Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/j9sABjMh7CQ5K-YrOzhLMoBDRIs.roa
File:                     j9sABjMh7CQ5K-YrOzhLMoBDRIs.roa (raw, json)
Hash identifier:          sLoux9fD6noqQD7DsAkYUy85W7fiP6LT5LywDW9uMpM=
Subject key identifier:   8F:DB:00:06:33:21:EC:24:39:2B:E6:2B:3B:38:4B:32:80:43:44:8B
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       0189C4988B875D8376FC4D9B1F4F369A8B82
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/j9sABjMh7CQ5K-YrOzhLMoBDRIs.roa
Signing time:             Sat 05 Aug 2023 07:27:58 +0000
ROA not before:           Sat 05 Aug 2023 07:27:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43370
IP address blocks:        185.244.132.0/24 maxlen: 24
                          62.32.84.0/23 maxlen: 23
                          37.221.202.0/24 maxlen: 24
                          37.221.207.0/24 maxlen: 24
                          62.32.92.0/23 maxlen: 23
                          37.77.128.0/24 maxlen: 24
                          95.161.184.0/22 maxlen: 22
                          79.142.94.0/23 maxlen: 23
                          46.34.146.0/23 maxlen: 23
                          79.142.93.0/24 maxlen: 24
                          95.161.196.0/22 maxlen: 24
                          95.161.224.0/22 maxlen: 22
                          37.46.48.0/22 maxlen: 22
                          46.34.130.0/23 maxlen: 23
                          178.16.157.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:c4:98:8b:87:5d:83:76:fc:4d:9b:1f:4f:36:9a:8b:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Aug  5 07:27:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8fdb00063321ec24392be62b3b384b328043448b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d6:53:8b:2d:c0:07:43:32:e0:82:ef:81:6b:
                    e8:ff:90:f6:57:ba:00:70:d1:fe:5c:ac:22:85:35:
                    b3:60:31:e8:05:da:2a:23:6c:09:9c:5a:1f:84:7b:
                    30:0d:3e:58:0d:7c:25:ca:27:85:15:ac:36:27:67:
                    6c:06:01:8b:4b:22:40:ca:af:10:d3:51:b7:c7:42:
                    a6:10:e4:71:ce:98:ad:c8:66:3f:7b:7c:97:4d:0c:
                    2d:4e:78:ce:6d:43:f6:f9:ef:fe:c0:09:44:71:ec:
                    07:55:fa:a1:70:18:a1:90:dd:ea:e5:b3:63:ff:6a:
                    5a:20:a9:af:c4:0b:58:23:82:49:c4:9f:f1:17:0d:
                    46:65:b6:24:96:1a:1b:96:04:9e:c1:08:46:5e:2e:
                    6e:a3:f7:20:0f:77:2a:0c:cb:af:75:cf:76:11:25:
                    99:f6:53:4d:36:ad:22:ff:52:cd:7d:15:81:58:81:
                    f8:57:13:74:d8:a9:6d:50:fc:4d:15:11:e5:dd:c9:
                    d8:8d:b7:e6:68:e0:66:5d:0e:fc:d1:a4:b3:b8:7f:
                    0f:a8:9f:98:ef:7c:65:6f:7c:e8:28:aa:9c:36:e1:
                    1c:a0:c3:a7:dd:24:0a:0d:e8:0c:b5:44:f6:7e:0f:
                    79:a8:62:85:3a:9b:51:10:a1:68:e4:db:65:43:40:
                    70:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:DB:00:06:33:21:EC:24:39:2B:E6:2B:3B:38:4B:32:80:43:44:8B
