Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/3MGdvuWNcyIw3L_Bd8mYTCSVhG4.roa
File:                     3MGdvuWNcyIw3L_Bd8mYTCSVhG4.roa (raw, json)
Hash identifier:          SkXl7M7Zq3D9BMtkvNv6UYVP+F3XFRnPPw7d03QCHWI=
Subject key identifier:   DC:C1:9D:BE:E5:8D:73:22:30:DC:BF:C1:77:C9:98:4C:24:95:84:6E
Certificate issuer:       /CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
Certificate serial:       0187B7610486350424C448442C66644CBC5D
Authority key identifier: 42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/3MGdvuWNcyIw3L_Bd8mYTCSVhG4.roa
Signing time:             Tue 25 Apr 2023 07:46:41 +0000
ROA not before:           Tue 25 Apr 2023 07:46:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200845
IP address blocks:        185.198.48.0/24 maxlen: 24
                          45.10.112.0/24 maxlen: 24
                          94.103.245.0/24 maxlen: 24
                          185.25.52.0/24 maxlen: 24
                          194.59.196.0/24 maxlen: 24
                          185.192.117.0/24 maxlen: 24
                          185.195.111.0/24 maxlen: 24
                          185.192.119.0/24 maxlen: 24
                          193.8.244.0/24 maxlen: 24
                          185.194.63.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b7:61:04:86:35:04:24:c4:48:44:2c:66:64:4c:bc:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
        Validity
            Not Before: Apr 25 07:46:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dcc19dbee58d732230dcbfc177c9984c2495846e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:89:30:0d:4b:b9:93:fd:f7:ad:a0:66:e7:c0:
                    35:d7:ac:87:f7:cc:0d:6a:ca:ce:ab:b7:a6:b7:95:
                    71:99:5d:75:30:f6:90:9a:f5:b9:23:6e:4a:b8:0f:
                    d6:54:20:79:e0:21:bb:51:9a:91:f5:1c:d4:54:a4:
                    3a:4d:d4:82:17:6d:02:1b:9a:a5:18:38:bb:14:fa:
                    0b:4c:d8:63:a7:ac:9b:34:31:85:68:38:2c:30:5d:
                    7f:bc:0c:be:21:7a:5e:fe:9b:08:e0:1c:8c:00:5e:
                    b4:d2:f5:8c:a4:cc:d8:47:47:42:4f:6f:ba:4b:b4:
                    27:65:33:62:6a:cc:a0:fa:55:69:73:06:76:1f:90:
                    3f:ec:73:0d:3f:b9:75:ec:f9:7c:3f:b2:1b:d9:dd:
                    51:1f:a0:4f:ed:29:20:6f:29:63:cf:36:19:ae:2e:
                    93:a8:a4:84:86:73:d9:4b:64:10:38:d6:cf:97:a5:
                    a0:22:60:50:7f:38:07:8b:39:4c:ea:dd:d3:de:29:
                    41:24:47:7d:bd:59:8b:4a:2a:e0:01:f0:32:4b:41:
                    8a:40:81:75:4a:63:89:9c:90:2d:4a:7d:9a:86:fd:
                    ad:f1:67:b7:22:8d:06:54:3d:9b:cf:58:90:34:03:
                    7f:cd:d4:43:21:e8:66:67:26:85:d6:c9:a4:7a:c5:
                    f3:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:C1:9D:BE:E5:8D:73:22:30:DC:BF:C1:77:C9:98:4C:24:95:84:6E
            X509v3 Authority Key Identifier:
                keyid:42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/3MGdvuWNcyIw3L_Bd8mYTCSVhG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/QpNhzRgdhu9U6-L8kagOxTTOrHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.112.0/24
                  94.103.245.0/24
                  185.25.52.0/24
                  185.192.117.0/24
                  185.192.119.0/24
                  185.194.63.0/24
                  185.195.111.0/24
                  185.198.48.0/24
                  193.8.244.0/24
                  194.59.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:89:d3:05:2c:4b:a8:cb:76:d0:42:39:9e:fe:fa:6d:ea:22:
         e9:ac:04:62:c9:98:52:5b:7c:e7:40:be:73:e7:28:98:a2:9d:
         9c:98:dc:5d:92:5f:66:22:07:d7:f3:dc:68:97:2d:ba:22:f8:
         7c:50:ca:00:c2:42:8b:dc:f8:c4:84:f4:48:61:24:f6:f0:7f:
         0a:82:65:02:1e:9d:34:91:9a:fb:e9:c8:0e:48:11:1b:d0:c2:
         80:43:e7:30:e6:ab:a5:44:a8:27:37:e3:c1:74:6c:bd:e2:ad:
         83:58:dd:27:0d:ae:8e:84:98:4e:10:75:83:c7:28:b6:66:4f:
         74:de:f1:47:ad:9f:09:5a:95:2b:36:d1:2c:57:ea:62:e9:2b:
         cf:0a:ab:d4:89:53:a6:6f:27:d6:79:d5:67:b2:e7:7e:5c:94:
         94:4e:14:b9:19:20:54:48:a7:7f:bb:b4:1f:3d:7b:78:6c:1f:
         2a:d1:22:bd:62:bc:94:5b:87:c3:c1:7b:89:06:44:f8:46:4e:
         51:67:7b:f3:0a:ee:3b:1e:39:99:97:7c:10:8d:f5:6d:05:4e:
         cf:38:e5:7c:fc:1a:4a:18:86:73:86:8a:76:5c:bf:00:f9:38:
         71:df:f6:5d:b1:56:69:01:9a:dd:98:2b:a7:5a:a4:05:a0:9f:
         42:d7:f9:a7
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYe3YQSGNQQkxEhELGZkTLxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTM2MWNkMTgxZDg2ZWY1NGViZTJmYzkxYTgwZWM1MzRj
ZWFjNzgwHhcNMjMwNDI1MDc0NjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2MxOWRiZWU1OGQ3MzIyMzBkY2JmYzE3N2M5OTg0YzI0OTU4NDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApokwDUu5k/33raBm58A116yH98wN
asrOq7emt5VxmV11MPaQmvW5I25KuA/WVCB54CG7UZqR9RzUVKQ6TdSCF20CG5ql
GDi7FPoLTNhjp6ybNDGFaDgsMF1/vAy+IXpe/psI4ByMAF600vWMpMzYR0dCT2+6
S7QnZTNiasyg+lVpcwZ2H5A/7HMNP7l17Pl8P7Ib2d1RH6BP7SkgbyljzzYZri6T
qKSEhnPZS2QQONbPl6WgImBQfzgHizlM6t3T3ilBJEd9vVmLSirgAfAyS0GKQIF1
SmOJnJAtSn2ahv2t8We3Io0GVD2bz1iQNAN/zdRDIehmZyaF1smkesXzdwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNzBnb7ljXMiMNy/wXfJmEwklYRuMB8GA1UdIwQY
MBaAFEKTYc0YHYbvVOvi/JGoDsU0zqx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjkt
OWJiYjQyZmE4Y2VkLzEvM01HZHZ1V05jeUl3M0xfQmQ4bVlUQ1NWaEc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjktOWJiYjQyZmE4Y2Vk
LzEvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALQpwAwQA
Xmf1AwQAuRk0AwQAucB1AwQAucB3AwQAucI/AwQAucNvAwQAucYwAwQAwQj0AwQA
wjvEMA0GCSqGSIb3DQEBCwUAA4IBAQACidMFLEuoy3bQQjme/vpt6iLprARiyZhS
W3znQL5z5yiYop2cmNxdkl9mIgfX89xoly26Ivh8UMoAwkKL3PjEhPRIYST28H8K
gmUCHp00kZr76cgOSBEb0MKAQ+cw5qulRKgnN+PBdGy94q2DWN0nDa6OhJhOEHWD
xyi2Zk903vFHrZ8JWpUrNtEsV+pi6SvPCqvUiVOmbyfWedVnsud+XJSUThS5GSBU
SKd/u7QfPXt4bB8q0SK9YryUW4fDwXuJBkT4Rk5RZ3vzCu47HjmZl3wQjfVtBU7P
OOV8/BpKGIZzhop2XL8A+Thx3/ZdsVZpAZrdmCunWqQFoJ9C1/mn
-----END CERTIFICATE-----