Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/1-tVref32EIEUAjmzD__ZIocgz4U.roa
File:                     1-tVref32EIEUAjmzD__ZIocgz4U.roa (raw, json)
Hash identifier:          skeyCAWGf9XAZkBqS3AyhWLGj0WkmndbJ0agXHGQIqg=
Subject key identifier:   FA:D5:6B:79:FD:F6:10:81:14:02:39:B3:0F:FF:D9:22:87:20:CF:85
Certificate issuer:       /CN=0620eadb2e1562b4e2e4f480772c36887a777f24
Certificate serial:       31763B20
Authority key identifier: 06:20:EA:DB:2E:15:62:B4:E2:E4:F4:80:77:2C:36:88:7A:77:7F:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/1-tVref32EIEUAjmzD__ZIocgz4U.roa
Signing time:             Thu 16 Jun 2022 13:48:44 +0000
ROA not before:           Thu 16 Jun 2022 13:48:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     20649
IP address blocks:        78.111.97.0/24 maxlen: 24
                          78.111.98.0/24 maxlen: 24
                          78.111.111.0/24 maxlen: 24
                          78.111.106.0/24 maxlen: 24
                          80.93.212.0/24 maxlen: 24
                          80.93.208.0/24 maxlen: 24
                          80.93.213.0/24 maxlen: 24
                          217.195.192.0/24 maxlen: 24
                          80.93.216.0/24 maxlen: 24
                          217.195.198.0/24 maxlen: 24
                          217.195.196.0/24 maxlen: 24
                          217.195.206.0/24 maxlen: 24
                          217.195.204.0/24 maxlen: 24
                          217.195.203.0/24 maxlen: 24
                          217.195.207.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 829831968 (0x31763b20)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0620eadb2e1562b4e2e4f480772c36887a777f24
        Validity
            Not Before: Jun 16 13:48:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=fad56b79fdf61081140239b30fffd9228720cf85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c2:64:52:c2:15:19:b8:c7:e2:eb:50:d5:3b:
                    a3:48:11:58:fa:69:a1:44:90:40:c4:6e:db:1e:c9:
                    11:54:d7:c1:54:64:71:f9:0d:be:d1:59:83:1e:26:
                    9a:24:46:88:e7:c4:e0:5b:41:20:5e:5a:fc:db:b1:
                    ee:a7:82:df:49:d8:6d:bf:28:ae:d4:a7:bd:a0:47:
                    ad:14:e1:43:f4:ed:06:16:10:e9:32:37:1c:7c:a9:
                    39:09:d5:8b:16:29:4b:a3:a8:a9:45:62:3b:ff:93:
                    39:99:12:8d:ff:d9:07:c6:32:e7:1e:16:9f:ac:96:
                    26:a0:94:d1:86:66:19:a4:6d:5b:c1:53:80:d9:db:
                    c0:e3:a9:4c:25:ad:d9:f8:57:4a:04:1b:72:f0:94:
                    6a:55:3d:3a:f2:c1:e0:68:ec:3d:0a:4a:ed:4b:33:
                    99:b2:eb:29:2f:2a:de:2d:aa:8d:46:07:17:cb:8d:
                    1d:cc:d2:fd:07:1f:16:da:5b:a0:ba:be:3b:85:4b:
                    ef:73:5f:8a:ee:12:3e:03:89:52:44:a8:6d:a0:fe:
                    bc:86:7c:38:b9:c6:e3:a6:62:51:e3:2e:87:ea:f2:
                    9f:eb:3c:63:b1:d2:46:e2:d1:d5:00:d1:b5:e2:74:
                    35:3a:2e:ca:9b:90:08:4b:f0:3f:9d:0d:6f:b6:75:
                    7f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:D5:6B:79:FD:F6:10:81:14:02:39:B3:0F:FF:D9:22:87:20:CF:85
            X509v3 Authority Key Identifier:
                keyid:06:20:EA:DB:2E:15:62:B4:E2:E4:F4:80:77:2C:36:88:7A:77:7F:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/1-tVref32EIEUAjmzD__ZIocgz4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/cc8bfa-2b13-4674-a984-a5fdb570fe9a/1/BiDq2y4VYrTi5PSAdyw2iHp3fyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.111.97.0-78.111.98.255
                  78.111.106.0/24
                  78.111.111.0/24
                  80.93.208.0/24
                  80.93.212.0/23
                  80.93.216.0/24
                  217.195.192.0/24
                  217.195.196.0/24
                  217.195.198.0/24
                  217.195.203.0-217.195.204.255
                  217.195.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:9a:df:4e:48:44:1d:6f:34:7a:b3:0f:1d:c3:9e:78:24:8c:
         b2:a5:a1:47:fa:83:71:25:1c:16:54:5e:03:59:64:8b:9e:91:
         dd:ac:1e:fa:fa:61:1f:5e:c5:2f:a3:99:77:c6:20:c7:0d:9e:
         93:47:5e:f2:53:bb:97:ce:23:0e:a6:43:ce:18:4c:67:c9:a1:
         0a:14:6c:df:9a:e8:94:69:8d:9a:a4:c1:3a:7d:61:cb:00:a8:
         2a:9a:79:42:f1:aa:59:12:bf:59:5c:ce:2d:23:57:ce:4a:b7:
         b8:8e:73:3d:ea:ad:dd:7e:b3:0d:f4:a2:20:67:94:17:f5:79:
         98:b2:4e:52:17:03:27:f9:00:3c:72:5f:cc:c0:ec:2b:03:2a:
         f9:b8:b5:85:98:42:8c:f1:01:7a:87:d6:5d:c0:30:93:ff:91:
         01:8b:3c:0f:1f:3b:37:d3:f9:ca:72:e0:34:27:cc:f8:d2:74:
         01:a8:12:d3:56:3b:8c:d6:b9:27:80:dc:7a:74:df:f3:69:c2:
         9f:e5:73:5a:4d:bc:c2:65:63:ed:bd:3f:92:44:83:94:fe:68:
         e3:14:9c:23:eb:dd:25:bb:9d:58:0f:5a:61:0f:c5:27:0e:74:
         e5:f1:b2:4d:f5:30:4d:ef:22:14:78:fa:a1:ee:f9:6a:ec:9e:
         85:a0:ad:9a
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIEMXY7IDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NjIwZWFkYjJlMTU2MmI0ZTJlNGY0ODA3NzJjMzY4ODdhNzc3ZjI0MB4XDTIyMDYx
NjEzNDg0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmFkNTZiNzlmZGY2
MTA4MTE0MDIzOWIzMGZmZmQ5MjI4NzIwY2Y4NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL/CZFLCFRm4x+LrUNU7o0gRWPppoUSQQMRu2x7JEVTXwVRk
cfkNvtFZgx4mmiRGiOfE4FtBIF5a/Nux7qeC30nYbb8ortSnvaBHrRThQ/TtBhYQ
6TI3HHypOQnVixYpS6OoqUViO/+TOZkSjf/ZB8Yy5x4Wn6yWJqCU0YZmGaRtW8FT
gNnbwOOpTCWt2fhXSgQbcvCUalU9OvLB4GjsPQpK7UszmbLrKS8q3i2qjUYHF8uN
HczS/QcfFtpboLq+O4VL73Nfiu4SPgOJUkSobaD+vIZ8OLnG46ZiUeMuh+ryn+s8
Y7HSRuLR1QDRteJ0NTouypuQCEvwP50Nb7Z1f0UCAwEAAaOCAlYwggJSMB0GA1Ud
DgQWBBT61Wt5/fYQgRQCObMP/9kihyDPhTAfBgNVHSMEGDAWgBQGIOrbLhVitOLk
9IB3LDaIend/JDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JpRHEyeTRWWXJUaTVQU0FkeXcyaUhwM2Z5US5jZXIwgY4GCCsGAQUFBwELBIGB
MH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDUvY2M4YmZhLTJiMTMtNDY3NC1hOTg0LWE1ZmRiNTcwZmU5YS8x
LzEtdFZyZWYzMkVJRVVBam16RF9fWklvY2d6NFUucm9hMIGBBgNVHR8EejB4MHag
dKByhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q1
L2NjOGJmYS0yYjEzLTQ2NzQtYTk4NC1hNWZkYjU3MGZlOWEvMS9CaURxMnk0Vlly
VGk1UFNBZHl3MmlIcDNmeVEuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
awYIKwYBBQUHAQcBAf8EXDBaMFgEAgABMFIwDAMEAE5vYQMEAE5vYgMEAE5vagME
AE5vbwMEAFBd0AMEAVBd1AMEAFBd2AMEANnDwAMEANnDxAMEANnDxjAMAwQA2cPL
AwQA2cPMAwQB2cPOMA0GCSqGSIb3DQEBCwUAA4IBAQBemt9OSEQdbzR6sw8dw554
JIyypaFH+oNxJRwWVF4DWWSLnpHdrB76+mEfXsUvo5l3xiDHDZ6TR17yU7uXziMO
pkPOGExnyaEKFGzfmuiUaY2apME6fWHLAKgqmnlC8apZEr9ZXM4tI1fOSre4jnM9
6q3dfrMN9KIgZ5QX9XmYsk5SFwMn+QA8cl/MwOwrAyr5uLWFmEKM8QF6h9ZdwDCT
/5EBizwPHzs30/nKcuA0J8z40nQBqBLTVjuM1rkngNx6dN/zacKf5XNaTbzCZWPt
vT+SRIOU/mjjFJwj690lu51YD1phD8UnDnTl8bJN9TBN7yIUePqh7vlq7J6FoK2a
-----END CERTIFICATE-----