Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/0j6hRzNc2E3rc4b8yhcRpvyfaiE.roa
File:                     0j6hRzNc2E3rc4b8yhcRpvyfaiE.roa (raw, json)
Hash identifier:          Z0+BBwf8ewemhBtZkIm8Ap7i5P02ldE++0qKWfkTdzA=
Subject key identifier:   D2:3E:A1:47:33:5C:D8:4D:EB:73:86:FC:CA:17:11:A6:FC:9F:6A:21
Certificate issuer:       /CN=d44de659759b0274124a7b481d0976840b7ade06
Certificate serial:       018CC9BC503665AFA9A4D5D9A55E706F1CB7
Authority key identifier: D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/0j6hRzNc2E3rc4b8yhcRpvyfaiE.roa
Signing time:             Tue 02 Jan 2024 10:33:30 +0000
ROA not before:           Tue 02 Jan 2024 10:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52023
IP address blocks:        91.212.148.0/24 maxlen: 24
                          37.143.165.0/24 maxlen: 24
                          37.143.166.0/24 maxlen: 24
                          37.143.162.0/24 maxlen: 24
                          37.143.164.0/24 maxlen: 24
                          37.143.163.0/24 maxlen: 24
                          37.143.167.0/24 maxlen: 24
                          37.143.171.0/24 maxlen: 24
                          37.143.170.0/24 maxlen: 24
                          37.143.172.0/24 maxlen: 24
                          193.32.141.0/24 maxlen: 24
                          193.32.142.0/23 maxlen: 23
                          2a03:8f84::/32 maxlen: 32
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:50:36:65:af:a9:a4:d5:d9:a5:5e:70:6f:1c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d44de659759b0274124a7b481d0976840b7ade06
        Validity
            Not Before: Jan  2 10:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d23ea147335cd84deb7386fcca1711a6fc9f6a21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:44:b6:d7:b6:fa:1b:7a:db:78:f2:16:75:b8:
                    24:91:0d:9e:f0:f1:84:c7:d3:77:b0:18:78:58:f0:
                    ce:44:da:c4:51:16:e0:ae:c4:92:6c:84:73:6d:25:
                    02:15:f6:82:b8:ea:8b:d5:81:b4:86:5a:2b:b2:20:
                    c5:8b:6b:69:7c:06:ac:e2:a6:e7:5e:8b:d8:f8:b2:
                    bf:da:2b:53:07:32:40:06:4c:40:1f:c9:59:59:4c:
                    fd:09:1f:c1:c5:84:16:3e:10:50:b9:75:f1:46:20:
                    30:cc:f0:9a:e8:b4:74:df:a1:8e:a9:44:04:16:f7:
                    bb:fb:d5:f9:71:29:5b:ca:78:d3:b9:f8:9e:60:2e:
                    af:d6:3e:34:2b:8f:eb:a3:5a:6e:ef:52:fe:ea:55:
                    b9:31:76:6b:37:b1:45:90:21:32:e5:cd:b0:bf:0d:
                    62:1b:38:b0:44:29:62:a7:ef:8f:ac:9a:eb:b5:16:
                    5a:4e:c1:6b:4c:5b:da:09:e5:2c:78:8b:2e:29:f4:
                    72:67:ca:a4:b2:a2:96:a5:89:f4:c0:da:51:4e:4f:
                    56:8a:68:1a:0c:2a:64:16:c9:c1:5a:ff:c5:81:0e:
                    c0:c2:b1:7a:d3:25:67:e8:df:d8:6c:af:78:af:d5:
                    8a:51:ac:aa:67:85:44:4f:23:0b:7d:ee:91:ef:e3:
                    90:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:3E:A1:47:33:5C:D8:4D:EB:73:86:FC:CA:17:11:A6:FC:9F:6A:21
