Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/_xomYsr1MVd1nt6aVkUhb5ASXMM.roa
File:                     _xomYsr1MVd1nt6aVkUhb5ASXMM.roa (raw, json)
Hash identifier:          bDJn+Fe0K6lR14LJjA1nYzXedU6jq5qSLHcSuwHyM3Q=
Subject key identifier:   FF:1A:26:62:CA:F5:31:57:75:9E:DE:9A:56:45:21:6F:90:12:5C:C3
Certificate issuer:       /CN=e29b9ac2ef631b92e82f595d73e4792c816ec6e6
Certificate serial:       0182656F3624081952FCB78499985F8E30A0
Authority key identifier: E2:9B:9A:C2:EF:63:1B:92:E8:2F:59:5D:73:E4:79:2C:81:6E:C6:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/_xomYsr1MVd1nt6aVkUhb5ASXMM.roa
Signing time:             Wed 03 Aug 2022 20:39:23 +0000
ROA not before:           Wed 03 Aug 2022 20:39:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8374
IP address blocks:        5.60.0.0/16 maxlen: 16
                          46.76.0.0/15 maxlen: 15
                          46.215.0.0/16 maxlen: 16
                          37.7.0.0/16 maxlen: 16
                          37.152.16.0/20 maxlen: 20
                          31.0.0.0/15 maxlen: 15
                          46.168.0.0/15 maxlen: 15
                          95.40.0.0/15 maxlen: 15
                          188.125.32.0/19 maxlen: 19
                          77.112.0.0/14 maxlen: 14
                          5.174.0.0/16 maxlen: 16
                          185.4.212.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:65:6f:36:24:08:19:52:fc:b7:84:99:98:5f:8e:30:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e29b9ac2ef631b92e82f595d73e4792c816ec6e6
        Validity
            Not Before: Aug  3 20:39:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ff1a2662caf53157759ede9a5645216f90125cc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5f:0c:9b:c5:90:b6:9a:9b:ec:5d:86:82:53:
                    63:bf:76:9a:25:48:2d:f1:3d:cd:8f:5a:3f:9d:f6:
                    0c:eb:89:89:48:2f:48:c8:32:32:6a:5a:18:8b:37:
                    28:ab:a0:41:a9:25:5b:c9:b2:d7:1d:ba:69:46:54:
                    10:09:f7:04:0f:51:2b:50:a1:b5:c8:20:41:27:30:
                    ff:27:cb:b2:e4:51:f7:c5:f7:cb:55:f5:d3:1a:52:
                    5c:72:c6:ee:5f:d6:b5:d1:12:1d:fc:93:bd:95:b6:
                    e0:dd:74:80:49:3a:77:75:d3:70:f8:13:e6:a7:ad:
                    9f:5c:c6:c8:4b:e4:05:71:cb:dc:51:0e:69:e8:94:
                    fd:3e:ea:07:c7:f6:46:44:45:13:2c:b2:4b:98:c8:
                    e2:ec:80:0e:87:b3:ad:ba:0d:16:aa:36:cb:8d:dd:
                    4c:17:fc:92:1f:cb:00:3a:66:86:68:04:6f:a9:72:
                    12:98:59:4f:b4:7c:25:02:e6:69:56:be:9d:c3:61:
                    e4:aa:59:07:10:58:1a:2d:66:fb:70:aa:39:ee:63:
                    8f:d9:21:53:95:6d:aa:65:0e:08:e2:ab:b1:e2:1a:
                    14:a8:f5:43:53:54:25:65:cb:a1:c0:6c:7d:87:c4:
                    51:53:66:40:7f:d0:bb:9f:dc:e0:92:5a:3f:cf:a2:
                    ba:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:1A:26:62:CA:F5:31:57:75:9E:DE:9A:56:45:21:6F:90:12:5C:C3
            X509v3 Authority Key Identifier:
                keyid:E2:9B:9A:C2:EF:63:1B:92:E8:2F:59:5D:73:E4:79:2C:81:6E:C6:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/_xomYsr1MVd1nt6aVkUhb5ASXMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/4puawu9jG5LoL1ldc-R5LIFuxuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.60.0.0/16
