Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/PcX9WzzFGihdknMRFscv8pHKJro.roa
File:                     PcX9WzzFGihdknMRFscv8pHKJro.roa (raw, json)
Hash identifier:          Y52lyYH/kW+ZTTcpHlUHweqJUDCP7a20mJkLgYZ8+cA=
Subject key identifier:   3D:C5:FD:5B:3C:C5:1A:28:5D:92:73:11:16:C7:2F:F2:91:CA:26:BA
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       0182B51FCB57AC12175568C4440041EF573C
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/PcX9WzzFGihdknMRFscv8pHKJro.roa
Signing time:             Fri 19 Aug 2022 08:02:15 +0000
ROA not before:           Fri 19 Aug 2022 08:02:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209813
IP address blocks:        185.238.152.0/24 maxlen: 24
                          46.161.31.0/24 maxlen: 24
                          185.238.153.0/24 maxlen: 24
                          185.238.155.0/24 maxlen: 24
                          185.238.154.0/24 maxlen: 24
                          5.189.219.0/24 maxlen: 24
                          31.184.203.0/24 maxlen: 24
                          31.184.202.0/24 maxlen: 24
                          31.184.201.0/24 maxlen: 24
                          31.184.200.0/24 maxlen: 24
                          5.188.50.0/23 maxlen: 24
                          5.188.177.0/24 maxlen: 24
                          5.188.176.0/24 maxlen: 24
                          5.188.178.0/24 maxlen: 24
                          5.188.194.0/24 maxlen: 24
                          5.188.195.0/24 maxlen: 24
                          5.188.203.0/24 maxlen: 24
                          91.243.42.0/24 maxlen: 24
                          91.243.41.0/24 maxlen: 24
                          5.8.67.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:b5:1f:cb:57:ac:12:17:55:68:c4:44:00:41:ef:57:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Aug 19 08:02:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3dc5fd5b3cc51a285d92731116c72ff291ca26ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ff:d5:8c:2a:f8:87:f0:69:51:ad:54:1d:36:
                    98:eb:a5:21:ff:25:e2:75:d8:61:1a:54:00:76:4b:
                    cd:df:4c:28:cd:ba:e2:d1:0d:1b:f8:6b:3b:dd:a2:
                    a1:e6:c4:ee:20:64:e6:f0:0d:4e:80:3c:86:33:87:
                    76:fd:b4:2d:9f:f4:ec:69:81:52:ea:1b:06:38:18:
                    e9:dd:3f:f8:86:37:2f:92:cb:4b:0b:76:eb:2f:c8:
                    37:29:42:4a:13:c8:31:86:da:7b:59:84:d8:45:a0:
                    f6:36:af:0a:e8:9e:02:a5:cb:29:d4:ba:31:eb:0c:
                    ab:d4:e8:02:c1:47:9e:7d:9c:20:91:16:3a:8a:ae:
                    58:b7:69:41:cd:9c:5f:5c:34:6e:ec:37:a3:2c:e5:
                    f6:76:f0:d4:9a:ca:2c:b4:bf:8c:82:5f:e9:32:e2:
                    98:b3:16:07:17:9c:62:c8:9c:db:b3:33:04:db:a9:
                    b1:e7:e6:1d:18:5b:7a:d4:db:95:78:ba:f4:a0:68:
                    91:1c:10:a7:54:f4:0b:61:6b:98:8e:a1:55:06:0b:
                    06:44:0e:13:9f:d2:3c:a6:b6:57:fb:9b:67:e4:55:
                    79:29:a8:2c:7f:85:28:33:2b:b3:20:4a:35:9d:bc:
                    5c:5c:d6:7c:18:f2:f2:68:37:34:3e:7d:34:2b:bf:
                    4e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:C5:FD:5B:3C:C5:1A:28:5D:92:73:11:16:C7:2F:F2:91:CA:26:BA
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/PcX9WzzFGihdknMRFscv8pHKJro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.67.0/24
                  5.188.50.0/23
                  5.188.176.0-5.188.178.255
                  5.188.194.0/23
                  5.188.203.0/24
                  5.189.219.0/24
                  31.184.200.0/22
                  46.161.31.0/24
                  91.243.41.0-91.243.42.255
                  185.238.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:0c:01:0c:75:48:9c:04:6d:11:10:d8:d3:9a:40:d0:2d:4f:
         12:80:5c:c0:91:11:28:89:dc:7f:35:4c:cb:5b:4d:fe:a2:9b:
         b2:f3:98:78:fc:03:46:4c:49:e0:1e:24:7c:fd:e9:bc:94:30:
         f2:b8:76:07:ec:02:cf:4b:f5:19:9b:d0:9d:4c:2f:18:8e:e5:
         67:a2:1b:70:02:26:51:de:80:f5:b4:86:f0:cc:0b:f5:e9:61:
         3f:07:7e:8c:08:41:bc:65:5e:7f:dc:42:98:9e:ed:0f:c5:ec:
         4f:bf:d9:b0:71:50:11:40:b4:74:6e:42:7c:e0:8b:42:98:60:
         81:10:15:5e:6e:4f:0f:e7:31:2b:d1:ac:f0:39:52:54:99:6a:
         fd:3b:3b:93:3c:5b:f8:9b:40:a6:7d:3e:11:5f:2d:9f:66:3c:
         44:42:33:40:05:1f:1c:93:af:fa:89:bf:dc:67:19:16:f8:72:
         9a:e7:12:7a:ca:7e:27:63:98:9a:0f:6f:8e:9c:4b:0d:e9:aa:
         f4:54:81:0f:e7:27:17:54:af:f9:82:99:68:d8:88:09:a1:97:
         e3:2e:2e:83:5c:73:9b:40:96:12:e2:1a:7a:6b:b7:c4:a7:ad:
         2f:47:74:be:1b:cc:75:3e:13:4e:54:a5:75:af:f4:ac:15:af:
         a4:9b:4a:1d
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYK1H8tXrBIXVWjERABB71c8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjIwODE5MDgwMjE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGM1ZmQ1YjNjYzUxYTI4NWQ5MjczMTExNmM3MmZmMjkxY2EyNmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2v/VjCr4h/BpUa1UHTaY66Uh/yXi
ddhhGlQAdkvN30wozbri0Q0b+Gs73aKh5sTuIGTm8A1OgDyGM4d2/bQtn/TsaYFS
6hsGOBjp3T/4hjcvkstLC3brL8g3KUJKE8gxhtp7WYTYRaD2Nq8K6J4Cpcsp1Lox
6wyr1OgCwUeefZwgkRY6iq5Yt2lBzZxfXDRu7DejLOX2dvDUmsostL+Mgl/pMuKY
sxYHF5xiyJzbszME26mx5+YdGFt61NuVeLr0oGiRHBCnVPQLYWuYjqFVBgsGRA4T
n9I8prZX+5tn5FV5Kagsf4UoMyuzIEo1nbxcXNZ8GPLyaDc0Pn00K79O8QIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFD3F/Vs8xRooXZJzERbHL/KRyia6MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvUGNYOVd6ekZHaWhka25NUkZzY3Y4cEhLSnJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQABQhDAwQB
BbwyMAwDBAQFvLADBAAFvLIDBAEFvMIDBAAFvMsDBAAFvdsDBAIfuMgDBAAuoR8w
DAMEAFvzKQMEAFvzKgMEArnumDANBgkqhkiG9w0BAQsFAAOCAQEAsgwBDHVInARt
ERDY05pA0C1PEoBcwJERKIncfzVMy1tN/qKbsvOYePwDRkxJ4B4kfP3pvJQw8rh2
B+wCz0v1GZvQnUwvGI7lZ6IbcAImUd6A9bSG8MwL9elhPwd+jAhBvGVef9xCmJ7t
D8XsT7/ZsHFQEUC0dG5CfOCLQphggRAVXm5PD+cxK9Gs8DlSVJlq/Ts7kzxb+JtA
pn0+EV8tn2Y8REIzQAUfHJOv+om/3GcZFvhymucSesp+J2OYmg9vjpxLDemq9FSB
D+cnF1Sv+YKZaNiICaGX4y4ug1xzm0CWEuIaemu3xKetL0d0vhvMdT4TTlSlda/0
rBWvpJtKHQ==
-----END CERTIFICATE-----