Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/vBnqCvAzL2UILZzV8Vli-IGo4vs.roa
File:                     vBnqCvAzL2UILZzV8Vli-IGo4vs.roa (raw, json)
Hash identifier:          BfTUR4dav/kOQNQGHx7rQEJTMbvT1dd6NLliblvzK7Q=
Subject key identifier:   BC:19:EA:0A:F0:33:2F:65:08:2D:9C:D5:F1:59:62:F8:81:A8:E2:FB
Certificate issuer:       /CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
Certificate serial:       0A7D29C9
Authority key identifier: B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/vBnqCvAzL2UILZzV8Vli-IGo4vs.roa
Signing time:             Sat 01 Jan 2022 02:54:14 +0000
ROA not before:           Sat 01 Jan 2022 02:54:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     6718
IP address blocks:        91.250.242.0/24 maxlen: 24
                          188.119.151.0/24 maxlen: 24
                          188.119.150.0/24 maxlen: 24
                          128.0.36.0/24 maxlen: 24
                          91.239.230.0/24 maxlen: 24
                          185.36.252.0/24 maxlen: 24
                          5.154.224.0/24 maxlen: 24
                          91.216.8.0/24 maxlen: 24
                          2a05:1c04::/32 maxlen: 32
                          2a05:1c00::/32 maxlen: 32
                          2a05:1c02::/32 maxlen: 32
                          2a00:ece0::/32 maxlen: 32
                          2a05:1c03::/32 maxlen: 32
                          2a04:6c80::/48 maxlen: 48
                          2a05:1c01::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 175974857 (0xa7d29c9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
        Validity
            Not Before: Jan  1 02:54:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=bc19ea0af0332f65082d9cd5f15962f881a8e2fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:18:d8:62:04:8a:80:cb:c8:7d:cb:42:3c:a7:
                    06:13:26:31:6c:90:03:99:30:a1:67:e8:83:11:56:
                    38:8d:b2:ed:f1:ce:da:55:9b:12:01:1d:39:ce:99:
                    ee:8d:50:9e:e5:59:cf:b8:a2:9c:a0:cb:d9:31:9e:
                    c2:24:d3:0b:55:8e:c7:e0:cc:01:13:9f:2d:cc:04:
                    38:08:c5:c0:7c:c9:20:99:b5:93:29:0c:de:db:37:
                    77:46:5f:ac:64:a7:89:82:25:c2:49:06:e1:75:3c:
                    21:12:da:ed:30:a7:57:29:f2:9d:7e:72:cd:eb:3d:
                    17:8d:a0:89:06:c3:6b:61:c8:bc:d7:4c:e6:59:b9:
                    9c:5c:94:4c:71:df:1c:14:cc:48:a6:d4:c5:c3:f0:
                    1c:58:8b:26:e9:1c:5f:7f:99:1d:cb:45:c7:6a:53:
                    60:45:83:e9:50:ac:e9:8c:d4:f2:6b:01:1c:c1:0f:
                    4f:0f:24:2d:33:09:ce:cc:1a:7a:f8:1c:a5:e0:3e:
                    07:38:9c:64:89:14:47:0f:28:8e:7f:6b:7b:f9:3a:
                    1a:e5:a6:64:e9:d4:6a:09:71:30:d7:27:a7:44:7a:
                    4c:73:40:0d:25:bc:22:b3:70:fe:47:58:eb:29:1f:
                    c4:12:54:4b:98:18:4c:17:83:c8:f4:b6:6c:a7:e9:
                    1a:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:19:EA:0A:F0:33:2F:65:08:2D:9C:D5:F1:59:62:F8:81:A8:E2:FB
            X509v3 Authority Key Identifier:
                keyid:B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/vBnqCvAzL2UILZzV8Vli-IGo4vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.224.0/24
                  91.216.8.0/24
                  91.239.230.0/24
                  91.250.242.0/24
                  128.0.36.0/24
                  185.36.252.0/24
                  188.119.150.0/23
                IPv6:
                  2a00:ece0::/32
                  2a04:6c80::/48
                  2a05:1c00::-2a05:1c04:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         a4:0c:b3:ff:b8:02:84:75:72:f6:2d:97:c6:5f:53:5c:9a:86:
         84:45:f6:25:6e:83:ab:ca:5c:ac:f1:8b:6d:29:41:14:30:9f:
         00:c7:dd:84:d2:a9:a8:13:09:cb:44:0f:fc:73:4e:e0:13:2d:
         c6:d4:34:a7:ed:26:54:2c:41:52:2e:8b:97:c3:1b:1c:26:1a:
         44:6e:28:7b:f1:ab:7d:ba:99:4c:48:6f:f3:b3:cd:5c:c0:16:
         34:e7:eb:f2:09:ee:e9:58:80:d7:f6:b9:2d:a7:de:0e:e3:ef:
         fc:da:cb:84:c5:aa:e0:76:a1:25:16:47:4b:4c:23:0f:81:62:
         5c:fd:81:1d:a2:82:a9:3a:13:a5:d3:dc:ce:c8:c2:13:fe:ff:
         fe:e1:3f:86:28:d2:0a:00:74:5f:95:9b:93:b5:fa:91:b9:57:
         eb:54:cc:f5:b4:76:66:1c:82:cc:a0:a5:3a:d1:ca:3e:6b:ab:
         5b:73:20:4e:5f:3d:32:a1:c9:2a:99:ce:20:ed:a1:da:b7:e6:
         0a:e8:12:d5:9c:dc:9e:34:a7:e6:e4:f3:07:ab:8b:1d:c4:33:
         d4:da:4e:be:42:a3:e3:4d:9c:07:6f:92:95:78:2a:75:17:57:
         21:de:8c:ab:cf:04:37:76:fc:a8:a2:82:7b:35:cb:d4:aa:48:
         86:20:23:9f
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIECn0pyTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MGMyMGFlMWRhY2NhMzE4MTViMjc0NzAyOTI3YzFhNWE5ZGJjN2IzMB4XDTIyMDEw
MTAyNTQxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmMxOWVhMGFmMDMz
MmY2NTA4MmQ5Y2Q1ZjE1OTYyZjg4MWE4ZTJmYjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALsY2GIEioDLyH3LQjynBhMmMWyQA5kwoWfogxFWOI2y7fHO
2lWbEgEdOc6Z7o1QnuVZz7iinKDL2TGewiTTC1WOx+DMAROfLcwEOAjFwHzJIJm1
kykM3ts3d0ZfrGSniYIlwkkG4XU8IRLa7TCnVynynX5yzes9F42giQbDa2HIvNdM
5lm5nFyUTHHfHBTMSKbUxcPwHFiLJukcX3+ZHctFx2pTYEWD6VCs6YzU8msBHMEP
Tw8kLTMJzswaevgcpeA+BzicZIkURw8ojn9re/k6GuWmZOnUaglxMNcnp0R6THNA
DSW8IrNw/kdY6ykfxBJUS5gYTBeDyPS2bKfpGnUCAwEAAaOCAlQwggJQMB0GA1Ud
DgQWBBS8GeoK8DMvZQgtnNXxWWL4gaji+zAfBgNVHSMEGDAWgBSwwgrh2syjGBWy
dHApJ8GlqdvHszAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NNSUs0ZHJNb3hnVnNuUndLU2ZCcGFuYng3TS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzUvODg4ODY5LTdhNjUtNDE1Yi1iNjhmLTU0ODQ0MDJjZWI3YS8x
L3ZCbnFDdkF6TDJVSUxaelY4VmxpLUlHbzR2cy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzUv
ODg4ODY5LTdhNjUtNDE1Yi1iNjhmLTU0ODQ0MDJjZWI3YS8xL3NNSUs0ZHJNb3hn
VnNuUndLU2ZCcGFuYng3TS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBq
BggrBgEFBQcBBwEB/wRbMFkwMAQCAAEwKgMEAAWa4AMEAFvYCAMEAFvv5gMEAFv6
8gMEAIAAJAMEALkk/AMEAbx3ljAlBAIAAjAfAwUAKgDs4AMHACoEbIAAADANAwQC
KgUcAwUAKgUcBDANBgkqhkiG9w0BAQsFAAOCAQEApAyz/7gChHVy9i2Xxl9TXJqG
hEX2JW6Dq8pcrPGLbSlBFDCfAMfdhNKpqBMJy0QP/HNO4BMtxtQ0p+0mVCxBUi6L
l8MbHCYaRG4oe/GrfbqZTEhv87PNXMAWNOfr8gnu6ViA1/a5LafeDuPv/NrLhMWq
4HahJRZHS0wjD4FiXP2BHaKCqToTpdPczsjCE/7//uE/hijSCgB0X5Wbk7X6kblX
61TM9bR2ZhyCzKClOtHKPmurW3MgTl89MqHJKpnOIO2h2rfmCugS1ZzcnjSn5uTz
B6uLHcQz1NpOvkKj402cB2+SlXgqdRdXId6Mq88EN3b8qKKCezXL1KpIhiAjnw==
-----END CERTIFICATE-----