Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/7T5xTWhavJVXKkIsWyst_SBvLDQ.roa
File:                     7T5xTWhavJVXKkIsWyst_SBvLDQ.roa (raw, json)
Hash identifier:          G3Y7iVGc4lEWC+u4zkVYhlsOQVEGEETIOhhtft2kEWM=
Subject key identifier:   ED:3E:71:4D:68:5A:BC:95:57:2A:42:2C:5B:2B:2D:FD:20:6F:2C:34
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       0183DC53134079396215DB261BBB03FC55D8
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/7T5xTWhavJVXKkIsWyst_SBvLDQ.roa
Signing time:             Sat 15 Oct 2022 15:46:15 +0000
ROA not before:           Sat 15 Oct 2022 15:46:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     0
IP address blocks:        92.53.176.0/22 maxlen: 22
                          92.53.180.0/22 maxlen: 22
                          92.53.184.0/22 maxlen: 22
                          176.52.128.0/22 maxlen: 24
                          176.52.132.0/22 maxlen: 24
                          176.52.144.0/22 maxlen: 24
                          176.52.140.0/22 maxlen: 22
                          176.52.152.0/22 maxlen: 22
                          176.52.148.0/22 maxlen: 24
                          92.53.160.0/22 maxlen: 24
                          92.53.172.0/22 maxlen: 22
                          92.53.168.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:dc:53:13:40:79:39:62:15:db:26:1b:bb:03:fc:55:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Oct 15 15:46:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ed3e714d685abc95572a422c5b2b2dfd206f2c34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6e:c9:03:8f:0d:49:e2:9b:f3:64:d3:ff:8b:
                    11:1c:f8:ff:1d:b5:05:1b:cd:9f:5d:b5:ab:6a:df:
                    89:33:98:1d:94:99:7e:9e:ae:c9:f1:56:3e:65:66:
                    1f:cf:ec:4f:42:e8:85:cd:30:21:13:f9:04:f3:81:
                    d5:ca:60:87:d7:91:6a:d0:fe:7f:72:1a:51:a8:58:
                    60:5b:0c:4b:66:75:05:3a:bc:06:5e:da:c8:6a:73:
                    2d:af:34:59:36:00:91:1f:7e:5d:8e:27:3f:a1:f2:
                    23:a1:98:d9:c5:96:dc:38:bd:7a:6a:e9:f6:8b:5f:
                    8c:5d:fc:52:73:d7:f5:ab:16:c7:e8:c8:ae:9c:fd:
                    ba:3e:b5:e5:cc:af:77:7f:1c:4e:5c:ca:34:ff:82:
                    f3:be:b3:6e:91:31:d3:8e:65:b9:d7:61:8f:34:f2:
                    7c:88:8e:d8:05:24:c3:7d:8b:fb:e9:3e:7a:9a:bf:
                    f7:9d:96:a9:00:9c:ef:c3:ce:2e:6e:a6:f8:09:0c:
                    91:1a:03:e4:17:87:88:26:12:8c:b3:be:b2:dd:e1:
                    8c:49:4d:97:7f:7b:e3:ee:e8:d0:b7:5d:c9:48:f9:
                    05:97:a2:0d:e3:00:f3:8a:a8:3a:bd:6e:1a:7a:1f:
                    a7:2a:fa:00:41:b3:1e:58:63:af:64:fe:a4:68:ec:
