Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/F8frX2O1wFynRrFIWFfDCdoYxHo.roa
File:                     F8frX2O1wFynRrFIWFfDCdoYxHo.roa (raw, json)
Hash identifier:          wZlDmMsAUiZ8t+PXO1qWYwQ3w3zGpcLSsI6Mhg1udFE=
Subject key identifier:   17:C7:EB:5F:63:B5:C0:5C:A7:46:B1:48:58:57:C3:09:DA:18:C4:7A
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018682DA13A7D45FF39E5D3EDBB36D475EAB
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/F8frX2O1wFynRrFIWFfDCdoYxHo.roa
Signing time:             Fri 24 Feb 2023 09:56:15 +0000
ROA not before:           Fri 24 Feb 2023 09:56:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12325
IP address blocks:        94.177.28.0/24 maxlen: 24
                          86.105.144.0/22 maxlen: 24
                          185.18.224.0/23 maxlen: 24
                          89.35.124.0/23 maxlen: 24
                          89.45.162.0/24 maxlen: 24
                          89.46.128.0/22 maxlen: 24
                          188.213.212.0/24 maxlen: 24
                          188.213.216.0/24 maxlen: 24
                          188.215.40.0/22 maxlen: 24
                          92.114.32.0/24 maxlen: 24
                          89.40.222.0/23 maxlen: 24
                          92.114.54.0/24 maxlen: 24
                          31.14.228.0/22 maxlen: 24
                          89.46.232.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:82:da:13:a7:d4:5f:f3:9e:5d:3e:db:b3:6d:47:5e:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Feb 24 09:56:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=17c7eb5f63b5c05ca746b1485857c309da18c47a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:da:02:ee:0d:b5:c9:2e:ac:da:9f:d5:9d:5b:
                    06:71:b2:6a:c5:a7:57:64:4c:bb:d5:71:ae:90:28:
                    73:31:b5:72:a9:32:71:9a:f9:65:49:e9:a4:00:b4:
                    b1:e1:25:ae:39:e6:fb:57:15:31:74:5f:08:f5:d8:
                    9e:21:77:74:38:c3:ab:83:a1:5a:e7:de:e4:17:79:
                    80:dc:39:b8:ab:be:0d:9e:b4:49:10:84:8a:05:fc:
                    23:11:7f:64:70:0d:14:a8:25:ae:70:eb:40:79:0a:
                    e5:d8:d5:96:2d:3c:fb:6b:0a:2c:b8:5d:7d:1d:7c:
                    44:8e:82:ac:68:cc:8a:5d:31:c1:d2:f1:0a:bd:ca:
                    45:63:f8:e3:0e:fc:57:a6:67:51:0d:53:ba:39:fe:
                    a6:8a:b1:06:c5:9a:e0:84:8f:b0:80:4a:e4:5f:8f:
                    30:c1:25:24:bd:b1:7f:3b:b7:e6:5d:bf:65:35:1e:
                    f7:c8:cb:f5:be:fa:e1:37:64:7c:0b:c6:13:e5:6a:
                    8f:ed:02:65:02:a5:e8:c4:77:cb:30:f5:6f:2f:d6:
                    8a:8f:36:96:7d:3a:fa:f9:e6:09:2d:c1:57:49:2c:
                    0d:d3:4a:9a:b3:a2:95:31:41:25:f1:fe:89:6c:c5:
                    c0:8e:ac:db:89:a7:05:68:62:83:28:6d:0d:70:e4:
                    9e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:C7:EB:5F:63:B5:C0:5C:A7:46:B1:48:58:57:C3:09:DA:18:C4:7A
