Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/Aszmj-8c-iCGJmUlvmClNK8QM40.roa
File:                     Aszmj-8c-iCGJmUlvmClNK8QM40.roa (raw, json)
Hash identifier:          5gQFkyehMlKZdCbWa4pEk2gZEDBnk7l9QeLQLaq5EH8=
Subject key identifier:   02:CC:E6:8F:EF:1C:FA:20:86:26:65:25:BE:60:A5:34:AF:10:33:8D
Certificate issuer:       /CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Certificate serial:       018C8C048F774737F264C747632001B9CBA6
Authority key identifier: 23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/Aszmj-8c-iCGJmUlvmClNK8QM40.roa
Signing time:             Thu 21 Dec 2023 10:55:58 +0000
ROA not before:           Thu 21 Dec 2023 10:55:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197248
IP address blocks:        77.111.96.0/20 maxlen: 24
                          93.88.192.0/21 maxlen: 21
                          93.88.194.0/24 maxlen: 24
                          109.61.0.0/22 maxlen: 22
                          109.61.8.0/21 maxlen: 21
                          77.111.88.0/21 maxlen: 24
                          62.112.192.0/21 maxlen: 21
                          62.112.192.0/19 maxlen: 19
                          109.61.96.0/21 maxlen: 21
                          109.61.112.0/20 maxlen: 20
                          62.112.208.0/20 maxlen: 20
                          109.61.22.0/24 maxlen: 24
                          109.61.20.0/22 maxlen: 22
                          109.61.24.0/21 maxlen: 21
                          109.61.32.0/19 maxlen: 19
                          109.61.64.0/20 maxlen: 20
                          2a01:be00::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:8c:04:8f:77:47:37:f2:64:c7:47:63:20:01:b9:cb:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
        Validity
            Not Before: Dec 21 10:55:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=02cce68fef1cfa2086266525be60a534af10338d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:48:c6:02:fd:d0:9b:b4:e0:5c:7d:86:4f:03:
                    eb:3e:a4:67:05:b7:43:04:cf:31:8a:62:91:4b:22:
                    58:39:fc:1b:21:a5:95:c3:fe:14:1f:15:50:fd:4d:
                    bc:66:11:e6:b3:41:0b:02:d1:09:c8:b1:6a:bd:5a:
                    31:2c:13:ee:95:16:b0:93:0a:cc:70:fe:35:87:a5:
                    60:d8:80:ef:f6:b8:3c:11:b6:0f:9a:49:03:91:a4:
                    b1:da:c8:bb:8d:9b:b7:7f:15:48:41:a1:0e:8c:5d:
                    26:97:81:b8:b6:fc:ec:5a:f7:08:5e:f3:08:14:1e:
                    a4:1f:7b:e5:53:ef:15:54:a2:4f:0e:5d:bb:53:a9:
                    cd:c0:01:40:1f:c3:fd:47:5f:20:ba:b5:fd:86:35:
                    be:5b:13:61:1b:0f:00:ae:6a:a9:9b:3f:14:ec:bf:
                    14:42:ec:7f:c3:8b:7e:c5:a6:82:e9:f3:bb:f5:d4:
                    57:8c:c4:6e:0a:08:9b:6e:9e:16:db:a1:d3:89:33:
                    73:f5:1f:b9:87:0e:50:46:91:2b:62:7c:1d:60:27:
                    1d:53:e3:82:a3:82:a4:8b:03:e7:df:fa:7c:ee:a9:
                    f0:20:ab:14:ad:a8:b2:6c:c7:9a:74:05:ad:72:22:
                    2b:2d:09:7f:4e:6b:ef:9b:ac:c5:23:7c:b9:74:72:
                    70:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:CC:E6:8F:EF:1C:FA:20:86:26:65:25:BE:60:A5:34:AF:10:33:8D
            X509v3 Authority Key Identifier:
                keyid:23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/Aszmj-8c-iCGJmUlvmClNK8QM40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.192.0/19
                  77.111.88.0-77.111.111.255
                  93.88.192.0/21
                  109.61.0.0/22
                  109.61.8.0/21
                  109.61.20.0-109.61.79.255
                  109.61.96.0/21
                  109.61.112.0/20
                IPv6:
                  2a01:be00::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:7b:b7:4c:d0:7f:e8:76:c3:bc:c1:61:2b:33:30:71:ef:a1:
         bb:0f:5e:db:37:93:e9:9c:67:72:28:7e:eb:a3:59:8d:d2:5e:
         c1:c5:82:92:fb:b9:5e:c3:83:5b:f5:8f:0b:bf:7b:8c:cf:a6:
         ea:80:0e:dc:0c:9f:be:54:da:bb:43:06:32:7c:2d:42:ef:70:
         c5:e1:27:b6:db:e9:4c:e9:5d:9d:39:81:81:9f:a4:ac:2a:01:
         55:12:02:78:b7:66:99:ee:67:a5:3c:24:5c:3a:ea:20:31:f0:
         a3:82:72:f7:be:d3:46:62:d1:e0:8a:49:af:9c:7d:89:8e:f1:
         bd:b1:b2:7f:8f:2e:b9:ca:5b:08:f5:ac:98:b2:38:2a:8b:49:
         0d:a9:9e:68:57:52:8e:52:ae:ed:a5:e4:60:d2:20:30:e8:4e:
         bf:3f:ff:ff:82:73:4b:4b:17:55:31:b4:ae:ee:2b:d0:3f:c7:
         3e:14:14:ab:fa:32:75:ad:73:e3:b1:6b:7d:83:c6:df:ca:1b:
         27:e7:40:b4:f0:ca:a8:20:9a:f1:e8:f5:6d:ce:bb:21:cb:4b:
         be:03:48:ff:8e:4d:9a:c4:c9:00:0f:7c:ef:42:bc:3a:89:5a:
         db:ba:f8:c8:af:17:1e:b4:ca:58:c5:b0:93:23:62:15:04:b4:
         7e:48:66:99
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYyMBI93RzfyZMdHYyABucumMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzk0YTEyNWZhM2FjZTBjNDdhNmZlMzRmNDA4NmI0ZDNi
YTU1ODgwHhcNMjMxMjIxMTA1NTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmNjZTY4ZmVmMWNmYTIwODYyNjY1MjViZTYwYTUzNGFmMTAzMzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUjGAv3Qm7TgXH2GTwPrPqRnBbdD
BM8ximKRSyJYOfwbIaWVw/4UHxVQ/U28ZhHms0ELAtEJyLFqvVoxLBPulRawkwrM
cP41h6Vg2IDv9rg8EbYPmkkDkaSx2si7jZu3fxVIQaEOjF0ml4G4tvzsWvcIXvMI
FB6kH3vlU+8VVKJPDl27U6nNwAFAH8P9R18gurX9hjW+WxNhGw8Armqpmz8U7L8U
Qux/w4t+xaaC6fO79dRXjMRuCgibbp4W26HTiTNz9R+5hw5QRpErYnwdYCcdU+OC
o4KkiwPn3/p87qnwIKsUraiybMeadAWtciIrLQl/Tmvvm6zFI3y5dHJwYwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFALM5o/vHPoghiZlJb5gpTSvEDONMB8GA1UdIwQY
MBaAFCM5ShJfo6zgxHpv409AhrTTulWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2Et
ZDQzMjA3ZDYyZGZlLzEvQXN6bWotOGMtaUNHSm1VbHZtQ2xOSzhRTTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2EtZDQzMjA3ZDYyZGZl
LzEvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQFPnDAMAwD
BANNb1gDBARNb2ADBANdWMADBAJtPQADBANtPQgwDAMEAm09FAMEBG09QAMEA209
YAMEBG09cDANBAIAAjAHAwUAKgG+ADANBgkqhkiG9w0BAQsFAAOCAQEAGXu3TNB/
6HbDvMFhKzMwce+huw9e2zeT6Zxncih+66NZjdJewcWCkvu5XsODW/WPC797jM+m
6oAO3AyfvlTau0MGMnwtQu9wxeEnttvpTOldnTmBgZ+krCoBVRICeLdmme5npTwk
XDrqIDHwo4Jy977TRmLR4IpJr5x9iY7xvbGyf48uucpbCPWsmLI4KotJDameaFdS
jlKu7aXkYNIgMOhOvz///4JzS0sXVTG0ru4r0D/HPhQUq/oyda1z47FrfYPG38ob
J+dAtPDKqCCa8ej1bc67IctLvgNI/45NmsTJAA9870K8Oola27r4yK8XHrTKWMWw
kyNiFQS0fkhmmQ==
-----END CERTIFICATE-----