Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/vYOKw8-2I3FSpJYxk-3d6nFSiHs.roa
File:                     vYOKw8-2I3FSpJYxk-3d6nFSiHs.roa (raw, json)
Hash identifier:          xPX/1Y0FuUCNANI94YwcSF4gmdMaydYM/udjNDjfAc4=
Subject key identifier:   BD:83:8A:C3:CF:B6:23:71:52:A4:96:31:93:ED:DD:EA:71:52:88:7B
Certificate issuer:       /CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Certificate serial:       018CC7268C5BACFDCA6BB2C21110E9265D81
Authority key identifier: B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/vYOKw8-2I3FSpJYxk-3d6nFSiHs.roa
Signing time:             Mon 01 Jan 2024 22:30:41 +0000
ROA not before:           Mon 01 Jan 2024 22:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15435
IP address blocks:        217.102.240.0/20 maxlen: 24
                          213.34.224.0/19 maxlen: 24
                          212.115.192.0/19 maxlen: 24
                          204.168.128.0/17 maxlen: 24
                          217.63.64.0/19 maxlen: 24
                          149.143.64.0/18 maxlen: 24
                          87.99.128.0/17 maxlen: 24
                          81.172.128.0/17 maxlen: 24
                          141.224.192.0/18 maxlen: 24
                          185.200.96.0/22 maxlen: 24
                          149.143.32.0/19 maxlen: 24
                          212.92.64.0/19 maxlen: 24
                          62.238.0.0/16 maxlen: 24
                          2a02:f68::/29 maxlen: 48
                          2a07:31c0::/29 maxlen: 48
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:8c:5b:ac:fd:ca:6b:b2:c2:11:10:e9:26:5d:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
        Validity
            Not Before: Jan  1 22:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd838ac3cfb6237152a4963193edddea7152887b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:75:fa:13:0d:4d:12:fc:ed:44:94:bc:5e:f3:
                    ca:dc:13:45:60:b3:78:9d:c6:60:67:68:50:66:ba:
                    6b:60:3b:66:ab:ae:ca:2f:14:94:2d:5e:53:a9:90:
                    f9:b6:1f:65:e3:4d:93:63:18:8c:6b:51:1c:d3:c1:
                    c8:97:1a:e8:a3:1b:ea:31:e8:3d:7c:6a:2c:49:73:
                    77:88:79:25:94:d6:f0:d5:8a:4f:59:28:eb:52:2c:
                    5b:46:b7:d8:9e:60:54:06:2a:68:c0:f6:ba:4b:3d:
                    e7:d6:5e:94:26:a8:f1:dc:0c:30:cc:be:66:3b:1d:
                    96:d9:48:80:71:98:db:bd:c2:ab:98:07:f6:76:b6:
                    93:af:5f:2c:5f:2c:0d:e7:e8:db:6e:e5:61:e5:b7:
                    ef:e6:4f:e7:1e:28:b2:66:02:d8:eb:c6:a4:b5:0c:
                    32:20:59:b2:fe:18:3d:9d:5a:42:e0:80:79:2f:e4:
                    9d:60:69:dc:ac:6d:68:f8:81:4c:0e:8c:0b:6c:4b:
                    31:f5:bb:88:c6:35:19:74:44:e7:d7:aa:eb:12:cb:
                    50:f8:c7:1a:18:15:63:19:97:0e:9d:5c:ee:ed:b5:
                    78:de:4e:71:0b:73:18:60:34:63:c3:3d:27:a7:e4:
                    38:a7:1c:a8:6f:c2:78:c6:60:26:01:03:f8:77:ef:
                    ff:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:83:8A:C3:CF:B6:23:71:52:A4:96:31:93:ED:DD:EA:71:52:88:7B
            X509v3 Authority Key Identifier:
