Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/CUkjMRqnLFvCQRjPaRnhhiupDXA.roa
File:                     CUkjMRqnLFvCQRjPaRnhhiupDXA.roa (raw, json)
Hash identifier:          DSJMDRp0nzQ7rrAMEE9KfLkOjOCMK2pJzJqbc+VORrg=
Subject key identifier:   09:49:23:31:1A:A7:2C:5B:C2:41:18:CF:69:19:E1:86:2B:A9:0D:70
Certificate issuer:       /CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
Certificate serial:       01826E5A8851CF83A9B29BF1A5599D466859
Authority key identifier: AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/CUkjMRqnLFvCQRjPaRnhhiupDXA.roa
Signing time:             Fri 05 Aug 2022 14:13:23 +0000
ROA not before:           Fri 05 Aug 2022 14:13:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     28716
IP address blocks:        78.159.216.0/21 maxlen: 24
                          77.95.136.0/21 maxlen: 24
                          185.61.12.0/22 maxlen: 24
                          45.89.180.0/22 maxlen: 24
                          185.41.212.0/22 maxlen: 22
                          80.94.116.0/24 maxlen: 24
                          80.94.112.0/20 maxlen: 24
                          78.159.192.0/21 maxlen: 24
                          46.243.32.0/21 maxlen: 24
                          217.19.144.0/20 maxlen: 24
                          2001:1bd0::/32 maxlen: 32
                          2a02:5ca0::/32 maxlen: 56

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:6e:5a:88:51:cf:83:a9:b2:9b:f1:a5:59:9d:46:68:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
        Validity
            Not Before: Aug  5 14:13:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=094923311aa72c5bc24118cf6919e1862ba90d70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:38:5c:80:3b:ab:b5:31:25:a7:7a:04:a3:67:
                    50:19:c1:4e:a8:af:1c:96:7a:5a:c2:e0:64:63:ee:
                    37:af:62:84:c5:12:4e:5c:a9:7f:d8:58:1b:91:2d:
                    a9:26:b4:64:d3:97:c9:6b:fd:60:98:45:e9:b5:37:
                    78:37:8e:49:0d:0f:17:a4:84:46:8f:27:3b:44:e7:
                    6d:18:4c:9d:ed:84:e6:0b:ef:e7:a2:53:58:16:db:
                    f4:3c:6c:1b:a6:8f:f3:80:dc:41:83:c9:b1:34:e9:
                    64:cb:af:d6:07:d3:72:a3:b7:42:2b:f6:35:78:d7:
                    26:cc:0b:ee:a9:1f:5b:3c:98:dd:c6:9d:2e:df:77:
                    b8:b8:1f:57:47:65:02:04:ab:b6:1e:e3:ca:4a:6e:
                    9c:74:5d:da:f1:0a:07:0e:35:7b:be:18:43:c0:7e:
                    27:bf:6c:a4:af:d7:9d:5f:f0:68:c0:1e:94:e1:ef:
                    a6:da:8a:26:20:8b:41:5a:4f:2d:1e:ca:d0:3f:dd:
                    1c:8d:14:ed:c6:d2:4e:fd:54:79:ed:ed:04:fb:e9:
                    82:79:49:f1:ca:5d:58:db:1a:be:9a:73:47:82:d5:
                    15:3b:57:c8:07:44:b2:c4:47:ee:8c:e6:34:21:1a:
                    d7:cd:53:6b:90:bc:33:73:9f:00:e7:ed:08:3e:37:
                    d6:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:49:23:31:1A:A7:2C:5B:C2:41:18:CF:69:19:E1:86:2B:A9:0D:70
            X509v3 Authority Key Identifier:
