Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/odzUrjRzSM5Ffqx39k73KddFBOY.roa
File:                     odzUrjRzSM5Ffqx39k73KddFBOY.roa (raw, json)
Hash identifier:          EUqqHopBUoO/YqXiUJ5pn7TWCaoK1MUUT7nxWhuCD+U=
Subject key identifier:   A1:DC:D4:AE:34:73:48:CE:45:7E:AC:77:F6:4E:F7:29:D7:45:04:E6
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       01833C4AC4123F0067380D87E4399D53B36A
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/odzUrjRzSM5Ffqx39k73KddFBOY.roa
Signing time:             Wed 14 Sep 2022 13:57:56 +0000
ROA not before:           Wed 14 Sep 2022 13:57:56 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        195.180.128.0/22 maxlen: 24
                          194.64.89.0/24 maxlen: 24
                          194.163.192.0/20 maxlen: 22
                          194.163.96.0/20 maxlen: 24
                          62.138.64.0/22 maxlen: 22
                          62.138.72.0/22 maxlen: 22
                          195.180.224.0/22 maxlen: 22
                          195.180.232.0/22 maxlen: 22
                          195.180.228.0/22 maxlen: 22
                          194.163.64.0/22 maxlen: 22
                          194.163.208.0/22 maxlen: 22
                          194.163.220.0/22 maxlen: 22
                          195.180.196.0/22 maxlen: 22
                          195.180.204.0/22 maxlen: 22
                          195.180.200.0/22 maxlen: 22
                          194.64.152.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:3c:4a:c4:12:3f:00:67:38:0d:87:e4:39:9d:53:b3:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Sep 14 13:57:56 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a1dcd4ae347348ce457eac77f64ef729d74504e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:40:1c:4f:17:49:a4:7b:74:92:3f:f1:97:fc:
                    c6:2f:5c:79:35:46:1e:db:86:64:cb:d9:5d:3f:c2:
                    12:3e:aa:5f:a7:38:f9:82:73:91:8a:e3:c0:e3:58:
                    dd:82:a4:b1:8e:61:1a:4e:55:b4:10:bc:65:63:e9:
                    b0:98:8d:2f:7a:3a:e0:4c:3f:06:8c:df:f0:af:f1:
                    d2:48:f0:b6:a4:f3:da:f4:54:0b:dd:17:34:25:41:
                    9a:a0:61:be:e1:a3:60:b1:54:96:94:e6:6e:72:8e:
                    38:ad:82:c1:f2:b4:9c:e3:53:db:a1:4e:80:b1:59:
                    6d:75:72:5f:f6:68:57:28:90:e8:45:f0:df:8f:53:
                    13:43:e7:16:54:dc:c9:cc:47:d3:be:49:44:46:1a:
                    05:e1:43:b1:e4:e7:8b:86:a5:f3:4c:fa:a1:a6:a1:
                    b2:b8:ef:e8:b3:95:83:69:22:d2:12:7a:fd:f6:05:
                    be:11:4d:d8:b4:be:89:5a:d0:f3:9b:2b:42:e7:cb:
                    21:66:4d:77:f1:f6:8a:67:67:d5:2f:f1:5c:78:8b:
                    b4:c9:8c:ab:81:e9:3c:6b:36:2a:54:66:dd:08:9b:
                    c5:31:8d:f9:2f:6d:5d:9a:70:89:91:84:10:2b:f5:
                    2a:57:7e:eb:e6:2d:0c:c3:46:f2:df:5e:62:ce:33:
                    9d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:DC:D4:AE:34:73:48:CE:45:7E:AC:77:F6:4E:F7:29:D7:45:04:E6