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/j9sABjMh7CQ5K-YrOzhLMoBDRIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.48.0/22
                  37.77.128.0/24
                  37.221.202.0/24
                  37.221.207.0/24
                  46.34.130.0/23
                  46.34.146.0/23
                  62.32.84.0/23
                  62.32.92.0/23
                  79.142.93.0-79.142.95.255
                  95.161.184.0/22
                  95.161.196.0/22
                  95.161.224.0/22
                  178.16.157.0/24
                  185.244.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:b0:57:4e:d3:34:80:25:0a:44:f8:b4:f3:dc:d8:1f:92:52:
         3c:f8:23:25:0e:ca:26:04:55:91:ae:24:a2:26:a9:ac:5d:b2:
         a6:a9:12:fc:09:c1:a6:3e:57:43:d4:9c:c0:a2:f5:f3:04:6c:
         e2:7e:71:5f:31:b5:4c:fd:72:09:6a:7e:7b:75:0c:d4:4f:6b:
         f7:97:88:a1:95:f3:b8:e1:17:54:f3:e6:9b:93:60:2e:6f:b7:
         9b:ff:1d:37:5d:3b:a9:d0:b4:20:dc:fa:fd:8f:a7:6c:4d:2c:
         ea:2d:ce:50:43:62:c8:a6:d2:87:a9:80:b0:42:3a:fc:8f:4a:
         46:83:b5:71:1c:2d:57:e2:9c:20:7f:a2:f0:0a:b2:2f:4e:54:
         77:90:13:39:b1:8a:20:dd:b8:6a:0d:d4:fa:5c:c4:d3:20:0a:
         b6:3d:d9:6b:9d:2c:1c:6f:70:a2:82:e6:21:6e:38:31:61:21:
         0c:aa:04:8a:0d:ba:1e:86:69:4a:07:79:36:71:c4:f2:12:cf:
         d5:79:69:fa:ef:9a:19:eb:94:f2:f8:c4:8f:f4:b8:2d:2a:ca:
         30:ac:d3:f0:d0:eb:fe:dd:32:c5:f6:e8:8d:f7:b7:dc:f0:d7:
         85:a5:14:d1:ec:57:e4:5d:d1:7e:a4:4f:ee:57:dc:1e:2a:0e:
         16:fe:97:78
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYnEmIuHXYN2/E2bH082mouCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjMwODA1MDcyNzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmRiMDAwNjMzMjFlYzI0MzkyYmU2MmIzYjM4NGIzMjgwNDM0NDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9ZTiy3AB0My4ILvgWvo/5D2V7oA
cNH+XKwihTWzYDHoBdoqI2wJnFofhHswDT5YDXwlyieFFaw2J2dsBgGLSyJAyq8Q
01G3x0KmEORxzpityGY/e3yXTQwtTnjObUP2+e/+wAlEcewHVfqhcBihkN3q5bNj
/2paIKmvxAtYI4JJxJ/xFw1GZbYklhoblgSewQhGXi5uo/cgD3cqDMuvdc92ESWZ
9lNNNq0i/1LNfRWBWIH4VxN02KltUPxNFRHl3cnYjbfmaOBmXQ780aSzuH8PqJ+Y
73xlb3zoKKqcNuEcoMOn3SQKDegMtUT2fg95qGKFOptREKFo5NtlQ0BwVQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFI/bAAYzIewkOSvmKzs4SzKAQ0SLMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvajlzQUJqTWg3Q1E1Sy1Zck96aExNb0JEUklzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQCJS4wAwQA
JU2AAwQAJd3KAwQAJd3PAwQBLiKCAwQBLiKSAwQBPiBUAwQBPiBcMAwDBABPjl0D
BAVPjkADBAJfobgDBAJfocQDBAJfoeADBACyEJ0DBAC59IQwDQYJKoZIhvcNAQEL
BQADggEBABywV07TNIAlCkT4tPPc2B+SUjz4IyUOyiYEVZGuJKImqaxdsqapEvwJ
waY+V0PUnMCi9fMEbOJ+cV8xtUz9cglqfnt1DNRPa/eXiKGV87jhF1Tz5puTYC5v
t5v/HTddO6nQtCDc+v2Pp2xNLOotzlBDYsim0oepgLBCOvyPSkaDtXEcLVfinCB/
ovAKsi9OVHeQEzmxiiDduGoN1PpcxNMgCrY92WudLBxvcKKC5iFuODFhIQyqBIoN
uh6GaUoHeTZxxPISz9V5afrvmhnrlPL4xI/0uC0qyjCs0/DQ6/7dMsX26I33t9zw
14WlFNHsV+Rd0X6kT+5X3B4qDhb+l3g=
-----END CERTIFICATE-----