Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/xatYUQiIu0zT9KsbY891iQgFHv0.roa
File:                     xatYUQiIu0zT9KsbY891iQgFHv0.roa (raw, json)
Hash identifier:          JLHSBXRA14XM2k0GaLL/TAkjitKS/fB+5ri+6wJG8H0=
Subject key identifier:   C5:AB:58:51:08:88:BB:4C:D3:F4:AB:1B:63:CF:75:89:08:05:1E:FD
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       0C728F69
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/xatYUQiIu0zT9KsbY891iQgFHv0.roa
Signing time:             Tue 08 Mar 2022 19:44:24 +0000
ROA not before:           Tue 08 Mar 2022 19:44:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        195.180.128.0/22 maxlen: 24
                          194.163.192.0/19 maxlen: 24
                          194.163.96.0/19 maxlen: 24
                          62.138.64.0/22 maxlen: 22
                          62.138.72.0/22 maxlen: 22
                          195.180.224.0/20 maxlen: 24
                          194.233.28.0/23 maxlen: 23
                          194.163.64.0/22 maxlen: 22
                          194.163.80.0/22 maxlen: 22
                          195.180.192.0/20 maxlen: 24
                          194.64.144.0/22 maxlen: 22
                          194.64.152.0/22 maxlen: 22
                          194.195.32.0/19 maxlen: 24
                          194.233.224.0/20 maxlen: 20

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 208834409 (0xc728f69)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Mar  8 19:44:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=c5ab58510888bb4cd3f4ab1b63cf758908051efd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:de:ee:05:df:cf:39:a1:89:bb:b6:7b:5d:c8:
                    ac:54:d9:ae:7f:39:f1:19:01:f9:b0:92:00:40:df:
                    86:65:1d:1f:11:1b:f7:ce:fa:2f:ba:89:6e:7c:33:
                    f9:1d:d6:7b:d7:b9:f9:74:9a:2b:e6:62:82:db:0f:
                    89:78:56:44:da:f7:ef:0c:93:8c:d3:ba:2c:9a:05:
                    d4:a6:d7:36:07:d1:e5:10:f8:e5:39:f8:61:38:58:
                    32:9f:6a:f4:80:7f:01:9b:9e:d1:0d:5d:38:82:6b:
                    b1:da:cc:37:fd:fe:62:57:9f:5f:87:5f:75:2a:04:
                    d2:5e:21:3b:9e:e8:5a:36:ab:c3:4a:4a:60:5b:43:
                    e9:c2:08:6a:09:3b:33:9a:b9:20:e2:a2:76:0c:a0:
                    aa:00:08:77:f9:09:60:54:49:5b:f4:f1:4e:79:4a:
                    aa:0b:97:1e:ac:7c:8f:d6:54:29:2b:60:c4:8e:48:
                    68:cf:61:6b:da:bf:56:06:07:0f:f6:d8:c2:51:02:
                    bd:0b:d7:63:03:3b:bb:e8:f0:8c:7d:d0:f6:47:06:
                    90:83:f1:eb:4e:93:31:29:2f:53:fb:a7:14:9f:e6:
                    da:01:e6:41:00:6e:0c:b4:e1:53:79:c1:ab:9f:b7:
                    05:eb:75:d9:8c:41:a7:60:8e:e0:fc:ec:b4:d9:be:
                    3f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:AB:58:51:08:88:BB:4C:D3:F4:AB:1B:63:CF:75:89:08:05:1E:FD
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/xatYUQiIu0zT9KsbY891iQgFHv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.138.64.0/22
                  62.138.72.0/22
                  194.64.144.0/22
                  194.64.152.0/22