                    ab:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:3E:71:4D:68:5A:BC:95:57:2A:42:2C:5B:2B:2D:FD:20:6F:2C:34
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/7T5xTWhavJVXKkIsWyst_SBvLDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.160.0/22
                  92.53.168.0-92.53.187.255
                  176.52.128.0/21
                  176.52.140.0-176.52.155.255

    Signature Algorithm: sha256WithRSAEncryption
         2d:ef:79:3b:5e:e1:ec:21:10:44:e9:71:bb:ba:29:6b:43:f6:
         5c:16:e8:c8:59:11:7a:35:f5:65:93:9f:68:5c:6e:6c:b0:38:
         06:7c:b4:09:c0:34:e6:55:a1:45:6c:1e:85:33:83:71:45:79:
         48:6c:f7:17:46:76:28:e2:c1:99:fc:01:89:86:40:c3:21:5e:
         c9:f7:b0:b7:47:fd:7a:cc:ed:cc:4c:91:5c:c9:4e:6c:e9:35:
         75:76:8e:44:76:0b:d3:77:9b:59:49:4e:57:7d:90:2e:6c:48:
         dc:c1:65:2c:0f:bb:c0:ba:6c:a9:0e:c5:e6:27:29:4c:0b:2a:
         e9:9e:e3:e9:6f:3d:1f:f7:47:4b:70:63:3e:12:c3:a9:b0:b5:
         21:03:13:f2:fc:9a:7c:6f:ea:af:fb:92:f7:5f:2e:88:cb:39:
         83:0c:44:e1:7e:b1:d7:b3:04:13:ca:6d:54:da:12:6d:13:a5:
         9f:cd:47:89:7c:ab:78:d3:87:b6:2e:33:81:9f:e1:de:1b:04:
         f2:ed:34:0b:9b:9c:8d:60:97:b4:53:7d:87:c2:6d:04:a9:6e:
         12:94:fc:0d:04:81:0c:17:5d:aa:e4:d5:f9:2a:8f:d9:5b:d5:
         8b:a5:22:12:b1:71:89:76:65:82:18:b1:9d:0d:9a:14:d6:a2:
         e3:ce:26:85
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYPcUxNAeTliFdsmG7sD/FXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjIxMDE1MTU0NjE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDNlNzE0ZDY4NWFiYzk1NTcyYTQyMmM1YjJiMmRmZDIwNmYyYzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqG7JA48NSeKb82TT/4sRHPj/HbUF
G82fXbWrat+JM5gdlJl+nq7J8VY+ZWYfz+xPQuiFzTAhE/kE84HVymCH15Fq0P5/
chpRqFhgWwxLZnUFOrwGXtrIanMtrzRZNgCRH35djic/ofIjoZjZxZbcOL16aun2
i1+MXfxSc9f1qxbH6MiunP26PrXlzK93fxxOXMo0/4LzvrNukTHTjmW512GPNPJ8
iI7YBSTDfYv76T56mr/3nZapAJzvw84ubqb4CQyRGgPkF4eIJhKMs76y3eGMSU2X
f3vj7ujQt13JSPkFl6IN4wDziqg6vW4aeh+nKvoAQbMeWGOvZP6kaOyrHQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFO0+cU1oWryVVypCLFsrLf0gbyw0MB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvN1Q1eFRXaGF2SlZYS2tJc1d5c3RfU0J2TERRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCXDWgMAwD
BANcNagDBAJcNbgDBAOwNIAwDAMEArA0jAMEArA0mDANBgkqhkiG9w0BAQsFAAOC
AQEALe95O17h7CEQROlxu7opa0P2XBboyFkRejX1ZZOfaFxubLA4Bny0CcA05lWh
RWwehTODcUV5SGz3F0Z2KOLBmfwBiYZAwyFeyfewt0f9esztzEyRXMlObOk1dXaO
RHYL03ebWUlOV32QLmxI3MFlLA+7wLpsqQ7F5icpTAsq6Z7j6W89H/dHS3BjPhLD
qbC1IQMT8vyafG/qr/uS918uiMs5gwxE4X6x17MEE8ptVNoSbROln81HiXyreNOH
ti4zgZ/h3hsE8u00C5ucjWCXtFN9h8JtBKluEpT8DQSBDBddquTV+SqP2VvVi6Ui
ErFxiXZlghixnQ2aFNai484mhQ==
-----END CERTIFICATE-----