Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/exf6bwhocIxo24I6WPqYX-USvaE.roa
File:                     exf6bwhocIxo24I6WPqYX-USvaE.roa (raw, json)
Hash identifier:          wQqP66l+sb/iENUCWGp806bq6S+IDeEO9Wu5kE0F/Tg=
Subject key identifier:   7B:17:FA:6F:08:68:70:8C:68:DB:82:3A:58:FA:98:5F:E5:12:BD:A1
Certificate issuer:       /CN=b328fe258a1b9bf6148a6ce0e8a712f18840904c
Certificate serial:       018E86A2E1158871EC99F773F60AA4E21D62
Authority key identifier: B3:28:FE:25:8A:1B:9B:F6:14:8A:6C:E0:E8:A7:12:F1:88:40:90:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/syj-JYobm_YUimzg6KcS8YhAkEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/exf6bwhocIxo24I6WPqYX-USvaE.roa
Signing time:             Thu 28 Mar 2024 19:56:45 +0000
ROA not before:           Thu 28 Mar 2024 19:56:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25459
IP address blocks:        83.172.128.0/21 maxlen: 21
                          83.172.136.0/24 maxlen: 24
                          83.172.138.0/23 maxlen: 23
                          83.172.140.0/23 maxlen: 23
                          83.172.144.0/22 maxlen: 22
                          83.172.148.0/24 maxlen: 24
                          83.172.150.0/23 maxlen: 23
                          83.172.153.0/24 maxlen: 24
                          83.172.159.0/24 maxlen: 24
                          83.172.160.0/22 maxlen: 22
                          83.172.164.0/23 maxlen: 23
                          83.172.169.0/24 maxlen: 24
                          83.172.180.0/22 maxlen: 22
                          83.172.186.0/24 maxlen: 24
                          83.172.188.0/23 maxlen: 23
                          2a02:cec0::/30 maxlen: 30

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:86:a2:e1:15:88:71:ec:99:f7:73:f6:0a:a4:e2:1d:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b328fe258a1b9bf6148a6ce0e8a712f18840904c
        Validity
            Not Before: Mar 28 19:56:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b17fa6f0868708c68db823a58fa985fe512bda1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:3a:4c:57:84:06:16:3b:c3:ff:7e:16:d8:e8:
                    43:db:bd:5a:9f:dc:58:f7:a4:1d:d0:f4:de:ce:4e:
                    4f:23:46:c6:8d:d5:8e:a5:3e:10:26:26:f3:da:0c:
                    66:2e:62:57:5e:29:65:0c:33:7c:63:3d:f6:81:25:
                    8c:2d:58:b6:a2:c0:a3:f9:ae:24:e2:ca:a0:c8:57:
                    c4:7e:ce:c1:00:6a:ca:fe:27:21:b1:9b:2e:d8:99:
                    b2:9a:dc:04:86:4b:e0:8d:af:02:c3:45:63:1b:04:
                    fd:0c:d7:34:77:06:95:09:b9:03:8f:17:03:0e:b3:
                    56:ef:7c:26:fe:a8:b8:25:b8:9e:a9:08:86:10:eb:
                    b5:6c:c7:e5:65:50:a7:c7:73:9e:22:de:eb:b1:f9:
                    25:b1:bb:79:df:76:57:be:df:20:c4:b0:3e:7e:41:
                    29:c6:aa:09:b3:16:4a:91:51:e0:54:3b:82:ab:ac:
                    9c:ed:90:23:38:bb:15:fe:23:75:bc:1b:5a:d8:63:
                    4a:b7:47:49:ed:52:14:aa:fe:a0:85:7d:b1:dd:81:
                    a9:00:9d:c7:f4:d7:c4:aa:31:cd:12:5d:d2:7a:29:
                    a7:09:19:68:75:d2:82:39:8c:32:9a:a6:7e:d1:b6:
                    91:a8:63:51:a2:2f:54:97:04:b1:93:12:be:89:24:
                    7d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:17:FA:6F:08:68:70:8C:68:DB:82:3A:58:FA:98:5F:E5:12:BD:A1
            X509v3 Authority Key Identifier:
                keyid:B3:28:FE:25:8A:1B:9B:F6:14:8A:6C:E0:E8:A7:12:F1:88:40:90:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syj-JYobm_YUimzg6KcS8YhAkEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/exf6bwhocIxo24I6WPqYX-USvaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/syj-JYobm_YUimzg6KcS8YhAkEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.172.128.0-83.172.136.255
                  83.172.138.0-83.172.141.255
                  83.172.144.0-83.172.148.255
                  83.172.150.0/23
                  83.172.153.0/24
                  83.172.159.0-83.172.165.255
                  83.172.169.0/24
                  83.172.180.0/22
                  83.172.186.0/24
                  83.172.188.0/23
                IPv6:
                  2a02:cec0::/30

    Signature Algorithm: sha256WithRSAEncryption
         91:7c:09:09:2d:61:9c:1a:9c:2a:cb:a8:93:28:ef:0b:2a:8c:
         1c:ec:b2:dc:8c:39:52:f4:06:87:30:75:dc:d2:85:5b:76:88:
         94:8a:ba:f4:f9:6b:2b:95:81:16:d7:7f:b5:99:53:d7:d4:76:
         fe:95:aa:9f:1b:21:52:bd:c4:77:50:4d:e2:1f:5d:73:f8:70:
         b8:69:5e:ac:fc:07:42:aa:65:f3:6e:38:5e:97:bf:93:0d:c1:
         67:42:22:7b:6c:2e:4f:29:87:08:b5:af:1e:07:4d:0e:96:c7:
         5c:1f:bb:22:66:ea:9d:0f:89:44:f2:f0:db:b5:89:a6:c7:1f:
         21:fe:d4:30:e4:b9:c9:79:54:3e:e7:70:9d:4e:f2:e0:2b:b9:
         91:65:7e:56:f6:34:a1:b7:a7:4b:34:52:4e:e5:7d:fe:9e:03:
         f5:93:14:2b:58:94:df:9d:82:6b:00:c3:30:7f:2f:fe:a6:01:
         12:ce:80:ae:d0:ae:48:67:75:b1:f7:38:0c:83:26:f0:06:b3:
         bf:5c:36:10:23:c6:4e:ca:2a:4a:ca:ce:64:2e:bc:31:9f:6e:
         e2:8b:cb:85:a8:d1:00:a8:76:65:0d:fd:e9:13:6c:63:85:a2:
         c2:cf:55:bc:ac:ec:3f:52:09:15:ab:27:6b:5f:94:16:30:42:
         9d:a5:f6:12
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAY6GouEViHHsmfdz9gqk4h1iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMjhmZTI1OGExYjliZjYxNDhhNmNlMGU4YTcxMmYxODg0
MDkwNGMwHhcNMjQwMzI4MTk1NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjE3ZmE2ZjA4Njg3MDhjNjhkYjgyM2E1OGZhOTg1ZmU1MTJiZGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjpMV4QGFjvD/34W2OhD271an9xY
96Qd0PTezk5PI0bGjdWOpT4QJibz2gxmLmJXXillDDN8Yz32gSWMLVi2osCj+a4k
4sqgyFfEfs7BAGrK/ichsZsu2JmymtwEhkvgja8Cw0VjGwT9DNc0dwaVCbkDjxcD
DrNW73wm/qi4JbieqQiGEOu1bMflZVCnx3OeIt7rsfklsbt533ZXvt8gxLA+fkEp
xqoJsxZKkVHgVDuCq6yc7ZAjOLsV/iN1vBta2GNKt0dJ7VIUqv6ghX2x3YGpAJ3H
9NfEqjHNEl3SeimnCRloddKCOYwymqZ+0baRqGNRoi9UlwSxkxK+iSR9yQIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFHsX+m8IaHCMaNuCOlj6mF/lEr2hMB8GA1UdIwQY
MBaAFLMo/iWKG5v2FIps4OinEvGIQJBMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3lqLUpZb2JtX1lVaW16ZzZLY1M4WWhBa0V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hMTg4YmMtZGVlZS00MmVjLTgyODkt
ZWQ4NGEwMDU4YTlmLzEvZXhmNmJ3aG9jSXhvMjRJNldQcVlYLVVTdmFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hMTg4YmMtZGVlZS00MmVjLTgyODktZWQ4NGEwMDU4YTlm
LzEvc3lqLUpZb2JtX1lVaW16ZzZLY1M4WWhBa0V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwYgQCAAEwXDAMAwQHU6yA
AwQAU6yIMAwDBAFTrIoDBAFTrIwwDAMEBFOskAMEAFOslAMEAVOslgMEAFOsmTAM
AwQAU6yfAwQBU6ykAwQAU6ypAwQCU6y0AwQAU6y6AwQBU6y8MA0EAgACMAcDBQIq
As7AMA0GCSqGSIb3DQEBCwUAA4IBAQCRfAkJLWGcGpwqy6iTKO8LKowc7LLcjDlS
9AaHMHXc0oVbdoiUirr0+WsrlYEW13+1mVPX1Hb+laqfGyFSvcR3UE3iH11z+HC4
aV6s/AdCqmXzbjhel7+TDcFnQiJ7bC5PKYcIta8eB00OlsdcH7siZuqdD4lE8vDb
tYmmxx8h/tQw5LnJeVQ+53CdTvLgK7mRZX5W9jSht6dLNFJO5X3+ngP1kxQrWJTf
nYJrAMMwfy/+pgESzoCu0K5IZ3Wx9zgMgybwBrO/XDYQI8ZOyipKys5kLrwxn27i
i8uFqNEAqHZlDf3pE2xjhaLCz1W8rOw/UgkVqydrX5QWMEKdpfYS
-----END CERTIFICATE-----