Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/hv2rHOg4sLXqN_NXMAHJJmu2tEM.roa
File:                     hv2rHOg4sLXqN_NXMAHJJmu2tEM.roa (raw, json)
Hash identifier:          KGzfFEleXkocKuo3vuVA5nrKddS3q9DpLajqzrL6wlI=
Subject key identifier:   86:FD:AB:1C:E8:38:B0:B5:EA:37:F3:57:30:01:C9:26:6B:B6:B4:43
Certificate issuer:       /CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
Certificate serial:       0184E755F2EEC69D70DD9A68BA4456FA4C6F
Authority key identifier: 81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/hv2rHOg4sLXqN_NXMAHJJmu2tEM.roa
Signing time:             Tue 06 Dec 2022 12:08:00 +0000
ROA not before:           Tue 06 Dec 2022 12:08:00 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212144
IP address blocks:        2a09:dc00::/32 maxlen: 32
                          2a0a:1f45::/32 maxlen: 32
                          2a0a:1f41::/32 maxlen: 32
                          2a0a:1f44::/32 maxlen: 32
                          2a0a:da40::/29 maxlen: 29
                          2a09:dc03::/32 maxlen: 32
                          2a09:dc00::/29 maxlen: 29
                          2a0a:1f43::/32 maxlen: 32
                          2a09:dc06::/32 maxlen: 32
                          2a09:dc05::/32 maxlen: 32
                          2a09:dc02::/32 maxlen: 32
                          2a09:dc01::/32 maxlen: 32
                          2a09:dc04::/32 maxlen: 32
                          2a09:dc07::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:e7:55:f2:ee:c6:9d:70:dd:9a:68:ba:44:56:fa:4c:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
        Validity
            Not Before: Dec  6 12:08:00 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=86fdab1ce838b0b5ea37f3573001c9266bb6b443
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:a3:a0:05:9d:d8:00:29:1c:69:b8:3b:1c:05:
                    7f:29:ee:9e:3f:f6:c6:ed:f5:6e:a4:74:c0:19:ff:
                    9f:1b:e9:3e:f1:cd:f7:a4:fe:cc:dd:15:1d:e6:5a:
                    42:d7:3d:ca:3a:48:da:63:b8:65:3e:10:68:1c:2b:
                    5d:97:4a:c3:b8:63:3f:7d:f2:d7:c9:6b:b6:20:12:
                    29:d4:bd:e3:79:71:86:eb:61:35:7b:c8:2a:01:09:
                    22:51:f6:e6:ba:d2:90:a7:36:a8:cd:9c:e0:43:20:
                    65:9e:53:bc:c0:f8:0b:fc:8f:96:69:56:7a:73:05:
                    59:82:09:dc:b2:e0:43:ac:02:84:64:d4:01:a7:cd:
                    f9:b6:1a:d1:de:3d:32:7f:a0:11:73:2b:87:20:bd:
                    37:04:5d:e4:b7:34:5d:7e:35:eb:33:84:30:e8:a0:
                    91:45:c7:ff:04:68:71:d0:25:67:1d:98:50:74:70:
                    b8:27:42:94:dc:be:3d:23:2f:c8:05:c1:ef:3d:cb:
                    b3:3b:9d:3d:ab:99:23:27:1e:6f:47:02:23:51:4c:
                    e5:f6:96:9f:d1:ae:1a:3e:17:24:63:cf:c1:58:ad:
                    e9:87:21:e3:ba:b6:bf:14:f5:b6:a0:e8:56:9f:15:
                    73:39:86:f4:d6:54:ad:b1:e8:73:73:ca:02:0c:8f:
                    fb:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:FD:AB:1C:E8:38:B0:B5:EA:37:F3:57:30:01:C9:26:6B:B6:B4:43
            X509v3 Authority Key Identifier:
                keyid:81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/hv2rHOg4sLXqN_NXMAHJJmu2tEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:dc00::/29
                  2a0a:1f41::/32
                  2a0a:1f43::-2a0a:1f45:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0a:da40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:3f:b3:62:55:cc:1c:d9:e8:ff:ed:d0:75:ba:4d:74:92:b4:
         35:a4:b5:c6:95:5c:58:47:23:ce:2d:c0:83:13:a0:35:3d:ab:
         51:ae:ba:75:b4:9b:e4:f4:69:4d:0e:e2:20:f5:f4:62:c0:2c:
         f1:ba:cc:fe:ab:96:61:02:a7:a8:c0:14:9f:af:c7:4f:ac:3a:
         0d:c4:1c:1b:d3:bc:70:19:a5:9d:c4:49:f6:00:a5:20:00:dd:
         96:5f:7b:0c:7b:66:ed:df:26:43:35:1e:21:2a:48:df:dc:6e:
         86:22:73:9f:cb:0c:89:cd:37:b8:f9:d5:cc:7f:54:dc:69:a0:
         0a:71:fd:a7:be:97:c3:20:fb:b9:f4:9f:0f:ff:41:48:8a:c1:
         53:ec:26:56:cb:4b:8d:1c:4f:73:13:3c:7a:2b:6c:0f:93:3b:
         f4:9d:56:dd:56:ba:1e:9c:9e:67:f5:09:15:f4:40:7c:ca:6f:
         60:33:ea:e5:01:ce:06:54:0f:f8:f9:75:02:c7:78:23:13:1c:
         5b:cc:43:7d:43:ea:92:9f:e0:4c:0c:06:e8:be:31:17:6e:b2:
         2f:89:fb:4c:c2:6d:1c:09:3f:e7:31:e1:12:cf:83:ec:d4:fd:
         29:26:cb:0a:ce:63:ee:69:53:e9:45:5e:d1:b3:ee:43:4c:94:
         16:50:a9:9f
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYTnVfLuxp1w3ZpoukRW+kxvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYzhiNzNhYjdiZGViNzZmZjQ4YjJjYTA5OTYxNmVkYmU3
MWM0MjYwHhcNMjIxMjA2MTIwODAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmZkYWIxY2U4MzhiMGI1ZWEzN2YzNTczMDAxYzkyNjZiYjZiNDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgaOgBZ3YACkcabg7HAV/Ke6eP/bG
7fVupHTAGf+fG+k+8c33pP7M3RUd5lpC1z3KOkjaY7hlPhBoHCtdl0rDuGM/ffLX
yWu2IBIp1L3jeXGG62E1e8gqAQkiUfbmutKQpzaozZzgQyBlnlO8wPgL/I+WaVZ6
cwVZggncsuBDrAKEZNQBp835thrR3j0yf6ARcyuHIL03BF3ktzRdfjXrM4Qw6KCR
Rcf/BGhx0CVnHZhQdHC4J0KU3L49Iy/IBcHvPcuzO509q5kjJx5vRwIjUUzl9paf
0a4aPhckY8/BWK3phyHjura/FPW2oOhWnxVzOYb01lStsehzc8oCDI/74wIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFIb9qxzoOLC16jfzVzABySZrtrRDMB8GA1UdIwQY
MBaAFIHItzq3vet2/0iyygmWFu2+ccQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUt
ZDg0ODhiM2FiNDJmLzEvaHYyckhPZzRzTFhxTl9OWE1BSEpKbXUydEVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUtZDg0ODhiM2FiNDJm
LzEvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTArBAIAAjAlAwUDKgncAAMF
ACoKH0EwDgMFACoKH0MDBQEqCh9EAwUDKgraQDANBgkqhkiG9w0BAQsFAAOCAQEA
Lj+zYlXMHNno/+3QdbpNdJK0NaS1xpVcWEcjzi3AgxOgNT2rUa66dbSb5PRpTQ7i
IPX0YsAs8brM/quWYQKnqMAUn6/HT6w6DcQcG9O8cBmlncRJ9gClIADdll97DHtm
7d8mQzUeISpI39xuhiJzn8sMic03uPnVzH9U3GmgCnH9p76XwyD7ufSfD/9BSIrB
U+wmVstLjRxPcxM8eitsD5M79J1W3Va6HpyeZ/UJFfRAfMpvYDPq5QHOBlQP+Pl1
Asd4IxMcW8xDfUPqkp/gTAwG6L4xF26yL4n7TMJtHAk/5zHhEs+D7NT9KSbLCs5j
7mlT6UVe0bPuQ0yUFlCpnw==
-----END CERTIFICATE-----