Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/RElkaZ1eEceIBqT2r4gzYqQQHvg.roa
File:                     RElkaZ1eEceIBqT2r4gzYqQQHvg.roa (raw, json)
Hash identifier:          5RDHHcWIvUi8M3N384F66snC7aqB0kgPxEtTcC+MANc=
Subject key identifier:   44:49:64:69:9D:5E:11:C7:88:06:A4:F6:AF:88:33:62:A4:10:1E:F8
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       0183C60B1738990B3011CACF355F488D6DFC
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/RElkaZ1eEceIBqT2r4gzYqQQHvg.roa
Signing time:             Tue 11 Oct 2022 07:55:59 +0000
ROA not before:           Tue 11 Oct 2022 07:55:59 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        195.180.128.0/22 maxlen: 24
                          194.64.89.0/24 maxlen: 24
                          194.163.192.0/20 maxlen: 22
                          194.163.96.0/20 maxlen: 24
                          62.138.64.0/22 maxlen: 22
                          62.138.72.0/22 maxlen: 22
                          195.180.224.0/22 maxlen: 22
                          195.180.232.0/22 maxlen: 22
                          195.180.228.0/22 maxlen: 22
                          194.163.64.0/22 maxlen: 22
                          194.163.220.0/22 maxlen: 22
                          195.180.196.0/22 maxlen: 22
                          195.180.204.0/22 maxlen: 22
                          195.180.200.0/22 maxlen: 22
                          194.64.152.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:c6:0b:17:38:99:0b:30:11:ca:cf:35:5f:48:8d:6d:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Oct 11 07:55:59 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=444964699d5e11c78806a4f6af883362a4101ef8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9a:f4:d2:73:35:ff:a8:39:98:3f:37:ab:11:
                    6a:cc:57:79:91:b2:bb:16:55:af:3e:db:b8:bb:ca:
                    d4:92:e1:ac:ad:e2:0a:8f:51:5d:e0:6c:c1:13:cb:
                    61:00:b4:34:94:3e:69:56:3a:14:5e:90:5b:e9:57:
                    5e:f5:46:a4:a8:3b:72:a6:0f:a0:b2:d8:e3:a6:4c:
                    43:2a:08:ad:84:24:9c:09:ab:e5:5d:90:9d:62:9e:
                    c3:8b:b3:88:95:21:12:5c:d7:24:ec:47:20:93:8b:
                    98:8a:0f:0e:11:1b:9b:a5:ba:84:21:9c:e0:21:f9:
                    78:1e:f8:c0:13:5f:01:fd:71:08:cc:4c:f5:e0:2c:
                    05:ad:41:18:5f:cd:aa:d7:e6:bf:a8:14:fe:1a:2e:
                    8a:c4:f3:2b:8c:96:8f:7f:ea:24:41:68:fd:00:d1:
                    18:76:8c:d0:4d:51:1b:8c:7b:a7:bd:56:3b:96:2e:
                    cd:41:42:d2:85:53:7f:3a:70:4d:b7:75:8b:33:8f:
                    27:6d:c8:e4:c4:dd:0a:d9:58:4f:96:c2:84:e3:ad:
                    d1:d4:35:43:5e:31:9f:1a:6d:c3:3f:bc:f6:c7:6b:
                    2d:54:52:4c:15:f7:cf:57:dd:42:3e:23:00:c0:63:
                    57:0b:0f:b9:bc:ac:5e:03:86:91:ea:c8:a1:b8:60:
                    8b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:49:64:69:9D:5E:11:C7:88:06:A4:F6:AF:88:33:62:A4:10:1E:F8
