Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/BctP3-sc1JcURmqGqHIaZTglb5Q.roa
File:                     BctP3-sc1JcURmqGqHIaZTglb5Q.roa (raw, json)
Hash identifier:          3/SL4MtYNcokjt+uz8OOuZh+VOmL29QF8zfWY8LiWrQ=
Subject key identifier:   05:CB:4F:DF:EB:1C:D4:97:14:46:6A:86:A8:72:1A:65:38:25:6F:94
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01837EB64D77118A5DF400A961275EB0B495
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/BctP3-sc1JcURmqGqHIaZTglb5Q.roa
Signing time:             Tue 27 Sep 2022 11:30:20 +0000
ROA not before:           Tue 27 Sep 2022 11:30:20 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     12325
IP address blocks:        89.46.42.0/24 maxlen: 24
                          94.177.28.0/24 maxlen: 24
                          188.208.196.0/23 maxlen: 23
                          188.213.212.0/24 maxlen: 24
                          188.213.216.0/24 maxlen: 24
                          94.176.213.0/24 maxlen: 24
                          89.47.36.0/24 maxlen: 24
                          92.114.32.0/24 maxlen: 24
                          89.40.222.0/23 maxlen: 24
                          92.114.54.0/24 maxlen: 24
                          89.35.124.0/23 maxlen: 24
                          89.44.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:7e:b6:4d:77:11:8a:5d:f4:00:a9:61:27:5e:b0:b4:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Sep 27 11:30:20 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=05cb4fdfeb1cd49714466a86a8721a6538256f94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:82:37:cf:2c:ca:dc:ff:7a:04:2c:4a:23:a8:
                    37:dc:7c:be:dc:13:08:c1:ec:63:a2:39:7f:7f:24:
                    31:ac:a6:9e:b7:94:a1:08:f4:5e:b4:c2:4b:67:7b:
                    11:7c:f3:ff:93:e8:1c:29:28:9a:fb:93:1d:1c:20:
                    8b:2f:37:54:e9:f8:ce:87:88:2c:2b:0b:17:b2:6d:
                    0b:76:d8:70:a9:18:14:20:11:f8:98:b0:fb:d5:64:
                    58:a8:dd:cb:9b:9e:c9:1b:34:79:72:12:dc:23:fb:
                    69:06:c6:2e:a7:35:f6:c7:89:e6:e1:b4:74:75:e7:
                    72:0d:02:87:7b:3c:e2:5c:05:35:ba:47:dc:f6:b9:
                    df:38:3b:6b:90:31:39:5a:16:d9:57:97:63:88:b7:
                    22:d0:78:59:73:c0:9d:5b:cc:17:5d:f6:95:b5:bf:
                    f5:3c:74:48:e2:fa:9c:a0:3a:30:23:d1:64:b4:e4:
                    b4:be:05:81:43:3c:73:5b:41:1d:11:12:97:d6:48:
                    22:32:f7:db:d0:aa:89:90:f3:5d:7b:21:fa:d6:0e:
                    40:8e:0b:d8:a5:87:e6:8d:ca:cf:21:e5:86:30:65:
                    0d:1a:3e:0a:f7:14:42:69:4d:81:91:e9:bb:36:37:
                    12:05:33:cc:63:c2:0b:89:d6:a5:0f:ad:bb:63:59:
                    08:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:CB:4F:DF:EB:1C:D4:97:14:46:6A:86:A8:72:1A:65:38:25:6F:94
