Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/dSEH0g7cIDnayth7dedxKQcr4Xs.roa
File:                     dSEH0g7cIDnayth7dedxKQcr4Xs.roa (raw, json)
Hash identifier:          vJ4Yr4nNOgMB+M3hWAjcpCBdjMDdnoRR/wrtiHyvazs=
Subject key identifier:   75:21:07:D2:0E:DC:20:39:DA:CA:D8:7B:75:E7:71:29:07:2B:E1:7B
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       0187139CDC5D595B22FD0E3683EEFB1BB28F
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/dSEH0g7cIDnayth7dedxKQcr4Xs.roa
Signing time:             Fri 24 Mar 2023 12:34:19 +0000
ROA not before:           Fri 24 Mar 2023 12:34:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12325
IP address blocks:        94.177.28.0/24 maxlen: 24
                          86.105.144.0/22 maxlen: 24
                          185.18.224.0/23 maxlen: 24
                          89.37.107.0/24 maxlen: 24
                          86.106.26.0/24 maxlen: 24
                          89.35.124.0/23 maxlen: 24
                          93.114.176.0/23 maxlen: 24
                          89.46.128.0/22 maxlen: 24
                          89.39.94.0/23 maxlen: 24
                          94.177.144.0/24 maxlen: 24
                          89.39.123.0/24 maxlen: 24
                          89.45.228.0/24 maxlen: 24
                          188.215.40.0/22 maxlen: 24
                          89.40.222.0/23 maxlen: 24
                          31.14.228.0/22 maxlen: 24
                          89.46.232.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:13:9c:dc:5d:59:5b:22:fd:0e:36:83:ee:fb:1b:b2:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Mar 24 12:34:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=752107d20edc2039dacad87b75e77129072be17b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:47:d4:57:ac:79:7a:a3:a1:05:34:01:6d:b9:
                    bf:1e:f0:8c:62:6a:8c:2b:45:cb:2c:e9:68:8a:1c:
                    ca:6d:98:cb:86:2d:a0:47:b2:aa:55:bd:36:c4:06:
                    b9:39:7b:bc:38:f4:a9:d1:c8:e1:95:0c:27:62:10:
                    f2:e9:1e:c2:33:8a:d5:b7:1a:19:9d:85:2e:34:8d:
                    27:6f:c3:a4:d9:94:b4:e9:60:db:3e:54:f4:6d:d7:
                    5f:a0:c1:33:c4:cf:dd:98:d7:8d:20:54:4e:a6:e8:
                    43:7c:89:ef:60:0e:8c:19:42:b4:23:41:f3:b1:ee:
                    60:15:ee:58:f1:98:d1:bd:64:30:e0:2a:fc:34:2f:
                    69:57:9a:b6:46:96:22:56:6c:a1:6f:c9:d5:d6:f7:
                    8e:f8:4e:d9:9a:1e:34:6c:99:1c:ef:86:47:c0:48:
                    06:2d:53:62:6a:28:58:90:5e:82:97:d3:56:41:04:
                    80:e7:77:55:ce:d6:b4:90:20:01:e5:d6:70:9b:77:
                    a5:c5:11:68:6b:fe:cd:bf:2f:28:e0:ba:1e:40:d8:
                    88:fe:2d:60:5b:1b:9c:96:24:24:42:a5:49:1f:94:
                    23:79:7a:72:80:f0:11:b0:f9:14:fd:dd:76:14:27:
                    0f:97:26:80:73:2e:cc:b9:e5:91:00:bc:3c:57:9a:
                    bd:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:21:07:D2:0E:DC:20:39:DA:CA:D8:7B:75:E7:71:29:07:2B:E1:7B