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/RElkaZ1eEceIBqT2r4gzYqQQHvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.138.64.0/22
                  62.138.72.0/22
                  194.64.89.0/24
                  194.64.152.0/22
                  194.163.64.0/22
                  194.163.96.0/20
                  194.163.192.0/20
                  194.163.220.0/22
                  195.180.128.0/22
                  195.180.196.0-195.180.207.255
                  195.180.224.0-195.180.235.255

    Signature Algorithm: sha256WithRSAEncryption
         3e:ae:88:35:7e:27:bd:e3:98:ee:1e:13:a2:4b:02:8d:d8:8f:
         de:02:3b:69:a0:17:e5:bc:22:84:ef:66:97:bb:2d:66:55:b4:
         46:4d:3e:09:93:d8:dc:db:2e:18:11:c6:22:93:7b:0c:3a:a9:
         31:c9:7b:d4:22:11:37:a8:eb:12:d9:e6:4d:2b:1b:1d:eb:23:
         b0:18:70:0a:e5:75:79:3d:70:3d:0c:4b:1f:8f:5a:0b:2e:fc:
         eb:9d:eb:34:3f:da:2a:0c:ae:1d:e4:63:c5:ff:98:60:18:28:
         4b:f9:41:b4:1d:fb:56:69:11:f7:d5:13:da:37:97:84:2c:0a:
         05:af:23:e2:38:d4:1f:56:38:1b:02:a0:c0:5a:55:42:bf:98:
         ca:db:a1:a2:46:0b:e6:5c:99:20:26:c0:91:65:e3:a5:1b:96:
         fa:00:68:df:37:ad:72:87:87:d7:51:0a:77:27:1b:69:cc:ff:
         b6:13:63:fe:55:79:7e:f0:57:de:42:d4:de:43:7d:99:f9:91:
         2a:4f:7c:01:7e:3a:4e:e1:ed:5e:ea:df:ce:e0:25:ff:8d:fc:
         09:0f:69:ae:cf:51:4b:8f:12:26:64:fb:6b:a5:e0:c7:49:27:
         68:5a:9f:66:87:78:fe:40:3e:bc:dd:af:c3:66:2a:0d:a3:6e:
         b1:d4:45:b6
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYPGCxc4mQswEcrPNV9IjW38MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjIxMDExMDc1NTU5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDQ5NjQ2OTlkNWUxMWM3ODgwNmE0ZjZhZjg4MzM2MmE0MTAxZWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZr00nM1/6g5mD83qxFqzFd5kbK7
FlWvPtu4u8rUkuGsreIKj1Fd4GzBE8thALQ0lD5pVjoUXpBb6Vde9UakqDtypg+g
stjjpkxDKgithCScCavlXZCdYp7Di7OIlSESXNck7Ecgk4uYig8OERubpbqEIZzg
Ifl4HvjAE18B/XEIzEz14CwFrUEYX82q1+a/qBT+Gi6KxPMrjJaPf+okQWj9ANEY
dozQTVEbjHunvVY7li7NQULShVN/OnBNt3WLM48nbcjkxN0K2VhPlsKE463R1DVD
XjGfGm3DP7z2x2stVFJMFffPV91CPiMAwGNXCw+5vKxeA4aR6sihuGCLvQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFERJZGmdXhHHiAak9q+IM2KkEB74MB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvUkVsa2FaMWVFY2VJQnFUMnI0Z3pZcVFRSHZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQCPopAAwQC
PopIAwQAwkBZAwQCwkCYAwQCwqNAAwQEwqNgAwQEwqPAAwQCwqPcAwQCw7SAMAwD
BALDtMQDBATDtMAwDAMEBcO04AMEAsO06DANBgkqhkiG9w0BAQsFAAOCAQEAPq6I
NX4nveOY7h4ToksCjdiP3gI7aaAX5bwihO9ml7stZlW0Rk0+CZPY3NsuGBHGIpN7
DDqpMcl71CIRN6jrEtnmTSsbHesjsBhwCuV1eT1wPQxLH49aCy78653rND/aKgyu
HeRjxf+YYBgoS/lBtB37VmkR99UT2jeXhCwKBa8j4jjUH1Y4GwKgwFpVQr+Yytuh
okYL5lyZICbAkWXjpRuW+gBo3zetcoeH11EKdycbacz/thNj/lV5fvBX3kLU3kN9
mfmRKk98AX46TuHtXurfzuAl/438CQ9prs9RS48SJmT7a6Xgx0knaFqfZod4/kA+
vN2vw2YqDaNusdRFtg==
-----END CERTIFICATE-----