Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/18KdaarBvQB6OcVTx3rkaviA04c.roa
File:                     18KdaarBvQB6OcVTx3rkaviA04c.roa (raw, json)
Hash identifier:          a5WWDpXt/z6UZ23Hsdto7MuiFPJF+gJmqR+62P18Ups=
Subject key identifier:   D7:C2:9D:69:AA:C1:BD:00:7A:39:C5:53:C7:7A:E4:6A:F8:80:D3:87
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018553A2950B01EEAE84F3B0989118276CC5
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/18KdaarBvQB6OcVTx3rkaviA04c.roa
Signing time:             Tue 27 Dec 2022 12:50:41 +0000
ROA not before:           Tue 27 Dec 2022 12:50:41 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12325
IP address blocks:        89.46.42.0/24 maxlen: 24
                          94.177.28.0/24 maxlen: 24
                          188.213.212.0/24 maxlen: 24
                          188.213.216.0/24 maxlen: 24
                          94.176.213.0/24 maxlen: 24
                          89.47.36.0/24 maxlen: 24
                          92.114.32.0/24 maxlen: 24
                          89.40.222.0/23 maxlen: 24
                          77.81.88.0/24 maxlen: 24
                          92.114.54.0/24 maxlen: 24
                          89.35.124.0/23 maxlen: 24
                          89.44.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:53:a2:95:0b:01:ee:ae:84:f3:b0:98:91:18:27:6c:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Dec 27 12:50:41 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d7c29d69aac1bd007a39c553c77ae46af880d387
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:89:c1:06:a1:13:46:ba:57:46:28:eb:6d:3f:
                    83:8b:f2:87:e2:5b:08:f3:99:69:15:f5:ca:64:ec:
                    48:77:03:5a:52:d6:ec:7b:2c:86:a3:c0:9b:a9:c0:
                    a6:ae:25:54:fa:30:da:58:14:2b:07:fb:1f:9f:d5:
                    9a:d1:7b:ab:15:cd:65:ea:5b:5d:86:1c:04:54:38:
                    62:64:9b:4a:f0:10:5f:26:23:a5:5f:1b:59:6e:53:
                    50:51:a4:cf:0b:87:d9:b6:da:3b:c6:63:7f:e1:e7:
                    ea:e5:d9:2e:af:34:e0:26:3c:a9:74:3b:c6:2f:fa:
                    24:93:c1:7e:50:8f:46:c2:59:af:3a:c9:9f:17:18:
                    5a:65:c8:da:9f:04:b6:3f:a2:cd:85:82:fe:f4:8a:
                    e6:19:f8:c9:d3:c8:9a:c4:6c:0d:36:4b:f1:1f:86:
                    2d:0d:64:dd:df:23:a0:bc:6e:3b:d6:8f:5d:9a:37:
                    c9:6e:52:24:e1:b4:2a:18:dc:4d:cf:0b:73:8c:1f:
                    51:36:69:51:66:62:65:2c:6f:41:a9:ba:a2:15:7b:
                    11:3c:56:96:c7:53:88:4a:52:27:db:79:5c:7b:60:
                    7f:95:61:a3:5e:8f:4e:9a:b9:e2:bd:9c:f0:95:02:
                    1d:b8:9d:89:74:c5:7c:9c:67:b4:3a:d7:ed:f8:12:
                    b3:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C2:9D:69:AA:C1:BD:00:7A:39:C5:53:C7:7A:E4:6A:F8:80:D3:87
