Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/9Yij_WD6Fw2937ENNB6faso2hjQ.roa
File:                     9Yij_WD6Fw2937ENNB6faso2hjQ.roa (raw, json)
Hash identifier:          iW+4UQkuwzNBd1dzmctFGqCAQZnfhCyxXMuEv46JQXM=
Subject key identifier:   F5:88:A3:FD:60:FA:17:0D:BD:DF:B1:0D:34:1E:9F:6A:CA:36:86:34
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       428FA5C1
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/9Yij_WD6Fw2937ENNB6faso2hjQ.roa
Signing time:             Thu 21 Apr 2022 03:23:47 +0000
ROA not before:           Thu 21 Apr 2022 03:23:47 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     8708
IP address blocks:        86.105.233.0/24 maxlen: 24
                          89.43.53.0/24 maxlen: 24
                          89.40.65.0/24 maxlen: 24
                          89.43.63.0/24 maxlen: 24
                          85.204.241.0/24 maxlen: 24
                          85.204.242.0/24 maxlen: 24
                          89.36.137.0/24 maxlen: 24
                          86.106.113.0/24 maxlen: 24
                          89.46.93.0/24 maxlen: 24
                          93.114.57.0/24 maxlen: 24
                          89.34.178.0/24 maxlen: 24
                          89.38.236.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1116710337 (0x428fa5c1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Apr 21 03:23:47 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f588a3fd60fa170dbddfb10d341e9f6aca368634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:d5:be:f9:21:61:a1:79:8c:0a:99:d9:ea:10:
                    3b:c7:fb:20:41:91:47:d5:51:a2:0e:b4:c2:66:03:
                    d8:63:b0:71:77:bc:6a:35:44:38:76:44:34:7f:4f:
                    4b:13:fa:ef:f5:4e:21:96:a1:d4:8b:6a:2b:26:02:
                    e9:c0:a8:aa:49:7e:f7:65:ac:c6:8c:e0:90:d9:53:
                    96:06:e6:0c:1e:6d:53:76:32:e0:c4:2e:7f:c8:46:
                    f2:cc:93:dc:ce:7f:93:23:96:2d:a9:98:8e:f5:5a:
                    09:a2:12:7d:bf:be:ae:3d:d1:1c:c7:69:89:ff:03:
                    74:9f:00:02:77:ca:08:82:fa:eb:63:ad:9d:bc:c5:
                    c1:55:5e:17:83:ab:4b:31:b1:38:0b:6e:56:79:a6:
                    24:4d:5b:fc:77:41:8d:14:c2:a6:27:15:ec:b6:04:
                    b7:44:9f:ac:91:95:8c:b6:53:12:0c:4d:8d:db:f1:
                    03:4a:4e:5d:16:e8:13:9c:5e:af:6b:6e:97:d5:36:
                    ec:43:27:29:f0:fd:9f:43:22:55:ca:0e:ff:91:57:
                    4e:17:d8:f7:02:81:9e:69:a8:da:a7:ea:bb:64:c2:
                    23:a2:d1:51:e2:88:c0:96:a3:ba:53:69:e5:13:f3:
                    04:7e:dd:46:c9:0d:61:5e:0a:57:93:ff:1c:6e:51:
                    72:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:88:A3:FD:60:FA:17:0D:BD:DF:B1:0D:34:1E:9F:6A:CA:36:86:34
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/9Yij_WD6Fw2937ENNB6faso2hjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.241.0-85.204.242.255
                  86.105.233.0/24
                  86.106.113.0/24
                  89.34.178.0/24
                  89.36.137.0/24
