Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/j3m1Ic79b_Z5sqKCzQpl5hQERYA.roa
File:                     j3m1Ic79b_Z5sqKCzQpl5hQERYA.roa (raw, json)
Hash identifier:          mw2jE4e1NTmSp1A+mBQ/gKtR/Gmp+fmeLUiesM/JXAs=
Subject key identifier:   8F:79:B5:21:CE:FD:6F:F6:79:B2:A2:82:CD:0A:65:E6:14:04:45:80
Certificate issuer:       /CN=0a1d72ac0826e09bc0d17ddee8ba87d9731dd413
Certificate serial:       018CC26D54B10390C07261ADAC40E5F67929
Authority key identifier: 0A:1D:72:AC:08:26:E0:9B:C0:D1:7D:DE:E8:BA:87:D9:73:1D:D4:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/j3m1Ic79b_Z5sqKCzQpl5hQERYA.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12312
IP address blocks:        212.172.0.0/16 maxlen: 16
                          195.78.160.0/19 maxlen: 19
                          194.162.0.0/16 maxlen: 16
                          80.83.96.0/20 maxlen: 20
                          62.144.0.0/16 maxlen: 16
                          79.140.176.0/20 maxlen: 20
                          194.112.16.0/20 maxlen: 20
                          62.246.0.0/16 maxlen: 16
                          195.52.0.0/16 maxlen: 23
                          195.63.0.0/16 maxlen: 16
                          62.26.0.0/15 maxlen: 23
                          185.210.52.0/22 maxlen: 22
                          195.185.0.0/16 maxlen: 16
                          2001:4091::/32 maxlen: 32
                          2a01:5c8::/32 maxlen: 32
                          2001:4090::/32 maxlen: 32
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:54:b1:03:90:c0:72:61:ad:ac:40:e5:f6:79:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a1d72ac0826e09bc0d17ddee8ba87d9731dd413
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f79b521cefd6ff679b2a282cd0a65e614044580
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:cf:db:1a:0c:ee:86:18:5c:43:f0:03:3a:0f:
                    1a:99:4b:24:89:df:bd:b3:e3:8b:30:13:a1:5c:ae:
                    c1:da:40:63:8b:ec:cc:08:92:86:65:4f:27:60:bd:
                    ad:0c:d0:ac:dd:b3:6c:a2:53:21:f9:84:80:fb:1c:
                    41:b8:6f:08:b4:aa:1c:df:7a:1c:71:b1:be:c7:67:
                    94:3c:13:5a:47:d7:1d:a1:7f:60:91:6e:71:c0:c2:
                    22:e3:3c:6f:ee:58:d2:31:3b:7a:24:96:40:ea:89:
                    33:da:81:07:a8:e3:9c:a9:cb:22:e7:89:d0:c5:16:
                    eb:af:48:f7:66:07:7e:0e:f0:8c:4b:20:74:a1:ed:
                    f7:79:8f:cb:81:dd:46:f1:f5:7c:35:71:24:e3:3d:
                    88:21:ea:73:12:e1:d6:30:ff:a6:05:e3:17:60:4e:
                    9d:e0:82:4a:d7:36:01:0f:0c:85:cb:7b:a5:c2:aa:
                    71:98:34:be:44:ad:61:1c:5f:aa:ad:da:71:53:46:
                    78:3b:e2:c2:25:d2:c4:5a:2b:c1:8f:ce:06:bf:e7:
                    66:46:52:65:87:57:34:74:7a:c9:a9:e0:2d:3c:b1:
                    12:35:7c:dd:8c:3b:76:d2:38:e0:b5:da:b8:cf:ca:
                    6b:9a:4d:b4:a0:66:77:26:38:2b:fc:88:e0:45:5b:
                    70:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:79:B5:21:CE:FD:6F:F6:79:B2:A2:82:CD:0A:65:E6:14:04:45:80
            X509v3 Authority Key Identifier:
                keyid:0A:1D:72:AC:08:26:E0:9B:C0:D1:7D:DE:E8:BA:87:D9:73:1D:D4:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/j3m1Ic79b_Z5sqKCzQpl5hQERYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6341da-2b34-4d45-9c17-958112a489a4/1/Ch1yrAgm4JvA0X3e6LqH2XMd1BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.26.0.0/15
