Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/G32JcOReSzmF9Tz-gJJMQcajqmU.roa
File:                     G32JcOReSzmF9Tz-gJJMQcajqmU.roa (raw, json)
Hash identifier:          IwY1NQCw+qI/XdEsP43468EsE+uvjR+PuiRe2AxONQU=
Subject key identifier:   1B:7D:89:70:E4:5E:4B:39:85:F5:3C:FE:80:92:4C:41:C6:A3:AA:65
Certificate issuer:       /CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Certificate serial:       018C43FAF1A1ED096DD2925E1F0160719AD6
Authority key identifier: 23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/G32JcOReSzmF9Tz-gJJMQcajqmU.roa
Signing time:             Thu 07 Dec 2023 11:12:48 +0000
ROA not before:           Thu 07 Dec 2023 11:12:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197248
IP address blocks:        77.111.96.0/20 maxlen: 24
                          93.88.192.0/21 maxlen: 21
                          93.88.194.0/24 maxlen: 24
                          109.61.0.0/22 maxlen: 22
                          109.61.8.0/21 maxlen: 21
                          77.111.64.0/19 maxlen: 21
                          77.111.88.0/21 maxlen: 24
                          62.112.192.0/19 maxlen: 19
                          109.61.96.0/21 maxlen: 21
                          109.61.112.0/20 maxlen: 20
                          109.61.22.0/24 maxlen: 24
                          109.61.20.0/22 maxlen: 22
                          109.61.24.0/21 maxlen: 21
                          109.61.32.0/19 maxlen: 19
                          109.61.64.0/20 maxlen: 20
                          2a01:be00::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:43:fa:f1:a1:ed:09:6d:d2:92:5e:1f:01:60:71:9a:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
        Validity
            Not Before: Dec  7 11:12:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1b7d8970e45e4b3985f53cfe80924c41c6a3aa65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:5f:09:01:42:c0:46:ce:8c:20:2b:cf:2f:36:
                    3f:ab:28:61:c8:41:8f:2f:e6:52:f4:5f:a2:9f:06:
                    7c:73:09:48:62:77:ed:3d:ce:1f:68:aa:32:d8:32:
                    9a:8d:57:5f:71:c9:2b:e0:57:46:86:7f:02:ee:40:
                    88:32:e8:5b:fe:5d:a7:87:7e:1d:39:b6:d8:11:6b:
                    c5:f9:78:4a:67:47:49:62:ec:bc:ab:1c:eb:75:3b:
                    c1:04:eb:cf:e1:1a:3b:72:7c:7e:fa:3c:2c:f3:34:
                    50:9f:d7:0c:ff:9f:46:f0:11:d5:e4:39:44:64:15:
                    85:67:50:c7:55:64:b1:6d:fc:3d:a7:1a:83:91:17:
                    1b:31:27:dc:c3:c7:83:9e:e7:bc:ea:8d:04:d9:b4:
                    6c:d6:76:7d:c8:ac:cf:dc:5c:c6:72:5c:05:2b:9d:
                    c2:ab:27:e2:52:47:e8:b6:54:40:9d:4a:ae:25:72:
                    00:53:c9:80:21:3f:55:3d:b7:f4:be:2f:49:18:c6:
                    c9:a1:83:a7:b4:d8:fe:79:b9:06:9a:2e:b8:78:45:
                    ef:a4:c1:b1:59:4e:83:a2:16:cb:b7:1f:4a:36:d1:
                    64:c5:d6:98:ea:03:dd:1d:5e:f1:8e:d3:2e:71:54:
                    2d:00:be:a5:c7:ca:89:a1:6d:86:36:b7:c1:22:73:
                    5f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:7D:89:70:E4:5E:4B:39:85:F5:3C:FE:80:92:4C:41:C6:A3:AA:65
