Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/TCb-GmlI5shpFDX_Rm56g2DqPKc.roa
File:                     TCb-GmlI5shpFDX_Rm56g2DqPKc.roa (raw, json)
Hash identifier:          E12OEB+L6bEScF+VOyH6LLr7hfn4cNzJ5Nn0svqOiPU=
Subject key identifier:   4C:26:FE:1A:69:48:E6:C8:69:14:35:FF:46:6E:7A:83:60:EA:3C:A7
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       018829300AC8ADF590CC63C87D9A3C99491E
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/TCb-GmlI5shpFDX_Rm56g2DqPKc.roa
Signing time:             Wed 17 May 2023 10:09:54 +0000
ROA not before:           Wed 17 May 2023 10:09:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6700
IP address blocks:        85.222.160.0/22 maxlen: 24
                          91.148.64.0/18 maxlen: 24
                          217.26.64.0/20 maxlen: 24
                          62.193.128.0/19 maxlen: 24
                          213.244.224.0/20 maxlen: 24
                          185.47.208.0/22 maxlen: 24
                          195.252.64.0/18 maxlen: 24
                          194.106.160.0/19 maxlen: 24
                          62.108.96.0/19 maxlen: 24
                          178.20.204.0/24 maxlen: 24
                          178.20.205.0/24 maxlen: 24
                          178.20.207.0/24 maxlen: 24
                          2001:8c8::/32 maxlen: 32
                          2a02:e40::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:29:30:0a:c8:ad:f5:90:cc:63:c8:7d:9a:3c:99:49:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: May 17 10:09:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4c26fe1a6948e6c8691435ff466e7a8360ea3ca7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:eb:83:8e:fb:f5:78:45:9e:b9:81:10:16:93:
                    35:de:03:c8:e5:0a:b7:cd:87:0a:f4:82:54:d3:ed:
                    c9:a1:eb:9a:61:9d:68:f6:5b:ad:d3:39:44:6a:b5:
                    13:da:20:5f:87:43:81:63:12:dd:4d:3e:02:9a:c8:
                    58:67:d4:f7:d9:62:21:52:a4:c9:f7:4c:9c:41:a8:
                    d1:c8:03:76:cf:bb:71:46:de:a8:d9:c3:dd:db:c5:
                    3f:8b:f7:96:51:cb:8e:62:4d:6b:0a:a5:0d:4b:05:
                    74:fa:0d:34:24:6b:9b:f0:ed:75:eb:e6:92:60:95:
                    f1:e6:c2:0b:46:c6:9d:92:74:c6:33:28:de:54:d2:
                    ff:00:02:4d:69:89:aa:b9:ca:25:1b:aa:8f:10:40:
                    88:6a:84:c5:cf:e3:e4:05:57:21:2e:af:6b:1e:68:
                    8f:ae:86:e9:c8:6d:3e:98:73:51:72:70:73:80:28:
                    bc:54:a2:c2:44:37:40:6c:10:31:37:27:69:46:1a:
                    c3:11:b8:7e:40:50:10:54:0e:ba:40:c3:a8:be:75:
                    82:1a:7d:94:b6:2f:e9:88:2d:41:57:85:3b:5e:e6:
                    08:1a:02:0f:8f:74:56:98:79:4e:d4:20:3a:7d:61:
                    a8:a7:28:ea:d4:10:65:ab:ed:b7:4c:03:fa:db:6a:
                    4f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:26:FE:1A:69:48:E6:C8:69:14:35:FF:46:6E:7A:83:60:EA:3C:A7