                keyid:AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/CUkjMRqnLFvCQRjPaRnhhiupDXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.180.0/22
                  46.243.32.0/21
                  77.95.136.0/21
                  78.159.192.0/21
                  78.159.216.0/21
                  80.94.112.0/20
                  185.41.212.0/22
                  185.61.12.0/22
                  217.19.144.0/20
                IPv6:
                  2001:1bd0::/32
                  2a02:5ca0::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:e2:39:61:79:a7:02:87:43:da:f7:1e:b3:fe:92:8c:be:2e:
         99:d5:a0:d0:42:23:b7:69:66:e3:b8:56:51:7c:c8:e0:f4:b5:
         93:98:15:4a:a1:e3:36:db:ea:18:04:a9:ed:ce:d1:33:04:7e:
         62:68:c2:7e:ff:1f:0b:1b:1d:0a:0f:12:b7:18:b9:74:e2:e9:
         98:dc:d8:02:86:27:5f:88:94:6c:80:65:52:0c:cf:6e:85:7e:
         16:c8:c7:17:22:0a:fe:67:e6:33:a0:16:f8:6f:f1:76:46:73:
         c4:ed:f2:48:78:a8:74:23:c9:f1:54:e2:5e:b3:31:87:12:36:
         32:21:a0:fd:78:df:98:38:67:6b:1a:e9:a4:c6:a1:20:38:69:
         0c:31:e4:54:31:ec:08:6b:13:f6:e2:7c:4f:1e:fb:29:df:48:
         41:e6:33:c4:5a:24:94:81:7e:d5:42:2e:1b:72:c1:c1:f2:7e:
         66:15:7d:db:1d:a6:9e:ed:a9:5f:52:8c:f2:68:13:6a:14:48:
         ba:a0:6c:ad:c4:57:a3:3b:cf:f8:fc:c2:1c:4e:c9:2e:39:8e:
         bd:b6:24:37:a0:b9:04:f2:dc:0d:8e:50:76:a6:e7:55:4a:62:
         fc:a7:14:d8:2a:d6:00:1d:79:4a:c2:80:44:3c:08:10:c1:a6:
         31:c6:56:67
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYJuWohRz4OpspvxpVmdRmhZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjN2NjMzM0ZjUxZDJiNmViNGUyN2Q2ZDU2YjliY2UzZTg1
NTYwY2MwHhcNMjIwODA1MTQxMzIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTQ5MjMzMTFhYTcyYzViYzI0MTE4Y2Y2OTE5ZTE4NjJiYTkwZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7jhcgDurtTElp3oEo2dQGcFOqK8c
lnpawuBkY+43r2KExRJOXKl/2FgbkS2pJrRk05fJa/1gmEXptTd4N45JDQ8XpIRG
jyc7ROdtGEyd7YTmC+/nolNYFtv0PGwbpo/zgNxBg8mxNOlky6/WB9Nyo7dCK/Y1
eNcmzAvuqR9bPJjdxp0u33e4uB9XR2UCBKu2HuPKSm6cdF3a8QoHDjV7vhhDwH4n
v2ykr9edX/BowB6U4e+m2oomIItBWk8tHsrQP90cjRTtxtJO/VR57e0E++mCeUnx
yl1Y2xq+mnNHgtUVO1fIB0SyxEfujOY0IRrXzVNrkLwzc58A5+0IPjfWyQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFAlJIzEapyxbwkEYz2kZ4YYrqQ1wMB8GA1UdIwQY
MBaAFKx8wzT1HStutOJ9bVa5vOPoVWDMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTct
MWNmMTViMmJhN2JlLzEvQ1Vrak1ScW5MRnZDUVJqUGFSbmhoaXVwRFhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTctMWNmMTViMmJhN2Jl
LzEvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQCLVm0AwQD
LvMgAwQDTV+IAwQDTp/AAwQDTp/YAwQEUF5wAwQCuSnUAwQCuT0MAwQE2ROQMBQE
AgACMA4DBQAgARvQAwUAKgJcoDANBgkqhkiG9w0BAQsFAAOCAQEAcuI5YXmnAodD
2vces/6SjL4umdWg0EIjt2lm47hWUXzI4PS1k5gVSqHjNtvqGASp7c7RMwR+YmjC
fv8fCxsdCg8Stxi5dOLpmNzYAoYnX4iUbIBlUgzPboV+FsjHFyIK/mfmM6AW+G/x
dkZzxO3ySHiodCPJ8VTiXrMxhxI2MiGg/XjfmDhnaxrppMahIDhpDDHkVDHsCGsT
9uJ8Tx77Kd9IQeYzxFoklIF+1UIuG3LBwfJ+ZhV92x2mnu2pX1KM8mgTahRIuqBs
rcRXozvP+PzCHE7JLjmOvbYkN6C5BPLcDY5QdqbnVUpi/KcU2CrWAB15SsKARDwI
EMGmMcZWZw==
-----END CERTIFICATE-----