Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/BxHVUfikYlbsbtsFRvg7zXw6DF0.roa
File:                     BxHVUfikYlbsbtsFRvg7zXw6DF0.roa (raw, json)
Hash identifier:          MtFq2GTy+PvQFbPrhzn+iO0sf4U+lJL5aXRD5ck6uOM=
Subject key identifier:   07:11:D5:51:F8:A4:62:56:EC:6E:DB:05:46:F8:3B:CD:7C:3A:0C:5D
Certificate issuer:       /CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Certificate serial:       0188B3811D0A59B9DFA77605C9EBEF491717
Authority key identifier: C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/BxHVUfikYlbsbtsFRvg7zXw6DF0.roa
Signing time:             Tue 13 Jun 2023 06:46:03 +0000
ROA not before:           Tue 13 Jun 2023 06:46:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7155
IP address blocks:        81.88.67.0/24 maxlen: 24
                          81.88.68.0/23 maxlen: 23
                          81.88.68.0/24 maxlen: 24
                          81.88.69.0/24 maxlen: 24
                          81.88.70.0/24 maxlen: 24
                          81.88.76.0/24 maxlen: 24
                          81.88.78.0/24 maxlen: 24
                          81.88.73.0/24 maxlen: 24
                          81.88.74.0/23 maxlen: 23
                          81.88.79.0/24 maxlen: 24
                          84.247.142.0/24 maxlen: 24
                          84.247.146.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b3:81:1d:0a:59:b9:df:a7:76:05:c9:eb:ef:49:17:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c592786ced6ce597585468bb4f36b31cf6acec6e
        Validity
            Not Before: Jun 13 06:46:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0711d551f8a46256ec6edb0546f83bcd7c3a0c5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:d2:c9:be:c7:17:a9:17:95:61:9d:b4:3d:80:
                    45:c5:f0:31:60:c0:00:6a:71:28:ca:f7:4a:20:d6:
                    7c:4e:38:1c:a7:7c:81:4f:d1:f5:de:1d:d0:4a:d0:
                    fe:03:b1:ed:e4:d6:cc:73:11:8a:9a:a9:bf:09:ad:
                    f4:70:9c:99:33:c4:4a:39:12:9c:06:4a:f4:f0:d3:
                    a0:d8:7a:fd:aa:36:ba:e6:72:2b:d6:c6:ec:48:7a:
                    c0:50:4d:6d:ba:16:6b:3f:8e:53:32:9c:a3:bd:44:
                    ef:7f:c8:dc:ba:09:fd:09:c5:31:43:7b:d4:15:87:
                    84:62:33:7c:1f:4b:84:c8:c6:a5:37:d1:b6:a7:fd:
                    ab:2f:6b:24:d9:d7:1f:88:02:8e:5e:4b:e5:2c:f9:
                    f8:3c:d7:9d:e4:57:e4:b7:1e:f7:3e:a8:22:6e:6d:
                    b6:81:d5:58:9b:1b:e6:46:7a:37:23:b8:e3:d1:1d:
                    cb:95:7a:b1:72:9f:07:b2:54:e3:6c:5e:ff:ab:ec:
                    16:a9:d8:a1:62:76:56:f6:cb:d4:cc:89:ba:c3:b0:
                    50:34:15:ca:51:3f:0a:eb:37:52:03:97:60:b6:17:
                    40:7a:35:00:01:86:f6:80:3a:85:b9:d6:c7:78:4e:
                    2e:45:01:4e:22:e7:73:fa:13:c3:9d:4e:e9:bf:cd:
                    9e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:11:D5:51:F8:A4:62:56:EC:6E:DB:05:46:F8:3B:CD:7C:3A:0C:5D