                  194.163.64.0/22
                  194.163.80.0/22
                  194.163.96.0/19
                  194.163.192.0/19
                  194.195.32.0/19
                  194.233.28.0/23
                  194.233.224.0/20
                  195.180.128.0/22
                  195.180.192.0/20
                  195.180.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         66:35:34:e0:7e:7d:5a:3c:5c:36:07:30:4e:56:f4:dc:47:3e:
         2a:c9:08:53:09:2e:fa:ad:58:45:0c:03:ba:16:84:42:3d:06:
         18:04:1b:ca:cf:b1:48:30:d1:24:37:46:6c:a5:92:3d:5b:c9:
         43:7c:69:2c:cd:ff:b8:29:1f:9b:0e:dd:74:f1:be:1e:db:58:
         07:b0:57:fb:55:f4:7e:02:26:ce:1f:5d:54:ca:30:be:49:71:
         56:74:70:15:a6:d3:85:b4:f2:e0:54:b7:df:29:16:46:4c:99:
         ef:86:7e:56:7e:a3:f8:06:05:dc:84:9a:01:34:73:08:9a:47:
         16:97:54:e3:0b:72:a9:f3:cf:e2:9e:e3:52:64:c2:7b:d9:b9:
         15:31:64:42:48:ee:84:8c:b6:5e:80:a8:d7:74:ab:f3:e8:08:
         d8:1a:61:75:7c:a7:8a:f3:97:e0:60:94:f4:76:b0:9f:71:d5:
         9c:a2:aa:bc:22:77:74:da:ca:18:d4:60:d8:3b:e1:a0:e3:8f:
         63:4d:2d:86:b5:65:de:65:43:c9:66:1a:62:7e:b2:2a:d8:57:
         ce:e3:9c:b8:e3:74:c5:cb:d2:cc:0f:21:28:3f:ac:3c:04:7a:
         b0:c0:ac:44:d6:53:a2:34:18:2f:58:e5:5c:2e:7c:72:4b:fa:
         28:1a:f7:e3
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgIEDHKPaTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NzQ3MDE3NTY0YzcxMWJjYmQ1NzY4MGEwZGZkMDBmMmE1ZDA5OWRiMB4XDTIyMDMw
ODE5NDQyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzVhYjU4NTEwODg4
YmI0Y2QzZjRhYjFiNjNjZjc1ODkwODA1MWVmZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKve7gXfzzmhibu2e13IrFTZrn858RkB+bCSAEDfhmUdHxEb
9876L7qJbnwz+R3We9e5+XSaK+ZigtsPiXhWRNr37wyTjNO6LJoF1KbXNgfR5RD4
5Tn4YThYMp9q9IB/AZue0Q1dOIJrsdrMN/3+YlefX4dfdSoE0l4hO57oWjarw0pK
YFtD6cIIagk7M5q5IOKidgygqgAId/kJYFRJW/TxTnlKqguXHqx8j9ZUKStgxI5I
aM9ha9q/VgYHD/bYwlECvQvXYwM7u+jwjH3Q9kcGkIPx606TMSkvU/unFJ/m2gHm
QQBuDLThU3nBq5+3Bet12YxBp2CO4PzstNm+P40CAwEAAaOCAlcwggJTMB0GA1Ud
DgQWBBTFq1hRCIi7TNP0qxtjz3WJCAUe/TAfBgNVHSMEGDAWgBTXRwF1ZMcRvL1X
aAoN/QDypdCZ2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEwY0JkV1RIRWJ5OVYyZ0tEZjBBOHFYUW1kcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTgvYmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8x
L3hhdFlVUWlJdTB6VDlLc2JZODkxaVFnRkh2MC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgv
YmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8xLzEwY0JkV1RIRWJ5
OVYyZ0tEZjBBOHFYUW1kcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBt
BggrBgEFBQcBBwEB/wReMFwwWgQCAAEwVAMEAj6KQAMEAj6KSAMEAsJAkAMEAsJA
mAMEAsKjQAMEAsKjUAMEBcKjYAMEBcKjwAMEBcLDIAMEAcLpHAMEBMLp4AMEAsO0
gAMEBMO0wAMEBMO04DANBgkqhkiG9w0BAQsFAAOCAQEAZjU04H59WjxcNgcwTlb0
3Ec+KskIUwku+q1YRQwDuhaEQj0GGAQbys+xSDDRJDdGbKWSPVvJQ3xpLM3/uCkf
mw7ddPG+HttYB7BX+1X0fgImzh9dVMowvklxVnRwFabThbTy4FS33ykWRkyZ74Z+
Vn6j+AYF3ISaATRzCJpHFpdU4wtyqfPP4p7jUmTCe9m5FTFkQkjuhIy2XoCo13Sr
8+gI2BphdXynivOX4GCU9Hawn3HVnKKqvCJ3dNrKGNRg2DvhoOOPY00thrVl3mVD
yWYaYn6yKthXzuOcuON0xcvSzA8hKD+sPAR6sMCsRNZTojQYL1jlXC58ckv6KBr3
4w==
-----END CERTIFICATE-----