Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7_SfiNMk84oio-2oLTB-DIm4Waw.roa
File:                     7_SfiNMk84oio-2oLTB-DIm4Waw.roa (raw, json)
Hash identifier:          /AAkkedi4bRcyb6GInJxvYwb5NvYhAH3E+lhmQGSPTo=
Subject key identifier:   EF:F4:9F:88:D3:24:F3:8A:22:A3:ED:A8:2D:30:7E:0C:89:B8:59:AC
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01888F87F6697EFFF439988387B76B73172F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7_SfiNMk84oio-2oLTB-DIm4Waw.roa
Signing time:             Tue 06 Jun 2023 07:07:12 +0000
ROA not before:           Tue 06 Jun 2023 07:07:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        185.218.84.0/22 maxlen: 24
                          94.156.239.0/24 maxlen: 24
                          178.215.236.0/24 maxlen: 24
                          171.22.72.0/22 maxlen: 24
                          147.78.101.0/24 maxlen: 24
                          147.78.100.0/24 maxlen: 24
                          194.48.251.0/24 maxlen: 24
                          92.119.196.0/23 maxlen: 24
                          185.216.84.0/22 maxlen: 24
                          94.103.126.0/24 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          185.219.126.0/24 maxlen: 24
                          45.151.89.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8f:87:f6:69:7e:ff:f4:39:98:83:87:b7:6b:73:17:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun  6 07:07:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eff49f88d324f38a22a3eda82d307e0c89b859ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5d:4b:9a:7a:5c:7c:a2:6d:1f:72:a7:27:f9:
                    67:e3:2a:1e:3a:4a:1f:af:3b:b2:a4:eb:b5:5d:87:
                    05:00:9e:ff:d2:9d:1a:e0:1f:9f:d3:59:ab:c3:e1:
                    2c:9a:8b:f4:aa:85:44:1e:70:1b:46:a6:5e:a4:8a:
                    32:da:4d:a1:a6:83:e5:aa:0e:95:15:42:68:00:91:
                    2a:b0:7d:ed:fc:ab:77:d0:d0:38:f6:a1:f7:f9:bc:
                    4a:8f:58:eb:cf:86:2c:3d:c3:81:67:49:dc:a9:15:
                    5c:d5:73:12:b6:e8:f3:31:c3:39:3b:49:b8:e9:6c:
                    ed:68:e7:ea:62:50:a1:a5:91:b8:c0:d0:1e:75:df:
                    bc:c7:71:24:0c:67:b2:ba:c4:84:44:b5:06:42:80:
                    85:25:37:24:65:cb:ed:2c:0f:e4:0e:77:e4:cc:13:
                    76:a8:48:05:a1:e7:d4:ca:da:28:2c:88:26:c7:ba:
                    07:1a:d6:fe:54:16:58:54:9d:f8:24:a4:54:20:e0:
                    aa:47:22:fe:03:c5:3b:7b:16:5b:fb:a1:99:2a:9f:
                    99:7c:a5:95:48:ca:08:2e:e5:d8:ce:e1:52:25:20:
                    e5:8e:16:ce:b1:da:bf:d2:a3:92:52:08:b3:71:15:
                    af:af:c1:1c:83:39:c2:50:19:95:4c:42:00:70:51:
                    49:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:F4:9F:88:D3:24:F3:8A:22:A3:ED:A8:2D:30:7E:0C:89:B8:59:AC
