Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/8p0foHrUeaiAnylMHzVxNaJqx5A.roa
File:                     8p0foHrUeaiAnylMHzVxNaJqx5A.roa (raw, json)
Hash identifier:          ewALh2tuSFfWNxwkrpJ/0o5qgKkHz4pdx2kjp0o6kPw=
Subject key identifier:   F2:9D:1F:A0:7A:D4:79:A8:80:9F:29:4C:1F:35:71:35:A2:6A:C7:90
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0186370A9E9EC0EAB4F9C4C9443E9C136B5C
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/8p0foHrUeaiAnylMHzVxNaJqx5A.roa
Signing time:             Thu 09 Feb 2023 16:38:08 +0000
ROA not before:           Thu 09 Feb 2023 16:38:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42864
IP address blocks:        178.210.224.0/22 maxlen: 24
                          193.138.125.0/24 maxlen: 24
                          178.248.200.0/21 maxlen: 21
                          45.9.171.0/24 maxlen: 24
                          45.9.170.0/24 maxlen: 24
                          45.9.169.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          77.242.144.0/20 maxlen: 20
                          88.209.192.0/21 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          92.52.219.0/24 maxlen: 24
                          45.14.10.0/24 maxlen: 24
                          45.14.8.0/24 maxlen: 24
                          92.52.212.0/22 maxlen: 24
                          92.52.210.0/23 maxlen: 23
                          92.52.209.0/24 maxlen: 24
                          92.52.208.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:37:0a:9e:9e:c0:ea:b4:f9:c4:c9:44:3e:9c:13:6b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Feb  9 16:38:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f29d1fa07ad479a8809f294c1f357135a26ac790
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b5:f8:7d:1f:2e:f5:f6:15:57:1b:6b:3e:9d:
                    01:b6:df:b8:4a:dd:dd:24:bb:ad:7c:44:a1:f4:e5:
                    a1:31:62:db:97:bb:c9:40:ad:35:67:3e:ed:c5:09:
                    16:8a:35:fe:39:58:7f:bb:c1:e3:5a:f1:c9:77:e3:
                    aa:a6:21:2b:89:f7:a6:62:72:07:47:77:3e:cc:6d:
                    db:06:e9:c4:c0:3e:51:72:ac:42:4c:25:7c:1f:ba:
                    8c:20:f3:40:1f:9e:e7:0e:d8:17:a5:ab:85:c3:41:
                    e9:67:b1:3a:88:ad:22:24:d1:e2:86:b2:b5:f5:fb:
                    f6:e9:9a:ff:7a:de:2b:ea:cd:ea:78:a5:56:02:97:
                    ad:25:18:2d:2c:13:22:1c:fb:76:b0:fb:46:b1:16:
                    d8:59:1a:b2:32:82:e8:2d:3d:8d:16:21:29:5e:af:
                    7b:2a:2e:f0:be:10:61:cf:78:61:b7:d1:9d:12:15:
                    a1:8e:df:ad:6d:83:c0:f8:fa:84:5e:98:39:90:59:
                    61:dc:97:d2:8c:b4:02:ef:c6:4f:79:95:59:ff:07:
                    17:1b:cc:4a:a5:08:07:d1:3b:e3:8d:05:6a:32:54:
                    a3:16:bf:d9:b8:06:eb:f0:9b:ac:e3:a6:da:0f:76:
                    da:20:d1:71:d6:75:6c:eb:38:0b:89:90:61:f9:04:
                    c6:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:9D:1F:A0:7A:D4:79:A8:80:9F:29:4C:1F:35:71:35:A2:6A:C7:90
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/8p0foHrUeaiAnylMHzVxNaJqx5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.169.0-45.9.171.255
                  45.14.8.0/24
                  45.14.10.0/24
                  77.242.144.0/20
                  88.209.192.0/21
                  88.209.224.0/23
                  92.52.208.0/21
                  92.52.219.0/24
                  178.210.224.0/22
                  178.210.236.0/24
                  178.248.200.0/21
                  193.138.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:0d:93:60:64:89:da:f2:eb:99:2c:eb:c7:3f:b9:a0:31:de:
         5e:34:48:f9:6b:26:08:c4:c3:74:23:ab:75:b6:46:e9:5d:a2:
         9e:72:47:90:89:3d:c1:23:b9:12:a1:0d:b1:be:72:3c:ec:c9:
         cf:01:e1:ed:10:3f:d3:2e:0b:08:7f:84:41:6c:e7:09:2f:e0:
         26:3c:ac:8f:fc:74:4b:39:12:4a:9f:93:27:e9:51:95:0c:94:
         bc:52:a2:71:77:a5:4f:3b:6d:0b:64:a8:c5:d6:30:1e:40:9b:
         a4:6a:1b:9a:28:77:40:0f:14:cb:31:d4:28:ef:7a:fe:91:75:
         f5:71:c4:43:50:27:42:60:d6:67:77:5d:e6:a7:4a:d2:9d:97:
         e0:3c:6e:0b:bf:a0:6f:d7:d6:de:82:4a:43:eb:82:aa:fa:4b:
         75:eb:63:f0:45:62:2a:9e:50:d3:7d:67:b1:eb:42:d4:eb:b8:
         c4:a7:2c:0e:2b:d0:d4:97:03:60:1f:44:e7:ed:a9:0a:bf:2b:
         24:5b:ae:fa:fb:ad:ea:40:3b:71:75:52:b3:63:a0:e2:64:fe:
         20:b8:91:d6:76:17:70:ec:8a:8c:c1:56:5e:8d:d7:23:52:3d:
         48:fc:4c:8f:b2:7a:d4:d9:61:03:36:9e:ec:a6:08:89:39:c7:
         93:72:2b:24
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYY3Cp6ewOq0+cTJRD6cE2tcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwMjA5MTYzODA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjlkMWZhMDdhZDQ3OWE4ODA5ZjI5NGMxZjM1NzEzNWEyNmFjNzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7X4fR8u9fYVVxtrPp0Btt+4St3d
JLutfESh9OWhMWLbl7vJQK01Zz7txQkWijX+OVh/u8HjWvHJd+OqpiErifemYnIH
R3c+zG3bBunEwD5RcqxCTCV8H7qMIPNAH57nDtgXpauFw0HpZ7E6iK0iJNHihrK1
9fv26Zr/et4r6s3qeKVWApetJRgtLBMiHPt2sPtGsRbYWRqyMoLoLT2NFiEpXq97
Ki7wvhBhz3hht9GdEhWhjt+tbYPA+PqEXpg5kFlh3JfSjLQC78ZPeZVZ/wcXG8xK
pQgH0TvjjQVqMlSjFr/ZuAbr8Jus46baD3baINFx1nVs6zgLiZBh+QTG7wIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFPKdH6B61HmogJ8pTB81cTWiaseQMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvOHAwZm9IclVlYWlBbnlsTUh6VnhOYUpxeDVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQMAwDBAAtCakD
BAItCagDBAAtDggDBAAtDgoDBARN8pADBANY0cADBAFY0eADBANcNNADBABcNNsD
BAKy0uADBACy0uwDBAOy+MgDBADBin0wDQYJKoZIhvcNAQELBQADggEBABYNk2Bk
idry65ks68c/uaAx3l40SPlrJgjEw3Qjq3W2Ruldop5yR5CJPcEjuRKhDbG+cjzs
yc8B4e0QP9MuCwh/hEFs5wkv4CY8rI/8dEs5EkqfkyfpUZUMlLxSonF3pU87bQtk
qMXWMB5Am6RqG5ood0APFMsx1Cjvev6RdfVxxENQJ0Jg1md3XeanStKdl+A8bgu/
oG/X1t6CSkPrgqr6S3XrY/BFYiqeUNN9Z7HrQtTruMSnLA4r0NSXA2AfROftqQq/
KyRbrvr7repAO3F1UrNjoOJk/iC4kdZ2F3DsiozBVl6N1yNSPUj8TI+yetTZYQM2
nuymCIk5x5NyKyQ=
-----END CERTIFICATE-----