Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/oLVS2DwYn5ki3ggdVvv0Ktvye3c.roa
File:                     oLVS2DwYn5ki3ggdVvv0Ktvye3c.roa (raw, json)
Hash identifier:          Prsp+r9DhxXTW7VtgoRRGHTXtkXBsCnstyvGgvblfI8=
Subject key identifier:   A0:B5:52:D8:3C:18:9F:99:22:DE:08:1D:56:FB:F4:2A:DB:F2:7B:77
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       0188D7C926976ACCEAAA4D28BE22AE93F2DB
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/oLVS2DwYn5ki3ggdVvv0Ktvye3c.roa
Signing time:             Tue 20 Jun 2023 07:51:03 +0000
ROA not before:           Tue 20 Jun 2023 07:51:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12325
IP address blocks:        89.39.94.0/23 maxlen: 24
                          89.39.123.0/24 maxlen: 24
                          185.18.224.0/23 maxlen: 24
                          89.45.228.0/24 maxlen: 24
                          188.215.40.0/22 maxlen: 24
                          89.40.222.0/23 maxlen: 24
                          93.115.108.0/24 maxlen: 24
                          46.102.104.0/24 maxlen: 24
                          89.35.124.0/23 maxlen: 24
                          89.46.232.0/21 maxlen: 24
                          89.46.128.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:d7:c9:26:97:6a:cc:ea:aa:4d:28:be:22:ae:93:f2:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jun 20 07:51:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a0b552d83c189f9922de081d56fbf42adbf27b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e6:54:78:c6:3e:08:e0:56:37:78:4d:67:37:
                    8d:df:3e:dd:e1:5b:cc:7b:b1:d2:cc:a5:a6:74:65:
                    d0:27:1f:81:50:9d:fb:a6:3a:bf:ef:a6:d9:ed:74:
                    a4:db:30:b3:c2:48:5d:b1:f2:c5:43:c7:b9:bc:fc:
                    f7:cd:0d:3b:f3:46:7b:63:a5:ee:ac:0e:40:5d:da:
                    0a:8d:6a:74:2d:2a:25:7f:8c:5a:0f:37:d2:e5:c5:
                    ad:a6:b3:7c:af:7b:02:8b:57:98:25:22:bd:02:a3:
                    6b:34:c9:ea:fc:07:7d:44:9c:1c:4b:fc:3c:9d:0e:
                    8c:00:27:37:03:94:ff:41:eb:dd:9c:45:dc:02:a6:
                    0b:da:79:ce:1b:ec:1d:65:d4:ca:0a:18:37:33:8f:
                    b3:4d:a9:4a:00:eb:58:4a:61:47:8d:da:1f:de:dc:
                    c5:90:2d:56:83:d2:8d:e2:4b:9c:78:48:55:ef:c6:
                    b1:69:9a:79:ef:8a:df:50:5d:43:79:45:7d:24:5c:
                    59:61:45:bc:fe:c3:b0:b8:93:fa:9c:da:0e:97:16:
                    e4:77:39:43:08:36:43:bc:c0:7e:af:ab:7d:45:15:
                    eb:03:0c:e0:f0:8b:b7:35:ec:91:fc:1c:91:12:23:
                    f5:25:e5:e0:1f:5c:8f:61:78:bd:e0:b7:ba:37:0c:
                    b4:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:B5:52:D8:3C:18:9F:99:22:DE:08:1D:56:FB:F4:2A:DB:F2:7B:77
