Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/9365e0-aec8-4384-9bd7-6c232ae7b5bd/1/DDlub7ptFh9K1-Q1sf9b7-Dn5Pc.roa
File:                     DDlub7ptFh9K1-Q1sf9b7-Dn5Pc.roa (raw, json)
Hash identifier:          gqwrH8Is2/DX+6z1CnXFFj2efY35q/MxcDnjs8asErY=
Subject key identifier:   0C:39:6E:6F:BA:6D:16:1F:4A:D7:E4:35:B1:FF:5B:EF:E0:E7:E4:F7
Certificate issuer:       /CN=7c178f4e4b0e2c20e6a888020c8e6d029a293496
Certificate serial:       06426BA9
Authority key identifier: 7C:17:8F:4E:4B:0E:2C:20:E6:A8:88:02:0C:8E:6D:02:9A:29:34:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fBePTksOLCDmqIgCDI5tApopNJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/9365e0-aec8-4384-9bd7-6c232ae7b5bd/1/DDlub7ptFh9K1-Q1sf9b7-Dn5Pc.roa
Signing time:             Mon 02 May 2022 07:26:14 +0000
ROA not before:           Mon 02 May 2022 07:26:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1299
IP address blocks:        193.104.197.0/24 maxlen: 24
                          193.104.198.0/24 maxlen: 24
                          193.104.222.0/24 maxlen: 24
                          2a0f:9340::/48 maxlen: 48
                          2a0f:9340:10::/48 maxlen: 48
                          2a0f:9340:33::/48 maxlen: 48
                          2a0f:9340:11::/48 maxlen: 48
                          2a0f:9340:34::/48 maxlen: 48
                          2a0f:9340:32::/48 maxlen: 48
                          2a0f:9340:1a::/48 maxlen: 48
                          2a0f:9340:3d::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 105016233 (0x6426ba9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c178f4e4b0e2c20e6a888020c8e6d029a293496
        Validity
            Not Before: May  2 07:26:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0c396e6fba6d161f4ad7e435b1ff5befe0e7e4f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:4e:81:09:d5:67:04:be:20:98:eb:f4:98:46:
                    9d:a8:c6:d5:a3:f4:30:04:2f:57:f9:7f:36:48:e2:
                    d6:d2:d4:ab:36:13:32:fc:61:7b:13:cc:9d:52:f2:
                    cf:bd:1e:34:66:f1:ca:02:8f:8d:e6:2d:97:7e:7d:
                    68:8c:51:92:38:87:46:08:04:be:8d:33:9b:f4:99:
                    f9:39:63:2c:e1:1e:4e:38:10:22:82:65:07:62:36:
                    d7:6b:4f:d0:96:80:db:2b:37:1a:76:62:d2:32:cc:
                    88:30:05:ca:61:12:0c:d9:e1:e5:3a:aa:3a:72:4e:
                    20:b0:cc:e0:c1:1f:a7:a7:12:b2:55:bb:d9:20:bf:
                    6b:e1:cb:d1:98:69:23:1f:31:f6:f5:96:7d:59:f6:
                    c3:6f:6c:fd:3e:fe:26:bd:ff:c0:1d:ad:d3:2e:96:
                    7b:ca:e5:c4:b2:50:c6:57:e4:ef:df:7f:d8:59:10:
                    b9:85:4f:22:7f:aa:c8:b2:ce:0c:b1:a9:71:ad:c7:
                    04:88:86:78:97:ff:f6:da:26:a0:99:89:58:e4:20:
                    ed:af:10:99:ee:63:46:01:70:be:81:8d:8e:8e:9f:
                    97:33:e6:91:67:1a:08:16:ec:90:a2:60:8b:ff:1c:
                    a3:70:aa:1d:0d:44:e0:52:d9:03:d3:78:90:19:58:
                    df:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:39:6E:6F:BA:6D:16:1F:4A:D7:E4:35:B1:FF:5B:EF:E0:E7:E4:F7
            X509v3 Authority Key Identifier:
                keyid:7C:17:8F:4E:4B:0E:2C:20:E6:A8:88:02:0C:8E:6D:02:9A:29:34:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fBePTksOLCDmqIgCDI5tApopNJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/9365e0-aec8-4384-9bd7-6c232ae7b5bd/1/DDlub7ptFh9K1-Q1sf9b7-Dn5Pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/9365e0-aec8-4384-9bd7-6c232ae7b5bd/1/fBePTksOLCDmqIgCDI5tApopNJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.197.0-193.104.198.255
                  193.104.222.0/24
                IPv6:
                  2a0f:9340::/48
                  2a0f:9340:10::/47
                  2a0f:9340:1a::/48
                  2a0f:9340:32::-2a0f:9340:34:ffff:ffff:ffff:ffff:ffff
                  2a0f:9340:3d::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:36:e6:5f:22:6c:ac:17:b2:1a:cf:bf:6b:79:59:60:cb:a9:
         80:69:74:80:24:ff:1e:8f:c6:64:bb:35:0a:c5:53:2a:21:57:
         2b:7c:da:f2:14:06:e5:35:3d:32:d8:01:50:c0:a7:8e:1c:c0:
         d1:40:c3:89:00:bb:b4:bd:7c:ee:b5:3f:7c:56:0c:38:1a:71:
         c1:bb:16:6a:ef:cf:fa:71:6a:f0:78:92:5d:96:99:d9:9a:a0:
         bf:f5:c5:dc:17:e1:59:5a:00:14:1f:8a:93:56:67:11:4b:a5:
         f6:f5:a8:98:dc:85:81:5c:b4:63:da:06:c1:74:9f:34:2b:2a:
         d1:b4:01:ec:4b:1a:cd:e3:dd:f6:6e:bd:5f:f0:d6:89:3a:c3:
         66:ca:b0:2f:5d:06:9b:32:c8:47:1e:00:ec:c8:6f:f5:70:35:
         e4:da:e7:76:06:74:39:78:b8:26:01:dd:7f:96:88:15:88:09:
         5b:5e:e5:ac:67:8b:1b:91:76:8a:d8:1d:a5:2d:55:ad:4f:db:
         5e:8c:cd:e3:34:2d:55:72:54:ee:d6:91:ac:30:5b:37:17:21:
         88:f2:8e:6a:be:44:db:26:5b:d9:7b:f5:b7:d8:75:d8:d7:77:
         12:dd:58:8b:ca:e8:e3:92:bb:11:dd:88:5c:3c:b1:f0:88:60:
         13:f6:27:e1
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgIEBkJrqTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
YzE3OGY0ZTRiMGUyYzIwZTZhODg4MDIwYzhlNmQwMjlhMjkzNDk2MB4XDTIyMDUw
MjA3MjYxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGMzOTZlNmZiYTZk
MTYxZjRhZDdlNDM1YjFmZjViZWZlMGU3ZTRmNzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOROgQnVZwS+IJjr9JhGnajG1aP0MAQvV/l/Nkji1tLUqzYT
MvxhexPMnVLyz70eNGbxygKPjeYtl359aIxRkjiHRggEvo0zm/SZ+TljLOEeTjgQ
IoJlB2I212tP0JaA2ys3GnZi0jLMiDAFymESDNnh5TqqOnJOILDM4MEfp6cSslW7
2SC/a+HL0ZhpIx8x9vWWfVn2w29s/T7+Jr3/wB2t0y6We8rlxLJQxlfk799/2FkQ
uYVPIn+qyLLODLGpca3HBIiGeJf/9tomoJmJWOQg7a8Qme5jRgFwvoGNjo6flzPm
kWcaCBbskKJgi/8co3CqHQ1E4FLZA9N4kBlY3+0CAwEAAaOCAlcwggJTMB0GA1Ud
DgQWBBQMOW5vum0WH0rX5DWx/1vv4Ofk9zAfBgNVHSMEGDAWgBR8F49OSw4sIOao
iAIMjm0Cmik0ljAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZCZVBUa3NPTENEbXFJZ0NESTV0QXBvcE5KWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzMvOTM2NWUwLWFlYzgtNDM4NC05YmQ3LTZjMjMyYWU3YjViZC8x
L0REbHViN3B0Rmg5SzEtUTFzZjliNy1EbjVQYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzMv
OTM2NWUwLWFlYzgtNDM4NC05YmQ3LTZjMjMyYWU3YjViZC8xL2ZCZVBUa3NPTENE
bXFJZ0NESTV0QXBvcE5KWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBt
BggrBgEFBQcBBwEB/wReMFwwGgQCAAEwFDAMAwQAwWjFAwQAwWjGAwQAwWjeMD4E
AgACMDgDBwAqD5NAAAADBwEqD5NAABADBwAqD5NAABowEgMHASoPk0AAMgMHACoP
k0AANAMHACoPk0AAPTANBgkqhkiG9w0BAQsFAAOCAQEARjbmXyJsrBeyGs+/a3lZ
YMupgGl0gCT/Ho/GZLs1CsVTKiFXK3za8hQG5TU9MtgBUMCnjhzA0UDDiQC7tL18
7rU/fFYMOBpxwbsWau/P+nFq8HiSXZaZ2Zqgv/XF3BfhWVoAFB+Kk1ZnEUul9vWo
mNyFgVy0Y9oGwXSfNCsq0bQB7EsazePd9m69X/DWiTrDZsqwL10GmzLIRx4A7Mhv
9XA15NrndgZ0OXi4JgHdf5aIFYgJW17lrGeLG5F2itgdpS1VrU/bXozN4zQtVXJU
7taRrDBbNxchiPKOar5E2yZb2Xv1t9h12Nd3Et1Yi8ro45K7Ed2IXDyx8IhgE/Yn
4Q==
-----END CERTIFICATE-----