Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/jZjUI0PJBHVFeI6DhRxvuqThzEA.roa
File:                     jZjUI0PJBHVFeI6DhRxvuqThzEA.roa (raw, json)
Hash identifier:          maejoZUA2zXqRZLLX9Ybu38EXFSrOlzWqzYITNcjilw=
Subject key identifier:   8D:98:D4:23:43:C9:04:75:45:78:8E:83:85:1C:6F:BA:A4:E1:CC:40
Certificate issuer:       /CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Certificate serial:       0186A736F0EB6A8789C4CE5B6DE42CB5E26D
Authority key identifier: E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/jZjUI0PJBHVFeI6DhRxvuqThzEA.roa
Signing time:             Fri 03 Mar 2023 11:24:00 +0000
ROA not before:           Fri 03 Mar 2023 11:24:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12541
IP address blocks:        212.80.160.0/19 maxlen: 24
                          213.9.128.0/17 maxlen: 24
                          212.49.128.0/18 maxlen: 24
                          84.18.0.0/19 maxlen: 24
                          213.192.192.0/18 maxlen: 24
                          92.60.160.0/20 maxlen: 24
                          213.170.32.0/19 maxlen: 24
                          212.163.0.0/16 maxlen: 24
                          212.66.160.0/19 maxlen: 24
                          185.123.120.0/22 maxlen: 24
                          185.66.60.0/22 maxlen: 24
                          2001:ac0::/29 maxlen: 48
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a7:36:f0:eb:6a:87:89:c4:ce:5b:6d:e4:2c:b5:e2:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
        Validity
            Not Before: Mar  3 11:24:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8d98d42343c9047545788e83851c6fbaa4e1cc40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:19:3b:81:55:1a:6c:c5:d3:80:30:c3:de:8b:
                    dd:5a:ae:78:aa:1f:8c:3c:83:74:00:ec:4d:2e:a1:
                    f8:50:ea:f9:e6:42:a1:de:39:ef:45:68:8b:d1:b7:
                    b2:24:b2:35:99:6d:11:58:df:ce:6f:1d:8d:41:fc:
                    82:87:4c:b8:75:64:87:20:a6:eb:c5:61:00:9f:4b:
                    ba:be:3c:e3:db:10:f9:7a:be:c2:c9:0a:18:e0:3f:
                    bd:11:fa:64:ef:94:c3:fd:38:00:3b:0c:93:03:51:
                    78:b9:f9:96:d7:92:d0:cd:e2:3f:f8:5d:35:bf:5a:
                    b8:e4:d8:c9:f6:c8:fb:04:73:9c:f8:5f:fc:99:0a:
                    fc:a7:ff:bd:d0:cb:d3:0c:21:f3:75:ca:b4:84:8c:
                    ae:08:53:76:de:bf:2b:e9:3a:b0:36:90:8c:d3:3d:
                    f6:34:a5:9e:11:00:96:c9:6e:be:69:42:3e:1d:f8:
                    dc:45:36:5c:69:d6:83:c1:69:59:64:7b:45:05:8a:
                    36:50:b7:5a:90:7f:ab:15:00:c1:e9:93:0e:d0:d5:
                    b9:72:c2:d9:cc:59:2a:c8:ce:e9:3d:a7:38:0f:4b:
                    99:a0:54:da:43:7f:0d:35:d8:ca:74:3d:dc:c1:33:
                    fc:d0:3c:a1:96:e7:81:bb:98:e0:5d:db:7a:e9:35:
                    0d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:98:D4:23:43:C9:04:75:45:78:8E:83:85:1C:6F:BA:A4:E1:CC:40
            X509v3 Authority Key Identifier:
                keyid:E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/jZjUI0PJBHVFeI6DhRxvuqThzEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.18.0.0/19
                  92.60.160.0/20
                  185.66.60.0/22
                  185.123.120.0/22
                  212.49.128.0/18
                  212.66.160.0/19
                  212.80.160.0/19
                  212.163.0.0/16
                  213.9.128.0/17
                  213.170.32.0/19
                  213.192.192.0/18
                IPv6:
                  2001:ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:69:9b:52:c9:ad:dc:1d:ab:c0:2d:f2:a4:ef:cc:92:b4:b2:
         bb:f4:34:90:b7:41:08:6c:db:35:c9:75:86:35:36:63:ec:b7:
         2b:02:3a:98:ee:04:99:21:9f:4a:a2:d1:bb:67:05:a7:9a:e3:
         40:42:8d:f1:30:cf:b1:51:97:07:f5:8c:ef:a1:69:3a:36:c9:
         9e:63:0b:b0:df:fc:80:61:c6:b7:bb:d1:49:b2:f8:20:8b:c3:
         68:4c:71:8b:d6:ea:5e:b7:44:ba:3c:4b:e8:91:45:b3:75:29:
         c0:97:23:a0:fe:b8:e5:f2:d7:a9:6e:4e:f1:af:4d:f0:15:3f:
         3e:d1:dd:80:96:89:66:d9:77:56:1a:0a:8e:4b:da:f3:01:b0:
         94:8f:c0:28:01:b2:67:0f:03:38:11:e5:24:fe:60:4c:79:d6:
         29:3f:cf:c1:c0:49:88:94:d8:19:72:82:7d:b0:87:6f:ab:a6:
         d4:f5:94:62:07:05:6d:10:05:6f:a8:32:a9:97:a3:85:bb:28:
         e0:08:46:81:c6:e2:56:63:4a:f4:7a:5c:9a:0e:42:3b:3f:0d:
         0c:40:c1:d2:e8:8e:1f:ca:2f:31:25:81:b0:f8:83:0c:10:f5:
         72:c0:81:ee:60:7c:6f:d2:47:59:48:42:b5:8e:78:e2:91:03:
         56:3c:e7:ea
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYanNvDraoeJxM5bbeQsteJtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDAzYjVlNDVjZDU4YmU1ZjZjNWQzM2ZhNTY1YWI0OTIy
M2UzZGIwHhcNMjMwMzAzMTEyNDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDk4ZDQyMzQzYzkwNDc1NDU3ODhlODM4NTFjNmZiYWE0ZTFjYzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphk7gVUabMXTgDDD3ovdWq54qh+M
PIN0AOxNLqH4UOr55kKh3jnvRWiL0beyJLI1mW0RWN/Obx2NQfyCh0y4dWSHIKbr
xWEAn0u6vjzj2xD5er7CyQoY4D+9Efpk75TD/TgAOwyTA1F4ufmW15LQzeI/+F01
v1q45NjJ9sj7BHOc+F/8mQr8p/+90MvTDCHzdcq0hIyuCFN23r8r6TqwNpCM0z32
NKWeEQCWyW6+aUI+HfjcRTZcadaDwWlZZHtFBYo2ULdakH+rFQDB6ZMO0NW5csLZ
zFkqyM7pPac4D0uZoFTaQ38NNdjKdD3cwTP80DyhlueBu5jgXdt66TUNfQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFI2Y1CNDyQR1RXiOg4Ucb7qk4cxAMB8GA1UdIwQY
MBaAFOhAO15FzVi+X2xdM/pWWrSSI+PbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEt
YTg3MWVjYzIxMmE2LzEvalpqVUkwUEpCSFZGZUk2RGhSeHZ1cVRoekVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEtYTg3MWVjYzIxMmE2
LzEvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBHBAIAATBBAwQFVBIAAwQE
XDygAwQCuUI8AwQCuXt4AwQG1DGAAwQF1EKgAwQF1FCgAwMA1KMDBAfVCYADBAXV
qiADBAbVwMAwDQQCAAIwBwMFAyABCsAwDQYJKoZIhvcNAQELBQADggEBAK1pm1LJ
rdwdq8At8qTvzJK0srv0NJC3QQhs2zXJdYY1NmPstysCOpjuBJkhn0qi0btnBaea
40BCjfEwz7FRlwf1jO+haTo2yZ5jC7Df/IBhxre70Umy+CCLw2hMcYvW6l63RLo8
S+iRRbN1KcCXI6D+uOXy16luTvGvTfAVPz7R3YCWiWbZd1YaCo5L2vMBsJSPwCgB
smcPAzgR5ST+YEx51ik/z8HASYiU2Blygn2wh2+rptT1lGIHBW0QBW+oMqmXo4W7
KOAIRoHG4lZjSvR6XJoOQjs/DQxAwdLojh/KLzElgbD4gwwQ9XLAge5gfG/SR1lI
QrWOeOKRA1Y85+o=
-----END CERTIFICATE-----