Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/zcrYZiPGxF73RweItrZ_LeN6Uhg.roa
File:                     zcrYZiPGxF73RweItrZ_LeN6Uhg.roa (raw, json)
Hash identifier:          5STuHRfUEuTHqLqs/LVcevtEavHw30SG7apYrORVhrI=
Subject key identifier:   CD:CA:D8:66:23:C6:C4:5E:F7:47:07:88:B6:B6:7F:2D:E3:7A:52:18
Certificate issuer:       /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial:       0186DD4D923482E2B93E87CCC86D0EC8E37B
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/zcrYZiPGxF73RweItrZ_LeN6Uhg.roa
Signing time:             Mon 13 Mar 2023 23:28:13 +0000
ROA not before:           Mon 13 Mar 2023 23:28:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        166.108.246.0/24 maxlen: 24
                          166.108.245.0/24 maxlen: 24
                          166.108.244.0/24 maxlen: 24
                          166.108.242.0/23 maxlen: 24
                          166.108.253.0/24 maxlen: 24
                          166.108.252.0/24 maxlen: 24
                          166.108.251.0/24 maxlen: 24
                          166.108.250.0/24 maxlen: 24
                          166.108.249.0/24 maxlen: 24
                          166.108.247.0/24 maxlen: 24
                          166.108.176.0/22 maxlen: 24
                          166.108.212.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:dd:4d:92:34:82:e2:b9:3e:87:cc:c8:6d:0e:c8:e3:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
        Validity
            Not Before: Mar 13 23:28:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cdcad86623c6c45ef7470788b6b67f2de37a5218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7d:06:34:dd:4b:f2:c9:7c:8b:d4:ec:be:0d:
                    b8:6e:08:c7:bb:b6:2c:8e:f6:88:1e:fa:7d:96:6f:
                    03:f3:b3:ef:a9:27:79:0c:4e:cf:3f:64:04:8f:9a:
                    a6:0f:14:db:57:ee:e6:79:81:e8:d4:f3:56:a3:8a:
                    4c:39:8c:f9:c8:24:01:e2:83:d8:67:6a:3c:56:92:
                    01:18:20:c2:34:e3:7c:e6:17:dc:4e:e7:44:fd:60:
                    0f:5b:77:63:3e:a0:6f:07:47:c2:da:37:b7:5e:56:
                    4c:41:f4:24:72:1b:d8:e2:bd:8b:48:ba:d5:27:a8:
                    59:9c:80:d0:c6:e8:1b:3e:29:e4:94:ba:ef:de:f7:
                    23:10:d1:ec:95:2b:3f:75:f6:b3:f9:42:77:09:06:
                    c0:e1:12:85:2a:95:50:a9:dd:26:05:9e:6a:96:63:
                    2a:48:21:87:97:48:54:93:2a:a3:c3:07:6d:1c:63:
                    07:09:8f:26:86:48:cd:02:74:36:72:10:11:19:12:
                    5a:71:79:05:d8:97:bb:b3:2e:5f:c0:2b:e3:ba:5e:
                    1d:9f:b7:a2:91:cb:4f:20:db:ca:78:46:e7:e2:2a:
                    46:1a:95:2b:54:66:30:9f:19:c5:a9:96:3b:35:18:
                    2c:cf:8d:23:e8:63:b7:05:eb:35:85:50:f8:f8:76:
                    80:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:CA:D8:66:23:C6:C4:5E:F7:47:07:88:B6:B6:7F:2D:E3:7A:52:18
            X509v3 Authority Key Identifier:
                keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/zcrYZiPGxF73RweItrZ_LeN6Uhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.108.176.0/22
                  166.108.212.0/22
                  166.108.242.0-166.108.247.255
                  166.108.249.0-166.108.253.255

    Signature Algorithm: sha256WithRSAEncryption
         16:eb:79:f4:17:a7:28:88:98:69:93:ca:6a:c5:ef:9b:21:ee:
         56:1b:7f:d2:a5:b7:01:2f:f1:ba:4d:73:82:9d:20:59:e3:3c:
         7e:56:e6:d0:48:a8:e0:8e:f5:aa:c6:96:3e:66:6d:ad:f4:23:
         96:aa:71:8f:e3:75:38:99:7d:42:ab:f6:5f:d6:61:5a:96:2f:
         66:95:45:6f:1b:5a:70:73:9b:4c:2c:7b:ff:b6:4a:a5:24:71:
         53:bc:d0:dd:24:7c:b2:27:a4:de:ba:81:cb:16:17:7d:61:3a:
         ed:2d:12:46:81:2e:b5:44:31:e4:75:13:cf:b9:c0:f4:9c:08:
         61:1d:8c:33:5d:3a:a7:e3:44:91:72:18:b7:d5:f7:ee:03:b5:
         e0:b3:19:48:b0:68:5d:23:71:72:fd:39:ed:56:18:d7:86:fd:
         f2:4b:19:d7:1c:0c:a6:ff:73:56:78:e8:eb:3c:d5:a6:d6:3d:
         53:1e:b5:ed:ba:ba:e4:5a:5f:cc:a0:d1:3b:01:ae:75:58:42:
         22:07:8f:17:f3:a2:c4:39:d0:ee:31:e3:4e:dd:1a:23:39:b1:
         7d:cd:54:e7:25:88:f8:35:40:d4:08:86:a9:e0:51:fc:9d:3e:
         37:3a:f7:00:83:d2:0a:2d:ca:3a:09:d2:c3:65:bb:1e:87:fb:
         57:8f:b5:70
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYbdTZI0guK5PofMyG0OyON7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjMwMzEzMjMyODEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGNhZDg2NjIzYzZjNDVlZjc0NzA3ODhiNmI2N2YyZGUzN2E1MjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhX0GNN1L8sl8i9Tsvg24bgjHu7Ys
jvaIHvp9lm8D87PvqSd5DE7PP2QEj5qmDxTbV+7meYHo1PNWo4pMOYz5yCQB4oPY
Z2o8VpIBGCDCNON85hfcTudE/WAPW3djPqBvB0fC2je3XlZMQfQkchvY4r2LSLrV
J6hZnIDQxugbPinklLrv3vcjENHslSs/dfaz+UJ3CQbA4RKFKpVQqd0mBZ5qlmMq
SCGHl0hUkyqjwwdtHGMHCY8mhkjNAnQ2chARGRJacXkF2Je7sy5fwCvjul4dn7ei
kctPINvKeEbn4ipGGpUrVGYwnxnFqZY7NRgsz40j6GO3Bes1hVD4+HaACQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFM3K2GYjxsRe90cHiLa2fy3jelIYMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvemNyWVppUEd4RjczUndlSXRyWl9MZU42VWhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCpmywAwQC
pmzUMAwDBAGmbPIDBAOmbPAwDAMEAKZs+QMEAaZs/DANBgkqhkiG9w0BAQsFAAOC
AQEAFut59BenKIiYaZPKasXvmyHuVht/0qW3AS/xuk1zgp0gWeM8flbm0Eio4I71
qsaWPmZtrfQjlqpxj+N1OJl9Qqv2X9ZhWpYvZpVFbxtacHObTCx7/7ZKpSRxU7zQ
3SR8siek3rqByxYXfWE67S0SRoEutUQx5HUTz7nA9JwIYR2MM106p+NEkXIYt9X3
7gO14LMZSLBoXSNxcv057VYY14b98ksZ1xwMpv9zVnjo6zzVptY9Ux617bq65Fpf
zKDROwGudVhCIgePF/OixDnQ7jHjTt0aIzmxfc1U5yWI+DVA1AiGqeBR/J0+Nzr3
AIPSCi3KOgnSw2W7Hof7V4+1cA==
-----END CERTIFICATE-----