                  62.144.0.0/16
                  62.246.0.0/16
                  79.140.176.0/20
                  80.83.96.0/20
                  185.210.52.0/22
                  194.112.16.0/20
                  194.162.0.0/16
                  195.52.0.0/16
                  195.63.0.0/16
                  195.78.160.0/19
                  195.185.0.0/16
                  212.172.0.0/16
                IPv6:
                  2001:4090::/31
                  2a01:5c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         4f:23:5f:d0:d8:1d:74:b4:9e:e7:4a:1c:cc:09:be:59:95:ca:
         09:ce:a0:d3:ed:28:83:71:02:b8:f3:59:32:62:a8:71:98:b1:
         1f:de:0f:58:87:8c:dc:f5:4a:2a:e5:78:22:f5:da:4f:3c:68:
         9d:51:79:08:92:46:33:9a:f6:6e:d9:83:b2:2a:60:51:6c:5c:
         e3:6f:44:8a:46:7d:c3:8d:99:73:64:54:76:7a:2f:e2:b6:b7:
         18:7e:97:8a:84:70:92:6d:92:8a:6f:7c:4b:38:09:56:21:5e:
         34:41:da:33:f4:df:66:f4:d3:13:d3:fa:a6:21:b5:fa:2e:ce:
         ea:2e:f7:09:7d:a4:76:ce:d1:e4:e0:5e:94:75:de:b7:43:c0:
         1e:1f:6e:7f:3c:8d:7f:b6:69:d5:8a:4b:de:24:5c:c5:da:4d:
         34:86:ff:82:60:be:8d:c2:3b:09:05:f2:08:75:83:41:d7:15:
         fe:ad:e4:ed:65:3a:a4:43:3d:26:65:6c:6f:78:c2:14:e4:71:
         a1:bf:43:c3:36:81:27:41:b0:57:ea:3a:00:46:d7:ac:54:52:
         d8:a5:49:8a:45:83:51:31:88:a0:10:76:59:90:59:c7:69:e9:
         51:37:c8:07:c1:87:c5:5e:eb:a0:88:42:e4:f1:0a:ec:3a:b9:
         c3:bc:e3:8d
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYzCbVSxA5DAcmGtrEDl9nkpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMWQ3MmFjMDgyNmUwOWJjMGQxN2RkZWU4YmE4N2Q5NzMx
ZGQ0MTMwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjc5YjUyMWNlZmQ2ZmY2NzliMmEyODJjZDBhNjVlNjE0MDQ0NTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAic/bGgzuhhhcQ/ADOg8amUskid+9
s+OLMBOhXK7B2kBji+zMCJKGZU8nYL2tDNCs3bNsolMh+YSA+xxBuG8ItKoc33oc
cbG+x2eUPBNaR9cdoX9gkW5xwMIi4zxv7ljSMTt6JJZA6okz2oEHqOOcqcsi54nQ
xRbrr0j3Zgd+DvCMSyB0oe33eY/Lgd1G8fV8NXEk4z2IIepzEuHWMP+mBeMXYE6d
4IJK1zYBDwyFy3ulwqpxmDS+RK1hHF+qrdpxU0Z4O+LCJdLEWivBj84Gv+dmRlJl
h1c0dHrJqeAtPLESNXzdjDt20jjgtdq4z8prmk20oGZ3Jjgr/IjgRVtwKQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFI95tSHO/W/2ebKigs0KZeYUBEWAMB8GA1UdIwQY
MBaAFAodcqwIJuCbwNF93ui6h9lzHdQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2gxeXJBZ200SnZBMFgzZTZMcUgyWE1kMUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC82MzQxZGEtMmIzNC00ZDQ1LTljMTct
OTU4MTEyYTQ4OWE0LzEvajNtMUljNzliX1o1c3FLQ3pRcGw1aFFFUllBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC82MzQxZGEtMmIzNC00ZDQ1LTljMTctOTU4MTEyYTQ4OWE0
LzEvQ2gxeXJBZ200SnZBMFgzZTZMcUgyWE1kMUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBMBAIAATBGAwMBPhoDAwA+
kAMDAD72AwQET4ywAwQEUFNgAwQCudI0AwQEwnAQAwMAwqIDAwDDNAMDAMM/AwQF
w06gAwMAw7kDAwDUrDAUBAIAAjAOAwUBIAFAkAMFACoBBcgwDQYJKoZIhvcNAQEL
BQADggEBAE8jX9DYHXS0nudKHMwJvlmVygnOoNPtKINxArjzWTJiqHGYsR/eD1iH
jNz1SirleCL12k88aJ1ReQiSRjOa9m7Zg7IqYFFsXONvRIpGfcONmXNkVHZ6L+K2
txh+l4qEcJJtkopvfEs4CVYhXjRB2jP032b00xPT+qYhtfouzuou9wl9pHbO0eTg
XpR13rdDwB4fbn88jX+2adWKS94kXMXaTTSG/4Jgvo3COwkF8gh1g0HXFf6t5O1l
OqRDPSZlbG94whTkcaG/Q8M2gSdBsFfqOgBG16xUUtilSYpFg1ExiKAQdlmQWcdp
6VE3yAfBh8Ve66CIQuTxCuw6ucO8440=
-----END CERTIFICATE-----