Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/LmKfL58xsreW5Iz3kuuvSuOqHcU.roa
File:                     LmKfL58xsreW5Iz3kuuvSuOqHcU.roa (raw, json)
Hash identifier:          yRt2GwzFfy46fCHSgnbcNRZWT7ygJFYNzhKdYdd2e0E=
Subject key identifier:   2E:62:9F:2F:9F:31:B2:B7:96:E4:8C:F7:92:EB:AF:4A:E3:AA:1D:C5
Certificate issuer:       /CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Certificate serial:       018BD4259F51BBBBF4E42B75E6DB6F135969
Authority key identifier: 23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/LmKfL58xsreW5Iz3kuuvSuOqHcU.roa
Signing time:             Wed 15 Nov 2023 18:01:57 +0000
ROA not before:           Wed 15 Nov 2023 18:01:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197248
IP address blocks:        77.111.96.0/20 maxlen: 24
                          93.88.192.0/21 maxlen: 21
                          62.112.192.0/19 maxlen: 19
                          109.61.96.0/21 maxlen: 21
                          93.88.194.0/24 maxlen: 24
                          109.61.0.0/18 maxlen: 22
                          109.61.112.0/20 maxlen: 20
                          109.61.22.0/24 maxlen: 24
                          77.111.64.0/19 maxlen: 21
                          109.61.64.0/20 maxlen: 20
                          77.111.88.0/21 maxlen: 24
                          2a01:be00::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d4:25:9f:51:bb:bb:f4:e4:2b:75:e6:db:6f:13:59:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
        Validity
            Not Before: Nov 15 18:01:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2e629f2f9f31b2b796e48cf792ebaf4ae3aa1dc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:97:1f:44:1a:70:55:cc:21:9e:a2:66:14:55:
                    11:72:cf:7a:52:c3:0c:d4:5e:18:6b:80:5b:26:be:
                    c5:1f:d8:53:c8:9d:2a:68:92:d5:15:7e:42:a0:e4:
                    88:09:b8:3c:a5:3f:4b:a0:3b:8a:20:1a:5d:ce:87:
                    99:e7:04:73:b7:d8:3b:ca:b1:ff:59:ac:a4:90:87:
                    e4:18:b3:fe:0e:d4:9c:2f:66:ca:5d:8e:cf:88:b6:
                    c0:32:53:09:7b:01:02:74:b5:33:cf:36:63:ee:c7:
                    24:aa:3c:68:45:37:3f:ae:be:e1:c4:e5:57:f4:25:
                    4e:b7:ab:ae:8a:84:fb:6f:07:79:46:9b:a8:42:da:
                    f7:5d:93:9a:6b:43:29:a5:d4:73:3c:7b:c4:11:35:
                    4e:9d:71:28:10:78:fc:49:56:9e:52:0e:37:43:c7:
                    c1:73:1f:72:ef:bb:64:a3:06:10:07:aa:b4:ca:50:
                    d8:d3:3f:c6:b0:fb:ed:55:92:10:93:e0:42:c3:e7:
                    39:93:31:d9:ba:73:65:20:85:5e:81:76:88:ad:86:
                    31:30:06:df:1d:6d:99:b9:bb:59:1f:c8:6a:a6:29:
                    c2:5c:5b:fe:04:79:f1:30:c2:0f:77:09:64:21:c6:
                    ee:4b:6c:e5:bc:97:98:a1:ab:e1:b8:8c:af:3c:5d:
                    e9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:62:9F:2F:9F:31:B2:B7:96:E4:8C:F7:92:EB:AF:4A:E3:AA:1D:C5
            X509v3 Authority Key Identifier:
                keyid:23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/LmKfL58xsreW5Iz3kuuvSuOqHcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.192.0/19
                  77.111.64.0-77.111.111.255
                  93.88.192.0/21
                  109.61.0.0-109.61.79.255
                  109.61.96.0/21
                  109.61.112.0/20
                IPv6:
                  2a01:be00::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:52:4b:80:d4:d2:41:b2:e3:b4:60:a3:60:fc:83:8b:20:1c:
         f5:3a:1f:aa:f4:22:8c:2f:a1:30:d2:c5:59:ee:31:a1:9f:01:
         1b:b9:31:11:fc:3e:b8:59:2d:dc:37:c2:11:1c:33:60:40:9d:
         88:8e:f5:d7:c1:d0:bd:f0:ab:83:92:ed:4c:06:83:ac:af:26:
         76:e8:a1:cf:88:5a:26:3f:2a:d0:51:8a:ef:4c:83:c5:09:24:
         d4:16:4a:05:66:b9:f8:0e:03:87:29:f7:78:60:98:e6:82:de:
         9a:19:5b:13:e2:b2:54:74:ab:ba:c7:e9:7e:66:66:61:77:9d:
         f0:ed:d0:a7:97:b9:b1:7e:de:e5:c1:bc:82:3d:9b:61:5d:12:
         ae:70:f4:3d:46:f5:bc:e3:1b:c5:d4:08:99:63:07:a8:41:ed:
         90:d7:2e:60:9e:ab:89:fe:e3:0f:85:91:ab:cf:89:7c:ae:d9:
         26:2a:25:af:b0:29:a8:2d:2f:5e:d9:1e:16:b1:59:ba:6c:94:
         31:e0:eb:38:49:10:b9:8f:86:ae:c2:da:54:c7:ae:4c:d9:6e:
         81:a5:01:5e:41:91:90:89:94:c5:c6:8e:93:35:bf:35:6b:71:
         5e:b0:7d:c8:5f:3e:2f:0d:19:66:36:4f:62:12:46:c6:9c:a9:
         23:bd:ab:6a
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYvUJZ9Ru7v05Ct15ttvE1lpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzk0YTEyNWZhM2FjZTBjNDdhNmZlMzRmNDA4NmI0ZDNi
YTU1ODgwHhcNMjMxMTE1MTgwMTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTYyOWYyZjlmMzFiMmI3OTZlNDhjZjc5MmViYWY0YWUzYWExZGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJcfRBpwVcwhnqJmFFURcs96UsMM
1F4Ya4BbJr7FH9hTyJ0qaJLVFX5CoOSICbg8pT9LoDuKIBpdzoeZ5wRzt9g7yrH/
WaykkIfkGLP+DtScL2bKXY7PiLbAMlMJewECdLUzzzZj7sckqjxoRTc/rr7hxOVX
9CVOt6uuioT7bwd5RpuoQtr3XZOaa0MppdRzPHvEETVOnXEoEHj8SVaeUg43Q8fB
cx9y77tkowYQB6q0ylDY0z/GsPvtVZIQk+BCw+c5kzHZunNlIIVegXaIrYYxMAbf
HW2ZubtZH8hqpinCXFv+BHnxMMIPdwlkIcbuS2zlvJeYoavhuIyvPF3p9wIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFC5iny+fMbK3luSM95Lrr0rjqh3FMB8GA1UdIwQY
MBaAFCM5ShJfo6zgxHpv409AhrTTulWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2Et
ZDQzMjA3ZDYyZGZlLzEvTG1LZkw1OHhzcmVXNUl6M2t1dXZTdU9xSGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2EtZDQzMjA3ZDYyZGZl
LzEvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjA5BAIAATAzAwQFPnDAMAwD
BAZNb0ADBARNb2ADBANdWMAwCwMDAG09AwQEbT1AAwQDbT1gAwQEbT1wMA0EAgAC
MAcDBQAqAb4AMA0GCSqGSIb3DQEBCwUAA4IBAQAjUkuA1NJBsuO0YKNg/IOLIBz1
Oh+q9CKML6Ew0sVZ7jGhnwEbuTER/D64WS3cN8IRHDNgQJ2IjvXXwdC98KuDku1M
BoOsryZ26KHPiFomPyrQUYrvTIPFCSTUFkoFZrn4DgOHKfd4YJjmgt6aGVsT4rJU
dKu6x+l+ZmZhd53w7dCnl7mxft7lwbyCPZthXRKucPQ9RvW84xvF1AiZYweoQe2Q
1y5gnquJ/uMPhZGrz4l8rtkmKiWvsCmoLS9e2R4WsVm6bJQx4Os4SRC5j4auwtpU
x65M2W6BpQFeQZGQiZTFxo6TNb81a3FesH3IXz4vDRlmNk9iEkbGnKkjvatq
-----END CERTIFICATE-----