Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/0ba4ElPPLoozeESl9dBUEChpYZc.roa
File:                     0ba4ElPPLoozeESl9dBUEChpYZc.roa (raw, json)
Hash identifier:          7iNcawSOhIDXoPoTTNHZBCjkNM36B6Hzr/ycOXd6gw8=
Subject key identifier:   D1:B6:B8:12:53:CF:2E:8A:33:78:44:A5:F5:D0:54:10:28:69:61:97
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018A845669B3EDADBA2D8273C73D90AE9E25
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/0ba4ElPPLoozeESl9dBUEChpYZc.roa
Signing time:             Mon 11 Sep 2023 13:02:50 +0000
ROA not before:           Mon 11 Sep 2023 13:02:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21082
IP address blocks:        193.124.4.0/24 maxlen: 24
                          194.87.2.0/24 maxlen: 24
                          194.87.221.0/24 maxlen: 24
                          195.133.94.0/24 maxlen: 24
                          194.87.30.0/24 maxlen: 24
                          212.192.215.0/24 maxlen: 24
                          212.192.8.0/24 maxlen: 24
                          192.124.183.0/24 maxlen: 24
                          212.192.248.0/24 maxlen: 24
                          212.192.253.0/24 maxlen: 24
                          194.87.142.0/24 maxlen: 24
                          212.192.212.0/24 maxlen: 24
                          194.87.143.0/24 maxlen: 24
                          194.87.44.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:84:56:69:b3:ed:ad:ba:2d:82:73:c7:3d:90:ae:9e:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 11 13:02:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d1b6b81253cf2e8a337844a5f5d0541028696197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:33:e0:86:89:df:c9:da:8d:b8:f5:54:ea:8d:
                    9a:bc:6b:da:ac:dc:51:cd:d6:27:a0:96:d8:b2:30:
                    55:15:6e:75:78:a1:0c:af:95:d9:a7:86:60:2e:a1:
                    70:04:85:b2:58:c5:91:67:1b:74:e3:00:e6:f9:1a:
                    f3:73:94:6f:2e:83:74:20:e5:10:cb:3e:47:8d:2f:
                    de:0e:01:18:ff:9e:00:05:32:b4:8a:4a:19:bb:07:
                    64:ad:84:5d:ae:c0:66:0e:dc:58:c2:0a:39:e3:b4:
                    ea:af:b9:be:c2:7c:45:4f:0d:e4:1d:e0:c4:05:86:
                    b8:96:31:cd:bd:a0:89:1e:69:d1:0f:8b:38:01:d7:
                    6e:90:79:13:dd:7f:f9:b2:31:32:8c:91:49:48:b8:
                    5f:3e:95:ac:69:29:2e:f0:42:a1:fb:9f:19:53:2f:
                    55:cd:3b:65:85:9f:33:8c:9b:5b:e2:1b:15:80:82:
                    e1:27:ed:c9:8b:cb:e6:e2:ad:10:3c:92:81:d5:6c:
                    ec:a1:2a:91:6c:4c:2e:d0:46:66:65:f8:94:2a:f2:
                    4d:94:ed:cf:8b:6e:67:e1:39:20:48:bd:39:52:05:
                    ab:a0:16:03:fc:58:d8:77:ce:d4:a6:f1:db:04:26:
                    10:51:af:64:2b:e7:98:13:f2:04:b0:bb:bb:94:f8:
                    c8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B6:B8:12:53:CF:2E:8A:33:78:44:A5:F5:D0:54:10:28:69:61:97
