Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/sKyyKzRy4EsLKBfYcUTMfqo1MPA.roa
File:                     sKyyKzRy4EsLKBfYcUTMfqo1MPA.roa (raw, json)
Hash identifier:          PfEULlhGLDaUGb2VJgEfh1QvT6Sh+B1GZeRb0imU2Iw=
Subject key identifier:   B0:AC:B2:2B:34:72:E0:4B:0B:28:17:D8:71:44:CC:7E:AA:35:30:F0
Certificate issuer:       /CN=d5620cec70974d037d7769758c74668305b32cf2
Certificate serial:       02A287
Authority key identifier: D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/sKyyKzRy4EsLKBfYcUTMfqo1MPA.roa
Signing time:             Fri 18 Mar 2022 10:02:18 +0000
ROA not before:           Fri 18 Mar 2022 10:02:18 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     56694
IP address blocks:        94.198.50.0/23 maxlen: 24
                          185.9.144.0/22 maxlen: 24
                          188.127.224.0/20 maxlen: 24
                          94.198.52.0/22 maxlen: 24
                          188.127.240.0/21 maxlen: 24
                          188.127.248.0/22 maxlen: 24
                          188.127.253.0/24 maxlen: 24
                          188.127.254.0/23 maxlen: 24
                          185.130.248.0/22 maxlen: 24
                          152.89.216.0/22 maxlen: 24
                          2a06:dd00::/29 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 172679 (0x2a287)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5620cec70974d037d7769758c74668305b32cf2
        Validity
            Not Before: Mar 18 10:02:18 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=b0acb22b3472e04b0b2817d87144cc7eaa3530f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a6:c9:3a:74:5c:31:11:26:25:a4:6e:83:f1:
                    97:89:e3:d5:83:d8:58:63:93:99:b7:57:39:81:af:
                    ab:f7:07:a3:b3:f6:02:62:d3:2f:f0:95:a5:0e:f8:
                    2d:3a:34:82:19:58:c3:2f:4e:dd:ab:01:8c:40:97:
                    6a:6a:80:fb:70:53:70:09:b2:89:80:96:0e:d6:31:
                    70:37:35:18:23:d1:76:8a:a0:58:cf:20:f1:28:5a:
                    f4:8a:b8:59:4a:bc:cb:6c:c2:2c:bb:95:9f:8e:0f:
                    3c:b9:a1:c8:8a:4c:fb:1c:cb:7e:e8:1a:d7:5b:c6:
                    cb:b1:90:1c:dd:60:a3:3d:14:95:f5:fb:5a:49:9c:
                    f3:b1:4a:99:d8:89:32:a4:26:82:86:af:09:a8:fb:
                    02:21:3c:c1:54:b1:62:33:27:10:0e:ec:f0:23:d7:
                    b9:3a:c0:02:d1:0c:dd:89:9f:73:96:33:39:7c:52:
                    50:77:91:17:e1:7a:0c:3f:f4:3f:d3:6a:fd:8c:36:
                    28:c7:02:95:15:70:b7:fc:55:67:98:b1:0a:c4:92:
                    c1:0d:43:3c:a8:b2:b9:dd:8c:bb:4d:76:f8:7e:1e:
                    71:15:ef:bb:43:d4:ad:20:1a:c1:cd:c9:e4:1f:49:
                    08:ce:25:ff:40:6d:76:a7:17:d4:5e:ef:a1:fb:ee:
                    a3:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:AC:B2:2B:34:72:E0:4B:0B:28:17:D8:71:44:CC:7E:AA:35:30:F0
            X509v3 Authority Key Identifier:
                keyid:D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/sKyyKzRy4EsLKBfYcUTMfqo1MPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.198.50.0-94.198.55.255
                  152.89.216.0/22
                  185.9.144.0/22
                  185.130.248.0/22
                  188.127.224.0-188.127.251.255
                  188.127.253.0-188.127.255.255
                IPv6:
                  2a06:dd00::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:51:81:46:d6:e8:0c:04:cb:fb:d0:88:1a:34:78:a9:ef:ca:
         74:d4:36:e0:39:c7:50:b5:6f:fa:ad:c0:d2:bc:0e:2f:db:a3:
         92:ae:ee:33:cc:b5:68:70:41:1c:b9:3f:61:bf:d4:93:21:c0:
         e3:62:93:04:29:bd:b6:5c:2f:44:03:da:14:28:73:b9:d7:a1:
         90:3d:a7:3e:71:86:0c:6f:2a:60:d2:6c:16:fd:56:ac:23:56:
         df:a4:78:30:6a:0c:96:38:f5:9d:f8:dc:a4:71:2d:25:7f:6c:
         84:34:fd:a0:ed:a3:c6:52:a7:a7:36:11:3f:5d:97:95:56:05:
         ee:c2:3e:dd:f6:18:7e:79:bd:54:3e:61:ed:0a:93:5d:65:9f:
         d9:47:b7:52:16:fd:53:05:3d:cf:ff:04:50:6b:f8:da:c9:9d:
         29:77:43:b2:ba:33:ff:c3:46:14:bc:ee:c9:72:58:44:11:c7:
         4c:08:d7:5c:44:e5:8b:be:8b:ca:64:f1:57:2f:61:27:13:bb:
         f8:e0:1a:6e:c8:5d:56:53:ad:ae:af:ea:77:61:36:58:ab:8d:
         35:32:61:9b:09:53:d7:e0:e8:e2:f8:98:f6:9d:88:47:ce:e1:
         12:1e:c7:87:fa:b4:5b:ef:1f:4e:4e:dd:37:01:36:c7:66:50:
         50:a3:eb:81
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIDAqKHMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGQ1
NjIwY2VjNzA5NzRkMDM3ZDc3Njk3NThjNzQ2NjgzMDViMzJjZjIwHhcNMjIwMzE4
MTAwMjE4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhiMGFjYjIyYjM0NzJl
MDRiMGIyODE3ZDg3MTQ0Y2M3ZWFhMzUzMGYwMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAsqbJOnRcMREmJaRug/GXiePVg9hYY5OZt1c5ga+r9wejs/YC
YtMv8JWlDvgtOjSCGVjDL07dqwGMQJdqaoD7cFNwCbKJgJYO1jFwNzUYI9F2iqBY
zyDxKFr0irhZSrzLbMIsu5Wfjg88uaHIikz7HMt+6BrXW8bLsZAc3WCjPRSV9fta
SZzzsUqZ2IkypCaChq8JqPsCITzBVLFiMycQDuzwI9e5OsAC0QzdiZ9zljM5fFJQ
d5EX4XoMP/Q/02r9jDYoxwKVFXC3/FVnmLEKxJLBDUM8qLK53Yy7TXb4fh5xFe+7
Q9StIBrBzcnkH0kIziX/QG12pxfUXu+h++6j4QIDAQABo4ICTTCCAkkwHQYDVR0O
BBYEFLCssis0cuBLCygX2HFEzH6qNTDwMB8GA1UdIwQYMBaAFNViDOxwl00DfXdp
dYx0ZoMFsyzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
MVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTktYmU0MzRjYjlmOGY4LzEv
c0t5eUt6Unk0RXNMS0JmWWNVVE1mcW8xTVBBLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8z
MjNhOTItN2QzOC00OWVjLWJhOTktYmU0MzRjYjlmOGY4LzEvMVdJTTdIQ1hUUU45
ZDJsMWpIUm1nd1d6TFBJLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGMG
CCsGAQUFBwEHAQH/BFQwUjBBBAIAATA7MAwDBAFexjIDBANexjADBAKYWdgDBAK5
CZADBAK5gvgwDAMEBbx/4AMEArx/+DALAwQAvH/9AwMHvAAwDQQCAAIwBwMFAyoG
3QAwDQYJKoZIhvcNAQELBQADggEBAIlRgUbW6AwEy/vQiBo0eKnvynTUNuA5x1C1
b/qtwNK8Di/bo5Ku7jPMtWhwQRy5P2G/1JMhwONikwQpvbZcL0QD2hQoc7nXoZA9
pz5xhgxvKmDSbBb9VqwjVt+keDBqDJY49Z343KRxLSV/bIQ0/aDto8ZSp6c2ET9d
l5VWBe7CPt32GH55vVQ+Ye0Kk11ln9lHt1IW/VMFPc//BFBr+NrJnSl3Q7K6M//D
RhS87slyWEQRx0wI11xE5Yu+i8pk8VcvYScTu/jgGm7IXVZTra6v6ndhNlirjTUy
YZsJU9fg6OL4mPadiEfO4RIex4f6tFvvH05O3TcBNsdmUFCj64E=
-----END CERTIFICATE-----