Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/E3fwrJreBV3rszIbfYSFOeZnuJo.roa
File:                     E3fwrJreBV3rszIbfYSFOeZnuJo.roa (raw, json)
Hash identifier:          vTaYA0zMQMMM/3GiLebCN3mEk9ogKDMfljt8LFTnaaw=
Subject key identifier:   13:77:F0:AC:9A:DE:05:5D:EB:B3:32:1B:7D:84:85:39:E6:67:B8:9A
Certificate issuer:       /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial:       01836525A2A47086AE450BD5B1AF434516C7
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/E3fwrJreBV3rszIbfYSFOeZnuJo.roa
Signing time:             Thu 22 Sep 2022 12:21:48 +0000
ROA not before:           Thu 22 Sep 2022 12:21:48 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        166.108.246.0/24 maxlen: 24
                          166.108.242.0/23 maxlen: 24
                          166.108.245.0/24 maxlen: 24
                          166.108.244.0/24 maxlen: 24
                          166.108.253.0/24 maxlen: 24
                          166.108.247.0/24 maxlen: 24
                          166.108.249.0/24 maxlen: 24
                          166.108.250.0/24 maxlen: 24
                          166.108.252.0/24 maxlen: 24
                          166.108.251.0/24 maxlen: 24
                          166.108.254.0/24 maxlen: 24
                          166.108.192.0/22 maxlen: 24
                          166.108.200.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:65:25:a2:a4:70:86:ae:45:0b:d5:b1:af:43:45:16:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
        Validity
            Not Before: Sep 22 12:21:48 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1377f0ac9ade055debb3321b7d848539e667b89a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a9:b5:d2:3b:dc:b4:e5:19:03:1e:56:fe:d0:
                    b5:22:d3:a3:9c:a5:45:22:8c:85:24:90:a3:49:d8:
                    90:ea:ae:af:eb:52:9b:65:e7:d7:dc:d5:64:ce:66:
                    69:82:b9:96:17:14:f6:fe:ab:e4:0a:aa:96:0f:d1:
                    76:e8:17:65:be:35:02:32:30:dd:35:e3:3e:80:01:
                    8b:4c:21:87:72:af:e3:7b:b6:ec:2e:6b:16:31:ab:
                    88:0c:46:84:2c:69:c6:e3:cf:d0:b9:b8:c0:23:06:
                    7b:4e:d2:5b:78:94:33:72:ad:f9:9d:19:a0:b8:4c:
                    4e:3e:0a:33:ae:e2:a2:50:13:af:b9:22:85:f3:09:
                    87:ae:99:08:ab:76:27:64:53:6b:83:30:c2:3a:6e:
                    15:50:6e:c6:1a:25:2d:9f:14:54:b6:22:bc:42:5e:
                    3a:16:29:19:75:c6:46:88:69:92:f7:60:4e:08:d2:
                    23:e8:e6:ac:25:71:47:1b:58:11:15:54:f5:d3:5f:
                    6d:b0:d6:3b:8a:3f:86:c6:aa:33:a3:22:7b:d8:c3:
                    f0:e3:a0:f9:2e:34:4e:e0:59:75:19:05:24:c5:96:
                    d4:b4:18:6d:c7:1a:03:9b:1c:15:b6:ed:d0:d7:1f:
                    81:78:be:8b:43:3b:96:87:88:4c:eb:83:8d:26:a0:
                    f3:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:77:F0:AC:9A:DE:05:5D:EB:B3:32:1B:7D:84:85:39:E6:67:B8:9A
            X509v3 Authority Key Identifier:
                keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/E3fwrJreBV3rszIbfYSFOeZnuJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.108.192.0/22
                  166.108.200.0/22
                  166.108.242.0-166.108.247.255
                  166.108.249.0-166.108.254.255

    Signature Algorithm: sha256WithRSAEncryption
         41:3f:d8:98:7b:eb:84:39:92:56:8c:f7:d6:9a:4c:15:3b:49:
         51:e4:b4:1e:83:1b:01:da:1d:1c:e8:d8:80:c2:b5:d1:e1:b4:
         67:32:8f:3b:d3:ff:c8:2e:5d:88:24:d7:39:85:d7:6c:91:cb:
         f9:50:40:bc:0d:f3:71:1b:90:b4:90:a1:81:86:e4:3d:ae:ff:
         d5:a9:8a:f8:06:3b:a8:b7:19:17:56:52:c9:a5:0e:b3:c9:85:
         0c:02:f6:0a:02:e6:84:8d:00:57:d0:eb:8a:83:bc:09:38:7a:
         35:6c:1a:6b:87:2e:e4:dc:05:c5:ba:26:d1:d4:25:a3:44:45:
         05:90:f3:07:dc:66:dd:49:2b:65:4d:11:59:69:f2:e7:e5:c3:
         54:5f:f2:b7:fa:43:46:09:f2:07:f3:24:ea:58:02:a9:d9:ca:
         1e:eb:54:9c:97:d5:42:3a:16:7e:0a:30:25:29:5f:bf:b0:a1:
         c5:06:c1:fc:1f:05:1f:4e:48:c4:4f:ae:cb:cb:02:b3:5b:df:
         8a:cb:78:9d:a3:40:f8:1d:bd:95:78:e1:2a:22:37:0d:0c:c9:
         f7:86:7d:e5:45:ce:cc:ab:d3:73:39:9c:d8:f6:9e:9c:9a:79:
         44:79:53:5d:5c:4e:cb:d7:d1:17:50:8a:48:b6:a6:a5:c5:c6:
         b1:77:f7:9d
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYNlJaKkcIauRQvVsa9DRRbHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIwOTIyMTIyMTQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzc3ZjBhYzlhZGUwNTVkZWJiMzMyMWI3ZDg0ODUzOWU2NjdiODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6m10jvctOUZAx5W/tC1ItOjnKVF
IoyFJJCjSdiQ6q6v61KbZefX3NVkzmZpgrmWFxT2/qvkCqqWD9F26BdlvjUCMjDd
NeM+gAGLTCGHcq/je7bsLmsWMauIDEaELGnG48/QubjAIwZ7TtJbeJQzcq35nRmg
uExOPgozruKiUBOvuSKF8wmHrpkIq3YnZFNrgzDCOm4VUG7GGiUtnxRUtiK8Ql46
FikZdcZGiGmS92BOCNIj6OasJXFHG1gRFVT1019tsNY7ij+GxqozoyJ72MPw46D5
LjRO4Fl1GQUkxZbUtBhtxxoDmxwVtu3Q1x+BeL6LQzuWh4hM64ONJqDzGwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFBN38Kya3gVd67MyG32EhTnmZ7iaMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvRTNmd3JKcmVCVjNyc3pJYmZZU0ZPZVpudUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCpmzAAwQC
pmzIMAwDBAGmbPIDBAOmbPAwDAMEAKZs+QMEAKZs/jANBgkqhkiG9w0BAQsFAAOC
AQEAQT/YmHvrhDmSVoz31ppMFTtJUeS0HoMbAdodHOjYgMK10eG0ZzKPO9P/yC5d
iCTXOYXXbJHL+VBAvA3zcRuQtJChgYbkPa7/1amK+AY7qLcZF1ZSyaUOs8mFDAL2
CgLmhI0AV9DrioO8CTh6NWwaa4cu5NwFxbom0dQlo0RFBZDzB9xm3UkrZU0RWWny
5+XDVF/yt/pDRgnyB/Mk6lgCqdnKHutUnJfVQjoWfgowJSlfv7ChxQbB/B8FH05I
xE+uy8sCs1vfist4naNA+B29lXjhKiI3DQzJ94Z95UXOzKvTczmc2PaenJp5RHlT
XVxOy9fRF1CKSLampcXGsXf3nQ==
-----END CERTIFICATE-----