Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/CoDQWqMZ_f0tGe8ZMR322bvuXRY.roa
File:                     CoDQWqMZ_f0tGe8ZMR322bvuXRY.roa (raw, json)
Hash identifier:          nvVfqqCnbUj3I13IdFJU/UD2LeaS/wdajiqFWAuse1w=
Subject key identifier:   0A:80:D0:5A:A3:19:FD:FD:2D:19:EF:19:31:1D:F6:D9:BB:EE:5D:16
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       018311913FE7DB36DC2E7A1CA2FD64111963
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/CoDQWqMZ_f0tGe8ZMR322bvuXRY.roa
Signing time:             Tue 06 Sep 2022 06:51:15 +0000
ROA not before:           Tue 06 Sep 2022 06:51:15 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     43370
IP address blocks:        62.32.84.0/23 maxlen: 23
                          37.221.202.0/24 maxlen: 24
                          37.221.207.0/24 maxlen: 24
                          62.32.92.0/23 maxlen: 23
                          37.77.128.0/24 maxlen: 24
                          95.161.184.0/22 maxlen: 22
                          79.142.94.0/23 maxlen: 23
                          46.34.146.0/23 maxlen: 23
                          79.142.93.0/24 maxlen: 24
                          95.161.196.0/22 maxlen: 24
                          95.161.224.0/22 maxlen: 22
                          46.34.130.0/23 maxlen: 23
                          178.16.157.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:11:91:3f:e7:db:36:dc:2e:7a:1c:a2:fd:64:11:19:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Sep  6 06:51:15 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0a80d05aa319fdfd2d19ef19311df6d9bbee5d16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:89:c5:3a:af:e4:c3:0c:01:74:f1:2c:f3:7f:
                    2b:73:6f:59:93:bf:7e:4d:79:bc:66:0d:d5:54:10:
                    ac:db:d3:88:9e:cd:9e:ff:34:51:fb:2f:9e:73:b7:
                    fe:06:ee:09:96:4d:d4:10:3e:17:f0:96:97:f6:85:
                    c5:7d:43:c6:65:fd:51:c1:6b:21:f4:68:bd:63:9c:
                    b9:2f:3e:5a:17:51:5b:47:e8:88:0e:61:2e:45:27:
                    12:ba:d4:c1:85:77:47:41:f7:3b:af:43:4a:b3:f7:
                    7b:da:76:c3:84:c3:be:a1:87:c3:f4:47:97:94:04:
                    9d:4e:47:a4:8a:74:1a:f5:ee:0b:39:e3:e9:31:93:
                    2b:cd:14:e6:aa:13:cc:f5:55:91:46:e0:4c:b5:83:
                    00:89:02:ce:77:ee:35:01:fa:f1:f5:f2:ea:5e:91:
                    93:18:00:24:69:0d:1f:5c:e1:0c:8f:62:04:0c:a5:
                    a2:b9:db:35:c7:24:80:9a:ce:30:72:e8:9f:b0:22:
                    fc:cf:b9:77:fc:03:5a:2f:00:e0:f2:6b:c6:1c:17:
                    a8:73:cd:e9:8a:fd:a7:ac:91:f4:25:e8:b8:9f:db:
                    21:d0:fb:07:cd:cb:77:5d:a1:99:c3:b9:34:48:4a:
                    df:a5:f2:2f:ec:9d:6f:13:85:53:03:b2:94:17:4e:
                    66:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:80:D0:5A:A3:19:FD:FD:2D:19:EF:19:31:1D:F6:D9:BB:EE:5D:16
