Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/vN4yRaYjMAoAY6dNNNJ8H7uJUlU.roa
File:                     vN4yRaYjMAoAY6dNNNJ8H7uJUlU.roa (raw, json)
Hash identifier:          rv5XomCfgXsfTD4oCxaDBySLLBSBfjU1L0jRTm6NT4E=
Subject key identifier:   BC:DE:32:45:A6:23:30:0A:00:63:A7:4D:34:D2:7C:1F:BB:89:52:55
Certificate issuer:       /CN=c089423af1be03027196d1f81df22992978cda6e
Certificate serial:       01879D9D8F664A69C11F20934C4FE1851277
Authority key identifier: C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/vN4yRaYjMAoAY6dNNNJ8H7uJUlU.roa
Signing time:             Thu 20 Apr 2023 07:42:41 +0000
ROA not before:           Thu 20 Apr 2023 07:42:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     55933
IP address blocks:        85.8.180.0/23 maxlen: 23
                          185.242.232.0/22 maxlen: 24
                          185.242.232.0/23 maxlen: 23
                          185.242.234.0/23 maxlen: 23
                          185.245.40.0/22 maxlen: 24
                          185.239.84.0/23 maxlen: 23
                          185.239.84.0/22 maxlen: 24
                          185.239.86.0/23 maxlen: 23
                          109.206.244.0/22 maxlen: 24
                          93.177.76.0/22 maxlen: 24
                          185.243.240.0/22 maxlen: 24
                          84.252.102.0/23 maxlen: 24
                          2a0c:f480::/29 maxlen: 29
                          2a0d:2480::/29 maxlen: 29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:9d:9d:8f:66:4a:69:c1:1f:20:93:4c:4f:e1:85:12:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c089423af1be03027196d1f81df22992978cda6e
        Validity
            Not Before: Apr 20 07:42:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bcde3245a623300a0063a74d34d27c1fbb895255
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:48:83:f7:d3:d9:ba:e0:81:fc:c1:56:3c:f1:
                    49:5c:fb:f6:a0:0e:01:77:f3:49:1c:d5:39:5f:cc:
                    e1:17:42:f9:66:28:03:20:69:c7:1e:90:08:3f:c8:
                    08:88:17:5a:8f:c7:e2:8b:4e:1d:53:1f:0c:2d:17:
                    9a:66:97:fc:66:52:ca:51:ac:b3:df:6e:1b:7f:fb:
                    f4:bc:75:59:16:40:de:34:38:73:b4:b4:f8:0a:c3:
                    df:2f:58:83:48:ae:66:16:85:27:73:15:e5:03:40:
                    92:7a:e1:78:9f:db:de:05:46:27:28:a7:32:56:7d:
                    d8:bc:19:78:54:fc:e4:c2:fb:62:d1:5a:42:31:90:
                    c1:fb:a5:40:c9:ec:5e:81:9c:c1:bc:b4:57:d6:98:
                    d5:25:ea:5b:29:4e:60:7b:6c:71:5d:5a:5a:0f:55:
                    f0:b2:e0:84:2b:69:6a:d0:ee:74:a9:38:c4:60:d8:
                    84:5a:f6:08:6e:1d:d2:1e:4c:15:2c:16:c2:2e:f9:
                    8f:af:a2:bb:91:66:18:fd:ba:19:c5:db:04:26:1e:
                    49:ba:d9:9e:fc:21:ba:de:8f:67:a5:06:05:0e:5d:
                    c4:85:53:4a:2d:a1:aa:eb:10:4c:a8:6f:92:55:4c:
                    18:a6:99:37:f8:4b:37:2a:12:25:70:64:14:6d:0c:
                    52:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:DE:32:45:A6:23:30:0A:00:63:A7:4D:34:D2:7C:1F:BB:89:52:55
            X509v3 Authority Key Identifier:
                keyid:C0:89:42:3A:F1:BE:03:02:71:96:D1:F8:1D:F2:29:92:97:8C:DA:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wIlCOvG-AwJxltH4HfIpkpeM2m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/vN4yRaYjMAoAY6dNNNJ8H7uJUlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/dc2912-c7b0-4df4-9aa8-65332b47f5eb/1/wIlCOvG-AwJxltH4HfIpkpeM2m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.102.0/23
                  85.8.180.0/23
                  93.177.76.0/22
                  109.206.244.0/22
                  185.239.84.0/22
                  185.242.232.0/22
                  185.243.240.0/22
                  185.245.40.0/22
                IPv6:
                  2a0c:f480::/29
                  2a0d:2480::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:a9:1f:11:23:70:b0:10:9a:35:f9:20:83:ae:ae:a9:18:65:
         4c:2a:1e:31:3d:95:d5:2c:fc:eb:af:ff:e1:8b:0e:16:a5:a9:
         a1:87:50:61:d7:21:85:03:33:fd:cd:22:8a:dc:43:09:8e:1b:
         67:a4:40:a5:fb:3e:ad:eb:55:8d:ac:4f:54:f5:1c:3f:c4:06:
         c5:4a:ba:cc:55:8b:a4:31:6b:44:21:25:99:a4:14:d7:ae:1a:
         6f:17:23:df:67:b5:67:36:da:fb:4d:5b:b9:26:5e:99:5d:6b:
         d5:1a:0b:7e:2f:ee:b1:30:8f:fc:7f:a6:b8:31:64:2d:f9:b7:
         28:8e:57:26:0a:a5:50:06:c9:04:8c:d5:63:82:8b:da:9e:e2:
         80:c1:b1:f1:d9:cf:17:77:45:c9:d2:6e:2d:f2:6a:44:53:8c:
         26:ef:c7:da:05:44:9e:e1:22:01:21:ba:8e:43:90:c7:f8:1f:
         a7:91:4a:df:e8:3d:c1:2e:9b:cf:bf:cc:46:08:f6:88:2f:aa:
         ab:b7:d7:5a:0c:69:91:38:97:c9:58:d4:41:6a:cc:29:4a:cb:
         b8:cb:0c:3a:b7:90:60:f5:2c:3b:79:41:59:bd:ce:89:29:9d:
         8c:f6:c8:03:f7:23:c9:64:c0:e1:0f:ec:23:e7:2a:ae:14:7e:
         2f:2b:e9:46
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYednY9mSmnBHyCTTE/hhRJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwODk0MjNhZjFiZTAzMDI3MTk2ZDFmODFkZjIyOTkyOTc4
Y2RhNmUwHhcNMjMwNDIwMDc0MjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2RlMzI0NWE2MjMzMDBhMDA2M2E3NGQzNGQyN2MxZmJiODk1MjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0iD99PZuuCB/MFWPPFJXPv2oA4B
d/NJHNU5X8zhF0L5ZigDIGnHHpAIP8gIiBdaj8fii04dUx8MLReaZpf8ZlLKUayz
324bf/v0vHVZFkDeNDhztLT4CsPfL1iDSK5mFoUncxXlA0CSeuF4n9veBUYnKKcy
Vn3YvBl4VPzkwvti0VpCMZDB+6VAyexegZzBvLRX1pjVJepbKU5ge2xxXVpaD1Xw
suCEK2lq0O50qTjEYNiEWvYIbh3SHkwVLBbCLvmPr6K7kWYY/boZxdsEJh5Jutme
/CG63o9npQYFDl3EhVNKLaGq6xBMqG+SVUwYppk3+Es3KhIlcGQUbQxSCwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFLzeMkWmIzAKAGOnTTTSfB+7iVJVMB8GA1UdIwQY
MBaAFMCJQjrxvgMCcZbR+B3yKZKXjNpuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgt
NjUzMzJiNDdmNWViLzEvdk40eVJhWWpNQW9BWTZkTk5OSjhIN3VKVWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kYzI5MTItYzdiMC00ZGY0LTlhYTgtNjUzMzJiNDdmNWVi
LzEvd0lsQ092Ry1Bd0p4bHRINEhmSXBrcGVNMm00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQBVPxmAwQB
VQi0AwQCXbFMAwQCbc70AwQCue9UAwQCufLoAwQCufPwAwQCufUoMBQEAgACMA4D
BQMqDPSAAwUDKg0kgDANBgkqhkiG9w0BAQsFAAOCAQEAF6kfESNwsBCaNfkgg66u
qRhlTCoeMT2V1Sz866//4YsOFqWpoYdQYdchhQMz/c0iitxDCY4bZ6RApfs+retV
jaxPVPUcP8QGxUq6zFWLpDFrRCElmaQU164abxcj32e1Zzba+01buSZemV1r1RoL
fi/usTCP/H+muDFkLfm3KI5XJgqlUAbJBIzVY4KL2p7igMGx8dnPF3dFydJuLfJq
RFOMJu/H2gVEnuEiASG6jkOQx/gfp5FK3+g9wS6bz7/MRgj2iC+qq7fXWgxpkTiX
yVjUQWrMKUrLuMsMOreQYPUsO3lBWb3OiSmdjPbIA/cjyWTA4Q/sI+cqrhR+Lyvp
Rg==
-----END CERTIFICATE-----