Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/bfkpzUA4TDYwmp77VfdxMpxmSHk.roa
File:                     bfkpzUA4TDYwmp77VfdxMpxmSHk.roa (raw, json)
Hash identifier:          U8JpAROiFwJqRsYcUoLIK8tmqdkqgJk88RQPuM3vUfg=
Subject key identifier:   6D:F9:29:CD:40:38:4C:36:30:9A:9E:FB:55:F7:71:32:9C:66:48:79
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       018678E0B428787EF1E9D4A61CF1E7950456
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/bfkpzUA4TDYwmp77VfdxMpxmSHk.roa
Signing time:             Wed 22 Feb 2023 11:27:17 +0000
ROA not before:           Wed 22 Feb 2023 11:27:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207713
IP address blocks:        31.129.22.0/24 maxlen: 24
                          212.60.23.0/24 maxlen: 24
                          5.44.44.0/24 maxlen: 24
                          5.44.42.0/24 maxlen: 24
                          141.98.234.0/24 maxlen: 24
                          45.129.184.0/24 maxlen: 24
                          45.129.187.0/24 maxlen: 24
                          91.107.116.0/24 maxlen: 24
                          45.80.128.0/24 maxlen: 24
                          195.80.49.0/24 maxlen: 24
                          195.80.48.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:78:e0:b4:28:78:7e:f1:e9:d4:a6:1c:f1:e7:95:04:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Feb 22 11:27:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6df929cd40384c36309a9efb55f771329c664879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e7:3c:5e:22:93:24:7e:8f:3c:23:51:26:83:
                    7b:81:af:81:8d:30:34:9f:73:b6:96:80:b1:eb:dd:
                    39:3a:bb:cf:6f:aa:14:47:d8:c3:7e:cd:7e:b4:80:
                    cc:e4:8e:47:bc:d9:03:a5:c5:76:1c:d8:7e:be:9c:
                    71:13:2e:e2:af:c5:84:87:98:6c:f1:0d:fd:64:de:
                    c2:53:d5:27:15:02:f8:7c:a8:cc:c4:cb:09:2b:fd:
                    c6:a2:e6:ae:55:7d:e8:48:d1:a6:8b:e0:56:7d:7f:
                    1c:86:9a:05:e3:70:22:62:67:6b:85:2a:b8:fd:65:
                    31:37:75:17:0c:97:53:3a:6a:51:a9:4d:02:c5:42:
                    27:ab:94:ef:14:d0:b3:03:42:39:a4:46:49:10:7c:
                    10:8b:a1:d3:47:e2:69:33:99:d3:7a:0a:f6:9f:e3:
                    d8:b5:2b:75:d4:5e:09:c2:63:8b:07:8a:13:bc:90:
                    a3:41:ac:05:70:ed:fc:f8:44:d2:13:d6:9e:e2:12:
                    81:1c:31:04:59:72:25:d3:7a:22:83:67:b8:6d:72:
                    76:14:42:60:64:48:50:16:b4:98:73:44:ac:d2:10:
                    be:58:48:2e:2f:dd:8c:1a:c1:a4:7f:cc:70:e5:a6:
                    c5:d3:9a:ef:8e:b8:c9:10:17:af:04:80:ad:50:14:
                    77:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:F9:29:CD:40:38:4C:36:30:9A:9E:FB:55:F7:71:32:9C:66:48:79