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/odzUrjRzSM5Ffqx39k73KddFBOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.138.64.0/22
                  62.138.72.0/22
                  194.64.89.0/24
                  194.64.152.0/22
                  194.163.64.0/22
                  194.163.96.0/20
                  194.163.192.0-194.163.211.255
                  194.163.220.0/22
                  195.180.128.0/22
                  195.180.196.0-195.180.207.255
                  195.180.224.0-195.180.235.255

    Signature Algorithm: sha256WithRSAEncryption
         18:be:1f:ee:33:e7:d4:ed:66:2e:c3:49:c3:96:2c:b6:c6:f8:
         99:a4:96:d9:d0:f5:16:54:d3:64:6e:a0:13:95:c8:5f:12:31:
         eb:df:b9:1f:f6:d7:cb:81:9b:b0:f2:cb:dc:80:6c:ab:33:d2:
         59:34:f5:82:9a:ba:e8:eb:85:13:e5:b6:16:92:e2:f6:55:8c:
         d6:29:95:e4:2d:ef:c9:37:d1:e4:e3:3e:bc:eb:ec:78:2c:3d:
         1d:80:72:40:d0:76:7a:45:92:f3:bf:73:b2:e2:8e:6f:40:c8:
         ba:8e:6e:bf:ef:fc:b3:96:80:87:a1:71:80:83:57:f9:ba:78:
         5a:0c:60:6e:73:1a:82:a3:1a:a6:17:07:9a:87:89:e5:2e:3d:
         a4:4d:42:9e:9b:88:5d:80:43:8c:05:fc:17:37:68:76:35:bc:
         81:df:99:fe:72:fc:07:ce:ac:48:4d:a0:8a:d7:b9:97:22:27:
         2c:b5:f3:1d:41:8d:1c:63:2b:90:5e:72:1f:8f:1d:4d:da:60:
         26:fd:7b:9c:72:e4:b2:8d:3a:0e:b4:2f:83:37:f1:37:a1:1f:
         a0:7f:a2:2f:aa:f6:2c:2d:28:31:8d:d0:51:33:21:b5:f5:28:
         e1:3e:6b:e7:8b:56:a0:2b:7f:bc:67:9d:6a:a9:a3:77:b6:9e:
         87:4d:88:eb
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYM8SsQSPwBnOA2H5DmdU7NqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjIwOTE0MTM1NzU2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWRjZDRhZTM0NzM0OGNlNDU3ZWFjNzdmNjRlZjcyOWQ3NDUwNGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkAcTxdJpHt0kj/xl/zGL1x5NUYe
24Zky9ldP8ISPqpfpzj5gnORiuPA41jdgqSxjmEaTlW0ELxlY+mwmI0vejrgTD8G
jN/wr/HSSPC2pPPa9FQL3Rc0JUGaoGG+4aNgsVSWlOZuco44rYLB8rSc41PboU6A
sVltdXJf9mhXKJDoRfDfj1MTQ+cWVNzJzEfTvklERhoF4UOx5OeLhqXzTPqhpqGy
uO/os5WDaSLSEnr99gW+EU3YtL6JWtDzmytC58shZk138faKZ2fVL/FceIu0yYyr
gek8azYqVGbdCJvFMY35L21dmnCJkYQQK/UqV37r5i0Mw0by315izjOdjwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFKHc1K40c0jORX6sd/ZO9ynXRQTmMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvb2R6VXJqUnpTTTVGZnF4MzlrNzNLZGRGQk9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQCPopAAwQC
PopIAwQAwkBZAwQCwkCYAwQCwqNAAwQEwqNgMAwDBAbCo8ADBALCo9ADBALCo9wD
BALDtIAwDAMEAsO0xAMEBMO0wDAMAwQFw7TgAwQCw7ToMA0GCSqGSIb3DQEBCwUA
A4IBAQAYvh/uM+fU7WYuw0nDliy2xviZpJbZ0PUWVNNkbqATlchfEjHr37kf9tfL
gZuw8svcgGyrM9JZNPWCmrro64UT5bYWkuL2VYzWKZXkLe/JN9Hk4z686+x4LD0d
gHJA0HZ6RZLzv3Oy4o5vQMi6jm6/7/yzloCHoXGAg1f5unhaDGBucxqCoxqmFwea
h4nlLj2kTUKem4hdgEOMBfwXN2h2NbyB35n+cvwHzqxITaCK17mXIicstfMdQY0c
YyuQXnIfjx1N2mAm/XuccuSyjToOtC+DN/E3oR+gf6IvqvYsLSgxjdBRMyG19Sjh
Pmvni1agK3+8Z51qqaN3tp6HTYjr
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:30 2023 by rpki-client on console-ams.rpki-client.org