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/CoDQWqMZ_f0tGe8ZMR322bvuXRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.128.0/24
                  37.221.202.0/24
                  37.221.207.0/24
                  46.34.130.0/23
                  46.34.146.0/23
                  62.32.84.0/23
                  62.32.92.0/23
                  79.142.93.0-79.142.95.255
                  95.161.184.0/22
                  95.161.196.0/22
                  95.161.224.0/22
                  178.16.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:bf:a4:b1:45:37:f5:86:5b:91:76:ae:a2:46:5d:56:11:72:
         68:c0:21:7c:5f:5d:eb:ef:a7:ec:f4:aa:50:8d:35:bd:b8:50:
         04:98:75:fa:fe:b3:64:09:78:71:13:11:c6:56:51:1b:79:71:
         84:91:3c:66:c0:fc:da:c7:30:fb:10:6a:d7:60:16:0e:55:aa:
         d7:58:b6:94:89:97:ea:ac:6e:2f:e5:8a:6d:99:24:c7:f4:19:
         c4:85:43:97:66:22:42:85:e0:73:a9:e7:01:01:2d:06:00:45:
         37:17:c3:fe:79:2f:8d:27:4f:61:cf:e7:eb:01:96:d6:eb:c3:
         8b:b4:b4:ed:d2:9b:25:0f:26:2a:40:30:6c:2b:1f:98:8e:ca:
         e4:71:4d:7b:88:6c:68:9e:7c:ef:ea:af:8a:91:f4:3b:b7:ea:
         b1:f1:24:cc:c4:96:db:fe:c0:c9:d1:75:72:7c:98:b9:83:44:
         fc:16:23:df:ff:1d:d2:b7:af:c3:fc:55:e8:6a:d2:f4:88:9f:
         e7:0f:44:78:39:89:6b:b6:56:56:6d:e4:b0:0b:90:b1:72:db:
         ff:c3:ca:d0:1b:9e:6e:21:c5:09:c7:62:03:e2:70:dc:76:b1:
         75:24:61:9a:8f:69:c8:3d:4a:94:f1:0c:94:a2:ca:27:77:a8:
         85:48:f5:bc
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYMRkT/n2zbcLnocov1kERljMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjIwOTA2MDY1MTE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTgwZDA1YWEzMTlmZGZkMmQxOWVmMTkzMTFkZjZkOWJiZWU1ZDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnInFOq/kwwwBdPEs838rc29Zk79+
TXm8Zg3VVBCs29OIns2e/zRR+y+ec7f+Bu4Jlk3UED4X8JaX9oXFfUPGZf1RwWsh
9Gi9Y5y5Lz5aF1FbR+iIDmEuRScSutTBhXdHQfc7r0NKs/d72nbDhMO+oYfD9EeX
lASdTkekinQa9e4LOePpMZMrzRTmqhPM9VWRRuBMtYMAiQLOd+41Afrx9fLqXpGT
GAAkaQ0fXOEMj2IEDKWiuds1xySAms4wcuifsCL8z7l3/ANaLwDg8mvGHBeoc83p
iv2nrJH0Jei4n9sh0PsHzct3XaGZw7k0SErfpfIv7J1vE4VTA7KUF05mFwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFAqA0FqjGf39LRnvGTEd9tm77l0WMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvQ29EUVdxTVpfZjB0R2U4Wk1SMzIyYnZ1WFJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAJU2AAwQA
Jd3KAwQAJd3PAwQBLiKCAwQBLiKSAwQBPiBUAwQBPiBcMAwDBABPjl0DBAVPjkAD
BAJfobgDBAJfocQDBAJfoeADBACyEJ0wDQYJKoZIhvcNAQELBQADggEBAHO/pLFF
N/WGW5F2rqJGXVYRcmjAIXxfXevvp+z0qlCNNb24UASYdfr+s2QJeHETEcZWURt5
cYSRPGbA/NrHMPsQatdgFg5VqtdYtpSJl+qsbi/lim2ZJMf0GcSFQ5dmIkKF4HOp
5wEBLQYARTcXw/55L40nT2HP5+sBltbrw4u0tO3SmyUPJipAMGwrH5iOyuRxTXuI
bGiefO/qr4qR9Du36rHxJMzEltv+wMnRdXJ8mLmDRPwWI9//HdK3r8P8Vehq0vSI
n+cPRHg5iWu2VlZt5LALkLFy2//DytAbnm4hxQnHYgPicNx2sXUkYZqPacg9SpTx
DJSiyid3qIVI9bw=
-----END CERTIFICATE-----