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/dSEH0g7cIDnayth7dedxKQcr4Xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.228.0/22
                  86.105.144.0/22
                  86.106.26.0/24
                  89.35.124.0/23
                  89.37.107.0/24
                  89.39.94.0/23
                  89.39.123.0/24
                  89.40.222.0/23
                  89.45.228.0/24
                  89.46.128.0/22
                  89.46.232.0/21
                  93.114.176.0/23
                  94.177.28.0/24
                  94.177.144.0/24
                  185.18.224.0/23
                  188.215.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e0:0f:bb:1d:eb:f5:7a:74:d0:11:4b:7e:b8:1e:fc:f9:91:92:
         db:31:af:c5:dd:1a:a0:55:e8:b4:f1:23:8d:4a:2c:d2:2d:56:
         c2:19:de:91:80:0d:08:40:3c:b4:03:9b:70:cb:81:ab:67:ef:
         1c:a2:94:6b:7c:98:a6:c7:fc:cd:63:98:93:5c:05:29:62:07:
         48:45:33:b7:f3:d9:2e:c2:e4:ef:44:6d:9b:99:e3:85:de:50:
         f1:dd:86:6a:dd:be:e0:d5:43:32:e7:c3:ef:1f:28:d1:cd:5d:
         71:62:fe:d8:cb:d2:aa:a4:4f:0a:28:23:ad:97:9b:75:4e:d5:
         a9:da:50:c8:6a:d1:ee:30:4d:c1:79:42:ce:4e:1f:30:8d:e2:
         4c:12:84:97:04:24:44:a3:1f:b6:cc:65:b2:55:b9:10:d0:3d:
         03:af:f0:ad:7b:ff:69:e8:9f:cf:7c:1e:38:c4:9a:d8:f2:c1:
         fa:45:ad:66:34:fc:50:1b:6d:8d:97:15:a9:6e:ae:a3:5f:f4:
         d2:7d:01:e6:14:9a:69:14:1e:86:5d:1a:b3:f6:6c:8d:6e:5c:
         54:6e:88:3f:e6:87:ae:92:88:0b:b0:06:1a:49:ef:3e:22:ef:
         21:1a:90:a9:1d:87:e9:98:1a:5b:ae:9c:cc:c3:32:3b:2e:70:
         c9:ce:17:2f
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYcTnNxdWVsi/Q42g+77G7KPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMwMzI0MTIzNDE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTIxMDdkMjBlZGMyMDM5ZGFjYWQ4N2I3NWU3NzEyOTA3MmJlMTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0fUV6x5eqOhBTQBbbm/HvCMYmqM
K0XLLOloihzKbZjLhi2gR7KqVb02xAa5OXu8OPSp0cjhlQwnYhDy6R7CM4rVtxoZ
nYUuNI0nb8Ok2ZS06WDbPlT0bddfoMEzxM/dmNeNIFROpuhDfInvYA6MGUK0I0Hz
se5gFe5Y8ZjRvWQw4Cr8NC9pV5q2RpYiVmyhb8nV1veO+E7Zmh40bJkc74ZHwEgG
LVNiaihYkF6Cl9NWQQSA53dVzta0kCAB5dZwm3elxRFoa/7Nvy8o4LoeQNiI/i1g
WxucliQkQqVJH5QjeXpygPARsPkU/d12FCcPlyaAcy7MueWRALw8V5q9LQIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFHUhB9IO3CA52srYe3XncSkHK+F7MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2RTRUgwZzdjSURuYXl0aDdkZWR4S1FjcjRYcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIweQYIKwYBBQUHAQcBAf8EajBoMGYEAgABMGADBAIfDuQD
BAJWaZADBABWahoDBAFZI3wDBABZJWsDBAFZJ14DBABZJ3sDBAFZKN4DBABZLeQD
BAJZLoADBANZLugDBAFdcrADBABesRwDBABesZADBAG5EuADBAK81ygwDQYJKoZI
hvcNAQELBQADggEBAOAPux3r9Xp00BFLfrge/PmRktsxr8XdGqBV6LTxI41KLNIt
VsIZ3pGADQhAPLQDm3DLgatn7xyilGt8mKbH/M1jmJNcBSliB0hFM7fz2S7C5O9E
bZuZ44XeUPHdhmrdvuDVQzLnw+8fKNHNXXFi/tjL0qqkTwooI62Xm3VO1anaUMhq
0e4wTcF5Qs5OHzCN4kwShJcEJESjH7bMZbJVuRDQPQOv8K17/2non898HjjEmtjy
wfpFrWY0/FAbbY2XFalurqNf9NJ9AeYUmmkUHoZdGrP2bI1uXFRuiD/mh66SiAuw
BhpJ7z4i7yEakKkdh+mYGluunMzDMjsucMnOFy8=
-----END CERTIFICATE-----