Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/RRLgW1twK3_OKjh21FLwuJnvlwA.roa
File:                     RRLgW1twK3_OKjh21FLwuJnvlwA.roa (raw, json)
Hash identifier:          c6vpZku3rBSp1Jo7n1oCh79zfIKfY6ZmyuuQ6fj6sK0=
Subject key identifier:   45:12:E0:5B:5B:70:2B:7F:CE:2A:38:76:D4:52:F0:B8:99:EF:97:00
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       0185592E902AA19347A91C67B395FC32FD4A
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/RRLgW1twK3_OKjh21FLwuJnvlwA.roa
Signing time:             Wed 28 Dec 2022 14:41:41 +0000
ROA not before:           Wed 28 Dec 2022 14:41:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41789
IP address blocks:        31.129.17.0/24 maxlen: 24
                          31.129.16.0/24 maxlen: 24
                          31.129.18.0/24 maxlen: 24
                          31.129.21.0/24 maxlen: 24
                          31.129.20.0/24 maxlen: 24
                          31.129.19.0/24 maxlen: 24
                          31.129.24.0/24 maxlen: 24
                          31.129.23.0/24 maxlen: 24
                          31.129.29.0/24 maxlen: 24
                          31.129.28.0/24 maxlen: 24
                          31.129.27.0/24 maxlen: 24
                          31.129.26.0/24 maxlen: 24
                          31.129.31.0/24 maxlen: 24
                          31.129.25.0/24 maxlen: 24
                          46.16.12.0/24 maxlen: 24
                          46.16.15.0/24 maxlen: 24
                          46.16.14.0/24 maxlen: 24
                          31.129.0.0/20 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:59:2e:90:2a:a1:93:47:a9:1c:67:b3:95:fc:32:fd:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Dec 28 14:41:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4512e05b5b702b7fce2a3876d452f0b899ef9700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:63:99:31:58:d4:a7:d0:38:6b:73:b7:aa:3b:
                    c4:88:c0:34:11:a2:44:c4:6b:5d:35:67:b0:49:0d:
                    03:75:63:a7:29:63:ef:bd:66:42:03:88:37:dc:c0:
                    27:05:5e:1d:63:5d:58:d6:c4:2d:30:d0:b7:b7:f6:
                    44:54:95:34:45:2a:24:3e:7b:96:32:fd:87:80:67:
                    4b:22:68:ff:cb:18:6b:e6:1c:0f:0d:67:b2:84:7c:
                    84:b6:00:e2:5c:be:4c:96:49:41:ab:4d:e3:a7:79:
                    18:b8:5d:76:90:61:d1:72:cd:ef:1a:9d:ba:0e:18:
                    57:76:b1:64:20:22:83:e5:aa:7a:00:b3:3c:46:a1:
                    94:ee:0d:70:d8:f4:bf:84:bc:ec:18:0a:95:40:e1:
                    f1:42:9b:96:f3:f6:38:a7:8c:cd:08:0e:40:c2:6a:
                    92:21:19:ee:f7:e7:03:1f:d8:0d:16:ce:91:2f:6d:
                    0d:c1:05:c0:72:08:34:0c:42:d9:b8:61:00:b5:38:
                    5f:cc:47:0c:c1:4f:df:ee:5b:20:98:9a:df:bc:9b:
                    01:04:f5:ee:98:7f:39:63:3c:d6:d8:76:63:7f:57:
                    54:21:5b:3a:33:f9:6d:03:f2:67:32:8f:58:cf:4d:
                    2e:98:ab:f9:09:c5:bc:fd:06:0b:2b:78:44:43:8f:
                    ba:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:12:E0:5B:5B:70:2B:7F:CE:2A:38:76:D4:52:F0:B8:99:EF:97:00
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/RRLgW1twK3_OKjh21FLwuJnvlwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.0.0-31.129.21.255
                  31.129.23.0-31.129.29.255
                  31.129.31.0/24
                  46.16.12.0/24
                  46.16.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:0c:d2:46:da:c1:2d:f9:26:b0:62:0a:db:ab:46:05:17:0d:
         80:0d:ff:be:3b:11:20:fc:7f:e0:d0:f1:62:b4:24:43:a6:c4:
         28:05:88:27:bb:5f:67:cf:30:28:bb:85:2a:a7:b4:5a:ac:27:
         46:c2:08:e4:13:d8:b3:12:1a:1b:37:a0:4d:80:da:8a:17:a2:
         53:db:88:82:82:79:ce:00:65:0c:45:58:fd:8a:51:97:77:db:
         3b:33:d2:de:f0:bc:67:69:88:ef:3b:b0:7e:1f:a5:ba:e1:35:
         b5:e4:3f:a9:ef:2a:6d:59:53:61:f9:bb:c4:65:1b:57:a5:4b:
         a5:cd:ff:0e:88:3e:f8:c0:dd:a7:8a:98:7a:9f:d9:cd:f4:32:
         13:0c:c6:30:e6:76:b2:1e:08:49:b1:f5:ed:52:72:e3:a1:af:
         32:00:f7:b0:20:a5:83:ec:9b:29:78:91:39:b4:ee:30:ae:c7:
         5b:0c:bc:47:55:05:87:fc:f2:10:7b:57:80:6f:c2:29:4b:e4:
         4f:a1:c3:97:c7:b9:5a:8c:ff:85:0c:31:7f:4b:e6:a3:f2:81:
         53:47:f2:96:94:73:64:31:c8:ac:fa:36:be:ba:20:86:c3:5a:
         36:b2:e9:f1:77:61:a6:de:5f:ce:f6:11:e5:08:f9:c0:6f:47:
         a4:8b:eb:fa
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVZLpAqoZNHqRxns5X8Mv1KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjIxMjI4MTQ0MTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTEyZTA1YjViNzAyYjdmY2UyYTM4NzZkNDUyZjBiODk5ZWY5NzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWOZMVjUp9A4a3O3qjvEiMA0EaJE
xGtdNWewSQ0DdWOnKWPvvWZCA4g33MAnBV4dY11Y1sQtMNC3t/ZEVJU0RSokPnuW
Mv2HgGdLImj/yxhr5hwPDWeyhHyEtgDiXL5MlklBq03jp3kYuF12kGHRcs3vGp26
DhhXdrFkICKD5ap6ALM8RqGU7g1w2PS/hLzsGAqVQOHxQpuW8/Y4p4zNCA5AwmqS
IRnu9+cDH9gNFs6RL20NwQXAcgg0DELZuGEAtThfzEcMwU/f7lsgmJrfvJsBBPXu
mH85YzzW2HZjf1dUIVs6M/ltA/JnMo9Yz00umKv5CcW8/QYLK3hEQ4+6qQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFEUS4FtbcCt/zio4dtRS8LiZ75cAMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvUlJMZ1cxdHdLM19PS2poMjFGTHd1Sm52bHdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAzBAIAATAtMAsDAwAfgQME
AR+BFDAMAwQAH4EXAwQBH4EcAwQAH4EfAwQALhAMAwQBLhAOMA0GCSqGSIb3DQEB
CwUAA4IBAQB1DNJG2sEt+SawYgrbq0YFFw2ADf++OxEg/H/g0PFitCRDpsQoBYgn
u19nzzAou4Uqp7RarCdGwgjkE9izEhobN6BNgNqKF6JT24iCgnnOAGUMRVj9ilGX
d9s7M9Le8LxnaYjvO7B+H6W64TW15D+p7yptWVNh+bvEZRtXpUulzf8OiD74wN2n
iph6n9nN9DITDMYw5nayHghJsfXtUnLjoa8yAPewIKWD7JspeJE5tO4wrsdbDLxH
VQWH/PIQe1eAb8IpS+RPocOXx7lajP+FDDF/S+aj8oFTR/KWlHNkMcis+ja+uiCG
w1o2sunxd2Gm3l/O9hHlCPnAb0eki+v6
-----END CERTIFICATE-----