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/18KdaarBvQB6OcVTx3rkaviA04c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.88.0/24
                  89.35.124.0/23
                  89.40.222.0/23
                  89.44.105.0/24
                  89.46.42.0/24
                  89.47.36.0/24
                  92.114.32.0/24
                  92.114.54.0/24
                  94.176.213.0/24
                  94.177.28.0/24
                  188.213.212.0/24
                  188.213.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:39:55:1f:f1:3c:38:48:90:16:fc:ed:86:75:f7:e7:ba:47:
         7a:df:42:42:75:83:fe:e6:1e:32:35:6b:d4:a9:07:54:fa:00:
         9a:51:cf:52:29:8c:9a:96:22:82:70:25:d2:4b:a7:4e:17:9a:
         c1:26:e5:33:34:fc:80:e7:18:fc:8d:25:ca:9d:af:49:7c:6d:
         3b:9e:ab:f7:c4:83:0a:88:81:0b:2b:66:a8:e0:13:87:df:42:
         fa:44:73:c5:0d:da:56:5f:d9:66:0e:9f:a3:d5:d8:9f:4f:e6:
         57:48:0a:33:b9:95:5e:3d:6b:2e:9b:ab:ae:14:0c:c7:ea:61:
         2e:35:43:4c:35:d8:ab:d5:65:3e:16:0e:76:1e:96:2a:c3:ce:
         c3:5b:73:70:10:a1:38:41:5e:83:ac:58:72:d0:0c:f1:bd:66:
         40:86:5e:fc:fe:73:91:19:50:99:63:13:50:b1:a9:b6:2c:c3:
         af:bd:35:f6:bd:9a:3f:6e:d5:c6:84:32:8c:13:ea:88:d4:49:
         fe:f2:7c:56:75:56:20:e2:8e:51:e3:ea:9c:77:7c:ef:0c:e4:
         6b:21:76:ab:49:92:65:03:e9:8f:bc:22:aa:e2:89:e7:0a:34:
         96:c7:10:18:66:08:d4:6e:15:57:eb:f1:5f:54:25:26:2c:b2:
         36:c0:5c:73
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYVTopULAe6uhPOwmJEYJ2zFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjIxMjI3MTI1MDQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2MyOWQ2OWFhYzFiZDAwN2EzOWM1NTNjNzdhZTQ2YWY4ODBkMzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4nBBqETRrpXRijrbT+Di/KH4lsI
85lpFfXKZOxIdwNaUtbseyyGo8CbqcCmriVU+jDaWBQrB/sfn9Wa0XurFc1l6ltd
hhwEVDhiZJtK8BBfJiOlXxtZblNQUaTPC4fZtto7xmN/4efq5dkurzTgJjypdDvG
L/okk8F+UI9GwlmvOsmfFxhaZcjanwS2P6LNhYL+9IrmGfjJ08iaxGwNNkvxH4Yt
DWTd3yOgvG471o9dmjfJblIk4bQqGNxNzwtzjB9RNmlRZmJlLG9BqbqiFXsRPFaW
x1OISlIn23lce2B/lWGjXo9OmrnivZzwlQIduJ2JdMV8nGe0Otft+BKz/wIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFNfCnWmqwb0AejnFU8d65Gr4gNOHMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzE4S2RhYXJCdlFCNk9jVlR4M3JrYXZpQTA0Yy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwYQYIKwYBBQUHAQcBAf8EUjBQME4EAgABMEgDBABNUVgD
BAFZI3wDBAFZKN4DBABZLGkDBABZLioDBABZLyQDBABcciADBABccjYDBABesNUD
BABesRwDBAC81dQDBAC81dgwDQYJKoZIhvcNAQELBQADggEBAAM5VR/xPDhIkBb8
7YZ19+e6R3rfQkJ1g/7mHjI1a9SpB1T6AJpRz1IpjJqWIoJwJdJLp04XmsEm5TM0
/IDnGPyNJcqdr0l8bTueq/fEgwqIgQsrZqjgE4ffQvpEc8UN2lZf2WYOn6PV2J9P
5ldICjO5lV49ay6bq64UDMfqYS41Q0w12KvVZT4WDnYelirDzsNbc3AQoThBXoOs
WHLQDPG9ZkCGXvz+c5EZUJljE1CxqbYsw6+9Nfa9mj9u1caEMowT6ojUSf7yfFZ1
ViDijlHj6px3fO8M5GshdqtJkmUD6Y+8IqriiecKNJbHEBhmCNRuFVfr8V9UJSYs
sjbAXHM=
-----END CERTIFICATE-----