Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/iwMZabs7sF_DmLfsXY3TV65DYxg.roa
File:                     iwMZabs7sF_DmLfsXY3TV65DYxg.roa (raw, json)
Hash identifier:          B8ai3MRz7/SdMeHajH4DfRnU+rdqeeVL7aCdrkSXIp0=
Subject key identifier:   8B:03:19:69:BB:3B:B0:5F:C3:98:B7:EC:5D:8D:D3:57:AE:43:63:18
Certificate issuer:       /CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
Certificate serial:       01856FCB98DB3ABDBAF65D405F57F8285DD3
Authority key identifier: 81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/iwMZabs7sF_DmLfsXY3TV65DYxg.roa
Signing time:             Mon 02 Jan 2023 00:04:51 +0000
ROA not before:           Mon 02 Jan 2023 00:04:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212144
IP address blocks:        2a09:dc00::/32 maxlen: 32
                          2a0a:1f45::/32 maxlen: 32
                          2a0a:1f41::/32 maxlen: 32
                          2a0a:1f44::/32 maxlen: 32
                          2a0a:da40::/29 maxlen: 29
                          2a09:dc03::/32 maxlen: 32
                          2a09:dc00::/29 maxlen: 29
                          2a0a:1f43::/32 maxlen: 32
                          2a09:dc06::/32 maxlen: 32
                          2a09:dc05::/32 maxlen: 32
                          2a09:dc02::/32 maxlen: 32
                          2a09:dc01::/32 maxlen: 32
                          2a09:dc04::/32 maxlen: 32
                          2a09:dc07::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:cb:98:db:3a:bd:ba:f6:5d:40:5f:57:f8:28:5d:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
        Validity
            Not Before: Jan  2 00:04:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b031969bb3bb05fc398b7ec5d8dd357ae436318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:43:f2:1a:68:6f:2e:d0:ca:b1:94:37:23:23:
                    59:15:9b:6b:c3:8d:60:09:db:78:90:b7:57:b0:3b:
                    91:b9:f3:c5:99:17:96:48:3e:bf:3f:c1:46:94:68:
                    c8:a9:73:9e:90:a7:2d:a6:88:9c:01:43:4a:0a:07:
                    37:b9:c1:63:f7:17:85:48:05:0a:5a:16:75:7c:00:
                    b9:98:41:56:e8:20:52:67:ad:eb:40:a4:fa:0f:b6:
                    f6:a3:96:c1:df:18:3e:9f:99:c6:b1:3a:fd:15:17:
                    8f:9a:0f:e7:50:fc:ef:5d:56:87:14:96:af:15:02:
                    fe:7e:db:7e:7b:7c:12:14:d7:6c:cb:00:8a:93:2a:
                    b8:f4:22:b7:cd:13:84:c4:49:4a:e4:d1:6f:01:17:
                    fa:4d:6a:43:0f:1f:88:67:67:1e:bd:c4:bf:f3:56:
                    ad:c7:20:28:a5:6a:1e:63:f4:10:1e:0d:53:57:a7:
                    ba:bd:fc:f6:3c:38:52:72:22:65:1e:9f:88:d7:5b:
                    60:c0:ec:cd:be:33:34:c9:8b:1b:77:1c:61:f8:e6:
                    9e:9f:9e:7f:79:3e:a9:4b:87:02:ff:1c:02:fa:de:
                    23:a0:20:0d:99:25:2e:75:03:07:39:62:d4:20:b4:
                    39:5e:62:b9:24:5a:7c:ac:bc:51:34:e4:5f:02:f2:
                    cf:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:03:19:69:BB:3B:B0:5F:C3:98:B7:EC:5D:8D:D3:57:AE:43:63:18
            X509v3 Authority Key Identifier:
                keyid:81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/iwMZabs7sF_DmLfsXY3TV65DYxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:dc00::/29
                  2a0a:1f41::/32
                  2a0a:1f43::-2a0a:1f45:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0a:da40::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:28:62:c7:34:56:2e:e6:74:71:4b:90:21:93:c1:5f:7b:9a:
         27:5e:f2:ae:4a:46:f0:42:34:21:e2:2f:5f:51:25:13:17:4c:
         63:13:19:a5:29:ec:65:0b:a3:66:88:92:8e:b7:b6:26:c5:b3:
         35:91:88:f9:e0:77:a2:2b:43:71:b5:7f:bc:fb:dc:3c:4c:70:
         eb:e8:60:7d:a5:7e:fe:2f:9d:2b:7b:2e:b7:7c:10:24:df:fc:
         ae:13:1a:f2:4d:e2:12:6f:d0:2f:f3:69:fe:e7:94:e8:81:09:
         7e:0f:da:35:34:98:40:d2:e0:40:85:1f:66:79:e8:71:61:fd:
         4c:e3:16:cd:cd:25:3e:74:ba:f5:a6:2a:68:17:9f:31:8f:1f:
         93:e2:1f:0b:74:c8:b2:61:71:a8:6a:41:2a:c9:40:7a:a4:41:
         8d:dd:04:9b:1f:49:a2:2e:18:0b:66:c8:9e:ea:55:26:db:3d:
         8c:1e:94:f0:6b:00:10:6d:07:74:62:09:0c:f8:9f:1c:ae:92:
         4d:29:be:a7:48:fb:3c:ff:ab:f7:97:5a:c5:c2:1a:99:ba:04:
         ce:4a:e1:84:bf:49:2c:ad:43:6b:10:ff:31:85:85:27:d0:55:
         6f:79:ca:be:73:b6:4b:ec:45:8c:37:25:e3:c4:fb:11:28:85:
         cf:ac:6e:a0
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAYVvy5jbOr269l1AX1f4KF3TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYzhiNzNhYjdiZGViNzZmZjQ4YjJjYTA5OTYxNmVkYmU3
MWM0MjYwHhcNMjMwMTAyMDAwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjAzMTk2OWJiM2JiMDVmYzM5OGI3ZWM1ZDhkZDM1N2FlNDM2MzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAykPyGmhvLtDKsZQ3IyNZFZtrw41g
Cdt4kLdXsDuRufPFmReWSD6/P8FGlGjIqXOekKctpoicAUNKCgc3ucFj9xeFSAUK
WhZ1fAC5mEFW6CBSZ63rQKT6D7b2o5bB3xg+n5nGsTr9FRePmg/nUPzvXVaHFJav
FQL+ftt+e3wSFNdsywCKkyq49CK3zROExElK5NFvARf6TWpDDx+IZ2cevcS/81at
xyAopWoeY/QQHg1TV6e6vfz2PDhSciJlHp+I11tgwOzNvjM0yYsbdxxh+Oaen55/
eT6pS4cC/xwC+t4joCANmSUudQMHOWLUILQ5XmK5JFp8rLxRNORfAvLP5wIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFIsDGWm7O7Bfw5i37F2N01euQ2MYMB8GA1UdIwQY
MBaAFIHItzq3vet2/0iyygmWFu2+ccQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUt
ZDg0ODhiM2FiNDJmLzEvaXdNWmFiczdzRl9EbUxmc1hZM1RWNjVEWXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUtZDg0ODhiM2FiNDJm
LzEvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTArBAIAAjAlAwUDKgncAAMF
ACoKH0EwDgMFACoKH0MDBQEqCh9EAwUDKgraQDANBgkqhkiG9w0BAQsFAAOCAQEA
CShixzRWLuZ0cUuQIZPBX3uaJ17yrkpG8EI0IeIvX1ElExdMYxMZpSnsZQujZoiS
jre2JsWzNZGI+eB3oitDcbV/vPvcPExw6+hgfaV+/i+dK3sut3wQJN/8rhMa8k3i
Em/QL/Np/ueU6IEJfg/aNTSYQNLgQIUfZnnocWH9TOMWzc0lPnS69aYqaBefMY8f
k+IfC3TIsmFxqGpBKslAeqRBjd0Emx9Joi4YC2bInupVJts9jB6U8GsAEG0HdGIJ
DPifHK6STSm+p0j7PP+r95daxcIamboEzkrhhL9JLK1DaxD/MYWFJ9BVb3nKvnO2
S+xFjDcl48T7ESiFz6xuoA==
-----END CERTIFICATE-----