Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/1-4PE-4dMLBRS--HjFjAtIgUwJk0.roa
File:                     1-4PE-4dMLBRS--HjFjAtIgUwJk0.roa (raw, json)
Hash identifier:          azhnMNC/q2/pOy8DuGjEegQ1EF+OOXuw8aKdWlBu96w=
Subject key identifier:   FB:83:C4:FB:87:4C:2C:14:52:FB:E1:E3:16:30:2D:22:05:30:26:4D
Certificate issuer:       /CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Certificate serial:       07A6C4E1
Authority key identifier: AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/1-4PE-4dMLBRS--HjFjAtIgUwJk0.roa
Signing time:             Sat 01 Jan 2022 12:00:30 +0000
ROA not before:           Sat 01 Jan 2022 12:00:30 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42910
IP address blocks:        5.250.242.0/24 maxlen: 24
                          5.250.241.0/24 maxlen: 24
                          5.250.245.0/24 maxlen: 24
                          5.250.244.0/24 maxlen: 24
                          5.250.243.0/24 maxlen: 24
                          5.250.246.0/24 maxlen: 24
                          5.250.252.0/24 maxlen: 24
                          5.250.251.0/24 maxlen: 24
                          5.250.250.0/24 maxlen: 24
                          5.250.253.0/24 maxlen: 24
                          5.250.249.0/24 maxlen: 24
                          5.250.248.0/24 maxlen: 24
                          5.250.247.0/24 maxlen: 24
                          5.250.255.0/24 maxlen: 24
                          5.250.254.0/24 maxlen: 24
                          185.67.121.0/24 maxlen: 24
                          185.67.120.0/24 maxlen: 24
                          185.67.123.0/24 maxlen: 24
                          185.67.122.0/24 maxlen: 24
                          5.250.240.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 128369889 (0x7a6c4e1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
        Validity
            Not Before: Jan  1 12:00:30 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fb83c4fb874c2c1452fbe1e316302d220530264d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:cc:e4:e6:e2:5f:a1:ef:64:bf:d7:13:31:35:
                    49:4e:f5:79:03:d0:fe:29:5c:86:8c:47:95:0b:f9:
                    23:4d:e1:ae:93:67:4c:62:4f:ae:11:f2:d5:9f:a7:
                    91:34:4c:9b:7e:52:a1:93:69:d0:50:7c:a6:8a:d2:
                    8f:cd:5d:37:c8:73:36:ff:eb:03:51:55:cd:e2:17:
                    8d:3d:e7:50:85:ef:85:e2:36:5a:b6:fa:70:c5:a6:
                    6c:99:48:25:f8:77:aa:be:43:8a:a3:b0:1b:53:85:
                    08:dc:5b:63:ee:35:c9:f1:0f:66:49:9c:0b:67:f5:
                    9d:e7:1f:2a:dc:3e:ab:0e:21:2b:9e:68:84:07:36:
                    ae:2d:42:d0:30:d7:a9:6d:24:09:61:e1:8d:cc:39:
                    b0:03:27:4e:19:38:35:90:74:ba:05:62:0a:84:32:
                    44:d7:88:cb:00:ef:ca:58:12:96:fa:25:30:91:36:
                    2d:48:ad:fd:d3:1d:91:ff:cf:2a:a7:f4:90:e6:32:
                    56:84:89:ec:80:d1:98:72:37:72:f5:99:19:e5:6f:
                    57:bf:32:90:ec:97:0b:9d:40:01:bd:80:56:56:d8:
                    0d:fb:65:ee:0b:db:0a:e3:e9:b5:24:f5:56:3c:32:
                    7f:ee:15:ab:bb:a6:1a:b1:c8:f0:33:a8:bb:b4:78:
                    d7:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:83:C4:FB:87:4C:2C:14:52:FB:E1:E3:16:30:2D:22:05:30:26:4D
            X509v3 Authority Key Identifier:
                keyid:AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/1-4PE-4dMLBRS--HjFjAtIgUwJk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/qx0OfoGLr5p6-5hmEkKSphqvuMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.250.240.0/20
                  185.67.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:b0:31:7a:24:41:dd:bd:fd:a0:0f:7e:63:1b:c4:b9:b0:b4:
         e7:4c:02:f7:59:18:64:b8:7b:ef:a5:e1:cf:25:06:2e:8c:e7:
         2d:d9:69:5e:0c:ac:66:27:4c:db:2a:6c:30:8b:79:03:ac:f6:
         df:03:ea:cf:ed:d7:55:71:b0:24:4f:69:cf:83:5d:ba:15:de:
         3f:45:b9:e0:e0:61:d0:ec:2c:d2:d1:50:38:99:22:c0:5f:73:
         f4:dc:08:d6:22:28:96:17:0c:09:e4:9c:5b:03:71:64:ae:f7:
         b3:c6:c6:5f:ad:bb:a4:49:8e:3a:88:69:09:bb:df:82:8a:52:
         ef:e8:0a:50:f1:b3:f3:67:a9:6c:34:21:f4:99:24:f2:e2:e6:
         9e:59:3a:60:25:0a:e2:1a:91:94:6a:07:42:ed:b3:93:a0:63:
         d0:ab:70:67:2d:bb:0b:80:a3:81:15:59:03:8c:74:70:b0:88:
         f5:f2:da:b4:8e:db:b4:6a:4d:f5:ff:ab:86:50:fb:32:64:ed:
         eb:8b:10:04:33:06:cd:70:ee:b5:9b:e9:6e:61:38:ef:8d:74:
         61:83:82:2b:d8:90:38:24:f0:40:84:0b:82:0b:54:78:02:47:
         f8:e7:d0:96:4d:d3:b7:12:18:90:95:20:1c:61:1b:23:82:8f:
         7f:b8:55:f5
-----BEGIN CERTIFICATE-----
MIIE9jCCA96gAwIBAgIEB6bE4TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
YjFkMGU3ZTgxOGJhZjlhN2FmYjk4NjYxMjQyOTJhNjFhYWZiOGNhMB4XDTIyMDEw
MTEyMDAzMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmI4M2M0ZmI4NzRj
MmMxNDUyZmJlMWUzMTYzMDJkMjIwNTMwMjY0ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMXM5ObiX6HvZL/XEzE1SU71eQPQ/ilchoxHlQv5I03hrpNn
TGJPrhHy1Z+nkTRMm35SoZNp0FB8porSj81dN8hzNv/rA1FVzeIXjT3nUIXvheI2
Wrb6cMWmbJlIJfh3qr5DiqOwG1OFCNxbY+41yfEPZkmcC2f1necfKtw+qw4hK55o
hAc2ri1C0DDXqW0kCWHhjcw5sAMnThk4NZB0ugViCoQyRNeIywDvylgSlvolMJE2
LUit/dMdkf/PKqf0kOYyVoSJ7IDRmHI3cvWZGeVvV78ykOyXC51AAb2AVlbYDftl
7gvbCuPptST1Vjwyf+4Vq7umGrHI8DOou7R4180CAwEAAaOCAhAwggIMMB0GA1Ud
DgQWBBT7g8T7h0wsFFL74eMWMC0iBTAmTTAfBgNVHSMEGDAWgBSrHQ5+gYuvmnr7
mGYSQpKmGq+4yjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3F4ME9mb0dMcjVwNi01aG1Fa0tTcGhxdnVNby5jZXIwgY4GCCsGAQUFBwELBIGB
MH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjgvMTI0YzM1LTk1MjMtNDNiNy1iN2ViLWVhNTkyNjRmOTA4My8x
LzEtNFBFLTRkTUxCUlMtLUhqRmpBdElnVXdKazAucm9hMIGBBgNVHR8EejB4MHag
dKByhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y4
LzEyNGMzNS05NTIzLTQzYjctYjdlYi1lYTU5MjY0ZjkwODMvMS9xeDBPZm9HTHI1
cDYtNWhtRWtLU3BocXZ1TW8uY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
JQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAQF+vADBAK5Q3gwDQYJKoZIhvcN
AQELBQADggEBAGGwMXokQd29/aAPfmMbxLmwtOdMAvdZGGS4e++l4c8lBi6M5y3Z
aV4MrGYnTNsqbDCLeQOs9t8D6s/t11VxsCRPac+DXboV3j9FueDgYdDsLNLRUDiZ
IsBfc/TcCNYiKJYXDAnknFsDcWSu97PGxl+tu6RJjjqIaQm734KKUu/oClDxs/Nn
qWw0IfSZJPLi5p5ZOmAlCuIakZRqB0Lts5OgY9CrcGctuwuAo4EVWQOMdHCwiPXy
2rSO27RqTfX/q4ZQ+zJk7euLEAQzBs1w7rWb6W5hOO+NdGGDgivYkDgk8ECEC4IL
VHgCR/jn0JZN07cSGJCVIBxhGyOCj3+4VfU=
-----END CERTIFICATE-----