Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/NN722IcQ6y0lu_RXb-Nt1Hyfoqs.roa
File:                     NN722IcQ6y0lu_RXb-Nt1Hyfoqs.roa (raw, json)
Hash identifier:          hUFlpvfmFyUlt/hgrn5G76DFUJj4XMCYQaAyeSXJpJs=
Subject key identifier:   34:DE:F6:D8:87:10:EB:2D:25:BB:F4:57:6F:E3:6D:D4:7C:9F:A2:AB
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       0189654AC2E0137CBC140A0E190F554CFFF5
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/NN722IcQ6y0lu_RXb-Nt1Hyfoqs.roa
Signing time:             Mon 17 Jul 2023 19:19:05 +0000
ROA not before:           Mon 17 Jul 2023 19:19:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62240
IP address blocks:        194.59.222.0/24 maxlen: 24
                          212.107.25.0/24 maxlen: 24
                          88.218.187.0/24 maxlen: 24
                          45.87.124.0/24 maxlen: 24
                          45.87.125.0/24 maxlen: 24
                          45.87.127.0/24 maxlen: 24
                          45.86.171.0/24 maxlen: 24
                          84.252.69.0/24 maxlen: 24
                          45.128.124.0/24 maxlen: 24
                          194.60.76.0/24 maxlen: 24
                          88.218.184.0/24 maxlen: 24
                          88.218.186.0/24 maxlen: 24
                          88.218.185.0/24 maxlen: 24
                          2a0f:3101::/32 maxlen: 32
                          2a0d:3c46::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:65:4a:c2:e0:13:7c:bc:14:0a:0e:19:0f:55:4c:ff:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jul 17 19:19:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=34def6d88710eb2d25bbf4576fe36dd47c9fa2ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:05:2b:64:38:3e:86:e4:0a:13:e1:07:02:64:
                    93:4b:a0:6d:53:35:25:d7:fe:ec:c1:7f:f4:01:d6:
                    0f:9f:a6:f9:5b:5c:13:49:29:57:4a:09:d9:fa:84:
                    1a:4b:3b:db:fc:0b:35:cf:f7:6f:4f:2f:59:80:8a:
                    a6:11:4b:3a:d0:52:7b:b9:4b:4f:6e:94:6d:8e:42:
                    b8:a7:2e:7a:7d:4c:93:49:98:d7:f2:c5:7c:03:91:
                    24:1f:5e:28:b6:10:60:f6:d5:4a:12:9e:1f:aa:6e:
                    a9:d1:81:81:ff:c6:8f:b9:d6:61:36:a2:db:95:91:
                    ad:05:19:13:d9:ce:34:bf:77:5e:bd:1e:02:7a:1a:
                    b8:5d:7d:68:ac:3f:62:9e:4c:ad:fe:a6:19:55:ca:
                    26:90:c7:e6:2c:0b:05:0b:18:55:b5:4e:f8:2b:b1:
                    46:80:f2:da:c0:ef:66:72:d4:9b:b2:da:45:d7:ee:
                    21:0c:e7:de:db:b9:33:fb:d7:b1:67:1b:c2:03:ce:
                    4e:18:bc:6a:08:fb:87:fe:bc:97:cf:63:fd:b9:5a:
                    6b:97:b2:b9:48:26:82:0a:64:55:06:7a:65:cb:be:
                    7c:91:a2:4e:7b:af:93:0a:88:40:e5:dd:d0:ed:80:
                    4b:85:14:60:80:2b:aa:ae:3e:45:09:af:63:ad:d3:
                    c6:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:DE:F6:D8:87:10:EB:2D:25:BB:F4:57:6F:E3:6D:D4:7C:9F:A2:AB
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/NN722IcQ6y0lu_RXb-Nt1Hyfoqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.171.0/24
                  45.87.124.0/23
                  45.87.127.0/24
                  45.128.124.0/24
                  84.252.69.0/24
                  88.218.184.0/22
                  194.59.222.0/24
                  194.60.76.0/24
                  212.107.25.0/24
                IPv6:
                  2a0d:3c46::/32
                  2a0f:3101::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:43:66:ed:e1:5a:09:2f:a2:0a:2f:06:d1:b2:97:e7:95:88:
         71:00:9f:f9:af:18:8d:0e:07:be:33:f7:51:a0:d9:46:db:7a:
         72:37:8b:96:4f:5f:63:71:5e:29:0f:f8:38:4c:66:0b:49:35:
         00:91:c6:a3:72:4b:09:fa:46:f4:0e:92:c7:b2:4e:ce:56:db:
         a2:72:3a:05:fe:cd:f3:a3:be:d9:8e:50:30:18:c7:7f:37:17:
         3a:98:83:88:1a:5a:4f:e1:4e:e3:b9:9a:a7:e9:f3:f8:c6:dd:
         1b:c2:e1:8f:cb:9f:06:45:5b:5a:e5:81:4c:fb:7a:d1:42:b6:
         7c:fe:da:51:55:d4:12:46:b5:8f:b6:e7:ad:b2:fa:7a:41:fa:
         98:2d:34:56:f1:50:dd:61:f7:a3:10:3f:1a:c7:e6:9f:d1:77:
         54:f0:ef:6b:fc:60:28:ad:5c:84:d7:59:11:fd:66:37:20:af:
         43:d8:70:2d:b0:68:6f:b1:b0:fc:28:fb:39:74:20:a7:c7:b6:
         dc:69:d2:fd:38:3e:be:4c:f0:6c:cb:3b:02:42:9c:90:4a:86:
         0b:81:0d:d1:35:2d:17:13:fc:98:77:2c:76:2b:3f:bc:a2:a6:
         27:ba:60:1d:a1:30:0b:5b:b9:bd:1f:aa:b3:cf:19:06:ae:67:
         5d:11:4f:5a
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYllSsLgE3y8FAoOGQ9VTP/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwNzE3MTkxOTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGRlZjZkODg3MTBlYjJkMjViYmY0NTc2ZmUzNmRkNDdjOWZhMmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAUrZDg+huQKE+EHAmSTS6BtUzUl
1/7swX/0AdYPn6b5W1wTSSlXSgnZ+oQaSzvb/As1z/dvTy9ZgIqmEUs60FJ7uUtP
bpRtjkK4py56fUyTSZjX8sV8A5EkH14othBg9tVKEp4fqm6p0YGB/8aPudZhNqLb
lZGtBRkT2c40v3devR4Cehq4XX1orD9inkyt/qYZVcomkMfmLAsFCxhVtU74K7FG
gPLawO9mctSbstpF1+4hDOfe27kz+9exZxvCA85OGLxqCPuH/ryXz2P9uVprl7K5
SCaCCmRVBnply758kaJOe6+TCohA5d3Q7YBLhRRggCuqrj5FCa9jrdPGUQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFDTe9tiHEOstJbv0V2/jbdR8n6KrMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvTk43MjJJY1E2eTBsdV9SWGItTnQxSHlmb3FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQALVarAwQB
LVd8AwQALVd/AwQALYB8AwQAVPxFAwQCWNq4AwQAwjveAwQAwjxMAwQA1GsZMBQE
AgACMA4DBQAqDTxGAwUAKg8xATANBgkqhkiG9w0BAQsFAAOCAQEAHENm7eFaCS+i
Ci8G0bKX55WIcQCf+a8YjQ4HvjP3UaDZRtt6cjeLlk9fY3FeKQ/4OExmC0k1AJHG
o3JLCfpG9A6Sx7JOzlbbonI6Bf7N86O+2Y5QMBjHfzcXOpiDiBpaT+FO47map+nz
+MbdG8Lhj8ufBkVbWuWBTPt60UK2fP7aUVXUEka1j7bnrbL6ekH6mC00VvFQ3WH3
oxA/Gsfmn9F3VPDva/xgKK1chNdZEf1mNyCvQ9hwLbBob7Gw/Cj7OXQgp8e23GnS
/Tg+vkzwbMs7AkKckEqGC4EN0TUtFxP8mHcsdis/vKKmJ7pgHaEwC1u5vR+qs88Z
Bq5nXRFPWg==
-----END CERTIFICATE-----