Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sPclCF_y8TDiZJ5z8bCd4h33aoA.roa
File:                     sPclCF_y8TDiZJ5z8bCd4h33aoA.roa (raw, json)
Hash identifier:          myJJjnmCOKAXFirvgmJpl/fjLkPYkBDNmdUY6B9Iexc=
Subject key identifier:   B0:F7:25:08:5F:F2:F1:30:E2:64:9E:73:F1:B0:9D:E2:1D:F7:6A:80
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0189256A9D39DA95B1601F86581F43AE0105
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sPclCF_y8TDiZJ5z8bCd4h33aoA.roa
Signing time:             Wed 05 Jul 2023 09:38:11 +0000
ROA not before:           Wed 05 Jul 2023 09:38:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     213035
IP address blocks:        212.193.31.0/24 maxlen: 24
                          193.124.227.0/24 maxlen: 24
                          212.193.29.0/24 maxlen: 24
                          212.193.28.0/24 maxlen: 24
                          195.133.16.0/24 maxlen: 24
                          212.192.218.0/24 maxlen: 24
                          212.192.216.0/24 maxlen: 24
                          195.133.17.0/24 maxlen: 24
                          212.192.219.0/24 maxlen: 24
                          212.192.217.0/24 maxlen: 24
                          212.192.240.0/24 maxlen: 24
                          192.124.188.0/24 maxlen: 24
                          212.192.243.0/24 maxlen: 24
                          195.133.42.0/24 maxlen: 24
                          195.133.43.0/24 maxlen: 24
                          194.87.84.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:25:6a:9d:39:da:95:b1:60:1f:86:58:1f:43:ae:01:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  5 09:38:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b0f725085ff2f130e2649e73f1b09de21df76a80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d6:86:9a:4c:d0:74:95:04:89:6e:94:c9:3b:
                    44:50:56:d0:fe:26:0b:83:ec:a2:e4:bd:2f:31:6b:
                    f5:0a:2d:6d:c4:e1:ef:bf:43:0d:06:2b:4c:d0:41:
                    05:b2:a3:fa:be:41:0a:b1:14:fc:0b:8f:a2:da:d5:
                    7d:9f:b0:99:8c:7b:62:23:3d:ab:2d:56:08:91:94:
                    04:ff:92:e8:78:b8:eb:63:8e:1d:b7:8a:91:08:e4:
                    36:c1:7a:13:aa:5b:fc:b2:e0:e3:12:ff:e9:63:35:
                    fe:a6:44:60:e0:a9:c8:95:7a:3b:30:65:a9:86:01:
                    e0:4f:f6:f3:e0:95:8b:b2:81:83:d0:84:29:50:b4:
                    1a:f4:fb:d3:3c:71:b8:3d:8e:1f:9b:89:a1:06:2a:
                    93:1b:e5:5c:ef:00:6b:38:58:92:c9:70:3a:99:24:
                    a1:a3:33:29:b7:68:4b:e4:b7:ae:a3:ba:92:4b:32:
                    55:46:d0:44:e6:40:3b:45:b9:5a:79:8e:82:a4:b2:
                    ba:22:64:64:60:5c:dd:80:1c:be:7c:8f:f1:e4:8a:
                    0d:10:fc:59:c3:1d:ab:1c:7a:51:81:d9:38:fd:14:
                    aa:a0:dd:05:df:6f:9a:91:0f:7d:46:01:9f:4d:16:
                    80:4e:1f:11:57:02:86:00:a4:d8:a3:17:6c:8c:d9:
                    77:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F7:25:08:5F:F2:F1:30:E2:64:9E:73:F1:B0:9D:E2:1D:F7:6A:80
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sPclCF_y8TDiZJ5z8bCd4h33aoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.188.0/24
                  193.124.227.0/24
                  194.87.84.0/24
                  195.133.16.0/23
                  195.133.42.0/23
                  212.192.216.0/22
                  212.192.240.0/24
                  212.192.243.0/24
                  212.193.28.0/23
                  212.193.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:7a:50:62:3a:70:83:b7:80:56:19:61:56:3b:15:40:63:df:
         f2:f8:b9:7f:6a:e6:2e:36:7c:47:81:ca:87:19:55:9c:c9:17:
         a8:bc:a1:90:b2:c3:64:79:92:72:1e:0c:f9:b5:5f:9b:d8:46:
         50:bd:06:63:09:5b:a8:45:09:78:c2:9e:cf:54:5a:40:44:71:
         b9:25:27:19:09:96:c8:7e:99:47:1c:f5:fa:f4:fb:8b:d7:9e:
         04:8e:55:f7:b2:1e:a9:41:58:99:d3:f6:cc:6b:0b:7f:c8:fa:
         a2:8f:40:c3:5f:44:a9:b5:b4:95:ad:fa:9a:46:ea:09:7c:cf:
         cd:15:98:e5:b2:57:e3:a3:5e:0e:a9:fb:ab:f2:29:c0:58:72:
         ea:f8:d5:f1:0b:13:10:b7:39:30:6b:4c:ea:51:3f:ad:97:e4:
         b5:9d:6b:56:6c:46:f2:11:7c:c2:8a:2c:42:f6:bc:3f:6a:f4:
         15:d0:d7:50:a1:63:82:1a:73:89:d2:00:a7:a8:2a:fc:94:f9:
         9c:5e:f1:96:02:32:88:a4:9d:9e:27:56:91:82:96:b8:77:b3:
         6f:99:1a:19:dc:d3:58:6d:6b:35:1a:04:85:65:ad:d8:12:ee:
         2a:ca:58:4c:b0:10:5e:1b:c9:5a:9d:62:7d:7d:b9:a6:db:98:
         f0:83:51:c8
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYklap052pWxYB+GWB9DrgEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNzA1MDkzODExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGY3MjUwODVmZjJmMTMwZTI2NDllNzNmMWIwOWRlMjFkZjc2YTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtaGmkzQdJUEiW6UyTtEUFbQ/iYL
g+yi5L0vMWv1Ci1txOHvv0MNBitM0EEFsqP6vkEKsRT8C4+i2tV9n7CZjHtiIz2r
LVYIkZQE/5LoeLjrY44dt4qRCOQ2wXoTqlv8suDjEv/pYzX+pkRg4KnIlXo7MGWp
hgHgT/bz4JWLsoGD0IQpULQa9PvTPHG4PY4fm4mhBiqTG+Vc7wBrOFiSyXA6mSSh
ozMpt2hL5Leuo7qSSzJVRtBE5kA7RblaeY6CpLK6ImRkYFzdgBy+fI/x5IoNEPxZ
wx2rHHpRgdk4/RSqoN0F32+akQ99RgGfTRaATh8RVwKGAKTYoxdsjNl3KwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFLD3JQhf8vEw4mSec/GwneId92qAMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvc1BjbENGX3k4VERpWko1ejhiQ2Q0aDMzYW9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwHy8AwQA
wXzjAwQAwldUAwQBw4UQAwQBw4UqAwQC1MDYAwQA1MDwAwQA1MDzAwQB1MEcAwQA
1MEfMA0GCSqGSIb3DQEBCwUAA4IBAQCEelBiOnCDt4BWGWFWOxVAY9/y+Ll/auYu
NnxHgcqHGVWcyReovKGQssNkeZJyHgz5tV+b2EZQvQZjCVuoRQl4wp7PVFpARHG5
JScZCZbIfplHHPX69PuL154EjlX3sh6pQViZ0/bMawt/yPqij0DDX0SptbSVrfqa
RuoJfM/NFZjlslfjo14Oqfur8inAWHLq+NXxCxMQtzkwa0zqUT+tl+S1nWtWbEby
EXzCiixC9rw/avQV0NdQoWOCGnOJ0gCnqCr8lPmcXvGWAjKIpJ2eJ1aRgpa4d7Nv
mRoZ3NNYbWs1GgSFZa3YEu4qylhMsBBeG8lanWJ9fbmm25jwg1HI
-----END CERTIFICATE-----