Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/oJdPQRU-0ZAwRgPqXEAbYg2hGrk.roa
File:                     oJdPQRU-0ZAwRgPqXEAbYg2hGrk.roa (raw, json)
Hash identifier:          Zo8Ba+fpUZVjsIVsb1PcqfrXYMsnnW/ZuCb8Rp+LBiI=
Subject key identifier:   A0:97:4F:41:15:3E:D1:90:30:46:03:EA:5C:40:1B:62:0D:A1:1A:B9
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01833BF8F4587D96259729151C1781568956
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/oJdPQRU-0ZAwRgPqXEAbYg2hGrk.roa
Signing time:             Wed 14 Sep 2022 12:28:34 +0000
ROA not before:           Wed 14 Sep 2022 12:28:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12325
IP address blocks:        94.177.28.0/24 maxlen: 24
                          89.35.124.0/23 maxlen: 24
                          128.0.45.0/24 maxlen: 24
                          89.46.42.0/24 maxlen: 24
                          188.208.196.0/23 maxlen: 23
                          188.213.212.0/24 maxlen: 24
                          188.213.216.0/24 maxlen: 24
                          94.176.213.0/24 maxlen: 24
                          89.47.36.0/24 maxlen: 24
                          92.114.32.0/24 maxlen: 24
                          89.40.222.0/23 maxlen: 24
                          92.114.54.0/24 maxlen: 24
                          89.44.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:3b:f8:f4:58:7d:96:25:97:29:15:1c:17:81:56:89:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Sep 14 12:28:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a0974f41153ed190304603ea5c401b620da11ab9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:62:a8:f5:47:04:d5:67:24:9d:6d:1b:ae:86:
                    b4:c2:1f:43:fa:17:76:ee:58:8e:7b:4d:17:74:cf:
                    71:9a:e3:47:90:41:21:3a:79:23:12:2d:65:56:35:
                    8a:a9:68:ec:96:7f:9f:e6:c9:a7:be:ce:d3:f1:c1:
                    01:78:21:e3:c6:49:d0:79:52:fc:a1:ec:3e:2b:d3:
                    46:64:34:4e:7b:57:3d:0f:23:0d:eb:a0:5b:39:94:
                    3a:ba:eb:0d:d3:75:fc:06:6f:54:98:f6:cb:7e:c5:
                    e6:75:90:cf:62:7e:cb:4b:e6:66:45:06:07:8f:c0:
                    85:3b:38:ff:29:6d:9b:f2:f3:97:63:ef:92:40:ae:
                    c0:29:45:03:3b:a7:f4:9f:ec:8f:7d:b3:39:2b:a0:
                    3a:94:78:17:02:2b:2c:b1:2b:c5:c9:ea:f9:b0:6f:
                    d0:a5:f9:df:68:79:27:73:bb:87:a0:d7:ac:f8:d6:
                    f8:b0:23:74:ff:86:e7:75:78:07:15:15:41:c1:b0:
                    3f:93:c5:5d:bb:bc:17:46:89:61:9f:37:d0:5f:3c:
                    58:dd:2c:41:8d:bf:f8:ca:82:01:38:60:2d:a3:fb:
                    8c:a6:cf:f5:82:27:1d:0b:d8:5c:8a:90:43:1c:88:
                    35:14:18:44:28:38:2e:ec:4b:8e:08:12:36:d4:97:
                    4b:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:97:4F:41:15:3E:D1:90:30:46:03:EA:5C:40:1B:62:0D:A1:1A:B9
