Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/hB9nZV_ppRTZA5Vb9VhCM4yeePU.roa
File:                     hB9nZV_ppRTZA5Vb9VhCM4yeePU.roa (raw, json)
Hash identifier:          U8gyNr4G6coHuCMKSwvEcMTdQiJ2YBioqCvSJg5J4p0=
Subject key identifier:   84:1F:67:65:5F:E9:A5:14:D9:03:95:5B:F5:58:42:33:8C:9E:78:F5
Certificate issuer:       /CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
Certificate serial:       0187B7717EDB844D9DEA42C1DD2CB02AE885
Authority key identifier: 42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/hB9nZV_ppRTZA5Vb9VhCM4yeePU.roa
Signing time:             Tue 25 Apr 2023 08:04:41 +0000
ROA not before:           Tue 25 Apr 2023 08:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200845
IP address blocks:        185.198.48.0/24 maxlen: 24
                          45.10.112.0/24 maxlen: 24
                          94.103.245.0/24 maxlen: 24
                          45.138.246.0/24 maxlen: 24
                          45.138.245.0/24 maxlen: 24
                          45.138.247.0/24 maxlen: 24
                          185.195.111.0/24 maxlen: 24
                          185.25.52.0/24 maxlen: 24
                          194.59.196.0/24 maxlen: 24
                          185.192.117.0/24 maxlen: 24
                          185.192.119.0/24 maxlen: 24
                          193.8.244.0/24 maxlen: 24
                          185.194.63.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b7:71:7e:db:84:4d:9d:ea:42:c1:dd:2c:b0:2a:e8:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
        Validity
            Not Before: Apr 25 08:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=841f67655fe9a514d903955bf55842338c9e78f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:80:37:47:3f:ae:b4:ce:f3:7a:d4:7f:1c:d8:
                    0b:6d:0d:55:20:5f:92:73:8c:d3:07:21:80:7f:ee:
                    8b:59:e2:d6:e8:1a:00:37:d2:fb:31:48:52:c2:1d:
                    d0:44:ad:0b:71:ea:95:15:e3:fb:f4:5d:bf:69:b3:
                    a8:21:6c:8a:d6:d8:3e:1c:f3:51:fd:05:2c:ef:0b:
                    ce:7f:ff:77:fb:d2:e8:b5:47:bf:87:29:05:b2:48:
                    b1:72:24:d2:25:73:dc:5d:2d:ea:50:70:df:bd:cb:
                    b5:18:42:0f:b3:6f:41:f3:c4:41:fe:82:4c:be:99:
                    e9:52:65:02:c1:5f:f9:08:d2:13:ee:87:91:bf:26:
                    a3:b6:45:00:94:8c:31:17:99:31:86:47:48:55:eb:
                    01:21:d5:47:1f:ff:6e:c0:fa:90:5b:32:48:d9:01:
                    08:b5:ef:a0:14:2f:97:1d:fe:58:df:29:58:78:02:
                    e4:24:69:d5:2c:81:e7:ba:2b:c3:83:24:8b:b8:3e:
                    ec:9d:2d:f2:c0:9c:52:a9:95:59:d5:8a:7f:b2:93:
                    c0:c9:d0:45:71:93:18:88:9d:ef:6e:42:2c:1f:f4:
                    1c:c2:67:52:76:34:63:4e:1a:2e:d7:dc:c9:98:a4:
                    5b:ff:2d:a0:aa:71:ad:49:33:83:c3:ee:ef:f9:f6:
                    f1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:1F:67:65:5F:E9:A5:14:D9:03:95:5B:F5:58:42:33:8C:9E:78:F5
            X509v3 Authority Key Identifier:
                keyid:42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/hB9nZV_ppRTZA5Vb9VhCM4yeePU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/QpNhzRgdhu9U6-L8kagOxTTOrHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.112.0/24
                  45.138.245.0-45.138.247.255
                  94.103.245.0/24
                  185.25.52.0/24
                  185.192.117.0/24
                  185.192.119.0/24
                  185.194.63.0/24
                  185.195.111.0/24
                  185.198.48.0/24
                  193.8.244.0/24
                  194.59.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:80:87:eb:de:ee:0a:e2:e0:fb:94:f2:1e:19:01:a1:78:ec:
         1d:3d:4c:7f:3e:79:3a:33:5c:72:94:4d:d7:21:a6:d3:2f:53:
         a8:06:59:da:00:3e:c9:63:bd:45:c8:db:64:7a:ce:63:6b:e7:
         e8:3e:31:e0:26:bc:74:ca:c9:c6:b4:e3:49:da:a6:38:bd:17:
         60:69:4b:58:7b:aa:e3:f3:00:e3:8d:a2:ce:72:3d:0c:a2:94:
         62:85:8e:2d:9d:d0:1b:09:90:b7:74:8b:07:fc:80:30:51:e5:
         80:8a:0b:98:5e:9d:eb:23:9b:fa:02:63:26:0a:86:e8:54:1b:
         2b:d2:4a:45:ed:8b:f1:bc:fe:0f:24:ab:38:60:48:6c:31:ac:
         f5:d5:b2:d0:a1:0f:f0:f1:cd:00:51:82:4f:2b:d0:b7:1c:95:
         1a:6a:ec:30:b2:47:0d:11:a6:de:d8:69:c6:e1:1c:54:37:e6:
         12:ce:52:82:27:12:9c:3e:e0:b9:57:49:44:38:74:c8:d2:31:
         60:1a:5d:40:32:7a:b2:a7:28:e1:7b:90:76:bc:aa:d2:65:72:
         a4:14:53:2d:db:1f:02:54:58:69:1b:b0:d1:0f:61:fc:cf:9d:
         6a:9f:10:3b:88:ec:a8:05:eb:a6:f9:21:de:76:ac:f0:91:f2:
         c6:de:ea:2d
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYe3cX7bhE2d6kLB3SywKuiFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTM2MWNkMTgxZDg2ZWY1NGViZTJmYzkxYTgwZWM1MzRj
ZWFjNzgwHhcNMjMwNDI1MDgwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDFmNjc2NTVmZTlhNTE0ZDkwMzk1NWJmNTU4NDIzMzhjOWU3OGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoA3Rz+utM7zetR/HNgLbQ1VIF+S
c4zTByGAf+6LWeLW6BoAN9L7MUhSwh3QRK0LceqVFeP79F2/abOoIWyK1tg+HPNR
/QUs7wvOf/93+9LotUe/hykFskixciTSJXPcXS3qUHDfvcu1GEIPs29B88RB/oJM
vpnpUmUCwV/5CNIT7oeRvyajtkUAlIwxF5kxhkdIVesBIdVHH/9uwPqQWzJI2QEI
te+gFC+XHf5Y3ylYeALkJGnVLIHnuivDgySLuD7snS3ywJxSqZVZ1Yp/spPAydBF
cZMYiJ3vbkIsH/QcwmdSdjRjThou19zJmKRb/y2gqnGtSTODw+7v+fbxlQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFIQfZ2Vf6aUU2QOVW/VYQjOMnnj1MB8GA1UdIwQY
MBaAFEKTYc0YHYbvVOvi/JGoDsU0zqx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjkt
OWJiYjQyZmE4Y2VkLzEvaEI5blpWX3BwUlRaQTVWYjlWaENNNHllZVBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjktOWJiYjQyZmE4Y2Vk
LzEvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQALQpwMAwD
BAAtivUDBAMtivADBABeZ/UDBAC5GTQDBAC5wHUDBAC5wHcDBAC5wj8DBAC5w28D
BAC5xjADBADBCPQDBADCO8QwDQYJKoZIhvcNAQELBQADggEBAEOAh+ve7gri4PuU
8h4ZAaF47B09TH8+eTozXHKUTdchptMvU6gGWdoAPsljvUXI22R6zmNr5+g+MeAm
vHTKyca040napji9F2BpS1h7quPzAOONos5yPQyilGKFji2d0BsJkLd0iwf8gDBR
5YCKC5henesjm/oCYyYKhuhUGyvSSkXti/G8/g8kqzhgSGwxrPXVstChD/DxzQBR
gk8r0LcclRpq7DCyRw0Rpt7YacbhHFQ35hLOUoInEpw+4LlXSUQ4dMjSMWAaXUAy
erKnKOF7kHa8qtJlcqQUUy3bHwJUWGkbsNEPYfzPnWqfEDuI7KgF66b5Id52rPCR
8sbe6i0=
-----END CERTIFICATE-----