                  89.38.236.0/24
                  89.40.65.0/24
                  89.43.53.0/24
                  89.43.63.0/24
                  89.46.93.0/24
                  93.114.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:c0:0a:83:92:7c:f9:d1:e6:18:cb:11:34:86:11:05:8e:d6:
         bd:22:1f:63:17:86:f0:82:da:ad:d3:f2:0b:71:e2:0f:26:c5:
         ff:b3:84:92:62:cc:c4:0e:48:16:c0:5a:44:43:a1:2f:dc:bf:
         70:37:8f:26:6f:ba:fe:da:f9:34:15:94:98:6c:10:b3:4a:3c:
         2b:ba:a7:a5:81:ab:c2:49:6d:eb:79:fc:d2:c5:b4:ee:b2:01:
         51:ab:ce:6d:e1:7f:1e:6e:ae:9b:40:88:b2:25:b5:3a:99:a3:
         19:3f:53:c1:86:79:13:f5:97:22:c2:2a:d1:98:26:00:b3:60:
         bd:2c:f0:1f:69:91:d8:e6:d3:24:0a:bd:e0:fe:b7:cd:90:c9:
         40:9a:6f:cc:dc:2b:dc:0e:03:7d:97:24:88:93:88:2c:6a:19:
         ed:b6:b0:03:2b:f1:c3:05:04:3b:c1:4e:3b:7c:5c:86:43:d7:
         2d:d0:97:d4:41:b5:cb:a1:c9:f1:fb:21:ae:7d:bc:8e:fc:10:
         6d:85:65:be:60:33:95:c0:c4:37:88:8f:76:2a:fc:14:b9:e4:
         8b:4d:9d:df:58:ab:c0:37:5e:70:da:4b:1b:84:87:fb:b8:92:
         f1:85:79:9c:8b:c6:20:f2:8c:18:16:39:ae:10:f2:c0:29:53:
         72:46:68:71
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIEQo+lwTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
OGU2MjYzNGUxYmQ1MTMzYTlkZTQ1MTJhZTk4Y2FkMWIyMjE5YjU5MB4XDTIyMDQy
MTAzMjM0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjU4OGEzZmQ2MGZh
MTcwZGJkZGZiMTBkMzQxZTlmNmFjYTM2ODYzNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOPVvvkhYaF5jAqZ2eoQO8f7IEGRR9VRog60wmYD2GOwcXe8
ajVEOHZENH9PSxP67/VOIZah1ItqKyYC6cCoqkl+92WsxozgkNlTlgbmDB5tU3Yy
4MQuf8hG8syT3M5/kyOWLamYjvVaCaISfb++rj3RHMdpif8DdJ8AAnfKCIL662Ot
nbzFwVVeF4OrSzGxOAtuVnmmJE1b/HdBjRTCpicV7LYEt0SfrJGVjLZTEgxNjdvx
A0pOXRboE5xer2tul9U27EMnKfD9n0MiVcoO/5FXThfY9wKBnmmo2qfqu2TCI6LR
UeKIwJajulNp5RPzBH7dRskNYV4KV5P/HG5RcokCAwEAAaOCAk8wggJLMB0GA1Ud
DgQWBBT1iKP9YPoXDb3fsQ00Hp9qyjaGNDAfBgNVHSMEGDAWgBT45iY04b1RM6ne
RRKumMrRsiGbWTAOBgNVHQ8BAf8EBAMCB4AwZQYIKwYBBQUHAQEEWTBXMFUGCCsG
AQUFBzAChklyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY2VyMIGNBggrBgEFBQcBCwSB
gDB+MHwGCCsGAQUFBzALhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzc4L2RhMzM5OC02Njk4LTQ1ZjItYmFhZS05MmUyNWZlMTYzMzEv
MS85WWlqX1dENkZ3MjkzN0VOTkI2ZmFzbzJoalEucm9hMIGCBgNVHR8EezB5MHeg
daBzhnFyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc4
L2RhMzM5OC02Njk4LTQ1ZjItYmFhZS05MmUyNWZlMTYzMzEvMS8xLU9ZbU5PRzlV
VE9wM2tVU3JwakswYklobTFrLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4C
MGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKMAwDBABVzPEDBABVzPIDBABWaekD
BABWanEDBABZIrIDBABZJIkDBABZJuwDBABZKEEDBABZKzUDBABZKz8DBABZLl0D
BABdcjkwDQYJKoZIhvcNAQELBQADggEBAHDACoOSfPnR5hjLETSGEQWO1r0iH2MX
hvCC2q3T8gtx4g8mxf+zhJJizMQOSBbAWkRDoS/cv3A3jyZvuv7a+TQVlJhsELNK
PCu6p6WBq8JJbet5/NLFtO6yAVGrzm3hfx5urptAiLIltTqZoxk/U8GGeRP1lyLC
KtGYJgCzYL0s8B9pkdjm0yQKveD+t82QyUCab8zcK9wOA32XJIiTiCxqGe22sAMr
8cMFBDvBTjt8XIZD1y3Ql9RBtcuhyfH7Ia59vI78EG2FZb5gM5XAxDeIj3Yq/BS5
5ItNnd9Yq8A3XnDaSxuEh/u4kvGFeZyLxiDyjBgWOa4Q8sApU3JGaHE=
-----END CERTIFICATE-----