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/F8frX2O1wFynRrFIWFfDCdoYxHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.228.0/22
                  86.105.144.0/22
                  89.35.124.0/23
                  89.40.222.0/23
                  89.45.162.0/24
                  89.46.128.0/22
                  89.46.232.0/21
                  92.114.32.0/24
                  92.114.54.0/24
                  94.177.28.0/24
                  185.18.224.0/23
                  188.213.212.0/24
                  188.213.216.0/24
                  188.215.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:a8:2f:a6:3e:cf:c5:29:53:a3:2b:e4:fc:0f:18:4f:31:17:
         9c:1c:dc:b7:c9:61:ba:bd:9b:a7:1f:4a:df:7b:68:ae:4c:29:
         68:77:f6:2f:96:8e:cf:78:9a:10:32:e1:de:9b:c6:bf:78:9e:
         32:e2:bb:91:e2:6a:e8:9c:66:d2:95:fb:f9:37:50:dc:0d:73:
         2c:b5:9a:cd:d6:49:5e:4b:7d:f3:bf:fc:5c:12:e5:9a:d0:78:
         cc:12:9b:83:32:20:6b:dc:82:2b:0c:70:9b:f0:00:78:2d:dc:
         8d:34:15:f0:d7:5e:4d:ea:35:9e:bc:45:c1:1f:d9:92:5c:6b:
         29:fd:12:36:d4:b3:1e:7f:14:40:40:8b:d3:4e:d8:dc:37:9e:
         ec:72:22:78:07:21:b5:6b:0e:fa:b0:24:7d:d0:c9:ac:b6:9f:
         78:36:9a:42:5e:ac:e0:d1:9a:74:4f:06:57:d1:db:85:75:7b:
         30:5e:81:40:81:98:35:67:6a:ea:51:2a:bc:ec:bb:13:f9:05:
         3c:b9:20:81:99:c0:86:b3:f2:74:84:17:0b:2b:3a:1e:a1:6d:
         bc:61:b4:97:ea:d8:52:58:a7:e7:13:dc:1a:ac:fb:5d:50:9e:
         de:58:97:19:6c:71:43:b5:8d:36:c3:79:37:b5:b2:23:24:90:
         9b:17:14:4f
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYaC2hOn1F/znl0+27NtR16rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMwMjI0MDk1NjE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2M3ZWI1ZjYzYjVjMDVjYTc0NmIxNDg1ODU3YzMwOWRhMThjNDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9oC7g21yS6s2p/VnVsGcbJqxadX
ZEy71XGukChzMbVyqTJxmvllSemkALSx4SWuOeb7VxUxdF8I9dieIXd0OMOrg6Fa
597kF3mA3Dm4q74NnrRJEISKBfwjEX9kcA0UqCWucOtAeQrl2NWWLTz7awosuF19
HXxEjoKsaMyKXTHB0vEKvcpFY/jjDvxXpmdRDVO6Of6mirEGxZrghI+wgErkX48w
wSUkvbF/O7fmXb9lNR73yMv1vvrhN2R8C8YT5WqP7QJlAqXoxHfLMPVvL9aKjzaW
fTr6+eYJLcFXSSwN00qas6KVMUEl8f6JbMXAjqzbiacFaGKDKG0NcOSetQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFBfH619jtcBcp0axSFhXwwnaGMR6MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0Y4ZnJYMk8xd0Z5blJyRklXRmZEQ2RvWXhIby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwbQYIKwYBBQUHAQcBAf8EXjBcMFoEAgABMFQDBAIfDuQD
BAJWaZADBAFZI3wDBAFZKN4DBABZLaIDBAJZLoADBANZLugDBABcciADBABccjYD
BABesRwDBAG5EuADBAC81dQDBAC81dgDBAK81ygwDQYJKoZIhvcNAQELBQADggEB
AJOoL6Y+z8UpU6Mr5PwPGE8xF5wc3LfJYbq9m6cfSt97aK5MKWh39i+Wjs94mhAy
4d6bxr94njLiu5HiauicZtKV+/k3UNwNcyy1ms3WSV5LffO//FwS5ZrQeMwSm4My
IGvcgisMcJvwAHgt3I00FfDXXk3qNZ68RcEf2ZJcayn9EjbUsx5/FEBAi9NO2Nw3
nuxyIngHIbVrDvqwJH3Qyay2n3g2mkJerODRmnRPBlfR24V1ezBegUCBmDVnaupR
KrzsuxP5BTy5IIGZwIaz8nSEFwsrOh6hbbxhtJfq2FJYp+cT3Bqs+11Qnt5Ylxls
cUO1jTbDeTe1siMkkJsXFE8=
-----END CERTIFICATE-----