            X509v3 Authority Key Identifier:
                keyid:C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/BxHVUfikYlbsbtsFRvg7zXw6DF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.88.67.0-81.88.70.255
                  81.88.73.0-81.88.76.255
                  81.88.78.0/23
                  84.247.142.0/24
                  84.247.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:d9:6c:d7:85:15:7e:4a:f1:79:09:88:97:33:8c:bd:53:c8:
         70:1b:f7:ef:b0:6b:2c:16:84:3b:40:2d:2b:22:94:f5:46:d5:
         18:2b:a3:02:7a:0b:9d:21:4d:8e:86:5b:3f:97:d9:15:e1:f0:
         25:23:0b:71:51:33:84:91:3c:b9:b2:a3:45:b0:84:2c:4b:d1:
         54:9d:13:39:9c:12:d6:e9:01:f8:62:a4:ce:3d:a2:7b:11:ba:
         17:b1:b7:0d:73:ee:43:b7:a3:25:33:e4:68:39:60:31:d5:6a:
         ac:72:7d:4a:aa:6f:62:4b:5b:69:27:f8:74:84:15:c7:90:bf:
         0c:54:0d:9b:57:33:5f:0f:07:df:c2:63:d9:4c:ba:07:ad:5c:
         27:ac:6d:e1:b7:48:c8:05:da:10:8f:f8:e5:f7:b7:f6:e1:3a:
         d5:61:44:7c:6d:9c:ea:cc:c1:4d:70:fb:79:7e:39:69:d1:f6:
         60:15:55:31:70:91:ba:64:24:37:b3:38:43:de:9c:d4:0a:a7:
         69:2d:21:56:12:27:e6:1d:4b:ba:bd:89:1f:01:84:8c:3d:3a:
         d6:f0:33:1b:be:ff:61:d3:de:8a:3d:d6:e0:b9:33:20:4f:9d:
         f1:85:13:a0:da:d6:b3:44:14:c1:cc:dd:ac:24:e4:d3:19:8e:
         bd:dd:1b:95
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYizgR0KWbnfp3YFyevvSRcXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OTI3ODZjZWQ2Y2U1OTc1ODU0NjhiYjRmMzZiMzFjZjZh
Y2VjNmUwHhcNMjMwNjEzMDY0NjAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzExZDU1MWY4YTQ2MjU2ZWM2ZWRiMDU0NmY4M2JjZDdjM2EwYzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6NLJvscXqReVYZ20PYBFxfAxYMAA
anEoyvdKINZ8Tjgcp3yBT9H13h3QStD+A7Ht5NbMcxGKmqm/Ca30cJyZM8RKORKc
Bkr08NOg2Hr9qja65nIr1sbsSHrAUE1tuhZrP45TMpyjvUTvf8jcugn9CcUxQ3vU
FYeEYjN8H0uEyMalN9G2p/2rL2sk2dcfiAKOXkvlLPn4PNed5Ffktx73Pqgibm22
gdVYmxvmRno3I7jj0R3LlXqxcp8HslTjbF7/q+wWqdihYnZW9svUzIm6w7BQNBXK
UT8K6zdSA5dgthdAejUAAYb2gDqFudbHeE4uRQFOIudz+hPDnU7pv82eYQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFAcR1VH4pGJW7G7bBUb4O818OgxdMB8GA1UdIwQY
MBaAFMWSeGztbOWXWFRou082sxz2rOxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQt
YmEzNzUxMTQwNGMyLzEvQnhIVlVmaWtZbGJzYnRzRlJ2Zzd6WHc2REYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQtYmEzNzUxMTQwNGMy
LzEveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBABRWEMD
BABRWEYwDAMEAFFYSQMEAFFYTAMEAVFYTgMEAFT3jgMEAFT3kjANBgkqhkiG9w0B
AQsFAAOCAQEAnNls14UVfkrxeQmIlzOMvVPIcBv377BrLBaEO0AtKyKU9UbVGCuj
AnoLnSFNjoZbP5fZFeHwJSMLcVEzhJE8ubKjRbCELEvRVJ0TOZwS1ukB+GKkzj2i
exG6F7G3DXPuQ7ejJTPkaDlgMdVqrHJ9SqpvYktbaSf4dIQVx5C/DFQNm1czXw8H
38Jj2Uy6B61cJ6xt4bdIyAXaEI/45fe39uE61WFEfG2c6szBTXD7eX45adH2YBVV
MXCRumQkN7M4Q96c1AqnaS0hVhIn5h1Lur2JHwGEjD061vAzG77/YdPeij3W4Lkz
IE+d8YUToNrWs0QUwczdrCTk0xmOvd0blQ==
-----END CERTIFICATE-----