Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/x7KxHGCcjFBU5A_ZV0VCHDWeF1E.roa
File:                     x7KxHGCcjFBU5A_ZV0VCHDWeF1E.roa (raw, json)
Hash identifier:          jIAD5EFTBDrvbQOAZv18KjJ8rvXW2CGiv/5tjoi0C+k=
Subject key identifier:   C7:B2:B1:1C:60:9C:8C:50:54:E4:0F:D9:57:45:42:1C:35:9E:17:51
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018CC79351F9A2AF8BE9D4E86065B0DF0D15
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/x7KxHGCcjFBU5A_ZV0VCHDWeF1E.roa
Signing time:             Tue 02 Jan 2024 00:29:29 +0000
ROA not before:           Tue 02 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        194.233.31.0/24 maxlen: 24
                          195.180.128.0/22 maxlen: 24
                          194.163.68.0/24 maxlen: 24
                          194.233.151.0/24 maxlen: 24
                          194.233.148.0/24 maxlen: 24
                          194.233.149.0/24 maxlen: 24
                          194.64.89.0/24 maxlen: 24
                          195.180.152.0/22 maxlen: 24
                          195.180.157.0/24 maxlen: 24
                          194.163.92.0/24 maxlen: 24
                          195.252.175.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:51:f9:a2:af:8b:e9:d4:e8:60:65:b0:df:0d:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7b2b11c609c8c5054e40fd95745421c359e1751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:da:2a:36:fe:27:35:9f:14:75:14:42:ea:32:
                    6d:4b:6a:3a:9e:a5:39:13:a7:d9:b1:35:cb:f7:0d:
                    f2:1c:ac:97:1f:d1:44:79:bd:fb:9b:9f:4a:99:13:
                    07:b1:d1:83:58:08:b5:16:83:00:dc:ca:b1:bb:25:
                    17:04:2a:93:cf:80:e1:a5:d7:6e:93:36:84:93:f2:
                    83:bb:24:70:e6:ff:01:ad:80:d6:08:99:0e:c1:67:
                    98:ef:30:91:80:8d:80:ad:a2:c1:3f:c0:d8:d7:e5:
                    db:a5:2e:08:b1:21:fb:79:80:17:72:b0:dc:41:f4:
                    56:ff:1b:1e:6a:55:a0:24:c2:bb:84:67:72:f4:cf:
                    b4:67:ae:bc:db:97:e9:9d:a9:a8:56:f2:9d:d1:31:
                    61:57:e8:f4:6c:f7:30:5f:30:e8:68:d0:dc:46:11:
                    83:70:c0:c9:44:6a:6b:a8:55:52:a6:eb:32:b7:c6:
                    1b:fb:01:72:f6:ce:07:9a:e1:01:61:71:c2:bd:89:
                    29:52:b4:1b:5a:b2:d3:91:99:de:21:6d:89:c7:94:
                    8e:dc:b8:45:8a:df:c7:db:42:92:a2:62:cf:8b:47:
                    3e:83:f3:f7:ee:0d:82:9b:d2:ed:30:08:d8:2e:1a:
                    ba:c1:41:e4:a4:a8:cc:bd:2a:21:f9:4c:06:8b:ac:
                    02:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:B2:B1:1C:60:9C:8C:50:54:E4:0F:D9:57:45:42:1C:35:9E:17:51
