Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WPOZZGW1yp2A-lL6iNvxNg17DDE.roa
File:                     WPOZZGW1yp2A-lL6iNvxNg17DDE.roa (raw, json)
Hash identifier:          /xXqRbrW6YPSFeC6Au5zfC+BVTstSM2q7d8TSUDrrZE=
Subject key identifier:   58:F3:99:64:65:B5:CA:9D:80:FA:52:FA:88:DB:F1:36:0D:7B:0C:31
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0183D17E45B72F9C0FF731FC681969F36D13
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WPOZZGW1yp2A-lL6iNvxNg17DDE.roa
Signing time:             Thu 13 Oct 2022 13:17:36 +0000
ROA not before:           Thu 13 Oct 2022 13:17:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     0
IP address blocks:        87.121.124.0/23 maxlen: 24
                          194.55.226.0/24 maxlen: 24
                          164.40.185.0/24 maxlen: 24
                          80.76.49.0/24 maxlen: 24
                          185.218.137.0/24 maxlen: 24
                          185.218.139.0/24 maxlen: 24
                          193.222.98.0/24 maxlen: 24
                          185.252.176.0/24 maxlen: 24
                          176.125.252.0/22 maxlen: 24
                          94.154.162.0/23 maxlen: 24
                          94.154.161.0/24 maxlen: 24
                          194.48.248.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:d1:7e:45:b7:2f:9c:0f:f7:31:fc:68:19:69:f3:6d:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 13 13:17:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=58f3996465b5ca9d80fa52fa88dbf1360d7b0c31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9e:1f:2d:85:63:ec:a9:37:c9:32:8e:ae:5a:
                    01:24:51:dd:71:61:55:76:41:ac:9b:df:30:b5:77:
                    3b:81:ee:da:56:2e:a1:78:1e:11:28:d7:c2:51:75:
                    77:0a:86:d2:de:59:1e:4f:ce:eb:9a:b7:f3:2e:85:
                    fa:ed:11:45:83:fd:c7:ac:35:8c:3f:58:9c:1a:11:
                    f9:89:67:5e:20:3e:66:48:7a:ef:2a:f7:5c:d5:44:
                    dc:a5:eb:c6:9a:7b:f1:11:8d:4d:4a:77:30:e7:2d:
                    1a:b1:e8:dd:a9:ef:d3:de:0f:ba:b6:8f:41:a4:9e:
                    b9:d3:f4:6a:a6:79:0b:16:68:7a:2e:20:00:45:a7:
                    d3:17:af:b4:56:d6:18:ac:db:f6:f4:ca:af:44:3a:
                    3f:d6:20:91:db:f0:29:2c:e5:19:00:49:ff:2e:57:
                    16:09:39:4f:ee:d1:d6:72:20:3c:0b:c0:1a:64:bd:
                    c5:af:cf:09:fe:e8:30:63:b7:36:24:f6:23:83:77:
                    0d:a9:0a:9e:fe:80:12:0d:1e:55:4c:3b:63:10:4f:
                    bf:33:85:7d:fe:e7:78:62:72:86:7f:dc:15:60:d1:
                    42:2a:29:cb:b9:ab:34:24:e2:53:a4:c3:2b:ad:21:
                    73:47:c7:e5:1e:8a:92:e1:47:d5:bf:99:2b:90:ff:
                    6c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:F3:99:64:65:B5:CA:9D:80:FA:52:FA:88:DB:F1:36:0D:7B:0C:31
