:92:3e:39:4b:72:a3:45:94:7c:
                    88:82:0c:27:2b:59:fa:72:66:db:83:a5:6a:ce:05:
                    b8:be:4c:bd:c9:62:89:9a:12:d5:da:34:fc:24:57:
                    73:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:93:22:8A:6E:3A:22:6C:EB:84:94:D5:C8:E6:92:E4:5C:08:A5:B3
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/vZMiim46ImzrhJTVyOaS5FwIpbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.124.0/23
                  89.40.222.0/23
                  89.44.105.0/24
                  89.46.42.0/24
                  89.47.36.0/24
                  92.114.32.0/24
                  92.114.54.0/24
                  94.176.213.0/24
                  94.177.28.0/24
                  188.213.212.0/24
                  188.213.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         f6:21:b2:33:ba:b5:e2:9e:c6:c0:c4:d3:89:1d:17:89:be:87:
         12:80:b3:fd:b0:a8:6d:e4:8e:a1:4e:38:cd:d5:31:88:aa:fe:
         e7:e7:16:97:94:89:b4:4b:16:6f:57:01:61:59:75:9b:25:7a:
         d7:f7:92:fe:4b:9b:eb:d3:f4:41:74:7f:bc:d2:7f:50:37:e7:
         e8:34:5f:d8:5e:4a:d1:91:f5:c9:f6:ac:0c:43:bd:27:78:78:
         6c:75:91:d2:01:51:ef:38:b8:f9:63:74:77:cb:d7:57:80:b9:
         7a:5c:ff:c7:6d:87:f3:ae:a8:22:05:b8:5d:07:03:13:15:37:
         60:ea:11:e1:f5:f5:9d:07:1b:ee:74:cf:9d:75:3c:25:40:28:
         ae:3e:04:30:d6:93:56:4b:f6:07:4d:e0:5b:a9:72:c5:ae:8d:
         a3:70:51:91:1f:d0:ea:e7:13:ec:4c:61:63:3f:0a:46:e1:32:
         27:26:9b:f3:8e:b9:cc:78:97:3d:55:93:3d:92:bf:4f:c4:ae:
         9b:d3:ce:41:ad:19:8c:3f:91:ca:1b:ef:3c:30:b2:4d:08:6d:
         c3:90:28:9b:79:51:c2:45:7f:f1:69:19:d4:fa:f3:0f:69:40:
         a5:04:15:93:31:f5:c8:56:1c:7b:7c:55:27:b0:a8:bf:55:20:
         4b:0d:15:e0
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYVjnv1PzWKer3O9a4zpocJ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjIxMjMwMTUyMDQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDkzMjI4YTZlM2EyMjZjZWI4NDk0ZDVjOGU2OTJlNDVjMDhhNWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8a/WaAGxlCsKTWcf0ZSza52H2KU
eullJlDfjk7MIs+JRc2leTyB2DYbwWwn1RK9IUHAsiLE9m12gkurG/7VWLvZvvRX
/qOU+ZXftBjnzfGfXOvYEHX2ghIOruX8w9g9s0eQdRT8bcoxN3YETpDCrYwPgW4q
1iI3eUKLIQ0ww4w5FUufmYsDzFVdkP51C73SLr4aM81bt7jvTOBKcWThh1rjkG1K
hQz3Nm+CipWe+hti5q0KRGMe24+jAbFlvMPBYFbQ+FkpJkD5z2qHk8iJp1ZOL950
pvSSPjlLcqNFlHyIggwnK1n6cmbbg6VqzgW4vky9yWKJmhLV2jT8JFdzowIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFL2TIopuOiJs64SU1cjmkuRcCKWzMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL3ZaTWlpbTQ2SW16cmhKVFZ5T2FTNUZ3SXBiTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwWwYIKwYBBQUHAQcBAf8ETDBKMEgEAgABMEIDBAFZI3wD
BAFZKN4DBABZLGkDBABZLioDBABZLyQDBABcciADBABccjYDBABesNUDBABesRwD
BAC81dQDBAC81dgwDQYJKoZIhvcNAQELBQADggEBAPYhsjO6teKexsDE04kdF4m+
hxKAs/2wqG3kjqFOOM3VMYiq/ufnFpeUibRLFm9XAWFZdZsletf3kv5Lm+vT9EF0
f7zSf1A35+g0X9heStGR9cn2rAxDvSd4eGx1kdIBUe84uPljdHfL11eAuXpc/8dt
h/OuqCIFuF0HAxMVN2DqEeH19Z0HG+50z511PCVAKK4+BDDWk1ZL9gdN4FupcsWu
jaNwUZEf0OrnE+xMYWM/CkbhMicmm/OOucx4lz1Vkz2Sv0/ErpvTzkGtGYw/kcob
7zwwsk0IbcOQKJt5UcJFf/FpGdT68w9pQKUEFZMx9chWHHt8VSewqL9VIEsNFeA=
-----END CERTIFICATE-----