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/BctP3-sc1JcURmqGqHIaZTglb5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.124.0/23
                  89.40.222.0/23
                  89.44.105.0/24
                  89.46.42.0/24
                  89.47.36.0/24
                  92.114.32.0/24
                  92.114.54.0/24
                  94.176.213.0/24
                  94.177.28.0/24
                  188.208.196.0/23
                  188.213.212.0/24
                  188.213.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:8a:54:11:a1:00:28:56:ae:5a:3b:ce:36:96:bf:01:89:40:
         69:b9:91:85:32:09:47:de:9d:ae:8a:46:b7:54:0e:d8:3e:d4:
         08:d7:45:80:fc:a0:f7:39:55:c9:0e:32:bf:aa:70:aa:22:b6:
         3a:23:23:d2:88:da:f7:66:16:93:cc:59:4a:de:21:bb:b4:57:
         c4:72:54:7e:14:df:04:71:da:a4:af:f1:8e:68:82:ee:1f:8c:
         58:87:eb:74:aa:b0:a4:f5:89:74:27:a9:10:cf:54:b0:db:5b:
         a8:78:d6:17:4b:80:a7:60:bc:e7:30:f4:7b:dc:7d:32:48:c6:
         59:97:ce:b9:22:51:d0:90:ca:34:8a:ad:66:62:e1:b7:02:07:
         c9:8b:42:3e:a7:f7:0b:f2:f1:eb:87:eb:85:b5:63:48:e2:b0:
         76:ca:cf:e8:80:05:b1:c1:a6:1f:cc:54:f4:2d:63:44:2e:91:
         ed:91:41:92:4a:af:7b:62:8c:b3:30:49:83:0f:e4:e3:77:c9:
         aa:c0:bc:cf:03:62:4d:06:a9:05:24:fb:7e:0b:17:3c:c6:b0:
         75:88:f7:52:2a:0d:28:31:5c:c4:ba:93:7d:7a:1e:66:3a:ee:
         3b:5c:b9:78:b1:3d:e7:1d:8d:a9:cc:db:a9:3e:b1:0b:53:ba:
         41:76:7c:1b
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYN+tk13EYpd9ACpYSdesLSVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjIwOTI3MTEzMDIwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWNiNGZkZmViMWNkNDk3MTQ0NjZhODZhODcyMWE2NTM4MjU2Zjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYI3zyzK3P96BCxKI6g33Hy+3BMI
wexjojl/fyQxrKaet5ShCPRetMJLZ3sRfPP/k+gcKSia+5MdHCCLLzdU6fjOh4gs
KwsXsm0LdthwqRgUIBH4mLD71WRYqN3Lm57JGzR5chLcI/tpBsYupzX2x4nm4bR0
dedyDQKHezziXAU1ukfc9rnfODtrkDE5WhbZV5djiLci0HhZc8CdW8wXXfaVtb/1
PHRI4vqcoDowI9FktOS0vgWBQzxzW0EdERKX1kgiMvfb0KqJkPNdeyH61g5AjgvY
pYfmjcrPIeWGMGUNGj4K9xRCaU2Bkem7NjcSBTPMY8ILidalD627Y1kIhwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFAXLT9/rHNSXFEZqhqhyGmU4JW+UMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0JjdFAzLXNjMUpjVVJtcUdxSElhWlRnbGI1US5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwYQYIKwYBBQUHAQcBAf8EUjBQME4EAgABMEgDBAFZI3wD
BAFZKN4DBABZLGkDBABZLioDBABZLyQDBABcciADBABccjYDBABesNUDBABesRwD
BAG80MQDBAC81dQDBAC81dgwDQYJKoZIhvcNAQELBQADggEBAEmKVBGhAChWrlo7
zjaWvwGJQGm5kYUyCUfena6KRrdUDtg+1AjXRYD8oPc5VckOMr+qcKoitjojI9KI
2vdmFpPMWUreIbu0V8RyVH4U3wRx2qSv8Y5ogu4fjFiH63SqsKT1iXQnqRDPVLDb
W6h41hdLgKdgvOcw9HvcfTJIxlmXzrkiUdCQyjSKrWZi4bcCB8mLQj6n9wvy8euH
64W1Y0jisHbKz+iABbHBph/MVPQtY0Quke2RQZJKr3tijLMwSYMP5ON3yarAvM8D
Yk0GqQUk+34LFzzGsHWI91IqDSgxXMS6k316HmY67jtcuXixPecdjanM26k+sQtT
ukF2fBs=
-----END CERTIFICATE-----