Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/H_HK6svHE3Rck6aYJkYYG1VT0V0.roa
File:                     H_HK6svHE3Rck6aYJkYYG1VT0V0.roa (raw, json)
Hash identifier:          gvjWojsU9rx/qIiMuFRoBK9iMk+RpmYUCQLumdr34aM=
Subject key identifier:   1F:F1:CA:EA:CB:C7:13:74:5C:93:A6:98:26:46:18:1B:55:53:D1:5D
Certificate issuer:       /CN=9c1aed9913f8880af7557eef3ef02d6e0ff3fd49
Certificate serial:       01833CB5E1468BEE1161915A2145A1F30643
Authority key identifier: 9C:1A:ED:99:13:F8:88:0A:F7:55:7E:EF:3E:F0:2D:6E:0F:F3:FD:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/H_HK6svHE3Rck6aYJkYYG1VT0V0.roa
Signing time:             Wed 14 Sep 2022 15:54:56 +0000
ROA not before:           Wed 14 Sep 2022 15:54:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     61439
IP address blocks:        2a0d:8041::/32 maxlen: 32
                          2a0f:a1c1::/32 maxlen: 32
                          2a0d:8044::/32 maxlen: 32
                          2a0f:a1c4::/32 maxlen: 32
                          2a0d:8045::/32 maxlen: 32
                          2a0f:a1c5::/32 maxlen: 32
                          2a0f:a1c2::/32 maxlen: 32
                          2a0d:8042::/32 maxlen: 32
                          2a0d:8043::/32 maxlen: 32
                          2a0f:a1c3::/32 maxlen: 32
                          2a0f:a1c7::/32 maxlen: 32
                          2a0d:8047::/32 maxlen: 32
                          2a0d:8040::/32 maxlen: 32
                          2a0f:a1c0::/32 maxlen: 32
                          2a0d:8046::/32 maxlen: 32
                          2a0f:a1c6::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:3c:b5:e1:46:8b:ee:11:61:91:5a:21:45:a1:f3:06:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c1aed9913f8880af7557eef3ef02d6e0ff3fd49
        Validity
            Not Before: Sep 14 15:54:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1ff1caeacbc713745c93a6982646181b5553d15d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:b4:c3:6a:a8:52:e5:ee:b9:b1:19:bd:57:e5:
                    a3:17:d7:f0:af:a3:a2:f2:88:d9:51:95:5d:2b:e4:
                    b9:31:cf:0d:ef:f8:c9:6e:68:63:de:dd:ab:92:4e:
                    ef:a6:3d:a5:78:82:fd:51:f4:4c:80:b5:96:bb:96:
                    b5:c0:5c:15:ee:05:7f:d1:83:94:8f:94:40:7e:71:
                    76:a1:f3:84:be:a5:6b:05:27:67:b2:95:57:cb:04:
                    88:c1:bf:93:b4:ca:92:ae:ce:dd:14:e6:b0:f0:00:
                    ba:90:f4:84:fd:58:05:c5:d3:6a:c0:54:3a:f7:5b:
                    fe:ff:cd:ff:cb:42:5b:f6:3f:f1:19:38:44:81:8b:
                    10:54:de:d1:40:f5:23:4f:53:5f:fb:48:c9:7a:3c:
                    b3:e8:a7:5d:d2:7c:0e:13:6d:ef:01:b0:be:1b:1c:
                    cf:17:b4:57:f8:42:e0:cc:44:ac:40:2f:d6:8a:81:
                    f6:3e:14:91:1d:03:5b:d4:6c:14:dd:41:e2:59:33:
                    1a:22:a1:0e:61:ca:5b:47:56:af:c8:fa:19:1a:a6:
                    22:48:59:59:bb:1b:4d:fd:91:b7:5c:82:2d:38:70:
                    e9:d6:cc:4a:18:cd:14:fc:f7:e1:41:fc:82:65:be:
                    20:7e:75:a0:09:3f:e8:91:d7:4d:a0:f3:7c:b2:cd:
                    0c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:F1:CA:EA:CB:C7:13:74:5C:93:A6:98:26:46:18:1B:55:53:D1:5D
            X509v3 Authority Key Identifier:
                keyid:9C:1A:ED:99:13:F8:88:0A:F7:55:7E:EF:3E:F0:2D:6E:0F:F3:FD:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/H_HK6svHE3Rck6aYJkYYG1VT0V0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/ff94f1-ba63-40d6-beca-5e624a3038cf/1/nBrtmRP4iAr3VX7vPvAtbg_z_Uk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:8040::/29
                  2a0f:a1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:2e:da:96:4b:5d:b5:83:24:05:8d:ac:c5:0c:0b:15:db:3e:
         8b:61:37:1f:64:54:0c:73:3c:1a:7f:98:04:f3:a7:05:81:2d:
         31:fb:2e:1d:d5:c7:82:bd:93:f2:38:d7:ee:bf:f7:9e:73:0c:
         2f:e3:de:e3:c2:e7:b6:6a:21:30:ce:2a:8d:95:d0:78:63:fe:
         6f:83:80:53:de:8f:d4:55:98:c2:5c:5e:90:fc:9d:d6:97:76:
         14:76:28:9b:f4:f7:12:52:b2:26:c7:67:b6:08:91:99:ac:13:
         2f:7b:11:d8:9b:5f:91:32:5d:92:0e:43:90:f0:d3:b3:d3:44:
         3d:37:2f:07:10:89:01:ba:1a:d0:70:8c:bb:e8:52:fa:0c:cd:
         a7:dc:94:7d:b7:b5:25:a2:c4:ad:c7:39:cb:d7:25:7e:c6:12:
         40:5a:02:b8:35:44:cb:eb:da:a7:86:51:b0:d3:9b:0e:67:de:
         61:81:95:74:52:9e:ed:82:23:e3:87:cd:f9:e0:7f:1c:26:72:
         81:c5:00:7c:0e:2d:bf:31:51:93:78:92:fd:d0:d8:e0:60:ec:
         c4:35:7a:12:79:c0:01:12:11:f8:0e:90:77:3c:07:2f:f4:a1:
         3d:8b:e2:55:c6:44:8a:a0:39:1e:6e:56:a0:0e:4d:ae:ca:4b:
         cf:ab:b0:09
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYM8teFGi+4RYZFaIUWh8wZDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMWFlZDk5MTNmODg4MGFmNzU1N2VlZjNlZjAyZDZlMGZm
M2ZkNDkwHhcNMjIwOTE0MTU1NDU2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmYxY2FlYWNiYzcxMzc0NWM5M2E2OTgyNjQ2MTgxYjU1NTNkMTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrTDaqhS5e65sRm9V+WjF9fwr6Oi
8ojZUZVdK+S5Mc8N7/jJbmhj3t2rkk7vpj2leIL9UfRMgLWWu5a1wFwV7gV/0YOU
j5RAfnF2ofOEvqVrBSdnspVXywSIwb+TtMqSrs7dFOaw8AC6kPSE/VgFxdNqwFQ6
91v+/83/y0Jb9j/xGThEgYsQVN7RQPUjT1Nf+0jJejyz6Kdd0nwOE23vAbC+GxzP
F7RX+ELgzESsQC/WioH2PhSRHQNb1GwU3UHiWTMaIqEOYcpbR1avyPoZGqYiSFlZ
uxtN/ZG3XIItOHDp1sxKGM0U/PfhQfyCZb4gfnWgCT/okddNoPN8ss0MuQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFB/xyurLxxN0XJOmmCZGGBtVU9FdMB8GA1UdIwQY
MBaAFJwa7ZkT+IgK91V+7z7wLW4P8/1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkJydG1SUDRpQXIzVlg3dlB2QXRiZ196X1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9mZjk0ZjEtYmE2My00MGQ2LWJlY2Et
NWU2MjRhMzAzOGNmLzEvSF9ISzZzdkhFM1JjazZhWUprWVlHMVZUMFYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9mZjk0ZjEtYmE2My00MGQ2LWJlY2EtNWU2MjRhMzAzOGNm
LzEvbkJydG1SUDRpQXIzVlg3dlB2QXRiZ196X1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg2AQAMF
AyoPocAwDQYJKoZIhvcNAQELBQADggEBAEQu2pZLXbWDJAWNrMUMCxXbPothNx9k
VAxzPBp/mATzpwWBLTH7Lh3Vx4K9k/I41+6/955zDC/j3uPC57ZqITDOKo2V0Hhj
/m+DgFPej9RVmMJcXpD8ndaXdhR2KJv09xJSsibHZ7YIkZmsEy97EdibX5EyXZIO
Q5Dw07PTRD03LwcQiQG6GtBwjLvoUvoMzafclH23tSWixK3HOcvXJX7GEkBaArg1
RMvr2qeGUbDTmw5n3mGBlXRSnu2CI+OHzfngfxwmcoHFAHwOLb8xUZN4kv3Q2OBg
7MQ1ehJ5wAESEfgOkHc8By/0oT2L4lXGRIqgOR5uVqAOTa7KS8+rsAk=
-----END CERTIFICATE-----