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/x7KxHGCcjFBU5A_ZV0VCHDWeF1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.64.89.0/24
                  194.163.68.0/24
                  194.163.92.0/24
                  194.233.31.0/24
                  194.233.148.0/23
                  194.233.151.0/24
                  195.180.128.0/22
                  195.180.152.0/22
                  195.180.157.0/24
                  195.252.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:1f:24:50:ec:ff:b6:4b:c6:fe:ad:7a:2c:15:76:be:6d:0a:
         fc:bc:97:08:a5:a5:7a:f9:f5:84:ce:50:24:42:47:70:91:31:
         74:42:61:67:cf:91:34:71:bc:0e:36:aa:0a:86:bd:58:3f:6b:
         60:90:a3:50:8b:29:07:bd:f8:6f:a1:51:cb:07:0b:f9:5f:06:
         3e:6b:2f:94:51:86:f5:fc:ce:eb:9e:53:fd:24:ad:b6:d8:c3:
         26:2f:66:b8:24:09:29:9a:fa:0c:34:b5:f6:97:0b:1d:e6:8d:
         8a:61:23:68:7b:c1:7c:0c:c4:23:6b:c0:9c:c8:7c:b9:72:b9:
         a5:1f:99:1d:a3:ae:11:47:0c:cd:69:fb:d5:47:45:d5:ee:d1:
         83:98:81:fc:1f:c7:75:85:57:75:de:1c:8b:ae:e8:4d:fc:5e:
         5d:13:3d:16:2f:c9:16:19:d6:c5:86:93:b7:b3:6a:d7:53:a7:
         2e:7c:ec:58:52:10:36:4e:b6:09:08:c3:cf:ab:e5:bb:1b:16:
         ce:48:eb:c9:1b:ef:2a:f7:59:01:c9:21:4e:f4:dc:76:20:85:
         b3:6f:98:17:bc:d9:e3:a5:39:f8:a2:6d:ec:5d:6e:84:99:1b:
         7d:00:ab:9a:ce:68:9c:7a:b2:c6:e7:b9:c1:bf:33:77:bb:fe:
         4f:56:02:b9
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYzHk1H5oq+L6dToYGWw3w0VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQwMTAyMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2IyYjExYzYwOWM4YzUwNTRlNDBmZDk1NzQ1NDIxYzM1OWUxNzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdoqNv4nNZ8UdRRC6jJtS2o6nqU5
E6fZsTXL9w3yHKyXH9FEeb37m59KmRMHsdGDWAi1FoMA3MqxuyUXBCqTz4Dhpddu
kzaEk/KDuyRw5v8BrYDWCJkOwWeY7zCRgI2AraLBP8DY1+XbpS4IsSH7eYAXcrDc
QfRW/xsealWgJMK7hGdy9M+0Z66825fpnamoVvKd0TFhV+j0bPcwXzDoaNDcRhGD
cMDJRGprqFVSpusyt8Yb+wFy9s4HmuEBYXHCvYkpUrQbWrLTkZneIW2Jx5SO3LhF
it/H20KSomLPi0c+g/P37g2Cm9LtMAjYLhq6wUHkpKjMvSoh+UwGi6wCxwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFMeysRxgnIxQVOQP2VdFQhw1nhdRMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEveDdLeEhHQ2NqRkJVNUFfWlYwVkNIRFdlRjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwkBZAwQA
wqNEAwQAwqNcAwQAwukfAwQBwumUAwQAwumXAwQCw7SAAwQCw7SYAwQAw7SdAwQA
w/yvMA0GCSqGSIb3DQEBCwUAA4IBAQBYHyRQ7P+2S8b+rXosFXa+bQr8vJcIpaV6
+fWEzlAkQkdwkTF0QmFnz5E0cbwONqoKhr1YP2tgkKNQiykHvfhvoVHLBwv5XwY+
ay+UUYb1/M7rnlP9JK222MMmL2a4JAkpmvoMNLX2lwsd5o2KYSNoe8F8DMQja8Cc
yHy5crmlH5kdo64RRwzNafvVR0XV7tGDmIH8H8d1hVd13hyLruhN/F5dEz0WL8kW
GdbFhpO3s2rXU6cufOxYUhA2TrYJCMPPq+W7GxbOSOvJG+8q91kBySFO9Nx2IIWz
b5gXvNnjpTn4om3sXW6EmRt9AKuazmicerLG57nBvzN3u/5PVgK5
-----END CERTIFICATE-----