Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/15K0sJm9FJhyfsasMqpexXpRahc.roa
File:                     15K0sJm9FJhyfsasMqpexXpRahc.roa (raw, json)
Hash identifier:          VXcaG0QJganM6V6pKAw6Uhh4D2r2R/2c2OQLS0kkZe8=
Subject key identifier:   D7:92:B4:B0:99:BD:14:98:72:7E:C6:AC:32:AA:5E:C5:7A:51:6A:17
Certificate issuer:       /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial:       0182437034FC73672238CD60FFFAD7C9DD09
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/15K0sJm9FJhyfsasMqpexXpRahc.roa
Signing time:             Thu 28 Jul 2022 06:13:23 +0000
ROA not before:           Thu 28 Jul 2022 06:13:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212144
IP address blocks:        2a05:9a40::/29 maxlen: 30
                          2a05:9a40::/30 maxlen: 30
                          2a10:3c80::/29 maxlen: 29
                          2a06:5fc0::/29 maxlen: 29
                          2a10:3f80::/29 maxlen: 29
                          2a0f:9ac0::/29 maxlen: 30
                          2a05:9a44::/30 maxlen: 30
                          2a10:b40::/29 maxlen: 29
                          2a0d:6f80::/29 maxlen: 29
                          2a0f:9b40::/29 maxlen: 29
                          2a10:77c0::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:43:70:34:fc:73:67:22:38:cd:60:ff:fa:d7:c9:dd:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
        Validity
            Not Before: Jul 28 06:13:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d792b4b099bd1498727ec6ac32aa5ec57a516a17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ca:8f:15:3e:31:a2:18:f3:f2:69:a0:de:61:
                    7b:cf:df:11:5e:02:0d:4a:6c:e8:e6:e0:fd:f1:90:
                    2f:b0:e7:90:d7:05:70:ce:2c:69:3c:58:ba:18:ca:
                    2e:40:1e:63:1e:fb:b8:30:15:22:b2:08:3f:05:66:
                    86:fc:94:a9:a3:97:54:fd:ea:8e:4a:71:11:45:66:
                    b2:22:52:cd:f2:9b:42:31:cf:c8:8d:0d:ae:2c:3f:
                    9e:da:15:54:76:14:47:3c:2f:a6:6c:66:b9:90:29:
                    b6:3a:f3:9f:26:5d:cc:39:9f:3d:d6:8a:d1:3d:9c:
                    c1:0e:d4:13:d3:2c:1a:e7:5b:be:e8:d2:86:27:2d:
                    1d:17:02:ee:29:e4:0b:66:df:7f:8c:c3:70:33:99:
                    ea:10:19:2f:d1:4b:98:e6:f9:03:7e:0e:b6:20:ed:
                    b9:bf:94:2d:a5:de:40:af:ae:7c:2a:44:e2:d6:e3:
                    5f:49:51:b2:23:dc:19:68:b1:12:a0:2c:11:82:00:
                    a6:dd:cd:5d:36:f6:0d:e1:4a:3b:fd:45:ad:57:0b:
                    b5:54:43:a1:11:f2:83:fe:ab:3e:7d:4d:42:fb:43:
                    f9:33:c3:da:a5:8d:db:a9:18:03:b9:6a:02:cc:69:
                    f1:b8:30:e2:93:a8:9f:35:f4:ca:16:a0:95:50:2a:
                    ba:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:92:B4:B0:99:BD:14:98:72:7E:C6:AC:32:AA:5E:C5:7A:51:6A:17
