Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/d_DRhdDOZLGGBDTJ7IkWjWwjKl4.roa
File:                     d_DRhdDOZLGGBDTJ7IkWjWwjKl4.roa (raw, json)
Hash identifier:          NfRZ6evcpJUGA4UK0RmX+CYrkDTpKGu3+G1HwXQz9GM=
Subject key identifier:   77:F0:D1:85:D0:CE:64:B1:86:04:34:C9:EC:89:16:8D:6C:23:2A:5E
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018741C85514D687C0B2BF4B8E2AA9FF8C37
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/d_DRhdDOZLGGBDTJ7IkWjWwjKl4.roa
Signing time:             Sun 02 Apr 2023 11:44:20 +0000
ROA not before:           Sun 02 Apr 2023 11:44:20 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12325
IP address blocks:        94.177.28.0/24 maxlen: 24
                          86.105.144.0/22 maxlen: 24
                          185.18.224.0/23 maxlen: 24
                          86.106.26.0/24 maxlen: 24
                          93.115.108.0/24 maxlen: 24
                          89.35.124.0/23 maxlen: 24
                          93.114.176.0/23 maxlen: 24
                          89.46.128.0/22 maxlen: 24
                          89.39.94.0/23 maxlen: 24
                          94.177.144.0/24 maxlen: 24
                          89.39.123.0/24 maxlen: 24
                          89.45.228.0/24 maxlen: 24
                          188.215.40.0/22 maxlen: 24
                          89.40.222.0/23 maxlen: 24
                          31.14.228.0/22 maxlen: 24
                          89.46.232.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:41:c8:55:14:d6:87:c0:b2:bf:4b:8e:2a:a9:ff:8c:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Apr  2 11:44:20 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=77f0d185d0ce64b1860434c9ec89168d6c232a5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:7e:37:8a:c0:81:74:1c:03:e6:48:06:6f:57:
                    cb:05:0d:13:36:64:d9:1d:14:1e:64:2a:e9:7a:f1:
                    1d:86:77:32:44:15:f6:b5:7f:4d:9e:64:83:4c:5d:
                    ab:09:66:48:d9:49:63:f8:40:1a:c1:b6:83:06:24:
                    2b:5f:e7:29:16:30:f6:f8:86:41:9a:56:d4:0a:e0:
                    65:c0:56:a6:1c:83:88:ed:9b:5a:18:b5:d6:03:6a:
                    98:88:7f:10:0f:e1:f1:6c:a8:ee:d6:66:7d:96:4c:
                    a1:af:c2:61:97:33:96:22:e6:0e:e9:4a:12:02:95:
                    71:4d:c5:ca:b1:5d:f0:3c:97:ea:b5:35:52:ec:9a:
                    9f:0e:c1:ac:c4:d3:7a:18:39:7c:06:03:4a:aa:42:
                    a0:90:55:a1:11:0f:99:4f:e8:76:fc:31:b7:46:6b:
                    67:77:34:2f:40:00:d9:70:02:84:6d:9e:1d:a3:a8:
                    55:b2:94:88:63:6f:9e:f7:a5:11:95:bd:38:06:b9:
                    e9:9e:f7:0d:27:e1:a7:83:5b:b5:a8:93:fe:b1:e0:
                    18:37:4d:2f:fa:b4:41:52:4f:8c:7a:f6:a0:ce:d5:
                    22:c9:ae:08:16:d8:df:b1:ab:23:de:91:e0:27:9a:
                    c9:91:89:fc:60:f4:2a:5e:d3:61:d3:af:01:4a:c9:
                    8b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:F0:D1:85:D0:CE:64:B1:86:04:34:C9:EC:89:16:8D:6C:23:2A:5E