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/0ba4ElPPLoozeESl9dBUEChpYZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.183.0/24
                  193.124.4.0/24
                  194.87.2.0/24
                  194.87.30.0/24
                  194.87.44.0/24
                  194.87.142.0/23
                  194.87.221.0/24
                  195.133.94.0/24
                  212.192.8.0/24
                  212.192.212.0/24
                  212.192.215.0/24
                  212.192.248.0/24
                  212.192.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:f5:2d:99:9c:b2:b0:c1:40:ee:4e:a1:d3:12:b2:96:be:3b:
         3e:0f:4a:49:11:9b:e1:23:e6:c8:f0:c9:2b:db:9f:7e:36:6b:
         53:b6:5b:8b:af:f8:04:cd:e7:e9:8f:9a:0a:89:a4:c4:75:e9:
         77:ab:94:3d:a9:0b:0f:d3:65:be:26:f5:a9:a3:97:a5:45:a5:
         e1:b0:a3:c2:3f:55:61:e3:a7:ad:3b:65:cb:4e:9c:45:06:41:
         bc:c5:e9:59:d7:64:61:48:55:78:aa:d8:05:cc:58:b1:8f:73:
         36:f5:90:69:11:59:3b:51:7c:8a:44:c9:cc:62:b8:24:23:d6:
         9e:cd:78:56:81:c4:9c:f6:25:18:be:0c:51:18:04:44:4b:17:
         30:c2:1f:7d:bf:90:83:5b:d6:27:92:4c:76:67:e9:3c:72:14:
         38:0b:6e:fb:d3:33:95:35:4c:10:62:62:8e:84:c5:1f:7d:25:
         32:f1:94:b1:2a:57:24:a8:b4:9e:3e:6c:16:f7:96:8b:f1:0a:
         03:19:49:08:cb:e0:3f:ed:73:f6:3c:f8:0b:ce:7e:cb:d7:5f:
         8c:45:55:3e:bb:4a:f7:2a:34:00:04:3c:15:ae:29:06:9a:c2:
         20:0e:cf:df:ff:35:7a:38:11:42:15:d9:81:0a:53:f9:95:99:
         5b:50:b3:f2
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYqEVmmz7a26LYJzxz2Qrp4lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwOTExMTMwMjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWI2YjgxMjUzY2YyZThhMzM3ODQ0YTVmNWQwNTQxMDI4Njk2MTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDPghonfydqNuPVU6o2avGvarNxR
zdYnoJbYsjBVFW51eKEMr5XZp4ZgLqFwBIWyWMWRZxt04wDm+Rrzc5RvLoN0IOUQ
yz5HjS/eDgEY/54ABTK0ikoZuwdkrYRdrsBmDtxYwgo547Tqr7m+wnxFTw3kHeDE
BYa4ljHNvaCJHmnRD4s4AddukHkT3X/5sjEyjJFJSLhfPpWsaSku8EKh+58ZUy9V
zTtlhZ8zjJtb4hsVgILhJ+3Ji8vm4q0QPJKB1WzsoSqRbEwu0EZmZfiUKvJNlO3P
i25n4TkgSL05UgWroBYD/FjYd87UpvHbBCYQUa9kK+eYE/IEsLu7lPjIzwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFNG2uBJTzy6KM3hEpfXQVBAoaWGXMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMGJhNEVsUFBMb296ZUVTbDlkQlVFQ2hwWVpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQAwHy3AwQA
wXwEAwQAwlcCAwQAwlceAwQAwlcsAwQBwleOAwQAwlfdAwQAw4VeAwQA1MAIAwQA
1MDUAwQA1MDXAwQA1MD4AwQA1MD9MA0GCSqGSIb3DQEBCwUAA4IBAQBD9S2ZnLKw
wUDuTqHTErKWvjs+D0pJEZvhI+bI8Mkr259+NmtTtluLr/gEzefpj5oKiaTEdel3
q5Q9qQsP02W+JvWpo5elRaXhsKPCP1Vh46etO2XLTpxFBkG8xelZ12RhSFV4qtgF
zFixj3M29ZBpEVk7UXyKRMnMYrgkI9aezXhWgcSc9iUYvgxRGARESxcwwh99v5CD
W9Ynkkx2Z+k8chQ4C2770zOVNUwQYmKOhMUffSUy8ZSxKlckqLSePmwW95aL8QoD
GUkIy+A/7XP2PPgLzn7L11+MRVU+u0r3KjQABDwVrikGmsIgDs/f/zV6OBFCFdmB
ClP5lZlbULPy
-----END CERTIFICATE-----