Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/DqEEl4F7GjZpRI4V5EIA2hLI-JM.roa
File:                     DqEEl4F7GjZpRI4V5EIA2hLI-JM.roa (raw, json)
Hash identifier:          tcBAO0XogomfbnUbyocNV0qPJ4VJp2rzgMeAnoadfCQ=
Subject key identifier:   0E:A1:04:97:81:7B:1A:36:69:44:8E:15:E4:42:00:DA:12:C8:F8:93
Certificate issuer:       /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial:       018323307C9F7BB4B8DCED7F0130075B8D0B
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/DqEEl4F7GjZpRI4V5EIA2hLI-JM.roa
Signing time:             Fri 09 Sep 2022 16:58:43 +0000
ROA not before:           Fri 09 Sep 2022 16:58:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     1239
IP address blocks:        166.108.246.0/24 maxlen: 24
                          166.108.242.0/23 maxlen: 24
                          166.108.245.0/24 maxlen: 24
                          166.108.244.0/24 maxlen: 24
                          166.108.253.0/24 maxlen: 24
                          166.108.247.0/24 maxlen: 24
                          166.108.249.0/24 maxlen: 24
                          166.108.250.0/24 maxlen: 24
                          166.108.252.0/24 maxlen: 24
                          166.108.251.0/24 maxlen: 24
                          166.108.254.0/24 maxlen: 24
                          166.108.192.0/22 maxlen: 24
                          166.108.196.0/22 maxlen: 24
                          166.108.200.0/22 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:23:30:7c:9f:7b:b4:b8:dc:ed:7f:01:30:07:5b:8d:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
        Validity
            Not Before: Sep  9 16:58:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0ea10497817b1a3669448e15e44200da12c8f893
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f5:41:4a:fd:c9:5e:08:c8:f2:10:3c:18:2e:
                    3b:7a:dd:01:25:54:80:4f:67:9d:9d:0d:a3:95:44:
                    9e:91:19:31:99:b8:11:c2:9b:4b:48:a2:d0:40:e5:
                    d2:58:21:d9:fa:03:a8:26:1b:a0:da:87:1e:6f:34:
                    0c:5a:82:16:11:fc:5e:8f:91:a0:cb:3a:aa:e3:05:
                    c3:d0:df:2d:ce:ee:b2:fa:bc:0e:7a:ad:76:03:25:
                    97:10:ab:d3:f1:96:1b:5d:a6:f8:cc:c8:39:48:fd:
                    ef:ab:7e:58:27:9f:c3:be:02:cb:10:79:3d:bb:d1:
                    71:a9:8a:4c:38:62:74:c3:ed:bc:b6:53:40:3f:44:
                    e1:48:db:f3:ad:0f:cd:a8:51:0e:a7:26:35:18:0b:
                    fa:0b:74:c6:a1:4b:38:23:25:25:c4:2a:a3:32:64:
                    64:50:4f:dd:94:0f:d9:08:85:eb:0b:72:02:ba:33:
                    68:4a:66:a5:94:0c:04:0a:43:a6:77:30:38:b8:aa:
                    dd:d8:a1:e8:ab:cb:79:d4:d7:d9:ad:a9:3c:07:d6:
                    fd:97:1b:9e:9f:fe:66:71:bd:ed:86:28:f8:18:38:
                    18:2e:55:76:b2:a9:81:89:e7:25:9a:3d:a6:e2:76:
                    49:58:fe:c6:05:78:ee:fe:01:d1:5f:7e:da:ca:4d:
                    82:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:A1:04:97:81:7B:1A:36:69:44:8E:15:E4:42:00:DA:12:C8:F8:93
            X509v3 Authority Key Identifier:
                keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/DqEEl4F7GjZpRI4V5EIA2hLI-JM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.108.192.0-166.108.203.255
                  166.108.242.0-166.108.247.255
                  166.108.249.0-166.108.254.255

    Signature Algorithm: sha256WithRSAEncryption
         8e:72:93:df:e0:df:47:24:ff:09:f5:9f:cb:58:67:0b:0f:09:
         65:53:e8:a4:c2:dc:08:a6:b0:54:73:63:33:ae:7b:bc:e1:1a:
         9c:f5:71:6c:97:18:ce:49:b3:2e:f6:34:bf:49:c6:62:53:d1:
         03:e8:60:63:e5:88:de:a7:2e:1d:8c:40:e7:9c:1f:25:8a:69:
         53:cf:0e:cd:64:59:9c:9f:27:5f:29:9b:c8:f1:36:73:05:2b:
         ab:e0:66:04:13:2b:64:ea:19:01:be:cf:61:99:51:cd:ca:55:
         5f:3a:00:8f:26:c6:48:f2:bf:36:ae:0c:ea:d5:9e:97:d7:6a:
         32:65:43:98:53:38:0f:50:b3:76:6c:fc:05:a7:d5:7f:64:18:
         6a:39:d1:5c:e5:12:ce:6f:03:44:9a:4f:86:4b:a9:5a:fc:ed:
         65:6f:84:54:27:af:7e:db:44:fd:a6:10:36:cc:21:18:b1:6f:
         4f:4f:36:46:df:b3:72:fc:eb:ed:45:30:9a:b2:43:d3:55:35:
         c0:bc:89:db:02:ba:6b:d8:cd:dd:b9:a5:ef:ed:5f:48:e7:fd:
         59:e6:4b:f5:89:66:9a:27:51:e1:66:40:47:da:7e:6b:ef:dc:
         84:27:68:6f:b7:be:d5:c7:9e:32:22:54:bb:e6:5e:0d:0d:0e:
         73:12:44:3a
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYMjMHyfe7S43O1/ATAHW40LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjIwOTA5MTY1ODQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWExMDQ5NzgxN2IxYTM2Njk0NDhlMTVlNDQyMDBkYTEyYzhmODkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvVBSv3JXgjI8hA8GC47et0BJVSA
T2ednQ2jlUSekRkxmbgRwptLSKLQQOXSWCHZ+gOoJhug2ocebzQMWoIWEfxej5Gg
yzqq4wXD0N8tzu6y+rwOeq12AyWXEKvT8ZYbXab4zMg5SP3vq35YJ5/DvgLLEHk9
u9FxqYpMOGJ0w+28tlNAP0ThSNvzrQ/NqFEOpyY1GAv6C3TGoUs4IyUlxCqjMmRk
UE/dlA/ZCIXrC3ICujNoSmallAwECkOmdzA4uKrd2KHoq8t51NfZrak8B9b9lxue
n/5mcb3thij4GDgYLlV2sqmBieclmj2m4nZJWP7GBXju/gHRX37ayk2CMwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFA6hBJeBexo2aUSOFeRCANoSyPiTMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvRHFFRWw0RjdHalpwUkk0VjVFSUEyaExJLUpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqMAwDBAambMAD
BAKmbMgwDAMEAaZs8gMEA6Zs8DAMAwQApmz5AwQApmz+MA0GCSqGSIb3DQEBCwUA
A4IBAQCOcpPf4N9HJP8J9Z/LWGcLDwllU+ikwtwIprBUc2Mzrnu84Rqc9XFslxjO
SbMu9jS/ScZiU9ED6GBj5Yjepy4djEDnnB8limlTzw7NZFmcnydfKZvI8TZzBSur
4GYEEytk6hkBvs9hmVHNylVfOgCPJsZI8r82rgzq1Z6X12oyZUOYUzgPULN2bPwF
p9V/ZBhqOdFc5RLObwNEmk+GS6la/O1lb4RUJ69+20T9phA2zCEYsW9PTzZG37Ny
/OvtRTCaskPTVTXAvInbArpr2M3duaXv7V9I5/1Z5kv1iWaaJ1HhZkBH2n5r79yE
J2hvt77Vx54yIlS75l4NDQ5zEkQ6
-----END CERTIFICATE-----