Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/NkL5qjpmZBB287cHcBjKuyd80Sg.roa
File:                     NkL5qjpmZBB287cHcBjKuyd80Sg.roa (raw, json)
Hash identifier:          KD7cy/gBwseVUMxoAq6z/FhbF40RVmI8aoGl0Iw3K/w=
Subject key identifier:   36:42:F9:AA:3A:66:64:10:76:F3:B7:07:70:18:CA:BB:27:7C:D1:28
Certificate issuer:       /CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
Certificate serial:       0182B0D6143D41C6BDDE339C6D570A4FE4FE
Authority key identifier: 4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/NkL5qjpmZBB287cHcBjKuyd80Sg.roa
Signing time:             Thu 18 Aug 2022 12:03:15 +0000
ROA not before:           Thu 18 Aug 2022 12:03:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     204084
IP address blocks:        2a0b:8040::/29 maxlen: 29
                          2a0b:e9c0::/29 maxlen: 29
                          2a03:f7c0::/29 maxlen: 29
                          2a0c:f640::/29 maxlen: 29
                          2a0b:d900::/29 maxlen: 29
                          2a13:3300::/32 maxlen: 32
                          2a0c:5c0::/29 maxlen: 29
                          2a13:3303::/32 maxlen: 32
                          2a0c:5d00::/29 maxlen: 29
                          2a13:3301::/32 maxlen: 32
                          2a13:3302::/32 maxlen: 32
                          2a06:ddc0::/29 maxlen: 29
                          2a0c:65c0::/29 maxlen: 29
                          2a0c:6980::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:b0:d6:14:3d:41:c6:bd:de:33:9c:6d:57:0a:4f:e4:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
        Validity
            Not Before: Aug 18 12:03:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=3642f9aa3a66641076f3b7077018cabb277cd128
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:eb:01:99:19:e2:f2:24:4d:d1:d7:52:c1:c6:
                    b8:f5:d2:61:80:57:4a:53:28:9b:d0:c7:05:4b:4d:
                    7f:61:2c:7f:36:b7:f3:4d:4d:c2:dc:8e:c7:6c:08:
                    56:5c:18:fd:e8:78:55:97:06:39:ad:fa:c2:59:71:
                    c4:08:ae:e8:99:33:47:3e:c0:4f:a0:56:a0:4a:6d:
                    51:2b:0f:c6:9a:d5:7a:7a:5f:22:22:d5:42:d4:db:
                    7f:af:d0:6c:1d:fc:b3:6a:fb:d7:d2:8a:12:d7:d1:
                    d6:61:0d:d2:91:15:11:e2:ef:95:0a:90:d4:89:f3:
                    df:d9:54:7b:c2:74:20:b3:4c:f4:4c:77:b7:f1:1a:
                    a0:f4:bd:8f:91:bb:ec:b6:36:42:fb:f8:84:cb:5b:
                    71:6a:43:26:b9:58:75:bc:ee:bf:9a:cb:5b:6c:14:
                    ab:95:bd:e4:36:85:11:61:77:aa:25:0c:e9:96:26:
                    f0:ae:fc:cc:69:3a:9b:1f:84:df:7e:4a:fa:d9:e5:
                    f4:72:b4:ab:21:c2:30:24:ae:e9:4d:5c:2e:b9:e9:
                    47:a0:f0:fd:c5:47:4f:2e:17:5d:83:d0:65:4c:a3:
                    f8:46:c4:bf:56:f8:25:8d:02:71:71:98:3a:35:b9:
                    8d:7c:ba:2a:8d:fe:d9:2c:16:14:c2:82:8a:71:f7:
                    a2:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:42:F9:AA:3A:66:64:10:76:F3:B7:07:70:18:CA:BB:27:7C:D1:28
