Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/PCc9vwYXJzdZOi1GGfWGUSUle1k.roa
File:                     PCc9vwYXJzdZOi1GGfWGUSUle1k.roa (raw, json)
Hash identifier:          8EUfqL2Xed6UNV3o6Kezl3jJS4oTD5f4wa9af7dk+gM=
Subject key identifier:   3C:27:3D:BF:06:17:27:37:59:3A:2D:46:19:F5:86:51:25:25:7B:59
Certificate issuer:       /CN=93a229e266b2558899f3547ee63d84ed6594768b
Certificate serial:       018CC2DB4D78538DD135FA69F39C3F7A285B
Authority key identifier: 93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/PCc9vwYXJzdZOi1GGfWGUSUle1k.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56655
IP address blocks:        195.16.73.0/24 maxlen: 24
                          193.243.189.0/24 maxlen: 24
                          45.88.201.0/24 maxlen: 24
                          45.88.200.0/24 maxlen: 24
                          185.14.97.0/24 maxlen: 24
                          185.181.60.0/22 maxlen: 24
                          185.125.168.0/22 maxlen: 24
                          198.140.141.0/24 maxlen: 24
                          194.32.107.0/24 maxlen: 24
                          185.243.217.0/24 maxlen: 24
                          185.243.216.0/24 maxlen: 24
                          185.243.218.0/24 maxlen: 24
                          2a03:94e1::/32 maxlen: 32
                          2a0a:cd80::/32 maxlen: 32
                          2a03:94e2::/32 maxlen: 32
                          2a03:94e3::/32 maxlen: 32
                          2a03:94e0::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4d:78:53:8d:d1:35:fa:69:f3:9c:3f:7a:28:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93a229e266b2558899f3547ee63d84ed6594768b
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c273dbf06172737593a2d4619f5865125257b59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:9d:8a:5f:ad:42:29:da:e5:a7:61:71:4c:37:
                    fd:e3:d3:98:b2:e4:80:44:d1:95:74:48:11:1c:d9:
                    3e:1e:b1:2b:94:4c:3f:b2:39:9e:d6:30:cb:3e:a1:
                    fd:81:9a:ef:c9:e9:89:2c:8a:bf:47:61:40:4b:f1:
                    00:3d:07:a7:24:60:2c:ce:32:6f:1e:05:57:0f:52:
                    b6:26:a7:c9:73:f1:b9:85:4a:75:6a:1f:22:50:6e:
                    9b:4b:26:a1:31:c9:01:03:5d:fe:8c:56:d3:81:cc:
                    d7:7d:88:7c:d6:4f:51:c9:a9:5d:a6:8f:d7:09:01:
                    45:b5:e3:2e:1d:e0:42:ce:95:2d:57:b2:7a:4f:72:
                    90:56:bf:d9:dd:df:4d:5a:28:64:a0:05:53:45:43:
                    5f:27:fe:d7:07:43:8f:b9:4c:4b:3e:e8:57:3f:2f:
                    bb:19:2b:0e:43:3b:a1:0b:83:6c:63:fe:52:c7:80:
                    47:e8:d7:97:81:66:35:a8:5c:3d:b6:e1:ed:aa:98:
                    f4:eb:63:f8:b8:0b:70:41:98:90:8b:4b:a9:db:0f:
                    e4:32:54:d0:00:5c:8d:06:b0:11:4e:cd:f0:6b:f4:
                    fe:41:d4:c4:8e:99:90:30:c4:33:0e:b5:7e:ea:7f:
                    1d:a7:16:b2:36:b0:b4:d7:e4:52:70:52:4a:87:7f:
                    1f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:27:3D:BF:06:17:27:37:59:3A:2D:46:19:F5:86:51:25:25:7B:59
            X509v3 Authority Key Identifier:
                keyid:93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/PCc9vwYXJzdZOi1GGfWGUSUle1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/k6Ip4mayVYiZ81R-5j2E7WWUdos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.200.0/23
                  185.14.97.0/24
                  185.125.168.0/22
                  185.181.60.0/22
                  185.243.216.0-185.243.218.255
                  193.243.189.0/24
                  194.32.107.0/24
                  195.16.73.0/24
                  198.140.141.0/24
                IPv6:
                  2a03:94e0::/30
                  2a0a:cd80::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:b4:71:b9:30:cd:58:32:fa:f7:8d:ba:0c:4d:f7:c0:74:e7:
         9e:37:98:d5:1c:b8:5d:92:8b:f1:6b:41:dd:d8:1d:58:ee:3b:
         10:43:87:90:cd:43:53:b5:77:73:19:d2:92:91:b6:35:ff:ee:
         6a:35:d3:b8:fe:97:17:95:0b:58:89:bf:f4:02:35:aa:a3:6a:
         ed:c1:2b:b8:30:a9:52:60:1e:e2:3f:51:1b:c3:ae:aa:4f:f8:
         8f:7f:51:0b:2b:68:bb:f2:c3:5c:f4:0d:62:08:df:4f:3a:67:
         c0:04:02:40:28:6b:ee:f3:58:94:bd:93:ad:f9:fd:bc:03:28:
         40:9c:89:4d:1b:f5:50:58:4b:f2:5b:a1:16:95:46:a9:88:cd:
         5d:09:1e:1b:9c:07:d6:f7:5b:5e:cb:b9:75:f8:e3:b0:a1:00:
         5e:9e:09:65:37:de:31:a2:ab:44:fb:05:d2:49:ec:77:1c:81:
         39:12:c2:d8:d5:67:f2:82:29:1c:0c:5f:35:6b:16:7a:9f:6a:
         55:ce:6a:b2:b1:f6:74:9c:bd:7e:cf:03:fd:58:f9:73:45:02:
         79:4f:02:fd:85:25:b3:d6:4c:73:fb:76:87:07:be:da:3b:23:
         d0:2a:0b:12:8e:b9:6c:1e:f3:e3:7b:da:7a:b1:27:47:12:ab:
         a7:22:62:92
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYzC2014U43RNfpp85w/eihbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYTIyOWUyNjZiMjU1ODg5OWYzNTQ3ZWU2M2Q4NGVkNjU5
NDc2OGIwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzI3M2RiZjA2MTcyNzM3NTkzYTJkNDYxOWY1ODY1MTI1MjU3YjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZ2KX61CKdrlp2FxTDf949OYsuSA
RNGVdEgRHNk+HrErlEw/sjme1jDLPqH9gZrvyemJLIq/R2FAS/EAPQenJGAszjJv
HgVXD1K2JqfJc/G5hUp1ah8iUG6bSyahMckBA13+jFbTgczXfYh81k9Ryaldpo/X
CQFFteMuHeBCzpUtV7J6T3KQVr/Z3d9NWihkoAVTRUNfJ/7XB0OPuUxLPuhXPy+7
GSsOQzuhC4NsY/5Sx4BH6NeXgWY1qFw9tuHtqpj062P4uAtwQZiQi0up2w/kMlTQ
AFyNBrARTs3wa/T+QdTEjpmQMMQzDrV+6n8dpxayNrC01+RScFJKh38fUwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFDwnPb8GFyc3WTotRhn1hlElJXtZMB8GA1UdIwQY
MBaAFJOiKeJmslWImfNUfuY9hO1llHaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYt
NGQ3NzdjYWNkOWE0LzEvUENjOXZ3WVhKemRaT2kxR0dmV0dVU1VsZTFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYtNGQ3NzdjYWNkOWE0
LzEvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBEBAIAATA+AwQBLVjIAwQA
uQ5hAwQCuX2oAwQCubU8MAwDBAO589gDBAC589oDBADB870DBADCIGsDBADDEEkD
BADGjI0wFAQCAAIwDgMFAioDlOADBQAqCs2AMA0GCSqGSIb3DQEBCwUAA4IBAQBq
tHG5MM1YMvr3jboMTffAdOeeN5jVHLhdkovxa0Hd2B1Y7jsQQ4eQzUNTtXdzGdKS
kbY1/+5qNdO4/pcXlQtYib/0AjWqo2rtwSu4MKlSYB7iP1Ebw66qT/iPf1ELK2i7
8sNc9A1iCN9POmfABAJAKGvu81iUvZOt+f28AyhAnIlNG/VQWEvyW6EWlUapiM1d
CR4bnAfW91tey7l1+OOwoQBengllN94xoqtE+wXSSex3HIE5EsLY1WfygikcDF81
axZ6n2pVzmqysfZ0nL1+zwP9WPlzRQJ5TwL9hSWz1kxz+3aHB77aOyPQKgsSjrls
HvPje9p6sSdHEqunImKS
-----END CERTIFICATE-----