Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/H3RyTtWEfOvPiLvpdh08QIyxNH0.roa
File:                     H3RyTtWEfOvPiLvpdh08QIyxNH0.roa (raw, json)
Hash identifier:          795eG65+Y0KEeTyQzO+kfifkXLssB9evVT9avMulj9s=
Subject key identifier:   1F:74:72:4E:D5:84:7C:EB:CF:88:BB:E9:76:1D:3C:40:8C:B1:34:7D
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       0CD129A9
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/H3RyTtWEfOvPiLvpdh08QIyxNH0.roa
Signing time:             Fri 08 Apr 2022 11:07:53 +0000
ROA not before:           Fri 08 Apr 2022 11:07:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        195.180.128.0/22 maxlen: 24
                          194.163.192.0/19 maxlen: 24
                          194.64.92.0/22 maxlen: 22
                          194.163.96.0/19 maxlen: 24
                          212.224.16.0/22 maxlen: 22
                          212.224.24.0/22 maxlen: 22
                          62.138.64.0/22 maxlen: 22
                          62.138.72.0/22 maxlen: 22
                          195.180.224.0/20 maxlen: 24
                          194.233.28.0/23 maxlen: 23
                          194.163.64.0/22 maxlen: 22
                          194.163.80.0/22 maxlen: 22
                          195.180.192.0/20 maxlen: 24
                          194.64.152.0/22 maxlen: 22
                          194.195.32.0/19 maxlen: 24
                          194.233.224.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 215034281 (0xcd129a9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Apr  8 11:07:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1f74724ed5847cebcf88bbe9761d3c408cb1347d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:7b:c9:f5:72:89:83:8e:4c:01:ae:c7:ba:6a:
                    c6:b7:0e:84:4d:52:ce:94:2e:07:3e:ab:d4:2b:b1:
                    3c:06:14:b1:95:ba:92:cc:b6:d0:d4:bb:bd:5f:a2:
                    d0:ae:54:23:8e:46:38:22:99:d4:c3:41:46:fd:8c:
                    c2:dc:89:43:38:15:52:4a:d5:ca:61:88:1c:7e:53:
                    a5:7e:a1:4d:ef:a3:f5:d7:56:34:3c:14:4b:a5:77:
                    59:f8:c8:38:cd:68:63:7b:6b:fb:f6:b3:1c:30:9c:
                    f0:68:7d:93:33:56:25:38:c6:8d:bf:ff:a0:bc:2b:
                    dc:58:dc:02:37:07:d5:24:66:57:24:42:de:73:a7:
                    4c:0b:4d:1c:0a:aa:5a:6e:b3:15:ba:d7:f3:06:b8:
                    6a:a5:9e:3f:a2:09:b5:a1:d6:6c:f0:0a:8e:7f:1f:
                    80:e8:8b:5b:ae:b8:18:0b:30:4d:1e:12:32:ce:3f:
                    92:3b:47:3a:78:6c:29:e9:30:8c:3d:aa:b3:4c:c3:
                    7f:11:1a:4b:03:05:82:6d:1b:5b:21:e8:40:83:05:
                    53:18:75:8d:2a:95:2c:14:8f:87:66:47:ec:3f:d1:
                    10:11:be:e1:26:29:87:28:e5:2c:a0:c7:37:f8:e0:
                    cc:9e:e8:11:46:df:26:49:cf:4c:97:db:a2:3d:30:
                    09:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:74:72:4E:D5:84:7C:EB:CF:88:BB:E9:76:1D:3C:40:8C:B1:34:7D
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/H3RyTtWEfOvPiLvpdh08QIyxNH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.138.64.0/22
                  62.138.72.0/22
                  194.64.92.0/22
                  194.64.152.0/22
