Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/1-DS_Newu42-eA71ty48fsiMA8vs.roa
File:                     1-DS_Newu42-eA71ty48fsiMA8vs.roa (raw, json)
Hash identifier:          OP/+tp+oPEWc6HBsg4xEQ3RmssVZ6pqq2wDz6/he8bo=
Subject key identifier:   F8:34:BF:35:EC:2E:E3:6F:9E:03:BD:6D:CB:8F:1F:B2:23:00:F2:FB
Certificate issuer:       /CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Certificate serial:       018572FA576511B62692726EF695B726C78E
Authority key identifier: E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/1-DS_Newu42-eA71ty48fsiMA8vs.roa
Signing time:             Mon 02 Jan 2023 14:54:47 +0000
ROA not before:           Mon 02 Jan 2023 14:54:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12541
IP address blocks:        212.80.160.0/19 maxlen: 24
                          213.9.128.0/17 maxlen: 24
                          212.49.128.0/18 maxlen: 24
                          213.192.192.0/18 maxlen: 24
                          92.60.160.0/20 maxlen: 24
                          213.170.32.0/19 maxlen: 24
                          212.163.0.0/16 maxlen: 24
                          212.66.160.0/19 maxlen: 24
                          185.123.120.0/22 maxlen: 24
                          185.66.60.0/22 maxlen: 24
                          2001:ac0::/29 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:fa:57:65:11:b6:26:92:72:6e:f6:95:b7:26:c7:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
        Validity
            Not Before: Jan  2 14:54:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f834bf35ec2ee36f9e03bd6dcb8f1fb22300f2fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:65:53:1f:85:f0:19:cd:2e:78:23:ce:b5:ae:
                    06:09:ba:cc:50:0d:0c:87:01:9c:fc:2a:69:cf:6b:
                    54:dd:9d:4e:b0:3b:94:71:d2:ab:01:7e:24:1a:00:
                    3f:4e:6e:bb:de:99:7d:f8:94:05:e4:f9:23:f4:cd:
                    7e:74:d8:70:dd:07:90:90:77:49:40:0b:09:a2:72:
                    07:94:59:04:17:2c:33:cd:59:4d:8b:3b:2e:fd:70:
                    33:38:5f:51:e2:16:49:f1:17:12:4e:b3:fa:f7:3b:
                    3b:37:ed:3d:54:4e:6d:91:e3:86:af:15:f4:5f:68:
                    44:a6:1c:32:af:f0:40:c9:7a:8c:12:34:8b:a9:4b:
                    ed:2f:88:0d:ed:9a:6d:be:77:6a:2d:be:83:9c:ba:
                    bf:97:3a:5d:91:68:5b:14:fc:e8:d5:c2:ce:79:a6:
                    6d:62:e2:a9:e3:cd:28:b8:0c:6b:07:de:3d:7a:15:
                    3a:4c:d8:59:4a:ec:6c:57:88:52:3c:37:a1:06:a7:
                    6d:37:08:a6:ac:4c:80:60:12:a1:4a:e1:4e:c5:25:
                    2c:c8:d3:27:12:7b:5f:1b:f5:54:23:af:b1:db:91:
                    b8:6c:02:17:4b:a9:1f:0a:78:7d:82:b0:d0:a6:f0:
                    a3:b3:47:61:5e:43:3a:f8:b1:50:35:22:99:f2:8e:
                    88:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:34:BF:35:EC:2E:E3:6F:9E:03:BD:6D:CB:8F:1F:B2:23:00:F2:FB
            X509v3 Authority Key Identifier:
                keyid:E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/1-DS_Newu42-eA71ty48fsiMA8vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.160.0/20
