Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/rPSNtMt7nX3Oum9SA5Hw-pjEHSw.roa
File:                     rPSNtMt7nX3Oum9SA5Hw-pjEHSw.roa (raw, json)
Hash identifier:          DQtFSyu8bqG1q5/Xyy5VQiuVGiRvynWmnF028ldfD0w=
Subject key identifier:   AC:F4:8D:B4:CB:7B:9D:7D:CE:BA:6F:52:03:91:F0:FA:98:C4:1D:2C
Certificate issuer:       /CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
Certificate serial:       0187B51D7D02A23340918593FB9B40053A48
Authority key identifier: 42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/rPSNtMt7nX3Oum9SA5Hw-pjEHSw.roa
Signing time:             Mon 24 Apr 2023 21:13:41 +0000
ROA not before:           Mon 24 Apr 2023 21:13:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48146
IP address blocks:        185.198.48.0/24 maxlen: 24
                          45.10.112.0/24 maxlen: 24
                          185.25.52.0/24 maxlen: 24
                          94.103.245.0/24 maxlen: 24
                          185.192.117.0/24 maxlen: 24
                          185.192.119.0/24 maxlen: 24
                          185.195.111.0/24 maxlen: 24
                          193.8.244.0/24 maxlen: 24
                          185.194.63.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b5:1d:7d:02:a2:33:40:91:85:93:fb:9b:40:05:3a:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
        Validity
            Not Before: Apr 24 21:13:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=acf48db4cb7b9d7dceba6f520391f0fa98c41d2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1b:df:38:b0:ac:75:c3:7e:3e:5b:09:6d:fd:
                    ff:23:ac:77:97:9e:2e:58:42:9b:f4:de:43:1e:28:
                    22:0e:40:e7:8a:8c:2e:99:5f:15:10:1e:f4:53:d8:
                    57:19:3d:03:0d:47:d8:0c:79:41:0b:ef:46:83:c1:
                    80:27:1c:e6:4a:45:a5:fa:c4:24:c9:8e:5c:f9:dd:
                    7c:2c:b3:43:f8:0f:06:7a:1d:3b:74:fc:f5:4c:9c:
                    2c:e3:34:00:84:5a:97:09:20:ea:9f:dd:4e:7e:41:
                    88:cb:c8:ad:88:c0:fc:59:a3:4d:8d:07:e8:e1:fc:
                    da:ef:f9:42:18:a6:7f:cd:d1:84:fe:ad:ab:2d:ef:
                    a2:b2:87:45:73:ba:b7:b0:c8:b3:dd:61:f7:a4:68:
                    34:af:48:93:92:8e:6d:f4:8e:73:79:2c:6d:45:1a:
                    54:b9:af:29:ec:82:29:6f:f3:28:a4:90:ca:c5:e2:
                    1e:1f:65:86:e2:45:6d:7a:55:e2:71:f4:07:98:ff:
                    7f:11:ea:e3:4b:c2:53:b2:1f:99:82:f2:dd:72:e5:
                    fd:7c:73:44:da:2c:42:e9:83:52:8e:fa:4e:70:f7:
                    81:af:43:46:74:a4:5b:d3:2f:e1:c2:99:08:3b:d6:
                    f5:2b:ec:f3:30:b6:5a:03:67:41:93:13:57:d1:b8:
                    a8:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:F4:8D:B4:CB:7B:9D:7D:CE:BA:6F:52:03:91:F0:FA:98:C4:1D:2C
            X509v3 Authority Key Identifier:
                keyid:42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/rPSNtMt7nX3Oum9SA5Hw-pjEHSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/QpNhzRgdhu9U6-L8kagOxTTOrHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.112.0/24
                  94.103.245.0/24
                  185.25.52.0/24
                  185.192.117.0/24
                  185.192.119.0/24
                  185.194.63.0/24
                  185.195.111.0/24
                  185.198.48.0/24
                  193.8.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:7b:a0:17:99:8f:b9:39:d2:d3:e5:a2:2f:99:4c:4b:a2:f2:
         d2:d4:e8:32:46:ac:50:5b:1f:f4:30:2b:19:3d:d8:94:08:00:
         23:53:78:5a:75:4f:ac:97:1f:ac:4f:0b:fe:99:bb:6a:b9:e5:
         b8:35:44:c0:88:21:11:b5:ae:68:5d:16:c0:ca:30:bf:6a:45:
         a7:2d:d8:72:bc:c0:81:b9:45:d4:4b:1f:b3:7c:ec:60:ce:0f:
         d1:79:25:62:5f:e8:0d:8a:a2:a0:97:7f:00:aa:4c:74:84:bb:
         e1:cd:ab:b9:d2:9e:61:b8:b4:a4:7b:8e:83:2f:d6:b4:4a:d6:
         9f:02:3a:bb:c9:fa:5f:35:b4:f6:da:39:90:9e:93:1d:bb:15:
         53:c9:9b:ee:75:e2:b0:6c:90:ed:e6:26:55:39:f5:8f:29:0b:
         68:14:b5:7e:35:56:bf:11:c3:22:d8:01:97:81:d9:e9:1f:41:
         f3:9a:e1:83:f3:14:3d:c1:1e:98:f8:f2:2f:00:c7:3f:2e:42:
         8e:c3:43:e9:6c:37:d2:b4:d0:88:36:34:44:af:91:19:75:bb:
         c1:f1:8f:f4:f7:f1:ca:f0:12:f6:e7:a1:de:c2:37:7f:58:b9:
         53:eb:fe:43:3d:eb:a7:1d:b6:91:4a:04:75:af:3f:dc:b7:49:
         5e:04:b0:e3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYe1HX0CojNAkYWT+5tABTpIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTM2MWNkMTgxZDg2ZWY1NGViZTJmYzkxYTgwZWM1MzRj
ZWFjNzgwHhcNMjMwNDI0MjExMzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2Y0OGRiNGNiN2I5ZDdkY2ViYTZmNTIwMzkxZjBmYTk4YzQxZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRvfOLCsdcN+PlsJbf3/I6x3l54u
WEKb9N5DHigiDkDniowumV8VEB70U9hXGT0DDUfYDHlBC+9Gg8GAJxzmSkWl+sQk
yY5c+d18LLND+A8Geh07dPz1TJws4zQAhFqXCSDqn91OfkGIy8itiMD8WaNNjQfo
4fza7/lCGKZ/zdGE/q2rLe+isodFc7q3sMiz3WH3pGg0r0iTko5t9I5zeSxtRRpU
ua8p7IIpb/MopJDKxeIeH2WG4kVtelXicfQHmP9/EerjS8JTsh+ZgvLdcuX9fHNE
2ixC6YNSjvpOcPeBr0NGdKRb0y/hwpkIO9b1K+zzMLZaA2dBkxNX0bio1wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFKz0jbTLe519zrpvUgOR8PqYxB0sMB8GA1UdIwQY
MBaAFEKTYc0YHYbvVOvi/JGoDsU0zqx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjkt
OWJiYjQyZmE4Y2VkLzEvclBTTnRNdDduWDNPdW05U0E1SHctcGpFSFN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjktOWJiYjQyZmE4Y2Vk
LzEvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALQpwAwQA
Xmf1AwQAuRk0AwQAucB1AwQAucB3AwQAucI/AwQAucNvAwQAucYwAwQAwQj0MA0G
CSqGSIb3DQEBCwUAA4IBAQBOe6AXmY+5OdLT5aIvmUxLovLS1OgyRqxQWx/0MCsZ
PdiUCAAjU3hadU+slx+sTwv+mbtqueW4NUTAiCERta5oXRbAyjC/akWnLdhyvMCB
uUXUSx+zfOxgzg/ReSViX+gNiqKgl38Aqkx0hLvhzau50p5huLSke46DL9a0Staf
Ajq7yfpfNbT22jmQnpMduxVTyZvudeKwbJDt5iZVOfWPKQtoFLV+NVa/EcMi2AGX
gdnpH0HzmuGD8xQ9wR6Y+PIvAMc/LkKOw0PpbDfStNCINjREr5EZdbvB8Y/09/HK
8BL256Hewjd/WLlT6/5DPeunHbaRSgR1rz/ct0leBLDj
-----END CERTIFICATE-----