                  194.163.64.0/22
                  194.163.80.0/22
                  194.163.96.0/19
                  194.163.192.0/19
                  194.195.32.0/19
                  194.233.28.0/23
                  194.233.224.0/20
                  195.180.128.0/22
                  195.180.192.0/20
                  195.180.224.0/20
                  212.224.16.0/22
                  212.224.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:69:a7:b9:2b:28:39:10:fc:ad:6b:ed:45:68:4f:53:c3:57:
         4d:53:e1:83:23:66:03:26:99:cb:ec:fc:13:a1:0d:af:e7:68:
         a8:4c:d2:37:e9:62:5c:d2:4a:1a:92:5a:6a:8c:19:ef:f1:d1:
         cf:2d:f0:19:84:e4:6a:eb:e8:9d:c5:0a:a0:f9:61:bd:71:9a:
         05:69:12:c3:6c:5e:71:58:54:ba:ee:52:c5:73:d9:eb:a9:78:
         5a:ec:64:db:fa:ad:3a:81:83:06:b8:66:25:2b:fc:b3:5b:f5:
         b4:43:c1:c7:b5:df:16:6f:8b:c1:cf:44:46:df:42:07:3b:f0:
         63:69:9b:98:1a:65:0d:d4:28:d4:73:55:00:27:c4:d7:d8:3e:
         e5:68:4d:61:3d:98:94:f8:dd:dc:10:e9:54:0a:18:63:e8:50:
         ce:a8:6f:b6:56:7b:79:2e:51:87:fc:ce:78:64:2c:f5:ee:e1:
         fc:43:be:42:ed:3c:2c:ff:7d:95:f1:b9:92:b5:45:99:b3:af:
         21:48:31:41:cd:4b:59:54:be:93:8d:d1:94:1b:46:ab:48:95:
         c9:5e:93:ad:ba:07:d3:bb:a1:b3:97:7d:62:3a:ff:d5:d0:4a:
         ca:6d:09:6e:b5:c4:bd:18:da:56:f8:e0:2c:1c:02:2e:bb:04:
         7d:eb:97:c6
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgIEDNEpqTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NzQ3MDE3NTY0YzcxMWJjYmQ1NzY4MGEwZGZkMDBmMmE1ZDA5OWRiMB4XDTIyMDQw
ODExMDc1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWY3NDcyNGVkNTg0
N2NlYmNmODhiYmU5NzYxZDNjNDA4Y2IxMzQ3ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANZ7yfVyiYOOTAGux7pqxrcOhE1SzpQuBz6r1CuxPAYUsZW6
ksy20NS7vV+i0K5UI45GOCKZ1MNBRv2MwtyJQzgVUkrVymGIHH5TpX6hTe+j9ddW
NDwUS6V3WfjIOM1oY3tr+/azHDCc8Gh9kzNWJTjGjb//oLwr3FjcAjcH1SRmVyRC
3nOnTAtNHAqqWm6zFbrX8wa4aqWeP6IJtaHWbPAKjn8fgOiLW664GAswTR4SMs4/
kjtHOnhsKekwjD2qs0zDfxEaSwMFgm0bWyHoQIMFUxh1jSqVLBSPh2ZH7D/REBG+
4SYphyjlLKDHN/jgzJ7oEUbfJknPTJfboj0wCcECAwEAAaOCAmMwggJfMB0GA1Ud
DgQWBBQfdHJO1YR868+Iu+l2HTxAjLE0fTAfBgNVHSMEGDAWgBTXRwF1ZMcRvL1X
aAoN/QDypdCZ2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEwY0JkV1RIRWJ5OVYyZ0tEZjBBOHFYUW1kcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTgvYmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8x
L0gzUnlUdFdFZk92UGlMdnBkaDA4UUl5eE5IMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgv
YmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8xLzEwY0JkV1RIRWJ5
OVYyZ0tEZjBBOHFYUW1kcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB5
BggrBgEFBQcBBwEB/wRqMGgwZgQCAAEwYAMEAj6KQAMEAj6KSAMEAsJAXAMEAsJA
mAMEAsKjQAMEAsKjUAMEBcKjYAMEBcKjwAMEBcLDIAMEAcLpHAMEBMLp4AMEAsO0
gAMEBMO0wAMEBMO04AMEAtTgEAMEAtTgGDANBgkqhkiG9w0BAQsFAAOCAQEAZ2mn
uSsoORD8rWvtRWhPU8NXTVPhgyNmAyaZy+z8E6ENr+doqEzSN+liXNJKGpJaaowZ
7/HRzy3wGYTkauvoncUKoPlhvXGaBWkSw2xecVhUuu5SxXPZ66l4Wuxk2/qtOoGD
BrhmJSv8s1v1tEPBx7XfFm+Lwc9ERt9CBzvwY2mbmBplDdQo1HNVACfE19g+5WhN
YT2YlPjd3BDpVAoYY+hQzqhvtlZ7eS5Rh/zOeGQs9e7h/EO+Qu08LP99lfG5krVF
mbOvIUgxQc1LWVS+k43RlBtGq0iVyV6TrboH07uhs5d9Yjr/1dBKym0JbrXEvRja
VvjgLBwCLrsEfeuXxg==
-----END CERTIFICATE-----