                keyid:B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/vYOKw8-2I3FSpJYxk-3d6nFSiHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/saSmAco1xsg3a4mq9EO2PqQ5zbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.238.0.0/16
                  81.172.128.0/17
                  87.99.128.0/17
                  141.224.192.0/18
                  149.143.32.0-149.143.127.255
                  185.200.96.0/22
                  204.168.128.0/17
                  212.92.64.0/19
                  212.115.192.0/19
                  213.34.224.0/19
                  217.63.64.0/19
                  217.102.240.0/20
                IPv6:
                  2a02:f68::/29
                  2a07:31c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:af:3b:da:8d:75:d7:9e:4f:b3:d9:1a:f5:41:8a:d6:06:81:
         c0:c0:44:e7:0f:9f:41:1a:ef:38:d6:f9:ac:d7:eb:89:2b:e2:
         4b:e0:e1:78:18:9a:a7:61:81:e1:a3:bb:82:24:6e:ba:e7:bc:
         1b:44:44:05:3b:54:90:53:a6:30:77:aa:e0:a2:b9:fd:d7:9f:
         b2:28:2e:11:8a:d8:d0:1f:d0:9f:7f:a0:8d:ee:0d:3e:62:ce:
         ef:a5:34:ba:cf:dc:bf:40:32:01:f4:20:d4:30:49:41:62:69:
         17:13:07:f4:8b:6d:6c:96:9a:42:e8:7c:e0:00:72:9e:d4:90:
         10:62:2a:2e:33:14:2d:ef:a9:28:0a:ee:f7:18:8c:57:3c:00:
         df:4d:95:86:45:b6:ce:8d:84:b1:eb:b7:fd:ba:1c:67:7c:37:
         2f:02:f3:da:df:35:e4:7f:bb:58:36:7a:c0:ff:5d:2f:d3:14:
         7e:17:b9:43:99:64:a6:ec:15:d1:ea:cb:fa:00:cf:58:a4:36:
         03:9b:84:60:87:3b:6b:29:9a:88:18:8a:d2:23:a8:92:cb:d6:
         ee:68:1b:b4:89:ff:54:55:5d:91:cb:e8:cb:f7:39:36:a5:d4:
         79:2d:33:96:32:45:d4:af:01:49:d7:bd:e6:13:04:17:ea:33:
         a7:91:4e:8f
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAYzHJoxbrP3Ka7LCERDpJl2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTRhNjAxY2EzNWM2YzgzNzZiODlhYWY0NDNiNjNlYTQz
OWNkYjgwHhcNMjQwMTAxMjIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDgzOGFjM2NmYjYyMzcxNTJhNDk2MzE5M2VkZGRlYTcxNTI4ODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHX6Ew1NEvztRJS8XvPK3BNFYLN4
ncZgZ2hQZrprYDtmq67KLxSULV5TqZD5th9l402TYxiMa1Ec08HIlxrooxvqMeg9
fGosSXN3iHkllNbw1YpPWSjrUixbRrfYnmBUBipowPa6Sz3n1l6UJqjx3AwwzL5m
Ox2W2UiAcZjbvcKrmAf2draTr18sXywN5+jbbuVh5bfv5k/nHiiyZgLY68aktQwy
IFmy/hg9nVpC4IB5L+SdYGncrG1o+IFMDowLbEsx9buIxjUZdETn16rrEstQ+Mca
GBVjGZcOnVzu7bV43k5xC3MYYDRjwz0np+Q4pxyob8J4xmAmAQP4d+//FQIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFL2DisPPtiNxUqSWMZPt3epxUoh7MB8GA1UdIwQY
MBaAFLGkpgHKNcbIN2uJqvRDtj6kOc24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAt
M2E1NjI4Y2M4MWQ5LzEvdllPS3c4LTJJM0ZTcEpZeGstM2Q2bkZTaUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAtM2E1NjI4Y2M4MWQ5
LzEvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBVBAIAATBPAwMAPu4DBAdR
rIADBAdXY4ADBAaN4MAwDAMEBZWPIAMEB5WPAAMEArnIYAMEB8yogAMEBdRcQAME
BdRzwAMEBdUi4AMEBdk/QAMEBNlm8DAUBAIAAjAOAwUDKgIPaAMFAyoHMcAwDQYJ
KoZIhvcNAQELBQADggEBAAavO9qNddeeT7PZGvVBitYGgcDAROcPn0Ea7zjW+azX
64kr4kvg4XgYmqdhgeGju4IkbrrnvBtERAU7VJBTpjB3quCiuf3Xn7IoLhGK2NAf
0J9/oI3uDT5izu+lNLrP3L9AMgH0INQwSUFiaRcTB/SLbWyWmkLofOAAcp7UkBBi
Ki4zFC3vqSgK7vcYjFc8AN9NlYZFts6NhLHrt/26HGd8Ny8C89rfNeR/u1g2esD/
XS/TFH4XuUOZZKbsFdHqy/oAz1ikNgObhGCHO2spmogYitIjqJLL1u5oG7SJ/1RV
XZHL6Mv3OTal1HktM5YyRdSvAUnXveYTBBfqM6eRTo8=
-----END CERTIFICATE-----