Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/MINsZJnABfbdnROJtzIF-pLwilc.roa
File:                     MINsZJnABfbdnROJtzIF-pLwilc.roa (raw, json)
Hash identifier:          KogAefeqqvvtSToXonlNKpGdaBRAz2g4okbaJL2STJg=
Subject key identifier:   30:83:6C:64:99:C0:05:F6:DD:9D:13:89:B7:32:05:FA:92:F0:8A:57
Certificate issuer:       /CN=3f230752f3ba0026fbb20c5e4c963b1129ac9d34
Certificate serial:       018978DCD9C320D0AB7DBCE0975EB0311084
Authority key identifier: 3F:23:07:52:F3:BA:00:26:FB:B2:0C:5E:4C:96:3B:11:29:AC:9D:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/MINsZJnABfbdnROJtzIF-pLwilc.roa
Signing time:             Fri 21 Jul 2023 14:31:26 +0000
ROA not before:           Fri 21 Jul 2023 14:31:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39305
IP address blocks:        185.151.214.0/23 maxlen: 24
                          194.247.36.0/24 maxlen: 24
                          45.84.52.0/22 maxlen: 22
                          62.106.73.0/24 maxlen: 24
                          193.57.227.0/24 maxlen: 24
                          91.211.64.0/22 maxlen: 22
                          91.238.63.0/24 maxlen: 24
                          185.88.9.0/24 maxlen: 24
                          94.24.24.0/22 maxlen: 22
                          185.182.107.0/24 maxlen: 24
                          94.24.30.0/23 maxlen: 23
                          193.57.226.0/24 maxlen: 24
                          2a0e:9780::/29 maxlen: 29
                          2a0c:7140::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:78:dc:d9:c3:20:d0:ab:7d:bc:e0:97:5e:b0:31:10:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f230752f3ba0026fbb20c5e4c963b1129ac9d34
        Validity
            Not Before: Jul 21 14:31:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=30836c6499c005f6dd9d1389b73205fa92f08a57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4e:f1:92:ae:b4:f0:2f:9f:b4:35:a8:b7:57:
                    31:a2:b9:f3:95:b4:18:43:c1:60:58:5e:99:4d:d8:
                    10:ae:11:d3:1e:e7:3a:d6:a7:f0:5b:59:ae:8f:fc:
                    70:28:31:ab:e1:36:f1:56:ac:79:1e:8c:77:25:21:
                    00:50:82:fa:4b:ec:06:af:29:93:79:0f:d1:63:86:
                    f4:86:6b:6a:44:e1:00:75:96:c8:08:29:42:98:c8:
                    1d:50:c7:c3:10:b8:1e:60:c4:fb:ef:34:bd:f5:af:
                    47:2e:a3:8c:d9:81:f6:08:56:6f:d8:5f:be:d4:9f:
                    21:04:b2:79:cd:44:f6:cd:d9:ff:b6:70:cf:6c:23:
                    6b:d1:ae:5d:48:13:0d:03:a4:17:6a:ce:91:91:be:
                    bd:3e:b0:15:01:96:96:1c:c6:88:29:7b:5a:23:4a:
                    bb:54:56:ff:8f:54:c8:83:b8:90:cb:95:3f:c6:6a:
                    fb:c7:67:37:b6:95:3f:87:d3:56:fc:08:32:44:68:
                    f0:62:77:09:40:1b:27:0e:a0:ac:07:19:f6:a5:90:
                    d8:33:48:71:e7:7e:dc:5b:47:d6:ab:d2:a0:0b:24:
                    80:e0:fd:23:2b:c0:bd:52:78:ac:e7:b2:a2:33:00:
                    94:47:c2:fa:eb:16:63:6f:fa:35:23:af:bf:ed:ae:
                    9e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:83:6C:64:99:C0:05:F6:DD:9D:13:89:B7:32:05:FA:92:F0:8A:57
            X509v3 Authority Key Identifier:
                keyid:3F:23:07:52:F3:BA:00:26:FB:B2:0C:5E:4C:96:3B:11:29:AC:9D:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/MINsZJnABfbdnROJtzIF-pLwilc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.52.0/22
                  62.106.73.0/24
                  91.211.64.0/22
                  91.238.63.0/24
                  94.24.24.0/22
                  94.24.30.0/23
                  185.88.9.0/24
                  185.151.214.0/23
                  185.182.107.0/24
                  193.57.226.0/23
                  194.247.36.0/24
                IPv6:
                  2a0c:7140::/29
                  2a0e:9780::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:e7:a1:b5:d8:2d:b8:e6:8b:a7:4a:43:96:c4:61:4c:10:b0:
         05:56:1e:e6:ca:c1:e3:31:ae:fb:4d:7e:2e:43:ba:e6:a6:55:
         9a:71:58:7d:2f:15:48:c3:04:e5:09:00:90:d3:0d:b3:f5:5a:
         b7:38:69:bf:52:02:0b:07:87:40:7a:b7:aa:7b:ee:5a:5e:ba:
         ef:51:ce:c4:0a:51:e8:44:0e:4a:2b:c6:eb:83:7e:1b:a9:e5:
         2c:78:eb:b1:b5:23:33:a6:67:12:19:c2:c5:d1:ff:1e:0e:82:
         76:1f:12:a7:84:cd:49:14:e4:11:f3:50:9e:59:5c:49:d1:64:
         82:ae:e3:f1:2e:ac:82:a1:6b:85:c2:06:07:7a:2b:0b:9a:33:
         be:ac:79:03:cc:52:40:f6:cf:0e:76:e9:8b:41:cc:8d:00:06:
         31:f7:1e:ee:2d:b9:16:45:61:87:fe:53:9b:36:e2:44:ac:68:
         3d:4e:da:57:b7:07:44:20:43:57:fd:40:2b:bc:4f:6b:b0:76:
         50:e3:79:74:28:e2:aa:f0:e5:c2:1a:ac:a3:81:1d:3b:65:b8:
         05:ab:7f:6e:9f:08:19:d0:b4:35:ee:3d:d4:98:e2:73:28:f5:
         c7:09:b0:96:3b:d3:7f:cb:8f:de:9d:14:55:d3:30:28:72:db:
         33:7a:f2:a4
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYl43NnDINCrfbzgl16wMRCEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMjMwNzUyZjNiYTAwMjZmYmIyMGM1ZTRjOTYzYjExMjlh
YzlkMzQwHhcNMjMwNzIxMTQzMTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDgzNmM2NDk5YzAwNWY2ZGQ5ZDEzODliNzMyMDVmYTkyZjA4YTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE7xkq608C+ftDWot1cxornzlbQY
Q8FgWF6ZTdgQrhHTHuc61qfwW1muj/xwKDGr4TbxVqx5Hox3JSEAUIL6S+wGrymT
eQ/RY4b0hmtqROEAdZbICClCmMgdUMfDELgeYMT77zS99a9HLqOM2YH2CFZv2F++
1J8hBLJ5zUT2zdn/tnDPbCNr0a5dSBMNA6QXas6Rkb69PrAVAZaWHMaIKXtaI0q7
VFb/j1TIg7iQy5U/xmr7x2c3tpU/h9NW/AgyRGjwYncJQBsnDqCsBxn2pZDYM0hx
537cW0fWq9KgCySA4P0jK8C9Unis57KiMwCUR8L66xZjb/o1I6+/7a6ejwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFDCDbGSZwAX23Z0TibcyBfqS8IpXMB8GA1UdIwQY
MBaAFD8jB1LzugAm+7IMXkyWOxEprJ00MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHlNSFV2TzZBQ2I3c2d4ZVRKWTdFU21zblRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81MWY5YTEtNDM2OC00NTY4LWIwMjkt
ZGQyMjUzMGUxNWE0LzEvTUlOc1pKbkFCZmJkblJPSnR6SUYtcEx3aWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81MWY5YTEtNDM2OC00NTY4LWIwMjktZGQyMjUzMGUxNWE0
LzEvUHlNSFV2TzZBQ2I3c2d4ZVRKWTdFU21zblRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQCLVQ0AwQA
PmpJAwQCW9NAAwQAW+4/AwQCXhgYAwQBXhgeAwQAuVgJAwQBuZfWAwQAubZrAwQB
wTniAwQAwvckMBQEAgACMA4DBQMqDHFAAwUDKg6XgDANBgkqhkiG9w0BAQsFAAOC
AQEAGOehtdgtuOaLp0pDlsRhTBCwBVYe5srB4zGu+01+LkO65qZVmnFYfS8VSMME
5QkAkNMNs/Vatzhpv1ICCweHQHq3qnvuWl6671HOxApR6EQOSivG64N+G6nlLHjr
sbUjM6ZnEhnCxdH/Hg6Cdh8Sp4TNSRTkEfNQnllcSdFkgq7j8S6sgqFrhcIGB3or
C5ozvqx5A8xSQPbPDnbpi0HMjQAGMfce7i25FkVhh/5TmzbiRKxoPU7aV7cHRCBD
V/1AK7xPa7B2UON5dCjiqvDlwhqso4EdO2W4Bat/bp8IGdC0Ne491Jjicyj1xwmw
ljvTf8uP3p0UVdMwKHLbM3rypA==
-----END CERTIFICATE-----