                  5.174.0.0/16
                  31.0.0.0/15
                  37.7.0.0/16
                  37.152.16.0/20
                  46.76.0.0/15
                  46.168.0.0/15
                  46.215.0.0/16
                  77.112.0.0/14
                  95.40.0.0/15
                  185.4.212.0/22
                  188.125.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         70:c3:62:3c:ef:8b:47:f6:e0:c0:45:1e:e2:39:13:b9:24:45:
         31:e1:f7:24:f4:1a:75:35:f6:ec:9d:f7:27:a5:5e:ad:d0:91:
         37:53:a1:3f:42:95:d1:a5:44:ae:87:a6:7a:e3:c3:9c:99:fe:
         2b:00:18:4a:c2:3c:1d:62:e6:42:5d:02:7d:4c:b8:f8:5b:08:
         f9:16:58:a0:29:69:ea:78:3a:0e:d3:4d:2b:56:3a:a2:cf:49:
         6a:ab:81:53:82:94:48:1f:3c:79:f7:05:cf:5f:6d:b9:a1:93:
         5d:c2:85:41:41:74:3f:79:2f:4d:b6:98:24:bb:7e:df:02:ae:
         5a:56:de:2b:92:f9:7c:47:71:a6:2e:d3:a6:66:00:e5:4c:0d:
         00:92:6e:10:ed:51:21:48:9c:a3:9f:a9:fe:c8:1a:ed:5b:16:
         d6:8c:5e:a1:f0:ce:70:6e:99:23:25:cc:2f:63:1d:59:0c:a9:
         0a:a4:3f:2d:bc:e9:79:11:57:75:ec:09:f4:c2:61:75:0b:29:
         f7:a1:51:46:88:36:24:73:d0:37:19:46:41:fe:c4:ac:ee:4a:
         8c:6d:9a:0e:15:ff:e1:d0:70:fa:c0:bd:1b:26:8d:92:e9:08:
         4a:17:97:af:28:9d:84:67:f9:57:48:a8:c4:c1:57:c9:12:5a:
         b6:9c:24:ec
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYJlbzYkCBlS/LeEmZhfjjCgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOWI5YWMyZWY2MzFiOTJlODJmNTk1ZDczZTQ3OTJjODE2
ZWM2ZTYwHhcNMjIwODAzMjAzOTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjFhMjY2MmNhZjUzMTU3NzU5ZWRlOWE1NjQ1MjE2ZjkwMTI1Y2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnl8Mm8WQtpqb7F2GglNjv3aaJUgt
8T3Nj1o/nfYM64mJSC9IyDIyaloYizcoq6BBqSVbybLXHbppRlQQCfcED1ErUKG1
yCBBJzD/J8uy5FH3xffLVfXTGlJccsbuX9a10RId/JO9lbbg3XSASTp3ddNw+BPm
p62fXMbIS+QFccvcUQ5p6JT9PuoHx/ZGREUTLLJLmMji7IAOh7Otug0WqjbLjd1M
F/ySH8sAOmaGaARvqXISmFlPtHwlAuZpVr6dw2HkqlkHEFgaLWb7cKo57mOP2SFT
lW2qZQ4I4qux4hoUqPVDU1QlZcuhwGx9h8RRU2ZAf9C7n9zgklo/z6K6cQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFP8aJmLK9TFXdZ7emlZFIW+QElzDMB8GA1UdIwQY
MBaAFOKbmsLvYxuS6C9ZXXPkeSyBbsbmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHB1YXd1OWpHNUxvTDFsZGMtUjVMSUZ1eHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82OTAzNTctZGZiZS00ZDg2LWFmZDYt
OTE2NGUzNTJhODNjLzEvX3hvbVlzcjFNVmQxbnQ2YVZrVWhiNUFTWE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82OTAzNTctZGZiZS00ZDg2LWFmZDYtOTE2NGUzNTJhODNj
LzEvNHB1YXd1OWpHNUxvTDFsZGMtUjVMSUZ1eHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAATA/AwMABTwDAwAF
rgMDAR8AAwMAJQcDBAQlmBADAwEuTAMDAS6oAwMALtcDAwJNcAMDAV8oAwQCuQTU
AwQFvH0gMA0GCSqGSIb3DQEBCwUAA4IBAQBww2I874tH9uDARR7iORO5JEUx4fck
9Bp1NfbsnfcnpV6t0JE3U6E/QpXRpUSuh6Z648Ocmf4rABhKwjwdYuZCXQJ9TLj4
Wwj5FligKWnqeDoO000rVjqiz0lqq4FTgpRIHzx59wXPX225oZNdwoVBQXQ/eS9N
tpgku37fAq5aVt4rkvl8R3GmLtOmZgDlTA0Akm4Q7VEhSJyjn6n+yBrtWxbWjF6h
8M5wbpkjJcwvYx1ZDKkKpD8tvOl5EVd17An0wmF1Cyn3oVFGiDYkc9A3GUZB/sSs
7kqMbZoOFf/h0HD6wL0bJo2S6QhKF5evKJ2EZ/lXSKjEwVfJElq2nCTs
-----END CERTIFICATE-----