Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/uwiRdDklLKTQ3wATl3dtpjRncFY.roa
File:                     uwiRdDklLKTQ3wATl3dtpjRncFY.roa (raw, json)
Hash identifier:          s9csxaebDgqqrDrwIX5CcYA2MEjyZPZmkUIxCo8eTYs=
Subject key identifier:   BB:08:91:74:39:25:2C:A4:D0:DF:00:13:97:77:6D:A6:34:67:70:56
Certificate issuer:       /CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Certificate serial:       018E33976BB824453FB77659A75450204657
Authority key identifier: C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/uwiRdDklLKTQ3wATl3dtpjRncFY.roa
Signing time:             Tue 12 Mar 2024 16:55:45 +0000
ROA not before:           Tue 12 Mar 2024 16:55:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        81.88.67.0/24 maxlen: 24
                          81.88.68.0/23 maxlen: 23
                          81.88.68.0/24 maxlen: 24
                          81.88.69.0/24 maxlen: 24
                          81.88.70.0/24 maxlen: 24
                          81.88.73.0/24 maxlen: 24
                          81.88.74.0/23 maxlen: 23
                          81.88.76.0/24 maxlen: 24
                          81.88.78.0/24 maxlen: 24
                          81.88.79.0/24 maxlen: 24
                          185.77.116.0/24 maxlen: 24
                          185.77.117.0/24 maxlen: 24
                          185.77.118.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:33:97:6b:b8:24:45:3f:b7:76:59:a7:54:50:20:46:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c592786ced6ce597585468bb4f36b31cf6acec6e
        Validity
            Not Before: Mar 12 16:55:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb08917439252ca4d0df001397776da634677056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:95:50:9f:14:db:6a:b9:e0:40:da:f7:13:19:
                    22:d0:b6:61:93:eb:4d:b6:36:2d:e5:c3:6c:7d:fa:
                    ed:42:a0:5a:0b:85:38:0e:a5:61:b6:4f:e4:63:09:
                    f1:1f:2a:f4:17:e0:59:7f:8c:0d:52:65:e1:d5:94:
                    66:8e:7f:5b:e0:26:06:83:ab:21:65:ec:1f:f0:84:
                    55:9f:79:b9:2f:4f:35:3a:d4:09:93:c5:40:d4:56:
                    87:09:86:2d:34:54:23:b1:e9:fc:87:44:fd:0d:ef:
                    0b:13:18:68:1b:7b:42:2a:7c:a0:fb:d6:5e:a7:62:
                    d9:d0:5a:0f:28:09:4b:94:93:47:e3:aa:72:73:11:
                    54:04:3b:b5:ff:e3:83:10:04:cf:72:bb:34:2a:e7:
                    43:ce:9b:72:65:fe:f6:d2:9a:d0:e3:45:b3:06:67:
                    89:1d:8c:59:3e:35:03:2d:a4:33:2f:ec:c8:a8:3f:
                    d1:35:fc:2a:7d:ac:c8:8a:35:93:a6:53:cb:7d:03:
                    df:0f:cd:03:8e:65:72:2a:74:72:34:fd:c4:b3:1c:
                    e2:5a:a3:3b:fc:28:1c:64:42:16:8b:09:29:bf:cf:
                    10:96:1d:f0:3e:4f:10:d9:e2:2a:72:ca:f5:12:ba:
                    c6:82:ca:99:d9:bb:c3:b1:52:02:94:bc:42:8b:ba:
                    02:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:08:91:74:39:25:2C:A4:D0:DF:00:13:97:77:6D:A6:34:67:70:56
            X509v3 Authority Key Identifier:
                keyid:C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/uwiRdDklLKTQ3wATl3dtpjRncFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.88.67.0-81.88.70.255
                  81.88.73.0-81.88.76.255
                  81.88.78.0/23
                  185.77.116.0-185.77.118.255

    Signature Algorithm: sha256WithRSAEncryption
         18:54:a6:47:f2:57:da:bc:d5:13:db:d2:a8:96:fd:63:25:2f:
         16:bd:b5:fe:9e:4d:1f:bd:d7:7a:0a:c3:94:44:d4:1a:39:25:
         2a:a0:07:73:1d:94:45:a3:8c:e7:57:32:b4:5a:29:1a:f7:8f:
         92:07:3f:70:c8:5f:a0:1b:ed:a3:f3:0f:8e:f9:45:82:f5:17:
         1c:c3:cb:57:d6:31:e8:7d:ff:e4:ec:eb:93:73:3d:8a:22:e5:
         6a:fd:de:69:72:2a:f3:f9:dd:d4:00:70:9b:f7:1a:ff:d2:e3:
         12:40:5a:11:82:e8:ea:57:ba:b9:b9:61:41:c0:ac:d8:cf:87:
         af:17:ba:ae:89:20:cb:2c:07:fb:ca:06:81:be:de:f2:6d:be:
         2e:61:7c:12:05:f1:48:08:c7:01:99:9b:9f:63:84:de:16:1c:
         eb:a0:71:8d:6a:2e:a3:0a:22:7f:ce:57:e4:c7:c3:b3:f0:39:
         0a:22:50:3a:86:bf:11:67:4b:81:e0:c4:1c:07:bc:41:d7:67:
         f0:0a:39:47:eb:73:4f:20:41:19:31:8d:e7:df:ab:e1:0e:40:
         e5:b6:c0:e4:db:19:3e:24:58:e8:29:73:5f:c9:29:2b:61:f7:
         36:6d:87:66:1e:08:90:b2:6e:a2:7a:5d:20:1b:5a:b2:bd:c9:
         21:db:a5:ed
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY4zl2u4JEU/t3ZZp1RQIEZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OTI3ODZjZWQ2Y2U1OTc1ODU0NjhiYjRmMzZiMzFjZjZh
Y2VjNmUwHhcNMjQwMzEyMTY1NTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjA4OTE3NDM5MjUyY2E0ZDBkZjAwMTM5Nzc3NmRhNjM0Njc3MDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZVQnxTbarngQNr3Exki0LZhk+tN
tjYt5cNsffrtQqBaC4U4DqVhtk/kYwnxHyr0F+BZf4wNUmXh1ZRmjn9b4CYGg6sh
Zewf8IRVn3m5L081OtQJk8VA1FaHCYYtNFQjsen8h0T9De8LExhoG3tCKnyg+9Ze
p2LZ0FoPKAlLlJNH46pycxFUBDu1/+ODEATPcrs0KudDzptyZf720prQ40WzBmeJ
HYxZPjUDLaQzL+zIqD/RNfwqfazIijWTplPLfQPfD80DjmVyKnRyNP3EsxziWqM7
/CgcZEIWiwkpv88Qlh3wPk8Q2eIqcsr1ErrGgsqZ2bvDsVIClLxCi7oC9wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFLsIkXQ5JSyk0N8AE5d3baY0Z3BWMB8GA1UdIwQY
MBaAFMWSeGztbOWXWFRou082sxz2rOxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQt
YmEzNzUxMTQwNGMyLzEvdXdpUmREa2xMS1RRM3dBVGwzZHRwalJuY0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQtYmEzNzUxMTQwNGMy
LzEveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwMAwDBABRWEMD
BABRWEYwDAMEAFFYSQMEAFFYTAMEAVFYTjAMAwQCuU10AwQAuU12MA0GCSqGSIb3
DQEBCwUAA4IBAQAYVKZH8lfavNUT29Kolv1jJS8WvbX+nk0fvdd6CsOURNQaOSUq
oAdzHZRFo4znVzK0Wika94+SBz9wyF+gG+2j8w+O+UWC9Rccw8tX1jHoff/k7OuT
cz2KIuVq/d5pcirz+d3UAHCb9xr/0uMSQFoRgujqV7q5uWFBwKzYz4evF7quiSDL
LAf7ygaBvt7ybb4uYXwSBfFICMcBmZufY4TeFhzroHGNai6jCiJ/zlfkx8Oz8DkK
IlA6hr8RZ0uB4MQcB7xB12fwCjlH63NPIEEZMY3n36vhDkDltsDk2xk+JFjoKXNf
ySkrYfc2bYdmHgiQsm6iel0gG1qyvckh26Xt
-----END CERTIFICATE-----