Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/f9XMoIKovuWPwHyJL1wRDSB-QDI.roa
File:                     f9XMoIKovuWPwHyJL1wRDSB-QDI.roa (raw, json)
Hash identifier:          7E7HaycD6YY5U+uQNL/iPX//q8eclZRl+UBDWkP2iiw=
Subject key identifier:   7F:D5:CC:A0:82:A8:BE:E5:8F:C0:7C:89:2F:5C:11:0D:20:7E:40:32
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018BCA181506041C2B8A7D9D713645898DE0
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/f9XMoIKovuWPwHyJL1wRDSB-QDI.roa
Signing time:             Mon 13 Nov 2023 19:10:57 +0000
ROA not before:           Mon 13 Nov 2023 19:10:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12325
IP address blocks:        185.18.224.0/23 maxlen: 24
                          89.35.193.0/24 maxlen: 24
                          89.45.228.0/24 maxlen: 24
                          188.215.40.0/22 maxlen: 24
                          89.40.222.0/23 maxlen: 24
                          188.241.84.0/24 maxlen: 24
                          89.47.52.0/24 maxlen: 24
                          188.208.135.0/24 maxlen: 24
                          89.46.232.0/21 maxlen: 24
                          89.46.128.0/22 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ca:18:15:06:04:1c:2b:8a:7d:9d:71:36:45:89:8d:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Nov 13 19:10:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7fd5cca082a8bee58fc07c892f5c110d207e4032
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:09:52:06:99:4e:c2:58:74:80:87:69:27:ce:
                    4a:ca:48:b9:1f:d1:69:8b:07:2c:aa:6c:b2:32:7f:
                    d9:b7:a5:ee:9c:db:03:02:e2:e1:d0:1f:8f:63:ef:
                    89:13:53:bb:53:fd:c8:cd:71:86:2c:c4:63:e3:01:
                    f4:9d:c2:95:f0:2c:85:c8:5f:dc:56:c1:f9:7e:05:
                    5e:ab:47:36:a0:23:66:f2:d8:68:0f:3e:ac:7f:70:
                    cd:2c:dc:82:70:d8:a4:83:f1:94:e1:02:53:36:d5:
                    d9:a7:8e:3a:0b:2e:e5:d9:7e:f1:1c:50:0d:cc:0f:
                    e2:e1:10:46:d0:ee:16:27:f5:96:62:82:96:bd:7e:
                    80:21:db:7a:10:c9:4b:56:f8:68:f7:d0:f9:ec:b8:
                    f8:53:3b:99:9c:43:98:aa:4b:c0:e4:18:6f:79:7b:
                    dc:24:48:de:b7:47:5c:a4:7f:a5:bf:f7:18:f7:2a:
                    d0:78:b8:f0:4a:54:7f:cd:93:b5:d3:dd:45:e5:6e:
                    7c:de:30:49:a1:e6:6e:f6:2a:89:80:28:f5:8a:f0:
                    4d:8a:4b:a7:2d:38:e0:77:cd:34:99:ba:b7:01:1f:
                    ef:22:af:c1:0b:06:75:01:e7:72:31:00:dd:9d:6c:
                    95:3b:87:e6:3b:5c:04:e8:75:38:d9:33:2f:fe:e2:
                    e5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:D5:CC:A0:82:A8:BE:E5:8F:C0:7C:89:2F:5C:11:0D:20:7E:40:32