                  185.66.60.0/22
                  185.123.120.0/22
                  212.49.128.0/18
                  212.66.160.0/19
                  212.80.160.0/19
                  212.163.0.0/16
                  213.9.128.0/17
                  213.170.32.0/19
                  213.192.192.0/18
                IPv6:
                  2001:ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:28:60:a0:e3:13:57:d9:f8:b7:e4:c0:d3:84:de:01:1d:a1:
         56:cb:78:62:99:1b:e0:27:4a:25:9c:02:af:bf:b1:c5:68:6b:
         6a:f5:8c:f3:ff:8a:9a:c4:f3:54:a1:3a:34:fa:22:1c:4e:4b:
         91:a0:a6:d7:68:76:f1:9c:c4:88:d9:df:0e:66:5c:31:d0:2e:
         a9:bd:c3:3d:bf:c2:a4:0b:11:98:b0:10:8b:6a:a5:d5:97:53:
         e7:2a:24:e3:59:82:55:d9:26:ae:58:a5:fb:53:46:07:db:7c:
         bc:99:5a:55:72:b6:eb:24:d1:50:08:69:ed:84:85:e0:07:4f:
         06:ad:d8:59:45:c8:32:aa:ed:6b:b6:fb:d2:18:fd:74:31:10:
         33:23:2d:6a:9d:be:3a:ab:3b:a8:7d:e6:aa:f3:ec:c2:22:c6:
         22:f8:f6:5b:c5:70:70:55:c5:23:bb:c7:6c:c6:2f:4b:0b:67:
         5f:8a:8d:23:7f:a3:4c:20:ce:80:e6:3b:08:76:63:5d:94:2f:
         34:2a:b2:1e:65:13:77:20:c9:58:8c:ed:3a:9e:40:16:b6:d9:
         06:9d:36:dc:fd:10:e5:e4:11:03:fc:4b:03:a5:92:bd:e0:1f:
         65:2a:22:3f:c7:0f:42:32:11:bb:6d:aa:2e:8b:02:92:a5:f0:
         60:15:19:44
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYVy+ldlEbYmknJu9pW3JseOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDAzYjVlNDVjZDU4YmU1ZjZjNWQzM2ZhNTY1YWI0OTIy
M2UzZGIwHhcNMjMwMTAyMTQ1NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODM0YmYzNWVjMmVlMzZmOWUwM2JkNmRjYjhmMWZiMjIzMDBmMmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWVTH4XwGc0ueCPOta4GCbrMUA0M
hwGc/Cppz2tU3Z1OsDuUcdKrAX4kGgA/Tm673pl9+JQF5Pkj9M1+dNhw3QeQkHdJ
QAsJonIHlFkEFywzzVlNizsu/XAzOF9R4hZJ8RcSTrP69zs7N+09VE5tkeOGrxX0
X2hEphwyr/BAyXqMEjSLqUvtL4gN7ZptvndqLb6DnLq/lzpdkWhbFPzo1cLOeaZt
YuKp480ouAxrB949ehU6TNhZSuxsV4hSPDehBqdtNwimrEyAYBKhSuFOxSUsyNMn
EntfG/VUI6+x25G4bAIXS6kfCnh9grDQpvCjs0dhXkM6+LFQNSKZ8o6IrQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFPg0vzXsLuNvngO9bcuPH7IjAPL7MB8GA1UdIwQY
MBaAFOhAO15FzVi+X2xdM/pWWrSSI+PbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEt
YTg3MWVjYzIxMmE2LzEvMS1EU19OZXd1NDItZUE3MXR5NDhmc2lNQTh2cy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTcvODk3NmVkLWRhMGEtNDlhNS1hNzUxLWE4NzFlY2MyMTJh
Ni8xLzZFQTdYa1hOV0w1ZmJGMHotbFphdEpJajQ5cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBjBggrBgEFBQcBBwEB/wRUMFIwQQQCAAEwOwMEBFw8oAME
ArlCPAMEArl7eAMEBtQxgAMEBdRCoAMEBdRQoAMDANSjAwQH1QmAAwQF1aogAwQG
1cDAMA0EAgACMAcDBQMgAQrAMA0GCSqGSIb3DQEBCwUAA4IBAQARKGCg4xNX2fi3
5MDThN4BHaFWy3himRvgJ0olnAKvv7HFaGtq9Yzz/4qaxPNUoTo0+iIcTkuRoKbX
aHbxnMSI2d8OZlwx0C6pvcM9v8KkCxGYsBCLaqXVl1PnKiTjWYJV2SauWKX7U0YH
23y8mVpVcrbrJNFQCGnthIXgB08GrdhZRcgyqu1rtvvSGP10MRAzIy1qnb46qzuo
feaq8+zCIsYi+PZbxXBwVcUju8dsxi9LC2dfio0jf6NMIM6A5jsIdmNdlC80KrIe
ZRN3IMlYjO06nkAWttkGnTbc/RDl5BED/EsDpZK94B9lKiI/xw9CMhG7baouiwKS
pfBgFRlE
-----END CERTIFICATE-----