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/bfkpzUA4TDYwmp77VfdxMpxmSHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.42.0/24
                  5.44.44.0/24
                  31.129.22.0/24
                  45.80.128.0/24
                  45.129.184.0/24
                  45.129.187.0/24
                  91.107.116.0/24
                  141.98.234.0/24
                  195.80.48.0/23
                  212.60.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:25:8e:18:8a:a8:23:34:a8:c1:9e:ab:98:c0:e3:6b:2a:4e:
         8b:a7:2e:6d:d0:fc:ee:fe:8b:20:4d:3f:5e:c7:75:93:41:2e:
         23:10:01:af:28:3a:3c:ed:7b:63:9b:6c:49:98:1f:eb:f4:b7:
         8e:5b:79:ba:73:db:25:b9:7b:e3:66:41:b9:25:ab:fa:04:eb:
         8b:cb:30:b5:4f:d0:41:30:ad:69:57:ee:b9:8c:6a:05:fe:78:
         96:66:97:4f:ba:68:38:9c:d8:f5:93:8c:36:34:a6:99:89:66:
         4b:ee:4c:57:f2:5a:df:59:ef:e6:e2:7b:32:44:d2:69:6e:76:
         ee:ec:95:39:74:c9:da:af:6e:fb:9b:1c:52:1d:63:e8:5c:cd:
         2c:f1:23:cb:96:4a:a6:36:93:ae:83:a8:72:10:99:fd:ac:89:
         83:eb:91:90:3f:c0:58:b8:9e:b6:51:93:4d:2a:75:e4:43:ff:
         85:35:dd:59:b2:20:30:04:91:c0:cf:af:eb:cf:30:d2:eb:ba:
         42:ea:3c:92:e2:ba:76:9c:28:dd:21:17:0a:09:78:1a:bc:12:
         52:6a:7b:cd:fc:29:39:3c:22:06:33:99:96:0a:5d:55:07:e6:
         99:a8:9a:2d:09:8f:af:58:14:64:58:16:66:ac:82:c6:2e:52:
         e3:2b:43:5d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYZ44LQoeH7x6dSmHPHnlQRWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMjIyMTEyNzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGY5MjljZDQwMzg0YzM2MzA5YTllZmI1NWY3NzEzMjljNjY0ODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+c8XiKTJH6PPCNRJoN7ga+BjTA0
n3O2loCx6905OrvPb6oUR9jDfs1+tIDM5I5HvNkDpcV2HNh+vpxxEy7ir8WEh5hs
8Q39ZN7CU9UnFQL4fKjMxMsJK/3GouauVX3oSNGmi+BWfX8chpoF43AiYmdrhSq4
/WUxN3UXDJdTOmpRqU0CxUInq5TvFNCzA0I5pEZJEHwQi6HTR+JpM5nTegr2n+PY
tSt11F4JwmOLB4oTvJCjQawFcO38+ETSE9ae4hKBHDEEWXIl03oig2e4bXJ2FEJg
ZEhQFrSYc0Ss0hC+WEguL92MGsGkf8xw5abF05rvjrjJEBevBICtUBR3TwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFG35Kc1AOEw2MJqe+1X3cTKcZkh5MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvYmZrcHpVQTRURFl3bXA3N1ZmZHhNcHhtU0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQABSwqAwQA
BSwsAwQAH4EWAwQALVCAAwQALYG4AwQALYG7AwQAW2t0AwQAjWLqAwQBw1AwAwQA
1DwXMA0GCSqGSIb3DQEBCwUAA4IBAQCeJY4YiqgjNKjBnquYwONrKk6Lpy5t0Pzu
/osgTT9ex3WTQS4jEAGvKDo87Xtjm2xJmB/r9LeOW3m6c9sluXvjZkG5Jav6BOuL
yzC1T9BBMK1pV+65jGoF/niWZpdPumg4nNj1k4w2NKaZiWZL7kxX8lrfWe/m4nsy
RNJpbnbu7JU5dMnar277mxxSHWPoXM0s8SPLlkqmNpOug6hyEJn9rImD65GQP8BY
uJ62UZNNKnXkQ/+FNd1ZsiAwBJHAz6/rzzDS67pC6jyS4rp2nCjdIRcKCXgavBJS
anvN/Ck5PCIGM5mWCl1VB+aZqJotCY+vWBRkWBZmrILGLlLjK0Nd
-----END CERTIFICATE-----