            X509v3 Authority Key Identifier:
                keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/15K0sJm9FJhyfsasMqpexXpRahc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9a40::/29
                  2a06:5fc0::/29
                  2a0d:6f80::/29
                  2a0f:9ac0::/29
                  2a0f:9b40::/29
                  2a10:b40::/29
                  2a10:3c80::/29
                  2a10:3f80::/29
                  2a10:77c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:07:4b:36:b2:ec:03:d7:b6:fe:16:f3:c8:b3:f3:5c:1e:df:
         63:f2:2c:81:8f:a0:df:52:cf:78:2c:36:d0:98:1c:a3:c0:aa:
         50:a2:6c:cd:c3:2f:50:8d:f2:0e:6f:0f:88:e8:64:a9:58:24:
         fc:b3:5f:40:33:b6:10:52:0b:2b:1c:4a:41:f9:f4:14:6b:ea:
         7c:72:63:e3:6a:7a:c1:e3:26:35:e4:e7:08:c9:ad:39:dd:de:
         a6:1e:29:a4:e4:7d:f6:db:7b:36:bb:ed:d2:18:65:3a:09:aa:
         71:2c:e9:9f:d3:b0:28:72:98:9f:3e:17:a7:43:41:f7:16:c4:
         3c:68:37:c4:8c:9f:45:21:92:f0:e3:86:8d:e7:ab:21:7f:e0:
         40:46:97:e2:0f:ba:83:78:4a:c1:4c:78:fd:6f:30:5a:56:a5:
         dc:42:95:90:ef:bb:cd:d7:a6:01:55:90:80:68:53:b5:fc:04:
         cc:25:27:38:76:b5:7f:1a:33:9b:c1:30:db:5e:b5:99:2c:c8:
         55:70:ec:57:6f:fe:cb:28:30:3e:a3:90:8f:ef:be:2a:11:16:
         fa:68:dd:81:1f:08:2c:07:ca:65:0b:75:0e:f7:21:d0:83:ea:
         45:12:ae:26:73:8e:0c:a1:56:5d:ee:3a:f6:0c:6d:9e:a3:3a:
         5e:e6:f0:ab
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYJDcDT8c2ciOM1g//rXyd0JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjIwNzI4MDYxMzIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzkyYjRiMDk5YmQxNDk4NzI3ZWM2YWMzMmFhNWVjNTdhNTE2YTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8qPFT4xohjz8mmg3mF7z98RXgIN
Smzo5uD98ZAvsOeQ1wVwzixpPFi6GMouQB5jHvu4MBUisgg/BWaG/JSpo5dU/eqO
SnERRWayIlLN8ptCMc/IjQ2uLD+e2hVUdhRHPC+mbGa5kCm2OvOfJl3MOZ891orR
PZzBDtQT0ywa51u+6NKGJy0dFwLuKeQLZt9/jMNwM5nqEBkv0UuY5vkDfg62IO25
v5Qtpd5Ar658KkTi1uNfSVGyI9wZaLESoCwRggCm3c1dNvYN4Uo7/UWtVwu1VEOh
EfKD/qs+fU1C+0P5M8PapY3bqRgDuWoCzGnxuDDik6ifNfTKFqCVUCq6uwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFNeStLCZvRSYcn7GrDKqXsV6UWoXMB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEvMTVLMHNKbTlGSmh5ZnNhc01xcGV4WHBSYWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwUDKgWaQAMF
AyoGX8ADBQMqDW+AAwUDKg+awAMFAyoPm0ADBQMqEAtAAwUDKhA8gAMFAyoQP4AD
BQMqEHfAMA0GCSqGSIb3DQEBCwUAA4IBAQBvB0s2suwD17b+FvPIs/NcHt9j8iyB
j6DfUs94LDbQmByjwKpQomzNwy9QjfIObw+I6GSpWCT8s19AM7YQUgsrHEpB+fQU
a+p8cmPjanrB4yY15OcIya053d6mHimk5H3223s2u+3SGGU6CapxLOmf07Aocpif
PhenQ0H3FsQ8aDfEjJ9FIZLw44aN56shf+BARpfiD7qDeErBTHj9bzBaVqXcQpWQ
77vN16YBVZCAaFO1/ATMJSc4drV/GjObwTDbXrWZLMhVcOxXb/7LKDA+o5CP774q
ERb6aN2BHwgsB8plC3UO9yHQg+pFEq4mc44MoVZd7jr2DG2eozpe5vCr
-----END CERTIFICATE-----