            X509v3 Authority Key Identifier:
                keyid:23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/G32JcOReSzmF9Tz-gJJMQcajqmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.192.0/19
                  77.111.64.0-77.111.111.255
                  93.88.192.0/21
                  109.61.0.0/22
                  109.61.8.0/21
                  109.61.20.0-109.61.79.255
                  109.61.96.0/21
                  109.61.112.0/20
                IPv6:
                  2a01:be00::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:41:77:69:cd:72:a6:ce:07:7d:71:7c:b1:c0:23:cb:c5:95:
         81:d2:4c:2f:38:00:f1:2c:89:13:b4:01:14:f5:48:53:90:11:
         22:10:d8:f5:d1:f2:14:8c:58:05:e1:cb:a5:9a:04:0d:6c:87:
         89:32:37:79:08:62:5e:dc:7a:c8:14:94:cd:0d:e4:5d:73:26:
         bf:0e:92:3e:6d:91:f0:3c:8c:2a:ef:48:f3:e5:fd:65:7d:4d:
         b3:ba:34:ba:18:c7:eb:99:52:3e:3c:8d:7a:3f:da:95:43:c9:
         b9:74:f3:57:48:97:6c:0d:1a:2b:c4:6b:fc:9a:f8:2f:ed:51:
         07:75:87:16:2f:e9:4a:81:35:db:07:90:4f:fa:3b:9c:44:e8:
         0d:95:6e:73:0d:c5:c3:19:44:42:ae:80:10:bb:2f:82:63:13:
         a5:55:35:64:4f:52:ed:6a:ba:c7:34:99:a0:f5:a9:d7:e6:23:
         32:92:38:8d:d3:e3:a8:05:2e:66:9a:03:99:28:40:c6:58:ab:
         11:bf:fe:6d:73:df:79:06:b2:00:92:94:3b:33:b1:21:09:a3:
         1e:9b:f3:f6:1d:e7:cc:45:a9:3d:b0:4b:06:c5:ec:4c:22:3a:
         2e:34:97:be:dc:3f:bf:ab:3d:a1:01:1a:d0:dc:d4:9f:8c:14:
         09:42:b6:6a
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYxD+vGh7Qlt0pJeHwFgcZrWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzk0YTEyNWZhM2FjZTBjNDdhNmZlMzRmNDA4NmI0ZDNi
YTU1ODgwHhcNMjMxMjA3MTExMjQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjdkODk3MGU0NWU0YjM5ODVmNTNjZmU4MDkyNGM0MWM2YTNhYTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhF8JAULARs6MICvPLzY/qyhhyEGP
L+ZS9F+inwZ8cwlIYnftPc4faKoy2DKajVdfcckr4FdGhn8C7kCIMuhb/l2nh34d
ObbYEWvF+XhKZ0dJYuy8qxzrdTvBBOvP4Ro7cnx++jws8zRQn9cM/59G8BHV5DlE
ZBWFZ1DHVWSxbfw9pxqDkRcbMSfcw8eDnue86o0E2bRs1nZ9yKzP3FzGclwFK53C
qyfiUkfotlRAnUquJXIAU8mAIT9VPbf0vi9JGMbJoYOntNj+ebkGmi64eEXvpMGx
WU6DohbLtx9KNtFkxdaY6gPdHV7xjtMucVQtAL6lx8qJoW2GNrfBInNfZwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFBt9iXDkXks5hfU8/oCSTEHGo6plMB8GA1UdIwQY
MBaAFCM5ShJfo6zgxHpv409AhrTTulWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2Et
ZDQzMjA3ZDYyZGZlLzEvRzMySmNPUmVTem1GOVR6LWdKSk1RY2FqcW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2EtZDQzMjA3ZDYyZGZl
LzEvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQFPnDAMAwD
BAZNb0ADBARNb2ADBANdWMADBAJtPQADBANtPQgwDAMEAm09FAMEBG09QAMEA209
YAMEBG09cDANBAIAAjAHAwUAKgG+ADANBgkqhkiG9w0BAQsFAAOCAQEAVkF3ac1y
ps4HfXF8scAjy8WVgdJMLzgA8SyJE7QBFPVIU5ARIhDY9dHyFIxYBeHLpZoEDWyH
iTI3eQhiXtx6yBSUzQ3kXXMmvw6SPm2R8DyMKu9I8+X9ZX1Ns7o0uhjH65lSPjyN
ej/alUPJuXTzV0iXbA0aK8Rr/Jr4L+1RB3WHFi/pSoE12weQT/o7nEToDZVucw3F
wxlEQq6AELsvgmMTpVU1ZE9S7Wq6xzSZoPWp1+YjMpI4jdPjqAUuZpoDmShAxlir
Eb/+bXPfeQayAJKUOzOxIQmjHpvz9h3nzEWpPbBLBsXsTCI6LjSXvtw/v6s9oQEa
0NzUn4wUCUK2ag==
-----END CERTIFICATE-----