Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/TwjiDmiRN2664Kal5N29uh4e20M.roa
File:                     TwjiDmiRN2664Kal5N29uh4e20M.roa (raw, json)
Hash identifier:          HwJDPTBcpPCfMc75LOXSekXyoXGlgK0XGsmZqY/lSWY=
Subject key identifier:   4F:08:E2:0E:68:91:37:6E:BA:E0:A6:A5:E4:DD:BD:BA:1E:1E:DB:43
Certificate issuer:       /CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
Certificate serial:       018281AB9473998C880F7DF90C7AE95EE485
Authority key identifier: AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/TwjiDmiRN2664Kal5N29uh4e20M.roa
Signing time:             Tue 09 Aug 2022 08:14:41 +0000
ROA not before:           Tue 09 Aug 2022 08:14:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     28716
IP address blocks:        77.95.136.0/21 maxlen: 24
                          147.123.80.0/20 maxlen: 24
                          80.94.116.0/24 maxlen: 24
                          80.94.112.0/20 maxlen: 24
                          217.19.144.0/20 maxlen: 24
                          78.159.216.0/21 maxlen: 24
                          185.61.12.0/22 maxlen: 24
                          147.123.96.0/20 maxlen: 24
                          45.89.180.0/22 maxlen: 24
                          185.41.212.0/22 maxlen: 22
                          78.159.192.0/21 maxlen: 24
                          46.243.32.0/21 maxlen: 24
                          2001:1bd0::/29 maxlen: 48
                          2a01:5d20::/29 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:81:ab:94:73:99:8c:88:0f:7d:f9:0c:7a:e9:5e:e4:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
        Validity
            Not Before: Aug  9 08:14:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4f08e20e6891376ebae0a6a5e4ddbdba1e1edb43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:08:01:99:cf:02:39:2a:7b:ea:11:b2:ad:11:
                    bf:60:b4:2a:1d:6c:f8:0f:6d:9a:e1:a5:c2:82:b4:
                    82:f9:eb:58:f7:ad:7a:fe:ed:c2:b7:e0:bd:91:ab:
                    4a:47:61:ec:c0:91:09:ce:ba:ae:2d:7c:4f:a4:36:
                    52:d8:e0:6a:7f:ff:e2:d4:f9:d0:44:3e:48:02:68:
                    8c:fe:8b:5a:52:16:ac:f6:fd:7b:cc:bc:b8:15:bb:
                    aa:52:52:b7:70:70:01:71:68:af:ff:d6:00:bf:05:
                    8b:dd:76:2c:bb:af:85:dd:b3:7b:4f:b5:56:dd:08:
                    f5:a6:72:6d:86:41:9a:c9:06:0a:e3:18:51:00:7a:
                    05:e4:fd:57:4e:99:f4:04:ab:b8:05:0a:c1:6f:c5:
                    89:06:a2:5a:a2:a5:61:62:3c:db:e6:56:56:ad:e7:
                    cd:33:0c:17:69:17:36:07:88:67:7f:e6:ee:bb:25:
                    78:67:bf:07:0d:85:59:66:9b:b8:c6:98:92:39:99:
                    7d:2b:4f:f4:aa:51:51:96:a8:be:16:80:d7:eb:c9:
                    f1:e9:69:dc:85:57:5f:77:42:59:42:81:87:1d:a3:
                    34:fd:96:73:70:48:4f:3b:2e:5c:49:ca:1e:a4:ea:
                    8e:53:bc:e0:06:1b:ab:25:db:f6:dc:9a:d3:53:31:
                    77:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:08:E2:0E:68:91:37:6E:BA:E0:A6:A5:E4:DD:BD:BA:1E:1E:DB:43
            X509v3 Authority Key Identifier:
                keyid:AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/TwjiDmiRN2664Kal5N29uh4e20M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.180.0/22
                  46.243.32.0/21
                  77.95.136.0/21
                  78.159.192.0/21
                  78.159.216.0/21
                  80.94.112.0/20
                  147.123.80.0-147.123.111.255
                  185.41.212.0/22
                  185.61.12.0/22
                  217.19.144.0/20
                IPv6:
                  2001:1bd0::/29
                  2a01:5d20::/29

    Signature Algorithm: sha256WithRSAEncryption
         1e:ca:22:62:57:28:e5:a4:33:33:36:71:01:7c:f1:46:4a:51:
         3e:35:03:32:74:89:b0:fa:9f:87:73:4d:d3:57:26:d9:cc:4c:
         45:d2:3d:bd:66:13:8e:0b:35:0f:b6:9c:1b:c2:0b:f7:4e:1b:
         60:59:8f:63:a0:ae:a9:5c:21:50:a8:37:ce:bf:76:80:8b:48:
         45:ce:91:1d:2a:cb:9d:21:3d:cc:c9:86:dd:9f:d4:87:60:ff:
         bc:14:34:a0:ec:90:61:43:c8:fc:e9:a4:d0:64:da:08:8b:3f:
         3c:d0:b9:97:c1:38:5a:ee:4f:24:cd:06:d7:0e:4e:6b:62:2f:
         08:eb:74:5b:3c:45:97:c2:84:6b:81:a9:18:f7:a3:7f:61:81:
         52:8c:11:76:2c:cd:06:8d:37:6c:6e:e3:1f:a1:cc:f4:af:38:
         6d:53:9b:3e:4d:bb:be:77:ea:2b:b4:3d:13:dc:fc:87:ee:f3:
         f4:59:68:c0:6e:ba:9c:87:ba:39:ab:3f:f3:d4:44:0f:83:64:
         2b:b8:7d:95:24:6a:ee:2c:48:b0:a2:d8:f1:e7:e4:98:6d:ed:
         64:5e:f5:9f:6a:70:2a:3c:46:d7:f0:6c:10:d4:04:eb:e8:22:
         8a:7b:06:38:82:69:4b:40:a4:72:50:2c:f0:bc:b2:36:0d:e7:
         aa:92:47:ba
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYKBq5RzmYyID335DHrpXuSFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjN2NjMzM0ZjUxZDJiNmViNGUyN2Q2ZDU2YjliY2UzZTg1
NTYwY2MwHhcNMjIwODA5MDgxNDQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjA4ZTIwZTY4OTEzNzZlYmFlMGE2YTVlNGRkYmRiYTFlMWVkYjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QgBmc8COSp76hGyrRG/YLQqHWz4
D22a4aXCgrSC+etY9616/u3Ct+C9katKR2HswJEJzrquLXxPpDZS2OBqf//i1PnQ
RD5IAmiM/otaUhas9v17zLy4FbuqUlK3cHABcWiv/9YAvwWL3XYsu6+F3bN7T7VW
3Qj1pnJthkGayQYK4xhRAHoF5P1XTpn0BKu4BQrBb8WJBqJaoqVhYjzb5lZWrefN
MwwXaRc2B4hnf+buuyV4Z78HDYVZZpu4xpiSOZl9K0/0qlFRlqi+FoDX68nx6Wnc
hVdfd0JZQoGHHaM0/ZZzcEhPOy5cScoepOqOU7zgBhurJdv23JrTUzF33QIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFE8I4g5okTduuuCmpeTdvboeHttDMB8GA1UdIwQY
MBaAFKx8wzT1HStutOJ9bVa5vOPoVWDMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTct
MWNmMTViMmJhN2JlLzEvVHdqaURtaVJOMjY2NEthbDVOMjl1aDRlMjBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTctMWNmMTViMmJhN2Jl
LzEvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBKBAIAATBEAwQCLVm0AwQD
LvMgAwQDTV+IAwQDTp/AAwQDTp/YAwQEUF5wMAwDBASTe1ADBASTe2ADBAK5KdQD
BAK5PQwDBATZE5AwFAQCAAIwDgMFAyABG9ADBQMqAV0gMA0GCSqGSIb3DQEBCwUA
A4IBAQAeyiJiVyjlpDMzNnEBfPFGSlE+NQMydImw+p+Hc03TVybZzExF0j29ZhOO
CzUPtpwbwgv3ThtgWY9joK6pXCFQqDfOv3aAi0hFzpEdKsudIT3MyYbdn9SHYP+8
FDSg7JBhQ8j86aTQZNoIiz880LmXwTha7k8kzQbXDk5rYi8I63RbPEWXwoRrgakY
96N/YYFSjBF2LM0GjTdsbuMfocz0rzhtU5s+Tbu+d+ortD0T3PyH7vP0WWjAbrqc
h7o5qz/z1EQPg2QruH2VJGruLEiwotjx5+SYbe1kXvWfanAqPEbX8GwQ1ATr6CKK
ewY4gmlLQKRyUCzwvLI2Deeqkke6
-----END CERTIFICATE-----