            X509v3 Authority Key Identifier:
                keyid:4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/NkL5qjpmZBB287cHcBjKuyd80Sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f7c0::/29
                  2a06:ddc0::/29
                  2a0b:8040::/29
                  2a0b:d900::/29
                  2a0b:e9c0::/29
                  2a0c:5c0::/29
                  2a0c:5d00::/29
                  2a0c:65c0::/29
                  2a0c:6980::/29
                  2a0c:f640::/29
                  2a13:3300::/30

    Signature Algorithm: sha256WithRSAEncryption
         6a:ea:1e:73:58:e0:a9:1a:5e:20:95:42:ef:ce:74:20:7c:53:
         50:2f:ba:97:3f:09:ba:56:3b:9c:5c:9a:b7:2b:e9:84:92:47:
         41:c9:f5:51:09:76:d2:25:ca:cc:2e:da:3a:7a:2d:9d:e3:95:
         d4:30:21:91:64:b0:4f:95:4b:3c:2e:5c:65:79:39:3b:72:9e:
         31:24:77:ce:13:0f:1a:71:34:b9:6e:48:2b:1a:d0:19:8a:f6:
         f8:ee:6e:73:44:05:7c:33:56:f4:fa:28:28:93:39:d9:b3:df:
         88:7a:e4:ea:3e:1c:bb:47:cf:e4:e7:5a:c4:7a:38:ba:98:75:
         12:09:de:02:8a:10:77:22:c7:99:5e:57:93:d4:9e:ee:fc:60:
         3b:34:71:08:8e:d2:10:64:bc:53:b8:b0:d3:93:71:e8:61:00:
         df:37:42:e6:88:46:e1:ec:ab:ff:4e:30:1c:36:64:b6:1f:f8:
         bc:a4:69:12:20:20:2a:eb:2f:38:1e:df:f2:dc:fd:0e:f4:c3:
         7d:17:5e:c2:79:e7:b3:42:60:b3:a5:05:b4:b1:1e:c6:08:18:
         2e:2e:1f:8e:8e:00:69:31:65:8b:87:fd:45:7a:bd:4c:ed:8b:
         5b:06:36:33:06:83:58:fa:2e:21:0a:f4:48:3a:f0:0d:66:b2:
         33:45:fc:a2
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYKw1hQ9Qca93jOcbVcKT+T+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZTFiYmJlNTQwMDc5ZDJiN2YyNzBiOTJjZWFmM2IyYTgx
NmU4ZmEwHhcNMjIwODE4MTIwMzE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjQyZjlhYTNhNjY2NDEwNzZmM2I3MDc3MDE4Y2FiYjI3N2NkMTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjesBmRni8iRN0ddSwca49dJhgFdK
Uyib0McFS01/YSx/NrfzTU3C3I7HbAhWXBj96HhVlwY5rfrCWXHECK7omTNHPsBP
oFagSm1RKw/GmtV6el8iItVC1Nt/r9BsHfyzavvX0ooS19HWYQ3SkRUR4u+VCpDU
ifPf2VR7wnQgs0z0THe38Rqg9L2PkbvstjZC+/iEy1txakMmuVh1vO6/mstbbBSr
lb3kNoURYXeqJQzplibwrvzMaTqbH4Tffkr62eX0crSrIcIwJK7pTVwuuelHoPD9
xUdPLhddg9BlTKP4RsS/VvgljQJxcZg6NbmNfLoqjf7ZLBYUwoKKcfeiCwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFDZC+ao6ZmQQdvO3B3AYyrsnfNEoMB8GA1UdIwQY
MBaAFEvhu75UAHnSt/JwuSzq87KoFuj6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMt
MWVmMWNlZTY2MWNhLzEvTmtMNXFqcG1aQkIyODdjSGNCakt1eWQ4MFNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMtMWVmMWNlZTY2MWNh
LzEvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUDKgP3wAMF
AyoG3cADBQMqC4BAAwUDKgvZAAMFAyoL6cADBQMqDAXAAwUDKgxdAAMFAyoMZcAD
BQMqDGmAAwUDKgz2QAMFAioTMwAwDQYJKoZIhvcNAQELBQADggEBAGrqHnNY4Kka
XiCVQu/OdCB8U1Avupc/CbpWO5xcmrcr6YSSR0HJ9VEJdtIlyswu2jp6LZ3jldQw
IZFksE+VSzwuXGV5OTtynjEkd84TDxpxNLluSCsa0BmK9vjubnNEBXwzVvT6KCiT
Odmz34h65Oo+HLtHz+TnWsR6OLqYdRIJ3gKKEHcix5leV5PUnu78YDs0cQiO0hBk
vFO4sNOTcehhAN83QuaIRuHsq/9OMBw2ZLYf+LykaRIgICrrLzge3/Lc/Q70w30X
XsJ557NCYLOlBbSxHsYIGC4uH46OAGkxZYuH/UV6vUzti1sGNjMGg1j6LiEK9Eg6
8A1msjNF/KI=
-----END CERTIFICATE-----