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/TCb-GmlI5shpFDX_Rm56g2DqPKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.108.96.0/19
                  62.193.128.0/19
                  85.222.160.0/22
                  91.148.64.0/18
                  178.20.204.0/23
                  178.20.207.0/24
                  185.47.208.0/22
                  194.106.160.0/19
                  195.252.64.0/18
                  213.244.224.0/20
                  217.26.64.0/20
                IPv6:
                  2001:8c8::/32
                  2a02:e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:f3:8f:95:1f:35:95:51:49:d1:85:df:2a:a8:a8:b9:ec:d4:
         f3:d8:83:0b:35:50:3c:10:d7:1b:e3:07:13:94:06:bf:03:3d:
         85:58:14:82:92:c9:2e:e0:2b:91:34:da:6e:a2:5b:2b:a9:2d:
         39:d0:94:06:7c:56:f3:f8:c6:b4:7f:69:dc:0f:8d:76:d6:39:
         49:33:eb:81:67:bb:0c:73:48:7e:12:76:a6:f9:77:f0:1d:d0:
         b0:6b:7d:46:44:85:d5:6b:2f:95:ec:5d:3d:5c:54:69:b3:5a:
         c5:94:e9:8d:02:88:07:ff:20:35:7a:3a:65:ec:c9:a7:4c:f5:
         df:65:89:12:0a:8a:70:6b:b0:e5:32:1a:ae:aa:8b:b4:76:de:
         8b:4b:a7:1e:fc:b7:7a:22:01:c7:65:5a:df:3b:ed:da:78:a5:
         ea:2f:8c:e5:07:36:15:de:0b:1c:50:89:01:90:25:93:7d:bc:
         66:59:20:b2:21:33:f3:0f:36:7f:ea:6d:fd:5f:91:bf:df:77:
         81:e4:ae:c1:06:a8:f0:c9:79:79:ea:ea:4a:22:0c:c3:2d:d1:
         8d:dd:71:18:c2:60:0d:e6:01:39:44:be:df:4f:96:0b:fa:18:
         bb:b1:bf:91:9d:c0:b1:dc:8b:31:2d:8c:ad:ec:41:c6:25:df:
         7c:d8:55:fe
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYgpMArIrfWQzGPIfZo8mUkeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjMwNTE3MTAwOTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzI2ZmUxYTY5NDhlNmM4NjkxNDM1ZmY0NjZlN2E4MzYwZWEzY2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeuDjvv1eEWeuYEQFpM13gPI5Qq3
zYcK9IJU0+3JoeuaYZ1o9lut0zlEarUT2iBfh0OBYxLdTT4CmshYZ9T32WIhUqTJ
90ycQajRyAN2z7txRt6o2cPd28U/i/eWUcuOYk1rCqUNSwV0+g00JGub8O116+aS
YJXx5sILRsadknTGMyjeVNL/AAJNaYmqucolG6qPEECIaoTFz+PkBVchLq9rHmiP
robpyG0+mHNRcnBzgCi8VKLCRDdAbBAxNydpRhrDEbh+QFAQVA66QMOovnWCGn2U
ti/piC1BV4U7XuYIGgIPj3RWmHlO1CA6fWGopyjq1BBlq+23TAP622pPMwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFEwm/hppSObIaRQ1/0ZueoNg6jynMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvVENiLUdtbEk1c2hwRkRYX1JtNTZnMkRxUEtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQFPmxgAwQF
PsGAAwQCVd6gAwQGW5RAAwQBshTMAwQAshTPAwQCuS/QAwQFwmqgAwQGw/xAAwQE
1fTgAwQE2RpAMBQEAgACMA4DBQAgAQjIAwUAKgIOQDANBgkqhkiG9w0BAQsFAAOC
AQEAW/OPlR81lVFJ0YXfKqiouezU89iDCzVQPBDXG+MHE5QGvwM9hVgUgpLJLuAr
kTTabqJbK6ktOdCUBnxW8/jGtH9p3A+NdtY5STPrgWe7DHNIfhJ2pvl38B3QsGt9
RkSF1WsvlexdPVxUabNaxZTpjQKIB/8gNXo6ZezJp0z132WJEgqKcGuw5TIarqqL
tHbei0unHvy3eiIBx2Va3zvt2nil6i+M5Qc2Fd4LHFCJAZAlk328ZlkgsiEz8w82
f+pt/V+Rv993geSuwQao8Ml5eerqSiIMwy3Rjd1xGMJgDeYBOUS+30+WC/oYu7G/
kZ3AsdyLMS2MrexBxiXffNhV/g==
-----END CERTIFICATE-----