Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/n5kDton2fbM_iPIGGrqnAv10Lck.roa
File:                     n5kDton2fbM_iPIGGrqnAv10Lck.roa (raw, json)
Hash identifier:          3BiJznAacJ++EfYYZppJbFXhuH+aF5Akuv/nk1g74BQ=
Subject key identifier:   9F:99:03:B6:89:F6:7D:B3:3F:88:F2:06:1A:BA:A7:02:FD:74:2D:C9
Certificate issuer:       /CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Certificate serial:       018C87E9393ABDC968145EEBDA5E54666980
Authority key identifier: 23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/n5kDton2fbM_iPIGGrqnAv10Lck.roa
Signing time:             Wed 20 Dec 2023 15:47:37 +0000
ROA not before:           Wed 20 Dec 2023 15:47:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197248
IP address blocks:        77.111.96.0/20 maxlen: 24
                          93.88.192.0/21 maxlen: 21
                          93.88.194.0/24 maxlen: 24
                          109.61.0.0/22 maxlen: 22
                          109.61.8.0/21 maxlen: 21
                          77.111.88.0/21 maxlen: 24
                          62.112.192.0/19 maxlen: 19
                          109.61.96.0/21 maxlen: 21
                          109.61.112.0/20 maxlen: 20
                          109.61.22.0/24 maxlen: 24
                          109.61.20.0/22 maxlen: 22
                          109.61.24.0/21 maxlen: 21
                          109.61.32.0/19 maxlen: 19
                          109.61.64.0/20 maxlen: 20
                          2a01:be00::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:87:e9:39:3a:bd:c9:68:14:5e:eb:da:5e:54:66:69:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
        Validity
            Not Before: Dec 20 15:47:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9f9903b689f67db33f88f2061abaa702fd742dc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0c:08:5b:25:a1:08:3a:cf:ba:31:13:90:4f:
                    10:13:4c:f6:d2:ad:43:19:a3:17:83:c9:65:9f:a9:
                    9f:25:08:34:e6:2f:d2:89:54:f4:f2:ee:30:f8:0f:
                    fc:2d:7e:a5:91:46:85:a3:89:0f:d3:8c:42:33:62:
                    6f:17:20:f5:0e:07:60:1c:6e:09:70:f3:e8:f9:34:
                    6e:ed:f0:6e:e4:f6:ef:d5:8a:4f:ca:1c:65:7f:9c:
                    45:12:ba:9d:3b:40:a2:94:a8:d4:d9:36:5a:05:01:
                    1e:97:46:dd:d8:b0:1e:82:fe:fb:30:d0:e9:19:77:
                    a8:f4:9b:01:73:e4:68:8b:1a:d9:47:5e:dd:d3:69:
                    d4:dd:1f:56:d2:bd:a5:d3:3a:e5:51:f7:36:40:5a:
                    7c:2a:17:e7:84:18:ca:91:78:d6:8b:2d:ca:25:c3:
                    7e:2d:dc:83:76:d9:4a:8e:8a:70:77:39:07:a7:4a:
                    20:a6:b3:d3:d3:30:2d:e3:ad:0b:f1:82:3e:4f:be:
                    bb:82:0c:26:da:a9:dd:b1:b1:b0:b1:ae:e0:17:1f:
                    a4:3e:11:55:a5:ce:b9:f3:4f:80:b6:6e:c9:e6:0c:
                    ea:e1:df:bd:d5:01:2d:91:ca:4d:ab:ba:2f:9e:4f:
                    eb:6b:c5:da:e6:90:0f:02:47:f5:d5:47:42:d9:e0:
                    bc:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:99:03:B6:89:F6:7D:B3:3F:88:F2:06:1A:BA:A7:02:FD:74:2D:C9