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7_SfiNMk84oio-2oLTB-DIm4Waw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.89.0/24
                  92.119.196.0/23
                  94.103.126.0/24
                  94.154.161.0-94.154.163.255
                  94.156.239.0/24
                  147.78.100.0/23
                  171.22.72.0/22
                  178.215.236.0/24
                  185.216.84.0/22
                  185.218.84.0/22
                  185.218.137.0/24
                  185.219.126.0/24
                  194.48.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:c8:ce:1a:e1:ef:8c:82:fe:1a:c8:76:ee:8b:cb:10:97:00:
         56:8b:ab:6d:57:7e:e0:bb:44:a1:48:e6:53:40:e9:c7:d1:da:
         a0:f0:e9:a2:2c:32:e5:0b:00:98:d9:6c:e0:6c:02:b9:9c:64:
         94:c7:10:bb:46:47:a6:a2:52:30:08:3f:ed:64:b9:36:e3:59:
         3c:b8:37:41:0b:10:50:7d:9a:28:de:3e:7a:d6:73:d8:6f:cf:
         03:79:85:c7:cb:21:34:02:b8:11:07:7a:5c:4a:c9:7a:ff:ec:
         7b:33:58:43:6c:b6:0e:09:64:a8:68:f5:43:7c:ee:c0:bc:be:
         67:05:15:40:d0:b8:09:82:98:0d:11:5f:50:33:32:e3:94:16:
         e1:13:04:d8:9e:45:27:57:52:0e:7a:02:1f:ae:a6:f8:0f:69:
         aa:1e:b0:3a:03:d0:5b:32:c6:0d:58:9f:bd:ce:a6:08:c0:63:
         1b:67:2e:ee:04:b1:39:d2:69:94:ac:f9:a8:03:2b:bd:ce:73:
         54:1c:28:43:bf:ed:93:80:e8:e1:64:04:3b:ce:c8:d0:90:88:
         2a:4a:9e:44:95:74:ee:eb:ff:b9:9e:b7:1f:90:3e:33:e1:3d:
         7f:20:37:c5:ff:5a:35:84:54:8c:ed:14:b8:30:3a:e7:d8:58:
         d0:f5:d0:6b
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYiPh/Zpfv/0OZiDh7drcxcvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjA2MDcwNzEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmY0OWY4OGQzMjRmMzhhMjJhM2VkYTgyZDMwN2UwYzg5Yjg1OWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF1LmnpcfKJtH3KnJ/ln4yoeOkof
rzuypOu1XYcFAJ7/0p0a4B+f01mrw+Esmov0qoVEHnAbRqZepIoy2k2hpoPlqg6V
FUJoAJEqsH3t/Kt30NA49qH3+bxKj1jrz4YsPcOBZ0ncqRVc1XMStujzMcM5O0m4
6WztaOfqYlChpZG4wNAedd+8x3EkDGeyusSERLUGQoCFJTckZcvtLA/kDnfkzBN2
qEgFoefUytooLIgmx7oHGtb+VBZYVJ34JKRUIOCqRyL+A8U7exZb+6GZKp+ZfKWV
SMoILuXYzuFSJSDljhbOsdq/0qOSUgizcRWvr8EcgznCUBmVTEIAcFFJxwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFO/0n4jTJPOKIqPtqC0wfgyJuFmsMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvN19TZmlOTWs4NG9pby0yb0xUQi1ESW00V2F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALZdZAwQB
XHfEAwQAXmd+MAwDBABemqEDBAJemqADBABenO8DBAGTTmQDBAKrFkgDBACy1+wD
BAK52FQDBAK52lQDBAC52okDBAC5234DBADCMPswDQYJKoZIhvcNAQELBQADggEB
ABPIzhrh74yC/hrIdu6LyxCXAFaLq21XfuC7RKFI5lNA6cfR2qDw6aIsMuULAJjZ
bOBsArmcZJTHELtGR6aiUjAIP+1kuTbjWTy4N0ELEFB9mijePnrWc9hvzwN5hcfL
ITQCuBEHelxKyXr/7HszWENstg4JZKho9UN87sC8vmcFFUDQuAmCmA0RX1AzMuOU
FuETBNieRSdXUg56Ah+upvgPaaoesDoD0Fsyxg1Yn73OpgjAYxtnLu4EsTnSaZSs
+agDK73Oc1QcKEO/7ZOA6OFkBDvOyNCQiCpKnkSVdO7r/7metx+QPjPhPX8gN8X/
WjWEVIztFLgwOufYWND10Gs=
-----END CERTIFICATE-----