Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/D_0DDOt25UfhprGVxITKEiGrdFo.roa
File:                     D_0DDOt25UfhprGVxITKEiGrdFo.roa (raw, json)
Hash identifier:          fr64EykhFTEavWV3JCspMgEKrHVOi7GFmkNznUiWBcY=
Subject key identifier:   0F:FD:03:0C:EB:76:E5:47:E1:A6:B1:95:C4:84:CA:12:21:AB:74:5A
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018779F7961899AC612FC006B3D75D059312
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/D_0DDOt25UfhprGVxITKEiGrdFo.roa
Signing time:             Thu 13 Apr 2023 09:34:41 +0000
ROA not before:           Thu 13 Apr 2023 09:34:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.230.248.0/24 maxlen: 24
                          185.229.104.0/24 maxlen: 24
                          185.229.106.0/24 maxlen: 24
                          194.4.159.0/24 maxlen: 24
                          89.43.208.0/24 maxlen: 24
                          185.245.237.0/24 maxlen: 24
                          193.19.106.0/24 maxlen: 24
                          192.166.208.0/22 maxlen: 24
                          185.121.231.0/24 maxlen: 24
                          178.239.203.0/24 maxlen: 24
                          78.142.242.0/23 maxlen: 24
                          185.121.230.0/24 maxlen: 24
                          45.159.152.0/24 maxlen: 24
                          45.159.154.0/24 maxlen: 24
                          62.197.135.0/24 maxlen: 24
                          185.103.75.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:79:f7:96:18:99:ac:61:2f:c0:06:b3:d7:5d:05:93:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr 13 09:34:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0ffd030ceb76e547e1a6b195c484ca1221ab745a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b2:6a:f4:8b:c5:ed:97:b8:a3:bb:c9:47:df:
                    52:00:ac:7a:a4:b2:26:19:d5:07:54:1f:67:79:31:
                    62:5f:65:8a:b8:42:ca:45:78:fa:04:d6:01:92:cd:
                    16:ca:ea:4f:50:45:bc:2a:a1:9a:38:58:84:14:9b:
                    87:1e:8c:40:30:a8:25:93:48:ba:3c:26:52:4e:72:
                    c2:80:cd:72:63:59:04:58:4b:5d:8a:d8:3f:53:10:
                    de:f4:f7:6f:ec:81:e9:05:ea:fa:00:b0:c1:6f:4f:
                    5c:78:fb:af:5f:6b:24:6c:3a:a8:d7:0c:4b:f2:47:
                    43:15:21:70:92:75:b5:f3:82:99:51:de:c9:3f:e5:
                    4e:81:35:32:8e:57:4a:19:c8:71:74:16:2c:51:a7:
                    bb:c4:03:c6:40:90:cf:c9:dc:d8:ee:31:ca:e2:6b:
                    bf:23:6d:c7:25:1e:98:53:75:f9:24:8f:34:66:ab:
                    92:ae:29:f4:41:d2:6a:b2:7b:ab:17:79:fd:05:8f:
                    54:5b:18:52:cb:da:72:c5:48:6a:f9:07:2a:10:a4:
                    b4:e3:3c:d5:fd:90:c3:e7:4d:8e:49:f6:fe:90:29:
                    3c:b1:0e:e1:cd:94:f6:6f:0c:90:13:26:53:9f:cf:
                    a6:0c:d5:9c:18:ae:97:87:b8:b3:5d:ed:57:8f:b9:
                    65:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:FD:03:0C:EB:76:E5:47:E1:A6:B1:95:C4:84:CA:12:21:AB:74:5A