            X509v3 Authority Key Identifier:
                keyid:D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/0j6hRzNc2E3rc4b8yhcRpvyfaiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.162.0-37.143.167.255
                  37.143.170.0-37.143.172.255
                  91.212.148.0/24
                  193.32.141.0-193.32.143.255
                IPv6:
                  2a03:8f84::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:97:36:bf:df:79:29:88:2c:d3:49:24:fd:83:b1:37:6f:af:
         8d:a5:cf:ff:e2:86:ac:e5:0e:be:59:6c:bf:74:d4:ce:03:99:
         22:70:ec:0e:f9:04:3d:ea:59:b3:a0:33:d5:7a:81:02:ec:8b:
         b1:53:26:3f:12:25:a4:ba:00:e8:05:52:0b:b1:56:ee:8c:8e:
         6d:5a:a3:36:3a:9e:fa:d0:43:51:51:30:03:a0:9c:59:47:d2:
         42:f5:11:84:a7:14:e9:f8:eb:53:be:63:ca:b3:cc:ea:02:7f:
         08:13:b1:30:3d:90:43:58:a1:cf:04:1a:6f:b8:d2:02:80:63:
         93:f6:d3:37:23:52:e2:0b:8e:03:af:78:14:29:8e:8a:5c:ed:
         cd:85:ac:d9:c0:8b:b0:39:13:8d:85:74:07:66:29:f3:25:d8:
         64:16:60:0a:bf:65:19:69:ef:e9:63:63:5f:04:36:32:00:8c:
         ed:ce:25:60:21:92:ed:fb:7a:6a:dc:83:fd:b1:b5:0f:4b:61:
         3a:af:52:fc:17:c0:c4:1a:4b:d0:76:c9:17:60:c0:2e:8a:b7:
         89:aa:ea:71:58:e8:92:c1:fb:db:ee:1e:10:95:3a:91:22:31:
         63:cd:1c:49:19:a3:2d:84:24:56:3c:84:7e:b1:d8:39:34:b3:
         96:d9:8a:c3
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzJvFA2Za+ppNXZpV5wbxy3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NGRlNjU5NzU5YjAyNzQxMjRhN2I0ODFkMDk3Njg0MGI3
YWRlMDYwHhcNMjQwMTAyMTAzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjNlYTE0NzMzNWNkODRkZWI3Mzg2ZmNjYTE3MTFhNmZjOWY2YTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUS217b6G3rbePIWdbgkkQ2e8PGE
x9N3sBh4WPDORNrEURbgrsSSbIRzbSUCFfaCuOqL1YG0hlorsiDFi2tpfAas4qbn
XovY+LK/2itTBzJABkxAH8lZWUz9CR/BxYQWPhBQuXXxRiAwzPCa6LR036GOqUQE
Fve7+9X5cSlbynjTufieYC6v1j40K4/ro1pu71L+6lW5MXZrN7FFkCEy5c2wvw1i
GziwRClip++PrJrrtRZaTsFrTFvaCeUseIsuKfRyZ8qksqKWpYn0wNpRTk9Wimga
DCpkFsnBWv/FgQ7AwrF60yVn6N/YbK94r9WKUayqZ4VETyMLfe6R7+OQlQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFNI+oUczXNhN63OG/MoXEab8n2ohMB8GA1UdIwQY
MBaAFNRN5ll1mwJ0Ekp7SB0JdoQLet4GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUt
ZGI0ZDM5ZGM0ZWM3LzEvMGo2aFJ6TmMyRTNyYzRiOHloY1JwdnlmYWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUtZGI0ZDM5ZGM0ZWM3
LzEvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwMAwDBAElj6ID
BAMlj6AwDAMEASWPqgMEACWPrAMEAFvUlDAMAwQAwSCNAwQEwSCAMA0EAgACMAcD
BQAqA4+EMA0GCSqGSIb3DQEBCwUAA4IBAQArlza/33kpiCzTSST9g7E3b6+Npc//
4oas5Q6+WWy/dNTOA5kicOwO+QQ96lmzoDPVeoEC7IuxUyY/EiWkugDoBVILsVbu
jI5tWqM2Op760ENRUTADoJxZR9JC9RGEpxTp+OtTvmPKs8zqAn8IE7EwPZBDWKHP
BBpvuNICgGOT9tM3I1LiC44Dr3gUKY6KXO3NhazZwIuwORONhXQHZinzJdhkFmAK
v2UZae/pY2NfBDYyAIztziVgIZLt+3pq3IP9sbUPS2E6r1L8F8DEGkvQdskXYMAu
ireJqupxWOiSwfvb7h4QlTqRIjFjzRxJGaMthCRWPIR+sdg5NLOW2YrD
-----END CERTIFICATE-----