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/f9XMoIKovuWPwHyJL1wRDSB-QDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.193.0/24
                  89.40.222.0/23
                  89.45.228.0/24
                  89.46.128.0/22
                  89.46.232.0/21
                  89.47.52.0/24
                  185.18.224.0/23
                  188.208.135.0/24
                  188.215.40.0/22
                  188.241.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:de:b7:c0:b5:e9:db:aa:85:8f:40:38:ad:be:06:04:6b:51:
         dd:d5:b5:dc:9f:d4:61:cb:cb:d3:1b:11:3f:18:7d:d3:5f:07:
         97:5f:df:50:3e:83:9c:59:b2:a5:18:65:c1:1a:45:37:bb:06:
         1c:87:4b:c4:9b:d3:a1:42:a4:38:6f:68:1b:8a:b5:b0:f0:b0:
         a9:b4:10:f9:3c:f1:11:e3:c6:92:20:2f:7a:5a:b7:a6:d9:72:
         5a:db:a0:6d:de:fe:9f:e3:6d:6a:03:f7:c2:76:1d:5b:6f:97:
         1f:28:14:bd:66:1f:a0:0d:6f:b0:d9:a7:9c:83:56:e4:79:a5:
         11:95:84:22:0e:94:65:cf:b8:2c:1b:e7:00:40:c7:b6:52:a9:
         0d:76:42:95:d3:6c:b6:61:35:fb:b3:75:39:0a:3a:cd:33:5d:
         f7:5a:5b:e9:02:80:e5:39:c4:8e:e4:7b:92:60:51:8b:49:f4:
         d4:23:c6:e8:a5:de:46:45:d3:02:32:db:2f:5e:00:e0:49:d1:
         8a:89:c3:39:ff:3e:7d:63:7a:6e:b6:7b:73:5d:77:08:a1:1d:
         ad:65:1f:59:2c:23:52:eb:e1:20:54:f4:37:fd:60:80:6a:38:
         58:20:00:0f:12:4a:63:82:48:d8:a7:0c:ee:d1:27:3f:35:ed:
         31:2a:52:e5
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYvKGBUGBBwrin2dcTZFiY3gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMxMTEzMTkxMDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmQ1Y2NhMDgyYThiZWU1OGZjMDdjODkyZjVjMTEwZDIwN2U0MDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3QlSBplOwlh0gIdpJ85Kyki5H9Fp
iwcsqmyyMn/Zt6XunNsDAuLh0B+PY++JE1O7U/3IzXGGLMRj4wH0ncKV8CyFyF/c
VsH5fgVeq0c2oCNm8thoDz6sf3DNLNyCcNikg/GU4QJTNtXZp446Cy7l2X7xHFAN
zA/i4RBG0O4WJ/WWYoKWvX6AIdt6EMlLVvho99D57Lj4UzuZnEOYqkvA5BhveXvc
JEjet0dcpH+lv/cY9yrQeLjwSlR/zZO1091F5W583jBJoeZu9iqJgCj1ivBNikun
LTjgd800mbq3AR/vIq/BCwZ1AedyMQDdnWyVO4fmO1wE6HU42TMv/uLlVwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFH/VzKCCqL7lj8B8iS9cEQ0gfkAyMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2Y5WE1vSUtvdnVXUHdIeUpMMXdSRFNCLVFESS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVQYIKwYBBQUHAQcBAf8ERjBEMEIEAgABMDwDBABZI8ED
BAFZKN4DBABZLeQDBAJZLoADBANZLugDBABZLzQDBAG5EuADBAC80IcDBAK81ygD
BAC88VQwDQYJKoZIhvcNAQELBQADggEBADret8C16duqhY9AOK2+BgRrUd3Vtdyf
1GHLy9MbET8YfdNfB5df31A+g5xZsqUYZcEaRTe7BhyHS8Sb06FCpDhvaBuKtbDw
sKm0EPk88RHjxpIgL3pat6bZclrboG3e/p/jbWoD98J2HVtvlx8oFL1mH6ANb7DZ
p5yDVuR5pRGVhCIOlGXPuCwb5wBAx7ZSqQ12QpXTbLZhNfuzdTkKOs0zXfdaW+kC
gOU5xI7ke5JgUYtJ9NQjxuil3kZF0wIy2y9eAOBJ0YqJwzn/Pn1jem62e3Nddwih
Ha1lH1ksI1Lr4SBU9Df9YIBqOFggAA8SSmOCSNinDO7RJz817TEqUuU=
-----END CERTIFICATE-----