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/D_0DDOt25UfhprGVxITKEiGrdFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.152.0/24
                  45.159.154.0/24
                  62.197.135.0/24
                  78.142.242.0/23
                  89.43.208.0/24
                  178.239.203.0/24
                  185.103.75.0/24
                  185.121.230.0/23
                  185.229.104.0/24
                  185.229.106.0/24
                  185.230.248.0/24
                  185.245.237.0/24
                  192.166.208.0/22
                  193.19.106.0/24
                  194.4.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:ed:ff:75:1e:e3:4c:65:20:6b:04:f3:82:a2:dd:87:1a:2f:
         c8:6f:12:af:13:37:28:67:5c:d3:6d:f2:41:6f:95:89:f2:5c:
         2c:df:8b:00:6d:23:01:03:03:67:d4:7f:45:d3:c4:d8:13:f7:
         01:f2:d4:6f:f7:9c:d3:43:48:10:f0:04:35:72:1b:cb:9f:7d:
         87:f0:27:30:b1:7e:f0:c1:de:78:bb:eb:f3:f5:c1:7f:eb:2c:
         5e:91:33:0a:48:1b:55:39:42:ee:ec:c9:32:c5:3b:2d:94:b3:
         7b:a7:88:86:59:94:6e:5d:e6:12:b6:f4:00:23:63:40:f5:a5:
         c7:85:de:0a:8f:83:a9:67:52:ba:61:80:f4:36:c6:3a:63:49:
         10:60:0a:4a:cd:9b:c5:5a:f0:b7:f6:32:7e:62:1b:81:f1:55:
         19:8b:0c:d6:4f:37:fb:d7:8f:63:0a:f9:fb:1f:c9:12:2d:9e:
         f9:e2:cd:f9:76:a8:45:5c:35:f0:e9:05:b5:65:f5:ea:a8:42:
         ee:6e:1c:16:4c:bc:8b:41:8d:98:a3:d8:5d:da:21:14:2b:98:
         62:d3:62:4f:38:87:22:a6:ee:ec:15:f2:b9:97:40:03:70:c1:
         f7:25:4f:9f:1c:ae:44:11:4c:fd:b8:5b:f3:ad:db:34:03:7a:
         d0:ff:7a:93
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYd595YYmaxhL8AGs9ddBZMSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDEzMDkzNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmZkMDMwY2ViNzZlNTQ3ZTFhNmIxOTVjNDg0Y2ExMjIxYWI3NDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorJq9IvF7Ze4o7vJR99SAKx6pLIm
GdUHVB9neTFiX2WKuELKRXj6BNYBks0WyupPUEW8KqGaOFiEFJuHHoxAMKglk0i6
PCZSTnLCgM1yY1kEWEtditg/UxDe9Pdv7IHpBer6ALDBb09cePuvX2skbDqo1wxL
8kdDFSFwknW184KZUd7JP+VOgTUyjldKGchxdBYsUae7xAPGQJDPydzY7jHK4mu/
I23HJR6YU3X5JI80ZquSrin0QdJqsnurF3n9BY9UWxhSy9pyxUhq+QcqEKS04zzV
/ZDD502OSfb+kCk8sQ7hzZT2bwyQEyZTn8+mDNWcGK6Xh7izXe1Xj7llEwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFA/9AwzrduVH4aaxlcSEyhIhq3RaMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRF8wRERPdDI1VWZocHJHVnhJVEtFaUdyZEZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQALZ+YAwQA
LZ+aAwQAPsWHAwQBTo7yAwQAWSvQAwQAsu/LAwQAuWdLAwQBuXnmAwQAueVoAwQA
ueVqAwQAueb4AwQAufXtAwQCwKbQAwQAwRNqAwQAwgSfMA0GCSqGSIb3DQEBCwUA
A4IBAQBH7f91HuNMZSBrBPOCot2HGi/IbxKvEzcoZ1zTbfJBb5WJ8lws34sAbSMB
AwNn1H9F08TYE/cB8tRv95zTQ0gQ8AQ1chvLn32H8CcwsX7wwd54u+vz9cF/6yxe
kTMKSBtVOULu7MkyxTstlLN7p4iGWZRuXeYStvQAI2NA9aXHhd4Kj4OpZ1K6YYD0
NsY6Y0kQYApKzZvFWvC39jJ+YhuB8VUZiwzWTzf7149jCvn7H8kSLZ754s35dqhF
XDXw6QW1ZfXqqELubhwWTLyLQY2Yo9hd2iEUK5hi02JPOIcipu7sFfK5l0ADcMH3
JU+fHK5EEUz9uFvzrds0A3rQ/3qT
-----END CERTIFICATE-----