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/oJdPQRU-0ZAwRgPqXEAbYg2hGrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.124.0/23
                  89.40.222.0/23
                  89.44.105.0/24
                  89.46.42.0/24
                  89.47.36.0/24
                  92.114.32.0/24
                  92.114.54.0/24
                  94.176.213.0/24
                  94.177.28.0/24
                  128.0.45.0/24
                  188.208.196.0/23
                  188.213.212.0/24
                  188.213.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         db:b2:29:58:5d:3a:26:53:16:a6:70:0a:94:2c:fe:ff:cb:88:
         bb:33:0c:e8:b8:af:92:4a:57:fc:4c:02:42:02:2a:92:16:9d:
         49:70:e0:42:36:96:44:65:a9:38:a8:f9:be:52:5a:26:75:00:
         5f:16:82:b8:f0:8c:02:ec:a9:0f:e1:22:6d:c5:49:c5:7d:1f:
         f4:dd:45:c5:9f:69:41:bb:5d:ec:4e:24:a7:15:95:d8:60:d0:
         38:83:8f:f5:be:2c:81:e7:a7:89:d3:48:cc:57:38:cd:ae:bd:
         0d:dd:21:6d:8d:dd:02:70:84:72:91:9b:1b:5d:0c:81:97:c5:
         26:92:51:00:93:0d:84:04:88:fb:2d:fc:19:e2:46:8f:17:2f:
         d0:ec:ea:a7:60:49:19:55:b6:23:2f:9f:ec:a2:4f:c1:b1:42:
         61:87:65:be:73:f9:e2:c1:45:15:88:08:c6:03:1b:5a:ba:50:
         42:6f:e7:0a:bc:21:95:4d:1a:ce:0b:76:17:6f:32:84:d9:05:
         c4:75:31:af:3e:65:91:fd:71:1e:ee:a7:e4:cc:7c:75:89:16:
         2d:dc:93:41:2e:c9:eb:89:42:51:49:3f:ff:6f:48:03:5f:5e:
         2e:91:b9:83:8e:fe:e5:92:50:c4:38:25:41:de:34:20:71:b4:
         05:fe:a5:3a
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYM7+PRYfZYllykVHBeBVolWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjIwOTE0MTIyODM0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDk3NGY0MTE1M2VkMTkwMzA0NjAzZWE1YzQwMWI2MjBkYTExYWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2Ko9UcE1WcknW0broa0wh9D+hd2
7liOe00XdM9xmuNHkEEhOnkjEi1lVjWKqWjsln+f5smnvs7T8cEBeCHjxknQeVL8
oew+K9NGZDROe1c9DyMN66BbOZQ6uusN03X8Bm9UmPbLfsXmdZDPYn7LS+ZmRQYH
j8CFOzj/KW2b8vOXY++SQK7AKUUDO6f0n+yPfbM5K6A6lHgXAisssSvFyer5sG/Q
pfnfaHknc7uHoNes+Nb4sCN0/4bndXgHFRVBwbA/k8Vdu7wXRolhnzfQXzxY3SxB
jb/4yoIBOGAto/uMps/1gicdC9hcipBDHIg1FBhEKDgu7EuOCBI21JdLlwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFKCXT0EVPtGQMEYD6lxAG2INoRq5MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL29KZFBRUlUtMFpBd1JnUHFYRUFiWWcyaEdyay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwZwYIKwYBBQUHAQcBAf8EWDBWMFQEAgABME4DBAFZI3wD
BAFZKN4DBABZLGkDBABZLioDBABZLyQDBABcciADBABccjYDBABesNUDBABesRwD
BACAAC0DBAG80MQDBAC81dQDBAC81dgwDQYJKoZIhvcNAQELBQADggEBANuyKVhd
OiZTFqZwCpQs/v/LiLszDOi4r5JKV/xMAkICKpIWnUlw4EI2lkRlqTio+b5SWiZ1
AF8WgrjwjALsqQ/hIm3FScV9H/TdRcWfaUG7XexOJKcVldhg0DiDj/W+LIHnp4nT
SMxXOM2uvQ3dIW2N3QJwhHKRmxtdDIGXxSaSUQCTDYQEiPst/BniRo8XL9Ds6qdg
SRlVtiMvn+yiT8GxQmGHZb5z+eLBRRWICMYDG1q6UEJv5wq8IZVNGs4LdhdvMoTZ
BcR1Ma8+ZZH9cR7up+TMfHWJFi3ck0EuyeuJQlFJP/9vSANfXi6RuYOO/uWSUMQ4
JUHeNCBxtAX+pTo=
-----END CERTIFICATE-----