            X509v3 Authority Key Identifier:
                keyid:23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/n5kDton2fbM_iPIGGrqnAv10Lck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.192.0/19
                  77.111.88.0-77.111.111.255
                  93.88.192.0/21
                  109.61.0.0/22
                  109.61.8.0/21
                  109.61.20.0-109.61.79.255
                  109.61.96.0/21
                  109.61.112.0/20
                IPv6:
                  2a01:be00::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:55:09:f9:59:29:81:8b:b4:39:c2:be:71:a5:73:f1:19:d8:
         52:f2:6b:27:b5:ec:5b:63:c9:e4:8f:b4:5f:c6:6e:51:38:e4:
         c7:57:b0:b0:cd:bf:d4:75:d3:38:6a:72:67:87:e0:20:b2:16:
         97:34:ec:dc:30:74:36:37:f5:fa:ce:84:ab:b3:ab:80:0c:08:
         52:eb:e7:0e:32:20:c0:e3:40:07:1a:5d:2c:68:38:aa:9b:bc:
         cf:27:c7:e6:71:14:be:6f:59:aa:3c:84:8b:23:f2:72:59:87:
         7f:18:a3:b8:6a:4b:9b:64:4f:ce:2e:2b:7e:9d:31:64:5e:69:
         31:ed:fc:fa:64:20:47:dd:55:b5:2f:f6:2b:c6:f9:ac:6c:0b:
         c0:10:1e:01:4e:43:98:0d:bf:6d:18:00:81:2c:cc:f3:14:01:
         82:5e:9e:6c:bb:af:f0:4f:5b:c6:53:4a:27:c4:01:3d:54:02:
         74:3a:5e:84:9d:78:96:1b:05:6e:59:c9:ea:c1:6f:d6:fc:fe:
         1c:31:29:48:a7:9a:5e:6a:6a:e8:18:8a:e1:0b:85:38:fd:7a:
         4e:dc:d3:f5:89:6f:d5:0e:67:b8:49:e3:28:fd:e9:2c:e4:5f:
         4d:6d:d4:de:d0:52:48:1e:c6:89:15:99:c5:97:16:9f:fe:91:
         22:9d:53:31
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYyH6Tk6vcloFF7r2l5UZmmAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzk0YTEyNWZhM2FjZTBjNDdhNmZlMzRmNDA4NmI0ZDNi
YTU1ODgwHhcNMjMxMjIwMTU0NzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjk5MDNiNjg5ZjY3ZGIzM2Y4OGYyMDYxYWJhYTcwMmZkNzQyZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwwIWyWhCDrPujETkE8QE0z20q1D
GaMXg8lln6mfJQg05i/SiVT08u4w+A/8LX6lkUaFo4kP04xCM2JvFyD1DgdgHG4J
cPPo+TRu7fBu5Pbv1YpPyhxlf5xFErqdO0CilKjU2TZaBQEel0bd2LAegv77MNDp
GXeo9JsBc+RoixrZR17d02nU3R9W0r2l0zrlUfc2QFp8KhfnhBjKkXjWiy3KJcN+
LdyDdtlKjopwdzkHp0ogprPT0zAt460L8YI+T767ggwm2qndsbGwsa7gFx+kPhFV
pc6580+Atm7J5gzq4d+91QEtkcpNq7ovnk/ra8Xa5pAPAkf11UdC2eC8vwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFJ+ZA7aJ9n2zP4jyBhq6pwL9dC3JMB8GA1UdIwQY
MBaAFCM5ShJfo6zgxHpv409AhrTTulWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2Et
ZDQzMjA3ZDYyZGZlLzEvbjVrRHRvbjJmYk1faVBJR0dycW5BdjEwTGNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2EtZDQzMjA3ZDYyZGZl
LzEvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQFPnDAMAwD
BANNb1gDBARNb2ADBANdWMADBAJtPQADBANtPQgwDAMEAm09FAMEBG09QAMEA209
YAMEBG09cDANBAIAAjAHAwUAKgG+ADANBgkqhkiG9w0BAQsFAAOCAQEAjFUJ+Vkp
gYu0OcK+caVz8RnYUvJrJ7XsW2PJ5I+0X8ZuUTjkx1ewsM2/1HXTOGpyZ4fgILIW
lzTs3DB0Njf1+s6Eq7OrgAwIUuvnDjIgwONABxpdLGg4qpu8zyfH5nEUvm9ZqjyE
iyPyclmHfxijuGpLm2RPzi4rfp0xZF5pMe38+mQgR91VtS/2K8b5rGwLwBAeAU5D
mA2/bRgAgSzM8xQBgl6ebLuv8E9bxlNKJ8QBPVQCdDpehJ14lhsFblnJ6sFv1vz+
HDEpSKeaXmpq6BiK4QuFOP16TtzT9Ylv1Q5nuEnjKP3pLORfTW3U3tBSSB7GiRWZ
xZcWn/6RIp1TMQ==
-----END CERTIFICATE-----