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/d_DRhdDOZLGGBDTJ7IkWjWwjKl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.228.0/22
                  86.105.144.0/22
                  86.106.26.0/24
                  89.35.124.0/23
                  89.39.94.0/23
                  89.39.123.0/24
                  89.40.222.0/23
                  89.45.228.0/24
                  89.46.128.0/22
                  89.46.232.0/21
                  93.114.176.0/23
                  93.115.108.0/24
                  94.177.28.0/24
                  94.177.144.0/24
                  185.18.224.0/23
                  188.215.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:f5:6e:35:fb:b3:f5:7f:1e:c3:55:ef:c1:b5:ea:43:ac:2b:
         b2:1d:ba:55:76:94:f8:f1:39:1b:36:03:e2:11:90:e1:ff:13:
         ca:e3:de:14:b3:d7:ed:90:a1:81:75:15:ad:73:ff:08:e8:6d:
         62:2f:b8:a8:3d:7c:79:ae:35:4e:90:20:2e:b1:89:81:22:71:
         ae:57:79:a2:d5:f5:7a:50:bb:71:d4:9a:85:4e:2b:d8:12:e7:
         63:b2:03:77:4e:d2:a9:ac:f7:31:03:18:a3:3b:51:d6:a4:6a:
         70:3f:3f:a9:51:57:32:81:e8:a0:3d:5c:44:94:43:d8:bb:21:
         cc:8c:17:78:06:fd:2b:55:e4:f5:69:61:0d:78:0c:75:82:7b:
         e8:cc:25:4a:ce:09:13:da:73:e5:16:1e:86:ec:7e:3d:79:c7:
         ec:b7:d8:b7:b5:98:29:c3:c9:9a:7b:ee:d3:c9:ee:14:88:4c:
         1b:b2:6f:7b:b3:d0:d2:9c:66:59:d1:cf:77:77:bf:4f:e5:ac:
         21:64:dd:a0:07:21:ab:69:91:55:d5:a9:bf:2d:8f:e4:20:a0:
         2d:16:25:e6:2c:13:d8:f6:c1:05:a9:63:db:4f:8f:bd:cc:f0:
         44:f3:96:94:08:ec:52:73:bd:97:04:38:c5:81:9a:10:6b:e5:
         28:e3:43:ad
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYdByFUU1ofAsr9Ljiqp/4w3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMwNDAyMTE0NDIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2YwZDE4NWQwY2U2NGIxODYwNDM0YzllYzg5MTY4ZDZjMjMyYTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo343isCBdBwD5kgGb1fLBQ0TNmTZ
HRQeZCrpevEdhncyRBX2tX9NnmSDTF2rCWZI2Ulj+EAawbaDBiQrX+cpFjD2+IZB
mlbUCuBlwFamHIOI7ZtaGLXWA2qYiH8QD+HxbKju1mZ9lkyhr8JhlzOWIuYO6UoS
ApVxTcXKsV3wPJfqtTVS7JqfDsGsxNN6GDl8BgNKqkKgkFWhEQ+ZT+h2/DG3Rmtn
dzQvQADZcAKEbZ4do6hVspSIY2+e96URlb04BrnpnvcNJ+Gng1u1qJP+seAYN00v
+rRBUk+MevagztUiya4IFtjfsasj3pHgJ5rJkYn8YPQqXtNh068BSsmL6QIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFHfw0YXQzmSxhgQ0yeyJFo1sIypeMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2RfRFJoZERPWkxHR0JEVEo3SWtXald3aktsNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIweQYIKwYBBQUHAQcBAf8EajBoMGYEAgABMGADBAIfDuQD
BAJWaZADBABWahoDBAFZI3wDBAFZJ14DBABZJ3sDBAFZKN4DBABZLeQDBAJZLoAD
BANZLugDBAFdcrADBABdc2wDBABesRwDBABesZADBAG5EuADBAK81ygwDQYJKoZI
hvcNAQELBQADggEBABv1bjX7s/V/HsNV78G16kOsK7IdulV2lPjxORs2A+IRkOH/
E8rj3hSz1+2QoYF1Fa1z/wjobWIvuKg9fHmuNU6QIC6xiYEica5XeaLV9XpQu3HU
moVOK9gS52OyA3dO0qms9zEDGKM7UdakanA/P6lRVzKB6KA9XESUQ9i7IcyMF3gG
/StV5PVpYQ14DHWCe+jMJUrOCRPac+UWHobsfj15x+y32Le1mCnDyZp77tPJ7hSI
TBuyb3uz0NKcZlnRz3d3v0/lrCFk3aAHIatpkVXVqb8tj+QgoC0WJeYsE9j2wQWp
Y9tPj73M8ETzlpQI7FJzvZcEOMWBmhBr5SjjQ60=
-----END CERTIFICATE-----