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WPOZZGW1yp2A-lL6iNvxNg17DDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.49.0/24
                  87.121.124.0/23
                  94.154.161.0-94.154.163.255
                  164.40.185.0/24
                  176.125.252.0/22
                  185.218.137.0/24
                  185.218.139.0/24
                  185.252.176.0/24
                  193.222.98.0/24
                  194.48.248.0/24
                  194.55.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:1b:13:ae:94:55:4e:fe:f7:c1:f8:16:ad:bb:83:3e:35:f7:
         de:23:15:a2:c8:8e:82:a1:29:fe:47:8f:56:75:8e:73:e6:57:
         d7:f4:23:8f:1a:91:26:5b:6d:15:e9:29:82:0a:9d:9e:76:73:
         53:38:eb:7d:25:d2:e0:30:96:c6:fb:41:30:15:2e:8c:a5:ab:
         e7:da:50:4f:28:90:28:90:06:e1:06:4d:24:31:fc:b7:15:36:
         a4:ff:12:f6:2c:36:b5:c1:75:5c:3f:84:53:96:8c:00:cc:7b:
         23:69:d2:4d:41:c6:f0:31:3f:64:53:77:71:45:63:5a:0d:74:
         aa:28:a0:54:6e:a7:9d:49:15:42:fa:5a:22:14:0d:13:9e:90:
         a1:ab:ba:19:26:46:93:31:a6:9e:2d:94:a1:94:fa:11:99:c1:
         1b:6e:49:65:07:98:8f:8d:e4:ea:3d:45:8c:c4:2f:73:07:9f:
         dc:9e:c1:34:7a:48:40:2c:0c:87:f4:57:ba:a4:4d:d2:ce:9a:
         da:f9:71:eb:17:9b:2a:a2:14:05:81:0f:6a:79:2c:7f:4b:ee:
         31:f2:b7:0b:75:67:60:85:df:34:12:ae:58:32:43:61:ed:0f:
         78:83:0e:65:1f:cb:99:19:69:82:02:bb:5d:bd:91:f2:4e:72:
         1e:c7:7a:64
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYPRfkW3L5wP9zH8aBlp820TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMDEzMTMxNzM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGYzOTk2NDY1YjVjYTlkODBmYTUyZmE4OGRiZjEzNjBkN2IwYzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZ4fLYVj7Kk3yTKOrloBJFHdcWFV
dkGsm98wtXc7ge7aVi6heB4RKNfCUXV3CobS3lkeT87rmrfzLoX67RFFg/3HrDWM
P1icGhH5iWdeID5mSHrvKvdc1UTcpevGmnvxEY1NSncw5y0asejdqe/T3g+6to9B
pJ650/RqpnkLFmh6LiAARafTF6+0VtYYrNv29MqvRDo/1iCR2/ApLOUZAEn/LlcW
CTlP7tHWciA8C8AaZL3Fr88J/ugwY7c2JPYjg3cNqQqe/oASDR5VTDtjEE+/M4V9
/ud4YnKGf9wVYNFCKinLuas0JOJTpMMrrSFzR8flHoqS4UfVv5krkP9sbwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFFjzmWRltcqdgPpS+ojb8TYNewwxMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvV1BPWlpHVzF5cDJBLWxMNmlOdnhOZzE3RERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAUEwxAwQB
V3l8MAwDBABemqEDBAJemqADBACkKLkDBAKwffwDBAC52okDBAC52osDBAC5/LAD
BADB3mIDBADCMPgDBADCN+IwDQYJKoZIhvcNAQELBQADggEBABEbE66UVU7+98H4
Fq27gz41994jFaLIjoKhKf5Hj1Z1jnPmV9f0I48akSZbbRXpKYIKnZ52c1M4630l
0uAwlsb7QTAVLoylq+faUE8okCiQBuEGTSQx/LcVNqT/EvYsNrXBdVw/hFOWjADM
eyNp0k1BxvAxP2RTd3FFY1oNdKoooFRup51JFUL6WiIUDROekKGruhkmRpMxpp4t
lKGU+hGZwRtuSWUHmI+N5Oo9RYzEL3MHn9yewTR6SEAsDIf0V7qkTdLOmtr5cesX
myqiFAWBD2p5LH9L7jHytwt1Z2CF3zQSrlgyQ2HtD3iDDmUfy5kZaYICu129kfJO
ch7HemQ=
-----END CERTIFICATE-----