Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/ekcZDhXdyKum95MTRqeFQ4dSVlA.roa
File:                     ekcZDhXdyKum95MTRqeFQ4dSVlA.roa (raw, json)
Hash identifier:          KF4Rb69P/1hT4olJ0WP5PNNIPeQbAH7/ZRvokbbXarI=
Subject key identifier:   7A:47:19:0E:15:DD:C8:AB:A6:F7:93:13:46:A7:85:43:87:52:56:50
Certificate issuer:       /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial:       01823EC1C7FEE7D668968FC43AC8C62F4F90
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/ekcZDhXdyKum95MTRqeFQ4dSVlA.roa
Signing time:             Wed 27 Jul 2022 08:24:23 +0000
ROA not before:           Wed 27 Jul 2022 08:24:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     212144
IP address blocks:        2a05:9a40::/29 maxlen: 29
                          2a05:9a40::/30 maxlen: 30
                          2a10:3c80::/29 maxlen: 29
                          2a06:5fc0::/29 maxlen: 29
                          2a10:3f80::/29 maxlen: 29
                          2a0f:9ac0::/29 maxlen: 30
                          2a05:9a44::/30 maxlen: 30
                          2a10:b40::/29 maxlen: 29
                          2a0d:6f80::/29 maxlen: 29
                          2a0f:9b40::/29 maxlen: 29
                          2a10:77c0::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:3e:c1:c7:fe:e7:d6:68:96:8f:c4:3a:c8:c6:2f:4f:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
        Validity
            Not Before: Jul 27 08:24:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7a47190e15ddc8aba6f7931346a7854387525650
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a5:87:b0:37:bb:c8:7b:76:ae:c3:ea:cf:17:
                    c9:b7:33:f3:f9:e0:d9:9d:64:09:c8:a2:8b:cb:83:
                    f9:00:ac:82:29:a0:25:ac:15:1b:24:ea:ed:54:f1:
                    16:d8:f4:67:ca:e4:df:29:26:6b:9f:cc:c6:d1:82:
                    5e:a5:f4:ae:89:cc:2f:f4:36:a7:18:bf:9d:37:de:
                    b0:32:ca:81:a8:5c:e0:be:37:e3:25:31:c8:18:b5:
                    7f:93:51:5b:2b:2b:c7:a1:37:d3:de:a0:bb:03:0a:
                    50:90:0b:37:f9:73:fb:fb:9e:45:ba:5d:a6:4d:38:
                    33:3b:fe:0b:40:7d:91:16:e9:25:f9:33:6b:f2:0e:
                    22:d6:c3:68:ad:c1:d3:be:63:80:6b:0b:91:46:cb:
                    af:40:72:f0:cb:99:3f:ff:c4:a8:7e:67:54:56:2e:
                    1e:97:40:cd:6e:f0:1a:28:75:dc:99:46:53:c5:55:
                    4b:b3:08:2a:12:59:93:46:7a:58:30:d6:c9:c1:00:
                    0a:a4:a8:c6:b6:57:ab:89:2b:94:ee:8d:46:14:67:
                    88:ce:1d:18:c8:71:59:d7:44:83:b1:c5:c6:c0:94:
                    7c:aa:54:93:28:46:5c:9c:d7:d7:ef:52:f1:f0:7d:
                    a6:e0:c0:e4:1c:70:e1:7f:fe:fd:54:d7:09:71:31:
                    76:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:47:19:0E:15:DD:C8:AB:A6:F7:93:13:46:A7:85:43:87:52:56:50
