Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/lEc2WtA7FD6uhQTf5SXBk0PKvTs.roa
File:                     lEc2WtA7FD6uhQTf5SXBk0PKvTs.roa (raw, json)
Hash identifier:          /uAh9Qio1TE/m1LOwd6KK3cy1lYOZLU9mq6ThvljCQM=
Subject key identifier:   94:47:36:5A:D0:3B:14:3E:AE:85:04:DF:E5:25:C1:93:43:CA:BD:3B
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       0185278C2FA3B295C3483566DD1EB4ED84BE
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/lEc2WtA7FD6uhQTf5SXBk0PKvTs.roa
Signing time:             Sun 18 Dec 2022 23:22:56 +0000
ROA not before:           Sun 18 Dec 2022 23:22:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     5503
IP address blocks:        217.180.0.0/17 maxlen: 24
                          212.132.0.0/17 maxlen: 24
                          213.18.192.0/18 maxlen: 24
                          212.132.128.0/19 maxlen: 24
                          194.154.0.0/19 maxlen: 24
                          217.181.0.0/17 maxlen: 24
                          62.171.192.0/18 maxlen: 24
                          217.176.0.0/15 maxlen: 24
                          185.192.228.0/22 maxlen: 24
                          217.179.0.0/16 maxlen: 24
                          194.238.0.0/17 maxlen: 24
                          2a02:fb0::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:27:8c:2f:a3:b2:95:c3:48:35:66:dd:1e:b4:ed:84:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Dec 18 23:22:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9447365ad03b143eae8504dfe525c19343cabd3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ac:7b:49:f2:53:c4:36:64:84:f2:1c:fd:6c:
                    2d:1c:05:ca:92:aa:2c:16:0b:5b:2c:99:3a:c5:92:
                    76:6f:a1:e6:26:63:01:e3:aa:53:f8:9d:0a:1b:68:
                    53:ac:c9:75:2a:f4:6c:34:fc:9a:ad:67:cf:f1:17:
                    90:ad:3d:c7:1a:23:0c:f1:3d:75:82:4a:d5:0f:3b:
                    46:a3:99:d0:13:4d:a4:75:e8:db:d5:96:0c:86:0e:
                    21:08:04:66:20:b7:33:4e:75:d2:a5:7e:b6:f0:4e:
                    7e:3a:33:50:22:6d:75:6c:0c:ba:f4:af:26:0d:01:
                    32:22:80:69:ba:e0:30:bb:b5:b1:4a:8a:28:9b:28:
                    ff:d9:b1:f1:a9:7d:cf:e7:2c:5b:f7:07:37:6a:24:
                    f7:82:32:dd:27:eb:8f:4d:d4:5b:4a:ff:9f:93:6b:
                    1b:f9:04:7b:10:cc:3b:a4:7e:7e:50:5f:a5:41:07:
                    81:ba:4b:ff:ca:03:4e:4f:a4:33:25:e5:bd:38:cb:
                    d4:e6:49:e8:67:20:ea:11:f0:91:15:9d:03:f5:a9:
                    2d:d8:e4:1d:f7:ec:5f:fa:27:c8:26:98:e4:13:68:
                    54:b6:44:68:b8:4a:62:d0:72:4a:a7:ed:d2:a6:2f:
                    de:f8:c4:2c:8c:7d:79:5f:22:a7:5e:e4:4a:41:4e:
                    0b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:47:36:5A:D0:3B:14:3E:AE:85:04:DF:E5:25:C1:93:43:CA:BD:3B