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/oLVS2DwYn5ki3ggdVvv0Ktvye3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.104.0/24
                  89.35.124.0/23
                  89.39.94.0/23
                  89.39.123.0/24
                  89.40.222.0/23
                  89.45.228.0/24
                  89.46.128.0/22
                  89.46.232.0/21
                  93.115.108.0/24
                  185.18.224.0/23
                  188.215.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:81:2f:48:1c:d9:4d:50:a5:4a:c3:d3:29:31:7d:62:fc:29:
         73:22:14:67:0e:fd:d8:a1:c1:eb:93:f0:f3:1e:a8:e6:be:cf:
         94:9f:60:8c:39:f2:ca:f2:1d:6c:b8:34:83:9f:0d:5e:bb:55:
         ee:47:5a:bf:21:fc:33:55:fe:bb:a9:81:08:4f:54:3f:37:a2:
         3f:58:40:e6:bd:4c:01:9e:cd:2d:50:29:38:67:f9:64:71:9e:
         d4:d1:5f:c5:55:9b:c5:f4:f7:8d:4b:6d:ed:ec:5b:55:91:2b:
         c1:d3:2c:9b:73:a4:f7:ab:b2:7a:81:60:65:62:f3:fd:b1:2d:
         fc:22:a2:e4:34:4e:4d:2f:82:41:a8:36:4a:be:90:6e:3a:90:
         fe:82:d7:87:eb:33:a5:63:2f:a3:f5:b4:00:ab:c8:c9:f4:a2:
         c9:ba:e5:b0:35:55:6c:03:be:d6:5a:7a:a6:ad:96:e0:8d:8c:
         8d:df:4d:81:5b:2b:a0:1c:84:5a:a7:0f:19:b8:83:b1:69:38:
         3f:38:28:7e:8c:74:a2:40:2c:b3:bb:e6:17:e9:f5:99:2b:03:
         39:2b:af:24:6e:73:7e:17:f6:38:cc:e7:de:e4:23:ae:eb:fc:
         e4:3b:f4:d6:b3:5a:0f:a1:3b:18:6f:94:fd:d8:19:88:74:65:
         e6:64:81:34
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYjXySaXaszqqk0oviKuk/LbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMwNjIwMDc1MTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGI1NTJkODNjMTg5Zjk5MjJkZTA4MWQ1NmZiZjQyYWRiZjI3Yjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOZUeMY+COBWN3hNZzeN3z7d4VvM
e7HSzKWmdGXQJx+BUJ37pjq/76bZ7XSk2zCzwkhdsfLFQ8e5vPz3zQ0780Z7Y6Xu
rA5AXdoKjWp0LSolf4xaDzfS5cWtprN8r3sCi1eYJSK9AqNrNMnq/Ad9RJwcS/w8
nQ6MACc3A5T/QevdnEXcAqYL2nnOG+wdZdTKChg3M4+zTalKAOtYSmFHjdof3tzF
kC1Wg9KN4kuceEhV78axaZp574rfUF1DeUV9JFxZYUW8/sOwuJP6nNoOlxbkdzlD
CDZDvMB+r6t9RRXrAwzg8Iu3NeyR/ByREiP1JeXgH1yPYXi94Le6Nwy0YwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFKC1Utg8GJ+ZIt4IHVb79Crb8nt3MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL29MVlMyRHdZbjVraTNnZ2RWdnYwS3R2eWUzYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwWwYIKwYBBQUHAQcBAf8ETDBKMEgEAgABMEIDBAAuZmgD
BAFZI3wDBAFZJ14DBABZJ3sDBAFZKN4DBABZLeQDBAJZLoADBANZLugDBABdc2wD
BAG5EuADBAK81ygwDQYJKoZIhvcNAQELBQADggEBAFiBL0gc2U1QpUrD0ykxfWL8
KXMiFGcO/dihweuT8PMeqOa+z5SfYIw58sryHWy4NIOfDV67Ve5HWr8h/DNV/rup
gQhPVD83oj9YQOa9TAGezS1QKThn+WRxntTRX8VVm8X0941Lbe3sW1WRK8HTLJtz
pPersnqBYGVi8/2xLfwiouQ0Tk0vgkGoNkq+kG46kP6C14frM6VjL6P1tACryMn0
osm65bA1VWwDvtZaeqatluCNjI3fTYFbK6AchFqnDxm4g7FpOD84KH6MdKJALLO7
5hfp9ZkrAzkrryRuc34X9jjM597kI67r/OQ79NazWg+hOxhvlP3YGYh0ZeZkgTQ=
-----END CERTIFICATE-----