            X509v3 Authority Key Identifier:
                keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/ekcZDhXdyKum95MTRqeFQ4dSVlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9a40::/29
                  2a06:5fc0::/29
                  2a0d:6f80::/29
                  2a0f:9ac0::/29
                  2a0f:9b40::/29
                  2a10:b40::/29
                  2a10:3c80::/29
                  2a10:3f80::/29
                  2a10:77c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         80:ee:e6:ab:f6:95:6b:aa:a3:80:48:21:59:dd:ac:f6:2d:9d:
         ae:23:9a:0a:32:c4:24:2d:61:37:5d:90:ef:b5:30:69:d1:18:
         44:51:b7:16:9c:20:f6:7c:b9:f5:1e:de:ef:01:45:20:54:36:
         c2:fa:16:48:55:7c:16:c6:68:1c:f8:8e:46:17:e2:48:09:8a:
         e1:d0:40:eb:ca:86:2f:48:b4:2c:a1:72:26:60:ba:50:c2:da:
         fc:e8:71:58:b7:99:de:8e:d8:bd:fa:72:07:f0:02:9d:7f:fb:
         d7:01:89:53:00:5c:f5:35:b3:1d:e2:cd:2e:fd:8a:66:30:7e:
         c3:7b:7c:90:7b:0d:2b:4f:b8:a1:ce:96:18:a9:6d:f5:cb:72:
         c8:e2:57:aa:d7:ff:23:1b:c8:25:dd:3a:50:ea:7f:89:14:a1:
         4d:22:8a:57:3d:40:d5:c6:23:70:ae:95:39:cc:36:38:7c:9b:
         1e:c3:46:8f:b9:29:90:41:b8:b0:92:f7:9f:b1:7e:86:df:7e:
         51:06:a9:7d:47:33:19:a2:93:d9:69:70:66:25:5a:b6:f9:3c:
         38:de:78:44:93:aa:22:9e:25:4f:e3:a9:01:f6:a0:d8:97:f3:
         d5:ac:d3:a0:b5:0b:c7:cc:73:73:d3:1d:6e:f6:f6:74:77:68:
         d2:f3:2b:0e
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYI+wcf+59Zolo/EOsjGL0+QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjIwNzI3MDgyNDIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTQ3MTkwZTE1ZGRjOGFiYTZmNzkzMTM0NmE3ODU0Mzg3NTI1NjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKWHsDe7yHt2rsPqzxfJtzPz+eDZ
nWQJyKKLy4P5AKyCKaAlrBUbJOrtVPEW2PRnyuTfKSZrn8zG0YJepfSuicwv9Dan
GL+dN96wMsqBqFzgvjfjJTHIGLV/k1FbKyvHoTfT3qC7AwpQkAs3+XP7+55Ful2m
TTgzO/4LQH2RFukl+TNr8g4i1sNorcHTvmOAawuRRsuvQHLwy5k//8SofmdUVi4e
l0DNbvAaKHXcmUZTxVVLswgqElmTRnpYMNbJwQAKpKjGtleriSuU7o1GFGeIzh0Y
yHFZ10SDscXGwJR8qlSTKEZcnNfX71Lx8H2m4MDkHHDhf/79VNcJcTF20QIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFHpHGQ4V3cirpveTE0anhUOHUlZQMB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEvZWtjWkRoWGR5S3VtOTVNVFJxZUZRNGRTVmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwUDKgWaQAMF
AyoGX8ADBQMqDW+AAwUDKg+awAMFAyoPm0ADBQMqEAtAAwUDKhA8gAMFAyoQP4AD
BQMqEHfAMA0GCSqGSIb3DQEBCwUAA4IBAQCA7uar9pVrqqOASCFZ3az2LZ2uI5oK
MsQkLWE3XZDvtTBp0RhEUbcWnCD2fLn1Ht7vAUUgVDbC+hZIVXwWxmgc+I5GF+JI
CYrh0EDryoYvSLQsoXImYLpQwtr86HFYt5nejti9+nIH8AKdf/vXAYlTAFz1NbMd
4s0u/YpmMH7De3yQew0rT7ihzpYYqW31y3LI4leq1/8jG8gl3TpQ6n+JFKFNIopX
PUDVxiNwrpU5zDY4fJsew0aPuSmQQbiwkvefsX6G335RBql9RzMZopPZaXBmJVq2
+Tw43nhEk6oiniVP46kB9qDYl/PVrNOgtQvHzHNz0x1u9vZ0d2jS8ysO
-----END CERTIFICATE-----