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/lEc2WtA7FD6uhQTf5SXBk0PKvTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.192.0/18
                  185.192.228.0/22
                  194.154.0.0/19
                  194.238.0.0/17
                  212.132.0.0-212.132.159.255
                  213.18.192.0/18
                  217.176.0.0/15
                  217.179.0.0-217.180.127.255
                  217.181.0.0/17
                IPv6:
                  2a02:fb0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:8f:b6:6c:9c:f2:e8:2c:42:40:38:bd:7d:ec:d3:04:db:55:
         bf:ce:37:e1:63:62:cd:ab:b8:08:da:5c:fb:aa:0c:43:ac:1d:
         ea:63:9a:c3:cc:d1:1b:2e:50:80:d9:37:04:56:98:8c:41:c4:
         04:94:02:ca:f5:21:e6:04:ef:16:fc:8c:f7:46:50:57:07:e5:
         50:e4:eb:54:43:18:62:34:e9:55:81:ac:45:80:5e:61:18:6d:
         23:ca:99:41:84:c4:d7:bc:56:02:72:f6:c5:66:1e:3e:0f:3f:
         ad:67:89:d1:24:78:ea:27:ad:2e:96:48:9c:56:46:a7:95:f0:
         b4:bd:2e:d8:c4:0e:c1:ea:68:f5:a1:d9:00:b0:f0:60:00:17:
         67:fe:60:79:af:46:75:c1:c8:65:91:5a:e8:f5:da:c4:03:c3:
         24:fb:7e:54:0e:df:e7:52:7e:45:41:32:31:65:9a:d9:65:7c:
         cb:71:4a:8a:90:9b:78:d0:b5:99:7f:3e:11:94:f1:95:b3:31:
         76:8c:47:dd:4b:f2:94:e6:5c:26:db:be:5e:cc:97:85:84:5e:
         9c:1e:aa:7c:c1:0a:d0:46:51:58:4c:d2:36:67:d9:3e:0f:2b:
         f6:7c:ce:f3:b9:71:f5:01:a6:37:ff:46:69:09:91:c3:3e:37:
         f1:f2:8c:10
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYUnjC+jspXDSDVm3R607YS+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjIxMjE4MjMyMjU2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDQ3MzY1YWQwM2IxNDNlYWU4NTA0ZGZlNTI1YzE5MzQzY2FiZDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKx7SfJTxDZkhPIc/WwtHAXKkqos
FgtbLJk6xZJ2b6HmJmMB46pT+J0KG2hTrMl1KvRsNPyarWfP8ReQrT3HGiMM8T11
gkrVDztGo5nQE02kdejb1ZYMhg4hCARmILczTnXSpX628E5+OjNQIm11bAy69K8m
DQEyIoBpuuAwu7WxSooomyj/2bHxqX3P5yxb9wc3aiT3gjLdJ+uPTdRbSv+fk2sb
+QR7EMw7pH5+UF+lQQeBukv/ygNOT6QzJeW9OMvU5knoZyDqEfCRFZ0D9akt2OQd
9+xf+ifIJpjkE2hUtkRouEpi0HJKp+3Spi/e+MQsjH15XyKnXuRKQU4LYQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFJRHNlrQOxQ+roUE3+UlwZNDyr07MB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvbEVjMld0QTdGRDZ1aFFUZjVTWEJrMFBLdlRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBJBAIAATBDAwQGPqvAAwQC
ucDkAwQFwpoAAwQHwu4AMAsDAwLUhAMEBdSEgAMEBtUSwAMDAdmwMAsDAwDZswME
B9m0AAMEB9m1ADANBAIAAjAHAwUAKgIPsDANBgkqhkiG9w0BAQsFAAOCAQEACo+2
bJzy6CxCQDi9fezTBNtVv8434WNizau4CNpc+6oMQ6wd6mOaw8zRGy5QgNk3BFaY
jEHEBJQCyvUh5gTvFvyM90ZQVwflUOTrVEMYYjTpVYGsRYBeYRhtI8qZQYTE17xW
AnL2xWYePg8/rWeJ0SR46ietLpZInFZGp5XwtL0u2MQOwepo9aHZALDwYAAXZ/5g
ea9GdcHIZZFa6PXaxAPDJPt+VA7f51J+RUEyMWWa2WV8y3FKipCbeNC1mX8+EZTx
lbMxdoxH3UvylOZcJtu+XsyXhYRenB6qfMEK0EZRWEzSNmfZPg8r9nzO87lx9QGm
N/9GaQmRwz438fKMEA==
-----END CERTIFICATE-----