Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/LfktZXJO8hoyhindLUN53x9D_Mk.roa
File:                     LfktZXJO8hoyhindLUN53x9D_Mk.roa (raw, json)
Hash identifier:          s04UeKtZfB3jluLkZKNj1l4kz4SEGJfsdjpSd0A54Ls=
Subject key identifier:   2D:F9:2D:65:72:4E:F2:1A:32:86:29:DD:2D:43:79:DF:1F:43:FC:C9
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       0189B0D680E7B434DDE219B8A7379BCBA7A8
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/LfktZXJO8hoyhindLUN53x9D_Mk.roa
Signing time:             Tue 01 Aug 2023 11:23:15 +0000
ROA not before:           Tue 01 Aug 2023 11:23:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202656
IP address blocks:        45.138.212.0/24 maxlen: 24
                          45.138.215.0/24 maxlen: 24
                          91.237.105.0/24 maxlen: 24
                          91.237.104.0/24 maxlen: 24
                          45.138.7.0/24 maxlen: 24
                          91.206.69.0/24 maxlen: 24
                          194.107.200.0/24 maxlen: 24
                          45.152.118.0/24 maxlen: 24
                          45.149.131.0/24 maxlen: 24
                          45.149.130.0/24 maxlen: 24
                          45.152.119.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:b0:d6:80:e7:b4:34:dd:e2:19:b8:a7:37:9b:cb:a7:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Aug  1 11:23:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2df92d65724ef21a328629dd2d4379df1f43fcc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f5:f1:22:d4:38:4f:8e:bc:61:a5:02:90:13:
                    b9:50:99:34:3b:82:5e:bc:2a:8e:62:c2:b0:50:cb:
                    1d:b4:08:db:58:26:90:2a:c4:8e:b1:96:f7:dc:d1:
                    cc:41:d6:85:f5:fd:21:cd:23:6e:80:f9:6b:14:c3:
                    08:eb:9d:00:81:a2:87:e8:fd:81:f5:c6:1c:da:fc:
                    fa:fd:c9:3d:fa:c5:98:19:58:47:8a:c6:68:60:ad:
                    79:28:69:63:a4:72:2d:8b:ba:f4:00:ef:d5:a0:34:
                    bb:0b:ae:5f:76:d9:a5:fc:48:b9:75:33:b0:d5:30:
                    86:d3:1e:0f:30:e7:b6:d5:ca:a7:96:91:77:97:3a:
                    cc:1e:81:32:48:10:b9:c6:71:a8:c9:e8:19:e1:f6:
                    a4:70:17:e6:8a:d4:a5:d9:61:f0:d5:f7:dc:fb:7c:
                    82:65:b4:a9:40:a8:8b:c3:82:db:b3:14:89:66:31:
                    c6:0f:8e:c9:31:1b:86:14:3d:64:3e:95:b9:db:13:
                    4e:58:3f:02:e5:4e:da:c2:2a:9f:2b:f8:85:12:cf:
                    81:03:87:11:f0:59:c8:44:95:bf:03:c8:b4:fb:da:
                    e0:96:4f:b1:4c:2c:6c:2b:d8:98:2b:b4:b5:e0:e3:
                    d6:ef:ff:20:e8:d6:c2:ad:ba:13:67:9e:c1:da:23:
                    87:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:F9:2D:65:72:4E:F2:1A:32:86:29:DD:2D:43:79:DF:1F:43:FC:C9
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/LfktZXJO8hoyhindLUN53x9D_Mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.7.0/24
                  45.138.212.0/24
                  45.138.215.0/24
                  45.149.130.0/23
                  45.152.118.0/23
                  91.206.69.0/24
                  91.237.104.0/23
                  194.107.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:08:27:aa:a5:e9:14:5c:ec:71:6b:7a:be:1d:97:d8:da:b7:
         8b:a1:7e:5a:ad:86:bf:d2:c0:2d:d7:d3:6c:9f:57:f7:7a:c4:
         c4:53:c0:d4:93:1d:d1:7c:c0:f6:5b:45:f0:43:0d:e4:55:55:
         89:0c:ef:55:5a:3d:77:2a:2d:21:d5:15:79:dd:d2:f9:3d:e3:
         9c:a6:1a:51:60:6d:6a:31:b9:05:a1:84:70:44:bb:42:27:50:
         c2:c2:b3:52:2a:84:ff:1d:3d:b5:ac:99:da:88:38:68:1a:7b:
         9a:43:49:e7:64:e4:c3:25:1e:9b:32:ae:a3:08:3d:16:7b:ce:
         ae:34:42:37:77:08:ee:1f:c5:1c:21:1e:17:cb:d2:cc:9a:6e:
         6e:f3:ca:46:92:0a:a6:43:b7:5f:42:2b:0d:8f:78:df:42:f6:
         85:96:60:3c:34:7e:5c:7c:c8:f8:8f:13:5d:a7:67:8e:5e:27:
         ae:50:84:ae:67:ab:c7:9e:b2:dc:31:16:fd:ee:5a:fe:cd:d1:
         40:28:d7:69:15:08:a2:2b:dc:a7:d5:ec:9f:33:aa:96:fa:a5:
         d7:6a:05:27:26:85:6e:01:3f:85:68:bb:29:54:95:50:b1:da:
         31:c8:93:e0:e2:96:5f:a4:99:31:58:db:40:28:61:3b:90:f5:
         53:23:ad:c8
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYmw1oDntDTd4hm4pzeby6eoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwODAxMTEyMzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGY5MmQ2NTcyNGVmMjFhMzI4NjI5ZGQyZDQzNzlkZjFmNDNmY2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/XxItQ4T468YaUCkBO5UJk0O4Je
vCqOYsKwUMsdtAjbWCaQKsSOsZb33NHMQdaF9f0hzSNugPlrFMMI650AgaKH6P2B
9cYc2vz6/ck9+sWYGVhHisZoYK15KGljpHIti7r0AO/VoDS7C65fdtml/Ei5dTOw
1TCG0x4PMOe21cqnlpF3lzrMHoEySBC5xnGoyegZ4fakcBfmitSl2WHw1ffc+3yC
ZbSpQKiLw4LbsxSJZjHGD47JMRuGFD1kPpW52xNOWD8C5U7awiqfK/iFEs+BA4cR
8FnIRJW/A8i0+9rglk+xTCxsK9iYK7S14OPW7/8g6NbCrboTZ57B2iOHtQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFC35LWVyTvIaMoYp3S1Ded8fQ/zJMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvTGZrdFpYSk84aG95aGluZExVTjUzeDlEX01rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALYoHAwQA
LYrUAwQALYrXAwQBLZWCAwQBLZh2AwQAW85FAwQBW+1oAwQAwmvIMA0GCSqGSIb3
DQEBCwUAA4IBAQBnCCeqpekUXOxxa3q+HZfY2reLoX5arYa/0sAt19Nsn1f3esTE
U8DUkx3RfMD2W0XwQw3kVVWJDO9VWj13Ki0h1RV53dL5PeOcphpRYG1qMbkFoYRw
RLtCJ1DCwrNSKoT/HT21rJnaiDhoGnuaQ0nnZOTDJR6bMq6jCD0We86uNEI3dwju
H8UcIR4Xy9LMmm5u88pGkgqmQ7dfQisNj3jfQvaFlmA8NH5cfMj4jxNdp2eOXieu
UISuZ6vHnrLcMRb97lr+zdFAKNdpFQiiK9yn1eyfM6qW+qXXagUnJoVuAT+FaLsp
VJVQsdoxyJPg4pZfpJkxWNtAKGE7kPVTI63I
-----END CERTIFICATE-----