Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/kYgJdX2xWDgdBnqZ8quxcBf6VpU.roa
File:                     kYgJdX2xWDgdBnqZ8quxcBf6VpU.roa (raw, json)
Hash identifier:          BrVAx6TjA5qSikzr7kmi2tP70Nnpjy0pPyhnXcIfJ9s=
Subject key identifier:   91:88:09:75:7D:B1:58:38:1D:06:7A:99:F2:AB:B1:70:17:FA:56:95
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       01896551E0B89600DB407FE9A1C8C064F043
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/kYgJdX2xWDgdBnqZ8quxcBf6VpU.roa
Signing time:             Mon 17 Jul 2023 19:26:51 +0000
ROA not before:           Mon 17 Jul 2023 19:26:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34665
IP address blocks:        194.156.116.0/22 maxlen: 22
                          45.136.68.0/24 maxlen: 24
                          5.183.129.0/24 maxlen: 24
                          213.166.80.0/24 maxlen: 24
                          194.32.239.0/24 maxlen: 24
                          194.32.238.0/24 maxlen: 24
                          81.16.143.0/24 maxlen: 24
                          81.16.142.0/24 maxlen: 24
                          45.14.222.0/24 maxlen: 24
                          91.188.212.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:65:51:e0:b8:96:00:db:40:7f:e9:a1:c8:c0:64:f0:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jul 17 19:26:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=918809757db158381d067a99f2abb17017fa5695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:22:0c:ff:10:ea:22:8c:3d:cf:05:8c:1d:f6:
                    da:f8:ce:17:f3:dc:db:f4:bc:57:10:00:36:6c:df:
                    86:23:76:89:58:63:01:80:67:72:b2:1e:7b:b9:a0:
                    d0:a8:b1:74:11:b0:a6:b7:a2:64:3d:74:c0:07:f4:
                    5e:80:68:dc:d2:10:be:f9:ab:5e:99:39:33:0a:d9:
                    f5:cd:bb:c6:6e:47:89:f7:0f:c8:e8:92:33:fc:a7:
                    0f:96:02:e1:34:50:45:5d:0c:d6:f9:44:5c:e2:7a:
                    d0:f3:21:b1:fb:42:56:e9:8b:74:d7:73:0f:a1:8c:
                    17:aa:96:2f:e7:57:e8:f6:23:49:58:80:ca:76:f0:
                    7d:32:1e:76:95:62:68:ca:2b:b2:f1:a7:b4:7e:23:
                    87:5b:7f:e2:9f:54:84:26:39:9a:05:ea:60:2f:e0:
                    ec:e7:47:df:6d:7b:1a:2e:59:7a:cd:7d:b3:43:8e:
                    56:68:c7:dd:1c:65:47:80:de:6d:0c:96:26:ca:00:
                    bc:45:a7:37:7d:13:96:e5:62:36:7c:c0:7a:18:9e:
                    2f:68:93:cc:b1:0d:31:74:d0:c4:77:ca:84:16:4d:
                    53:f5:1d:84:27:3a:92:2e:45:94:1a:5c:27:6d:3d:
                    5a:88:3a:10:98:cc:1c:bd:8a:20:59:ba:10:6e:0f:
                    2c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:88:09:75:7D:B1:58:38:1D:06:7A:99:F2:AB:B1:70:17:FA:56:95
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/kYgJdX2xWDgdBnqZ8quxcBf6VpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.129.0/24
                  45.14.222.0/24
                  45.136.68.0/24
                  81.16.142.0/23
                  91.188.212.0/22
                  194.32.238.0/23
                  194.156.116.0/22
                  213.166.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:09:cb:13:66:0c:36:a4:5a:05:59:12:ac:df:0a:d7:95:e9:
         52:9f:ec:2d:dc:e8:5f:20:75:86:04:8b:40:e9:fa:8e:3d:3d:
         65:9c:61:42:9c:33:da:00:0a:80:3f:a9:85:30:7a:03:cc:31:
         45:1a:1c:18:75:66:ca:7c:f1:6b:0c:32:00:1f:52:66:e0:85:
         59:94:cb:43:0a:d4:b0:e9:b6:f8:11:06:d1:cb:b6:98:76:ae:
         cc:e6:70:fa:b0:c6:af:5f:de:b4:03:29:83:d9:d9:61:df:0a:
         41:5f:5a:b6:0e:bc:b0:1c:b5:6c:bc:0a:a7:dd:1b:93:80:c0:
         29:7d:8e:ed:37:28:55:7a:ed:f9:d7:39:f3:62:92:83:87:76:
         93:bf:67:7f:fa:9f:b9:c2:03:20:92:e8:43:7a:23:11:61:10:
         9e:ab:ac:5e:65:91:a7:3a:18:85:35:ff:c3:d7:cf:5b:98:96:
         e8:28:4a:53:b7:86:10:44:a2:92:52:c0:73:27:98:b2:fa:8f:
         95:5f:d6:09:bb:b8:d4:82:a2:fa:46:fd:f3:d7:f4:f8:d0:1c:
         e3:bf:f5:5b:c3:b6:94:57:77:09:8c:56:f1:2f:85:72:8b:9f:
         f8:db:7c:a3:d4:ba:4b:f3:bd:f1:5c:be:fe:3a:eb:71:cd:7c:
         73:49:38:3c
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYllUeC4lgDbQH/pocjAZPBDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwNzE3MTkyNjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTg4MDk3NTdkYjE1ODM4MWQwNjdhOTlmMmFiYjE3MDE3ZmE1Njk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyIM/xDqIow9zwWMHfba+M4X89zb
9LxXEAA2bN+GI3aJWGMBgGdysh57uaDQqLF0EbCmt6JkPXTAB/RegGjc0hC++ate
mTkzCtn1zbvGbkeJ9w/I6JIz/KcPlgLhNFBFXQzW+URc4nrQ8yGx+0JW6Yt013MP
oYwXqpYv51fo9iNJWIDKdvB9Mh52lWJoyiuy8ae0fiOHW3/in1SEJjmaBepgL+Ds
50ffbXsaLll6zX2zQ45WaMfdHGVHgN5tDJYmygC8Rac3fROW5WI2fMB6GJ4vaJPM
sQ0xdNDEd8qEFk1T9R2EJzqSLkWUGlwnbT1aiDoQmMwcvYogWboQbg8sLQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFJGICXV9sVg4HQZ6mfKrsXAX+laVMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEva1lnSmRYMnhXRGdkQm5xWjhxdXhjQmY2VnBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQABbeBAwQA
LQ7eAwQALYhEAwQBURCOAwQCW7zUAwQBwiDuAwQCwpx0AwQA1aZQMA0GCSqGSIb3
DQEBCwUAA4IBAQAYCcsTZgw2pFoFWRKs3wrXlelSn+wt3OhfIHWGBItA6fqOPT1l
nGFCnDPaAAqAP6mFMHoDzDFFGhwYdWbKfPFrDDIAH1Jm4IVZlMtDCtSw6bb4EQbR
y7aYdq7M5nD6sMavX960AymD2dlh3wpBX1q2DrywHLVsvAqn3RuTgMApfY7tNyhV
eu351znzYpKDh3aTv2d/+p+5wgMgkuhDeiMRYRCeq6xeZZGnOhiFNf/D189bmJbo
KEpTt4YQRKKSUsBzJ5iy+o+VX9YJu7jUgqL6Rv3z1/T40Bzjv/Vbw7aUV3cJjFbx
L4Vyi5/423yj1LpL873xXL7+OutxzXxzSTg8
-----END CERTIFICATE-----