Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/9yx4lMbbHXtwJY24j252p9oG8uQ.roa
File:                     9yx4lMbbHXtwJY24j252p9oG8uQ.roa (raw, json)
Hash identifier:          nEr8n8SeiZPwPPnWwVq5X9+Y7qcWs5A3cXBiJ0qrz7A=
Subject key identifier:   F7:2C:78:94:C6:DB:1D:7B:70:25:8D:B8:8F:6E:76:A7:DA:06:F2:E4
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       0182E3D3EA2534220CF95F9D064CE7449209
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/9yx4lMbbHXtwJY24j252p9oG8uQ.roa
Signing time:             Sun 28 Aug 2022 09:41:31 +0000
ROA not before:           Sun 28 Aug 2022 09:41:31 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203629
IP address blocks:        2a0d:e1c0::/30 maxlen: 30
                          2a0d:ad40::/30 maxlen: 30
                          2a09:bc00::/30 maxlen: 30
                          2a0d:ad44::/30 maxlen: 30
                          2a0d:fbc4::/30 maxlen: 30
                          2a09:a600::/30 maxlen: 30
                          2a0d:fbc0::/30 maxlen: 30
                          2a09:bc04::/30 maxlen: 30
                          2a0d:e1c4::/30 maxlen: 30
                          2a09:a604::/30 maxlen: 30
                          2a0d:ce40::/30 maxlen: 30
                          2a0d:b540::/30 maxlen: 30
                          2a09:4000::/30 maxlen: 30
                          2a0d:6b40::/30 maxlen: 30
                          2a0d:b544::/30 maxlen: 30
                          2a09:4004::/30 maxlen: 30
                          2a0d:6b44::/30 maxlen: 30
                          2a0d:ce44::/30 maxlen: 30

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:e3:d3:ea:25:34:22:0c:f9:5f:9d:06:4c:e7:44:92:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Aug 28 09:41:31 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f72c7894c6db1d7b70258db88f6e76a7da06f2e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:83:3e:f4:dd:07:f6:78:73:8d:e5:d9:9e:11:
                    de:2a:31:94:e4:98:80:27:68:ab:9f:6a:42:a6:d8:
                    11:b9:c0:51:c4:ba:aa:f8:6c:58:ca:e6:f8:dc:01:
                    f6:01:e2:2b:f5:62:33:65:f0:a2:1f:10:e8:2d:83:
                    d0:5c:ff:db:d2:c3:94:d5:3e:3b:9b:9b:4e:19:8b:
                    d3:c0:45:96:95:91:56:7e:5d:77:dc:ec:66:38:ab:
                    b6:83:e7:3d:e5:6f:4a:f1:f9:52:2d:f4:b1:1e:53:
                    be:00:a0:18:8d:1d:11:28:18:ff:96:5f:5a:b8:39:
                    50:f7:22:a9:b1:fa:41:5a:7a:9f:cf:bf:fe:df:01:
                    b9:56:ae:62:52:66:08:1e:2a:cb:2f:01:97:8d:68:
                    97:c8:f9:ed:eb:4b:cc:3d:bd:3e:d9:af:df:36:45:
                    99:fd:3c:56:d4:c4:95:56:4c:35:22:37:8f:b6:69:
                    bb:15:d8:24:31:0c:35:8a:dc:71:53:e9:02:5d:cf:
                    54:50:83:c1:e1:23:73:9b:13:9b:3f:cb:8a:d1:fb:
                    68:d0:81:15:1d:23:7c:31:3e:83:78:7e:d0:c1:e5:
                    dc:21:80:e1:ef:2c:15:b0:ce:da:12:00:f7:a8:59:
                    97:21:83:21:17:32:f1:7b:4d:e5:4b:ab:f0:37:27:
                    7f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:2C:78:94:C6:DB:1D:7B:70:25:8D:B8:8F:6E:76:A7:DA:06:F2:E4
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/9yx4lMbbHXtwJY24j252p9oG8uQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:4000::/29
                  2a09:a600::/29
                  2a09:bc00::/29
                  2a0d:6b40::/29
                  2a0d:ad40::/29
                  2a0d:b540::/29
                  2a0d:ce40::/29
                  2a0d:e1c0::/29
                  2a0d:fbc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b5:ca:97:f5:b4:06:bb:73:30:b7:fe:84:58:8a:f9:fb:c6:dd:
         19:94:72:7a:43:70:b9:da:64:ee:b8:4a:19:41:7e:d1:79:e4:
         d3:c8:ca:84:0a:8e:77:49:e9:e8:8f:57:7a:7b:67:c9:7e:2c:
         c8:a4:6e:bf:46:d4:84:59:4f:40:7d:94:6a:24:87:3d:24:69:
         ae:ea:70:06:92:28:29:ad:b4:47:98:32:38:7b:9c:c4:43:ce:
         17:46:8b:9d:16:aa:19:94:a6:5c:5c:3b:91:2d:2c:6a:77:6a:
         1e:32:5b:76:db:99:03:3d:27:46:0e:ca:f1:43:51:33:ef:6e:
         82:71:56:d8:e1:37:67:c2:37:24:50:0c:19:68:0a:d8:87:71:
         9c:82:1d:b1:70:8d:fe:c2:be:f6:bf:e5:34:7b:ea:21:b1:d6:
         03:ed:03:37:4b:98:cb:9e:14:6c:cc:b5:9e:42:61:9b:33:15:
         b5:31:37:40:73:ca:88:a2:ba:a3:71:1b:a5:7d:6f:4c:15:7f:
         69:b3:12:65:f9:85:84:58:c3:5c:4a:bc:d5:ef:bf:fb:1b:fd:
         4d:f1:88:14:59:8e:66:8c:f7:31:db:c8:39:85:97:03:b5:1f:
         ef:52:f9:f3:9a:a9:6c:b4:77:d7:e4:c9:26:92:3d:f4:1b:a8:
         77:15:1a:60
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYLj0+olNCIM+V+dBkznRJIJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjIwODI4MDk0MTMxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzJjNzg5NGM2ZGIxZDdiNzAyNThkYjg4ZjZlNzZhN2RhMDZmMmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoM+9N0H9nhzjeXZnhHeKjGU5JiA
J2irn2pCptgRucBRxLqq+GxYyub43AH2AeIr9WIzZfCiHxDoLYPQXP/b0sOU1T47
m5tOGYvTwEWWlZFWfl133OxmOKu2g+c95W9K8flSLfSxHlO+AKAYjR0RKBj/ll9a
uDlQ9yKpsfpBWnqfz7/+3wG5Vq5iUmYIHirLLwGXjWiXyPnt60vMPb0+2a/fNkWZ
/TxW1MSVVkw1IjePtmm7FdgkMQw1itxxU+kCXc9UUIPB4SNzmxObP8uK0fto0IEV
HSN8MT6DeH7QweXcIYDh7ywVsM7aEgD3qFmXIYMhFzLxe03lS6vwNyd/0QIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFPcseJTG2x17cCWNuI9udqfaBvLkMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvOXl4NGxNYmJIWHR3SlkyNGoyNTJwOW9HOHVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwUDKglAAAMF
AyoJpgADBQMqCbwAAwUDKg1rQAMFAyoNrUADBQMqDbVAAwUDKg3OQAMFAyoN4cAD
BQMqDfvAMA0GCSqGSIb3DQEBCwUAA4IBAQC1ypf1tAa7czC3/oRYivn7xt0ZlHJ6
Q3C52mTuuEoZQX7ReeTTyMqECo53Senoj1d6e2fJfizIpG6/RtSEWU9AfZRqJIc9
JGmu6nAGkigprbRHmDI4e5zEQ84XRoudFqoZlKZcXDuRLSxqd2oeMlt225kDPSdG
DsrxQ1Ez726CcVbY4TdnwjckUAwZaArYh3Gcgh2xcI3+wr72v+U0e+ohsdYD7QM3
S5jLnhRszLWeQmGbMxW1MTdAc8qIorqjcRulfW9MFX9psxJl+YWEWMNcSrzV77/7
G/1N8YgUWY5mjPcx28g5hZcDtR/vUvnzmqlstHfX5Mkmkj30G6h3FRpg
-----END CERTIFICATE-----