Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/WL-ykTzlof7R4oXSqwzVHLamW1E.roa
File:                     WL-ykTzlof7R4oXSqwzVHLamW1E.roa (raw, json)
Hash identifier:          ZlyT78aWgO7kz+koAgt0IebG6auYn7RhC+R4PcZ7i5s=
Subject key identifier:   58:BF:B2:91:3C:E5:A1:FE:D1:E2:85:D2:AB:0C:D5:1C:B6:A6:5B:51
Certificate issuer:       /CN=b4bdc376a159d05e2af97176a3eba8360e60d176
Certificate serial:       018755FF3945AC167557AE1E8F5D78490DC1
Authority key identifier: B4:BD:C3:76:A1:59:D0:5E:2A:F9:71:76:A3:EB:A8:36:0E:60:D1:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/WL-ykTzlof7R4oXSqwzVHLamW1E.roa
Signing time:             Thu 06 Apr 2023 09:56:42 +0000
ROA not before:           Thu 06 Apr 2023 09:56:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50247
IP address blocks:        91.218.240.0/24 maxlen: 24
                          185.178.236.0/22 maxlen: 22
                          109.197.36.0/23 maxlen: 23
                          109.196.80.0/20 maxlen: 20
                          91.224.143.0/24 maxlen: 24
                          91.224.142.0/23 maxlen: 23
                          91.224.142.0/24 maxlen: 24
                          45.131.34.0/24 maxlen: 24
                          45.131.33.0/24 maxlen: 24
                          109.95.88.0/21 maxlen: 21
                          2a0a:7080::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:55:ff:39:45:ac:16:75:57:ae:1e:8f:5d:78:49:0d:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4bdc376a159d05e2af97176a3eba8360e60d176
        Validity
            Not Before: Apr  6 09:56:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=58bfb2913ce5a1fed1e285d2ab0cd51cb6a65b51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6c:50:cd:cf:e2:bc:a8:b0:83:6d:f9:78:4f:
                    1f:f0:98:f2:50:99:05:10:93:51:e6:ba:71:32:a6:
                    df:d3:f1:e1:f1:0e:95:58:07:e2:f2:f1:18:86:90:
                    db:d6:42:35:9f:5a:60:5e:c4:bf:da:59:89:29:c9:
                    22:92:d0:30:12:64:b2:21:71:db:65:34:6a:73:9d:
                    46:4c:9d:c3:24:b8:f0:5e:89:66:f6:5e:c2:71:bb:
                    1f:1b:fb:16:c2:bd:8c:e3:81:5e:88:06:3f:a1:a0:
                    0d:67:85:e8:05:65:85:0f:e3:59:47:c9:66:27:9d:
                    3a:c1:77:d0:c5:6c:88:dc:d4:f0:11:c4:4b:41:be:
                    0d:a8:33:08:21:0f:75:61:dc:7b:85:a3:40:44:cf:
                    54:e8:01:95:75:c3:b8:31:68:5f:7f:63:96:d5:ca:
                    bc:fa:cd:3e:86:af:a9:0c:b5:0e:5f:de:fc:61:ba:
                    20:00:cc:1a:9e:f9:11:81:40:e7:34:e3:91:0b:fe:
                    61:6c:7f:8c:ac:f5:20:85:03:97:40:c3:af:87:dc:
                    bc:41:0e:ee:7c:ee:7c:75:82:d6:4d:b1:dc:df:d9:
                    a8:5e:41:0a:9a:4c:3a:7e:05:49:89:45:f9:f8:44:
                    e0:11:95:49:57:ac:57:05:00:f9:00:22:1c:a3:cc:
                    44:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:BF:B2:91:3C:E5:A1:FE:D1:E2:85:D2:AB:0C:D5:1C:B6:A6:5B:51
            X509v3 Authority Key Identifier:
                keyid:B4:BD:C3:76:A1:59:D0:5E:2A:F9:71:76:A3:EB:A8:36:0E:60:D1:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/WL-ykTzlof7R4oXSqwzVHLamW1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/40ea14-dc50-4aa0-aa85-28d010603529/1/tL3DdqFZ0F4q-XF2o-uoNg5g0XY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.33.0-45.131.34.255
                  91.218.240.0/24
                  91.224.142.0/23
                  109.95.88.0/21
                  109.196.80.0/20
                  109.197.36.0/23
                  185.178.236.0/22
                IPv6:
                  2a0a:7080::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:4a:d1:91:08:d9:9f:7b:25:5a:f5:02:ef:cc:77:7b:31:0d:
         30:8f:e5:84:77:8e:75:58:d7:9c:ae:b6:26:34:7b:c7:98:62:
         a3:d5:40:74:11:64:50:2c:b5:cf:6f:77:3b:f2:99:e9:94:35:
         8a:39:ca:f6:63:89:4a:b8:ad:ff:e9:8e:2b:1b:dc:a7:16:82:
         17:53:db:6a:a8:69:ab:1b:a7:87:dc:d5:38:f8:e1:09:ab:a5:
         70:f3:e4:44:bb:77:9c:d3:7d:65:55:9e:03:ba:67:ea:63:3b:
         35:ab:2e:e7:85:d0:bc:f2:5c:f8:b5:79:39:65:35:e3:ce:75:
         0d:c0:36:2c:fb:8f:7e:b5:df:b6:a2:d9:57:48:16:ae:19:8f:
         0b:cb:8b:67:48:4e:e8:73:5b:b8:75:04:75:c6:91:9e:65:ee:
         f7:02:82:d3:29:29:ac:19:64:4b:8a:80:36:e1:71:1d:8c:a8:
         a8:50:65:52:ee:1f:a4:89:6c:bd:24:61:da:8a:fc:96:96:8e:
         48:92:e0:6f:11:eb:9e:a2:e5:b1:5a:c6:27:5e:0d:d4:c5:4c:
         70:d6:e2:d9:73:45:85:ee:b3:b2:13:14:e4:14:e8:74:aa:89:
         8b:7f:fa:77:e1:9e:ea:28:aa:be:34:fc:4b:0f:86:08:c9:e7:
         96:b4:c6:83
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYdV/zlFrBZ1V64ej114SQ3BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YmRjMzc2YTE1OWQwNWUyYWY5NzE3NmEzZWJhODM2MGU2
MGQxNzYwHhcNMjMwNDA2MDk1NjQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGJmYjI5MTNjZTVhMWZlZDFlMjg1ZDJhYjBjZDUxY2I2YTY1YjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGxQzc/ivKiwg235eE8f8JjyUJkF
EJNR5rpxMqbf0/Hh8Q6VWAfi8vEYhpDb1kI1n1pgXsS/2lmJKckiktAwEmSyIXHb
ZTRqc51GTJ3DJLjwXolm9l7CcbsfG/sWwr2M44FeiAY/oaANZ4XoBWWFD+NZR8lm
J506wXfQxWyI3NTwEcRLQb4NqDMIIQ91Ydx7haNARM9U6AGVdcO4MWhff2OW1cq8
+s0+hq+pDLUOX978YbogAMwanvkRgUDnNOORC/5hbH+MrPUghQOXQMOvh9y8QQ7u
fO58dYLWTbHc39moXkEKmkw6fgVJiUX5+ETgEZVJV6xXBQD5ACIco8xEFwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFFi/spE85aH+0eKF0qsM1Ry2pltRMB8GA1UdIwQY
MBaAFLS9w3ahWdBeKvlxdqPrqDYOYNF2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEwzRGRxRlowRjRxLVhGMm8tdW9OZzVnMFhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy80MGVhMTQtZGM1MC00YWEwLWFhODUt
MjhkMDEwNjAzNTI5LzEvV0wteWtUemxvZjdSNG9YU3F3elZITGFtVzFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy80MGVhMTQtZGM1MC00YWEwLWFhODUtMjhkMDEwNjAzNTI5
LzEvdEwzRGRxRlowRjRxLVhGMm8tdW9OZzVnMFhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyMAwDBAAtgyED
BAAtgyIDBABb2vADBAFb4I4DBANtX1gDBARtxFADBAFtxSQDBAK5suwwDQQCAAIw
BwMFAyoKcIAwDQYJKoZIhvcNAQELBQADggEBAExK0ZEI2Z97JVr1Au/Md3sxDTCP
5YR3jnVY15yutiY0e8eYYqPVQHQRZFAstc9vdzvymemUNYo5yvZjiUq4rf/pjisb
3KcWghdT22qoaasbp4fc1Tj44QmrpXDz5ES7d5zTfWVVngO6Z+pjOzWrLueF0Lzy
XPi1eTllNePOdQ3ANiz7j36137ai2VdIFq4ZjwvLi2dITuhzW7h1BHXGkZ5l7vcC
gtMpKawZZEuKgDbhcR2MqKhQZVLuH6SJbL0kYdqK/JaWjkiS4G8R656i5bFaxide
DdTFTHDW4tlzRYXus7ITFOQU6HSqiYt/+nfhnuooqr40/EsPhgjJ55a0xoM=
-----END CERTIFICATE-----