Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/74-zUJfOMQ4Rce68NYqxQLfSWzc.roa
File:                     74-zUJfOMQ4Rce68NYqxQLfSWzc.roa (raw, json)
Hash identifier:          GGYucluR97Hl6VSnscM4aLnfyPd2W/EqBkLDamdZm/0=
Subject key identifier:   EF:8F:B3:50:97:CE:31:0E:11:71:EE:BC:35:8A:B1:40:B7:D2:5B:37
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01830D90C6AE83EAD45398D38AF8185BE6B7
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/74-zUJfOMQ4Rce68NYqxQLfSWzc.roa
Signing time:             Mon 05 Sep 2022 12:12:15 +0000
ROA not before:           Mon 05 Sep 2022 12:12:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209813
IP address blocks:        185.238.152.0/24 maxlen: 24
                          46.161.31.0/24 maxlen: 24
                          185.238.153.0/24 maxlen: 24
                          185.238.155.0/24 maxlen: 24
                          185.238.154.0/24 maxlen: 24
                          31.184.203.0/24 maxlen: 24
                          31.184.202.0/24 maxlen: 24
                          31.184.201.0/24 maxlen: 24
                          31.184.200.0/24 maxlen: 24
                          5.188.50.0/23 maxlen: 24
                          5.188.194.0/24 maxlen: 24
                          5.188.195.0/24 maxlen: 24
                          91.243.42.0/24 maxlen: 24
                          91.243.41.0/24 maxlen: 24
                          5.8.66.0/24 maxlen: 24
                          5.8.67.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:0d:90:c6:ae:83:ea:d4:53:98:d3:8a:f8:18:5b:e6:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Sep  5 12:12:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ef8fb35097ce310e1171eebc358ab140b7d25b37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:22:dc:41:cc:72:11:27:56:bc:f3:d3:21:52:
                    25:d7:f1:c7:e6:5c:12:96:40:a4:52:a4:46:3e:6c:
                    a0:e8:0d:b0:05:72:59:f2:36:3c:d5:53:7c:f7:04:
                    49:46:e9:62:fd:1d:85:1e:f6:cc:be:fa:32:14:56:
                    c0:aa:40:67:d1:7c:07:a7:d8:e6:57:4e:3c:27:be:
                    2f:bb:34:eb:d8:33:af:97:e7:b3:d9:5f:68:0a:14:
                    8c:d7:64:13:fe:20:40:8a:e6:d8:bc:d1:1d:ca:58:
                    fd:4d:56:37:36:f0:cb:26:c8:bc:93:43:bd:cd:0c:
                    88:50:cf:96:7a:bb:72:fb:8e:6f:d8:09:7f:9c:eb:
                    8d:ad:25:3a:38:07:f0:11:d0:fe:45:25:b7:ec:60:
                    7a:c4:0f:6a:ed:eb:7c:98:0b:d3:b9:26:3d:1b:88:
                    7a:4f:94:1f:1c:f8:37:4d:a0:73:48:6e:b6:dd:16:
                    af:6e:25:6b:07:37:97:20:b1:b8:75:f2:90:cf:85:
                    89:c0:f4:02:f6:8b:9f:08:3d:41:f8:1d:32:2c:f6:
                    ef:12:60:29:28:96:b7:9a:ea:73:82:48:80:08:1c:
                    b0:eb:76:99:46:9b:38:42:31:1e:e2:91:d4:8f:57:
                    6a:3e:c3:a2:f8:31:14:34:67:90:73:f9:a2:18:1f:
                    26:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:8F:B3:50:97:CE:31:0E:11:71:EE:BC:35:8A:B1:40:B7:D2:5B:37
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/74-zUJfOMQ4Rce68NYqxQLfSWzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.66.0/23
                  5.188.50.0/23
                  5.188.194.0/23
                  31.184.200.0/22
                  46.161.31.0/24
                  91.243.41.0-91.243.42.255
                  185.238.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:0a:d5:51:b9:d7:9c:51:6b:05:79:cf:22:16:f6:93:bd:64:
         6f:36:a5:f7:67:b2:8d:ac:ec:af:b2:30:e9:9a:3d:b3:24:96:
         d9:c3:3f:e3:e9:ab:ec:64:3e:0d:d4:b3:7d:a7:ae:01:ca:1d:
         71:d6:21:74:39:aa:1e:f5:c8:84:ad:eb:98:43:f0:a7:2f:01:
         55:e1:7a:b8:e1:aa:a0:bd:c6:49:b8:58:72:7f:c7:c7:19:00:
         82:3b:9e:02:b6:29:f7:c8:6f:27:e5:8c:f5:b7:18:64:38:93:
         0f:c3:8c:9b:54:a9:58:19:25:3d:a6:93:61:6f:87:5b:fa:8a:
         b4:fc:be:4e:eb:e6:ec:1a:83:82:05:e8:0c:11:dc:8c:2e:91:
         45:96:de:db:34:f2:87:ec:c5:ed:3d:42:3b:64:bd:66:0a:9c:
         13:2c:e8:be:cc:17:42:c5:12:7b:4b:67:e0:c8:5a:14:c3:e6:
         7a:53:4d:2d:a9:97:5a:ad:a5:94:45:59:22:fe:f1:64:c1:27:
         44:ab:24:2d:73:54:4f:89:83:4e:a7:37:aa:dc:58:10:16:32:
         e4:87:62:cc:93:65:4b:1d:d0:89:19:aa:5a:19:71:5e:5e:03:
         83:d2:ce:83:a5:8a:cf:3f:6f:11:71:57:bd:c9:6e:96:bb:2c:
         50:21:c3:ba
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYMNkMaug+rUU5jTivgYW+a3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjIwOTA1MTIxMjE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjhmYjM1MDk3Y2UzMTBlMTE3MWVlYmMzNThhYjE0MGI3ZDI1YjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApiLcQcxyESdWvPPTIVIl1/HH5lwS
lkCkUqRGPmyg6A2wBXJZ8jY81VN89wRJRuli/R2FHvbMvvoyFFbAqkBn0XwHp9jm
V048J74vuzTr2DOvl+ez2V9oChSM12QT/iBAiubYvNEdylj9TVY3NvDLJsi8k0O9
zQyIUM+Werty+45v2Al/nOuNrSU6OAfwEdD+RSW37GB6xA9q7et8mAvTuSY9G4h6
T5QfHPg3TaBzSG623RavbiVrBzeXILG4dfKQz4WJwPQC9oufCD1B+B0yLPbvEmAp
KJa3mupzgkiACByw63aZRps4QjEe4pHUj1dqPsOi+DEUNGeQc/miGB8m9QIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFO+Ps1CXzjEOEXHuvDWKsUC30ls3MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvNzQtelVKZk9NUTRSY2U2OE5ZcXhRTGZTV3pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBBQhCAwQB
BbwyAwQBBbzCAwQCH7jIAwQALqEfMAwDBABb8ykDBABb8yoDBAK57pgwDQYJKoZI
hvcNAQELBQADggEBAH4K1VG515xRawV5zyIW9pO9ZG82pfdnso2s7K+yMOmaPbMk
ltnDP+Ppq+xkPg3Us32nrgHKHXHWIXQ5qh71yISt65hD8KcvAVXherjhqqC9xkm4
WHJ/x8cZAII7ngK2KffIbyfljPW3GGQ4kw/DjJtUqVgZJT2mk2Fvh1v6irT8vk7r
5uwag4IF6AwR3IwukUWW3ts08ofsxe09QjtkvWYKnBMs6L7MF0LFEntLZ+DIWhTD
5npTTS2pl1qtpZRFWSL+8WTBJ0SrJC1zVE+Jg06nN6rcWBAWMuSHYsyTZUsd0IkZ
qloZcV5eA4PSzoOlis8/bxFxV73Jbpa7LFAhw7o=
-----END CERTIFICATE-----