Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/4afda7-829c-4880-a0c9-112e113bb7b7/1/GWtdSQbg8HNDkk-zuVoAQxEwYcE.roa
File:                     GWtdSQbg8HNDkk-zuVoAQxEwYcE.roa (raw, json)
Hash identifier:          NnldJSB7OeHYP9xWzxPyjjinzHTVjUtDM0WlELquLog=
Subject key identifier:   19:6B:5D:49:06:E0:F0:73:43:92:4F:B3:B9:5A:00:43:11:30:61:C1
Certificate issuer:       /CN=a2ddaeb164e398214a171a0410e6b0232d642f50
Certificate serial:       018CC6B8E0DDD6952C9B2139C4C00F659FEC
Authority key identifier: A2:DD:AE:B1:64:E3:98:21:4A:17:1A:04:10:E6:B0:23:2D:64:2F:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ot2usWTjmCFKFxoEEOawIy1kL1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/4afda7-829c-4880-a0c9-112e113bb7b7/1/GWtdSQbg8HNDkk-zuVoAQxEwYcE.roa
Signing time:             Mon 01 Jan 2024 20:30:54 +0000
ROA not before:           Mon 01 Jan 2024 20:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3164
IP address blocks:        37.156.225.0/24 maxlen: 24
                          94.176.2.0/24 maxlen: 24
                          188.240.231.0/24 maxlen: 24
                          188.241.194.0/24 maxlen: 24
                          89.44.109.0/24 maxlen: 24
                          84.247.54.0/24 maxlen: 24
                          37.156.67.0/24 maxlen: 24
                          86.105.195.0/24 maxlen: 24
                          185.88.28.0/24 maxlen: 24
                          185.88.29.0/24 maxlen: 24
                          185.88.31.0/24 maxlen: 24
                          185.88.30.0/24 maxlen: 24
                          2a05:c5c0::/48 maxlen: 48
                          2a05:c5c0:1::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e0:dd:d6:95:2c:9b:21:39:c4:c0:0f:65:9f:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2ddaeb164e398214a171a0410e6b0232d642f50
        Validity
            Not Before: Jan  1 20:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=196b5d4906e0f07343924fb3b95a0043113061c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:bb:4d:a3:97:47:e0:3c:43:43:c1:85:e9:2c:
                    22:81:6d:71:0d:22:43:f6:c1:4f:58:66:b4:81:61:
                    99:63:b5:8c:ec:27:a6:b3:09:17:21:5c:b1:59:ee:
                    15:6b:67:07:f4:d3:85:01:95:97:bc:d1:c9:85:75:
                    55:da:e8:0e:a9:59:70:1d:4e:bb:8c:a3:59:af:90:
                    63:d0:13:2e:cc:d8:8e:7e:69:db:df:3c:d5:9e:fa:
                    36:be:eb:8c:3a:75:57:6c:3f:68:94:9f:91:8e:1d:
                    a4:0f:f5:ae:eb:a7:6a:7c:ff:d2:fb:47:05:4a:69:
                    a2:21:be:11:84:0c:5b:97:b9:b6:08:3b:4d:db:8d:
                    f6:93:76:20:87:21:f5:14:86:82:e1:95:fd:26:a7:
                    47:87:c2:2f:b9:f8:08:2c:5f:12:89:e5:2d:89:8d:
                    c8:95:75:7e:be:60:a0:a8:2c:bf:75:87:ae:49:3a:
                    8d:32:fe:89:0b:25:93:96:17:48:53:09:f6:e1:00:
                    4b:73:3f:2a:d8:46:8f:5b:e6:97:b4:03:a2:dd:e4:
                    dc:ed:01:5e:8b:c6:cb:f8:8e:dd:3e:4e:ca:03:2a:
                    c9:d4:ab:8f:4b:44:80:36:44:f6:9f:3e:e6:aa:8b:
                    6d:a2:2b:da:cb:61:dc:27:a3:c7:68:6b:5d:af:d0:
                    70:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:6B:5D:49:06:E0:F0:73:43:92:4F:B3:B9:5A:00:43:11:30:61:C1
            X509v3 Authority Key Identifier:
                keyid:A2:DD:AE:B1:64:E3:98:21:4A:17:1A:04:10:E6:B0:23:2D:64:2F:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ot2usWTjmCFKFxoEEOawIy1kL1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4afda7-829c-4880-a0c9-112e113bb7b7/1/GWtdSQbg8HNDkk-zuVoAQxEwYcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/4afda7-829c-4880-a0c9-112e113bb7b7/1/ot2usWTjmCFKFxoEEOawIy1kL1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.156.67.0/24
                  37.156.225.0/24
                  84.247.54.0/24
                  86.105.195.0/24
                  89.44.109.0/24
                  94.176.2.0/24
                  185.88.28.0/22
                  188.240.231.0/24
                  188.241.194.0/24
                IPv6:
                  2a05:c5c0::/47

    Signature Algorithm: sha256WithRSAEncryption
         0a:79:91:95:d4:94:c3:60:d0:a7:d8:85:00:df:1d:8f:a8:a8:
         1a:4c:48:73:5d:86:1a:1b:2e:b6:88:02:e1:c3:63:63:64:85:
         55:db:54:bb:66:90:dc:86:f1:2f:78:d1:d6:0f:a9:43:1c:0d:
         41:4c:21:13:a7:f9:64:80:9b:8b:78:15:07:65:8d:b5:9b:5d:
         8b:01:52:fc:d5:17:a7:b4:0b:d6:32:85:69:0d:ab:1a:04:b9:
         cc:d5:7a:5f:3e:c2:a7:c8:6e:e0:ac:9d:5a:74:58:11:4e:2e:
         7e:8c:9a:0c:8c:f7:6d:92:00:f0:d5:6d:7b:c7:b3:eb:74:f1:
         14:64:6f:f8:6f:ec:56:0f:b9:7f:08:c1:6c:8f:6d:da:b7:db:
         e1:96:89:5a:cc:8e:4d:99:6e:d4:70:7c:8c:aa:d7:22:f4:73:
         e5:46:99:7f:0f:b1:2f:72:0b:f3:1e:c6:84:d6:4a:80:cd:8c:
         41:61:08:c1:21:c0:22:65:ca:1b:1a:40:ac:ac:7e:9a:1f:cd:
         b3:ca:78:e7:7b:a1:21:ed:6f:a6:6f:4d:13:22:0c:51:77:69:
         64:22:fb:94:fa:24:4a:78:77:5a:c2:d1:00:4e:e6:91:65:49:
         f7:bf:f6:d6:c2:0a:50:ba:42:7a:f4:e8:a0:3e:a6:18:f1:dc:
         44:4b:fb:31
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYzGuODd1pUsmyE5xMAPZZ/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZGRhZWIxNjRlMzk4MjE0YTE3MWEwNDEwZTZiMDIzMmQ2
NDJmNTAwHhcNMjQwMTAxMjAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTZiNWQ0OTA2ZTBmMDczNDM5MjRmYjNiOTVhMDA0MzExMzA2MWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rtNo5dH4DxDQ8GF6SwigW1xDSJD
9sFPWGa0gWGZY7WM7CemswkXIVyxWe4Va2cH9NOFAZWXvNHJhXVV2ugOqVlwHU67
jKNZr5Bj0BMuzNiOfmnb3zzVnvo2vuuMOnVXbD9olJ+Rjh2kD/Wu66dqfP/S+0cF
SmmiIb4RhAxbl7m2CDtN2432k3YghyH1FIaC4ZX9JqdHh8IvufgILF8SieUtiY3I
lXV+vmCgqCy/dYeuSTqNMv6JCyWTlhdIUwn24QBLcz8q2EaPW+aXtAOi3eTc7QFe
i8bL+I7dPk7KAyrJ1KuPS0SANkT2nz7mqottoivay2HcJ6PHaGtdr9BwKwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFBlrXUkG4PBzQ5JPs7laAEMRMGHBMB8GA1UdIwQY
MBaAFKLdrrFk45ghShcaBBDmsCMtZC9QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3QydXNXVGptQ0ZLRnhvRUVPYXdJeTFrTDFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS80YWZkYTctODI5Yy00ODgwLWEwYzkt
MTEyZTExM2JiN2I3LzEvR1d0ZFNRYmc4SE5Ea2stenVWb0FReEV3WWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS80YWZkYTctODI5Yy00ODgwLWEwYzktMTEyZTExM2JiN2I3
LzEvb3QydXNXVGptQ0ZLRnhvRUVPYXdJeTFrTDFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA8BAIAATA2AwQAJZxDAwQA
JZzhAwQAVPc2AwQAVmnDAwQAWSxtAwQAXrACAwQCuVgcAwQAvPDnAwQAvPHCMA8E
AgACMAkDBwEqBcXAAAAwDQYJKoZIhvcNAQELBQADggEBAAp5kZXUlMNg0KfYhQDf
HY+oqBpMSHNdhhobLraIAuHDY2NkhVXbVLtmkNyG8S940dYPqUMcDUFMIROn+WSA
m4t4FQdljbWbXYsBUvzVF6e0C9YyhWkNqxoEuczVel8+wqfIbuCsnVp0WBFOLn6M
mgyM922SAPDVbXvHs+t08RRkb/hv7FYPuX8IwWyPbdq32+GWiVrMjk2ZbtRwfIyq
1yL0c+VGmX8PsS9yC/MexoTWSoDNjEFhCMEhwCJlyhsaQKysfpofzbPKeOd7oSHt
b6ZvTRMiDFF3aWQi+5T6JEp4d1rC0QBO5pFlSfe/9tbCClC6Qnr06KA+phjx3ERL
+zE=
-----END CERTIFICATE-----