Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/xVhVDMXhfT7vrncFPe7ZluGAUR0.roa
File:                     xVhVDMXhfT7vrncFPe7ZluGAUR0.roa (raw, json)
Hash identifier:          FAQAL//9QVFRqqB3XiOKxl4FmWKepqR7+iJmQTwCfCA=
Subject key identifier:   C5:58:55:0C:C5:E1:7D:3E:EF:AE:77:05:3D:EE:D9:96:E1:80:51:1D
Certificate issuer:       /CN=0283a8c69a2630cd8f6fa70af2a53fe019f2cc07
Certificate serial:       01856F3928BF552F828DE2BA8D61F533FC8C
Authority key identifier: 02:83:A8:C6:9A:26:30:CD:8F:6F:A7:0A:F2:A5:3F:E0:19:F2:CC:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AoOoxpomMM2Pb6cK8qU_4BnyzAc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/xVhVDMXhfT7vrncFPe7ZluGAUR0.roa
Signing time:             Sun 01 Jan 2023 21:24:55 +0000
ROA not before:           Sun 01 Jan 2023 21:24:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16322
IP address blocks:        46.224.64.0/19 maxlen: 19
                          77.42.96.0/19 maxlen: 19
                          46.225.32.0/19 maxlen: 19
                          46.224.96.0/20 maxlen: 20
                          46.225.64.0/19 maxlen: 19
                          46.224.224.0/19 maxlen: 19
                          77.42.32.0/19 maxlen: 19
                          46.225.192.0/19 maxlen: 19
                          46.224.32.0/19 maxlen: 19
                          77.42.64.0/19 maxlen: 19
                          46.225.0.0/19 maxlen: 19
                          77.42.64.0/18 maxlen: 18
                          46.225.120.0/24 maxlen: 24
                          46.225.121.0/24 maxlen: 24
                          46.224.160.0/19 maxlen: 19
                          77.42.0.0/17 maxlen: 17
                          77.42.0.0/18 maxlen: 18
                          77.42.0.0/19 maxlen: 19
                          46.224.192.0/19 maxlen: 19
                          46.167.128.0/19 maxlen: 19
                          46.225.160.0/19 maxlen: 19
                          46.224.112.0/20 maxlen: 20
                          46.225.96.0/19 maxlen: 19

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:39:28:bf:55:2f:82:8d:e2:ba:8d:61:f5:33:fc:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0283a8c69a2630cd8f6fa70af2a53fe019f2cc07
        Validity
            Not Before: Jan  1 21:24:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c558550cc5e17d3eefae77053deed996e180511d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:64:7e:8f:44:7f:51:33:b1:1b:6e:bc:18:3d:
                    b7:04:7c:25:2e:62:d1:31:20:fc:f4:7e:1f:12:a9:
                    59:71:ea:fa:bf:2d:ca:cd:60:48:bf:b2:0b:95:53:
                    b0:7a:2b:75:32:cd:f6:3e:c2:8a:f1:48:58:cd:97:
                    ef:31:3a:8c:8f:a3:7f:de:7d:a9:f0:dc:24:e0:49:
                    14:a8:ed:6e:2c:8e:bf:50:95:47:48:bd:81:30:a0:
                    58:e7:cf:95:4f:10:d2:eb:10:46:a9:4d:8e:7f:04:
                    8b:7c:82:b6:38:aa:dc:fd:bb:eb:99:b9:25:9b:0e:
                    bd:81:86:59:a4:4c:3a:a8:2a:c8:07:01:ee:ec:50:
                    4d:60:8b:b1:7b:fe:ac:62:9f:7d:09:c5:bf:47:6f:
                    11:87:87:35:72:97:e7:79:ea:f0:97:0d:e1:25:29:
                    95:63:14:66:53:b6:ea:06:3a:cc:dd:8f:9e:7c:e0:
                    96:ea:9f:7c:c6:09:71:55:7a:f8:74:a5:f9:fe:7c:
                    ea:1c:55:57:93:66:a8:c5:8c:b8:ad:0b:a0:29:7a:
                    dc:89:76:ee:ef:7e:1d:06:0e:8f:92:e7:36:0e:ba:
                    71:58:3d:25:3a:d5:42:a8:4a:b0:c4:74:a2:14:49:
                    6d:ba:57:05:94:d4:8d:39:41:dc:a1:f5:cf:17:6d:
                    3a:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:58:55:0C:C5:E1:7D:3E:EF:AE:77:05:3D:EE:D9:96:E1:80:51:1D
            X509v3 Authority Key Identifier:
                keyid:02:83:A8:C6:9A:26:30:CD:8F:6F:A7:0A:F2:A5:3F:E0:19:F2:CC:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AoOoxpomMM2Pb6cK8qU_4BnyzAc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/xVhVDMXhfT7vrncFPe7ZluGAUR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/AoOoxpomMM2Pb6cK8qU_4BnyzAc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.167.128.0/19
                  46.224.32.0-46.224.127.255
                  46.224.160.0-46.225.127.255
                  46.225.160.0-46.225.223.255
                  77.42.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         3a:b9:55:84:4c:e1:e6:2a:d0:42:86:c8:4b:c0:1e:05:22:67:
         72:80:1f:40:a3:85:bd:32:84:f3:73:24:55:7b:86:02:5d:f7:
         57:1e:55:b9:c5:97:20:ac:85:39:79:a3:26:73:5c:f7:a4:fd:
         bb:30:e6:1f:7b:e3:de:82:97:d5:a9:89:3a:75:b7:ce:48:4d:
         f0:77:44:21:89:1f:22:e8:62:88:29:f5:6f:94:e0:c9:9a:c2:
         b3:7a:af:45:96:3e:89:ca:d7:54:4e:e6:80:a7:84:3b:d8:fc:
         75:0f:97:94:f9:1a:4a:25:a5:bd:60:71:cf:5b:f7:1e:2b:1e:
         84:e7:18:9d:6d:e2:db:96:58:4b:3a:8b:06:83:a4:0a:ff:07:
         02:5a:a7:47:64:85:7f:3d:e4:a6:d2:5b:9e:53:e9:99:c2:ab:
         88:81:64:71:a0:80:bf:a7:86:ce:a2:fd:d2:9d:c3:17:ce:bb:
         6c:be:e7:78:da:b5:7d:ee:28:a5:b8:3a:87:01:e1:9a:a1:c4:
         86:9c:5d:7d:ea:29:be:96:76:0b:ff:cb:ea:0e:36:3a:de:e6:
         12:b9:dc:ae:85:63:d1:28:34:43:05:af:d1:5b:b4:cb:d3:bb:
         d7:c3:89:60:63:67:22:2f:3b:e8:13:3d:6d:22:74:a0:75:89:
         1c:58:0d:bd
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVvOSi/VS+CjeK6jWH1M/yMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyODNhOGM2OWEyNjMwY2Q4ZjZmYTcwYWYyYTUzZmUwMTlm
MmNjMDcwHhcNMjMwMTAxMjEyNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTU4NTUwY2M1ZTE3ZDNlZWZhZTc3MDUzZGVlZDk5NmUxODA1MTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGR+j0R/UTOxG268GD23BHwlLmLR
MSD89H4fEqlZcer6vy3KzWBIv7ILlVOweit1Ms32PsKK8UhYzZfvMTqMj6N/3n2p
8Nwk4EkUqO1uLI6/UJVHSL2BMKBY58+VTxDS6xBGqU2OfwSLfIK2OKrc/bvrmbkl
mw69gYZZpEw6qCrIBwHu7FBNYIuxe/6sYp99CcW/R28Rh4c1cpfneerwlw3hJSmV
YxRmU7bqBjrM3Y+efOCW6p98xglxVXr4dKX5/nzqHFVXk2aoxYy4rQugKXrciXbu
734dBg6Pkuc2DrpxWD0lOtVCqEqwxHSiFEltulcFlNSNOUHcofXPF206jQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFMVYVQzF4X0+7653BT3u2ZbhgFEdMB8GA1UdIwQY
MBaAFAKDqMaaJjDNj2+nCvKlP+AZ8swHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW9Pb3hwb21NTTJQYjZjSzhxVV80Qm55ekFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8xYzI0YWQtMjRiNC00Yzk4LWE2NTkt
NTkyYzBkY2RhZjc5LzEveFZoVkRNWGhmVDd2cm5jRlBlN1psdUdBVVIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8xYzI0YWQtMjRiNC00Yzk4LWE2NTktNTkyYzBkY2RhZjc5
LzEvQW9Pb3hwb21NTTJQYjZjSzhxVV80Qm55ekFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQFLqeAMAwD
BAUu4CADBAcu4AAwDAMEBS7goAMEBy7hADAMAwQFLuGgAwQFLuHAAwQHTSoAMA0G
CSqGSIb3DQEBCwUAA4IBAQA6uVWETOHmKtBChshLwB4FImdygB9Ao4W9MoTzcyRV
e4YCXfdXHlW5xZcgrIU5eaMmc1z3pP27MOYfe+PegpfVqYk6dbfOSE3wd0QhiR8i
6GKIKfVvlODJmsKzeq9Flj6JytdUTuaAp4Q72Px1D5eU+RpKJaW9YHHPW/ceKx6E
5xidbeLbllhLOosGg6QK/wcCWqdHZIV/PeSm0lueU+mZwquIgWRxoIC/p4bOov3S
ncMXzrtsvud42rV97iiluDqHAeGaocSGnF196im+lnYL/8vqDjY63uYSudyuhWPR
KDRDBa/RW7TL07vXw4lgY2ciLzvoEz1tInSgdYkcWA29
-----END CERTIFICATE-----