Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Xi76YJJkeua4BGUe1AYHLTak6wE.roa
File:                     Xi76YJJkeua4BGUe1AYHLTak6wE.roa (raw, json)
Hash identifier:          EvFwFlb8pG5l/c+B4/IQsRbbUwtbbltZdYGgeAmoZ/o=
Subject key identifier:   5E:2E:FA:60:92:64:7A:E6:B8:04:65:1E:D4:06:07:2D:36:A4:EB:01
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018C24A1EF9D21D2D262955C125C7E08BD60
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Xi76YJJkeua4BGUe1AYHLTak6wE.roa
Signing time:             Fri 01 Dec 2023 09:07:21 +0000
ROA not before:           Fri 01 Dec 2023 09:07:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209706
IP address blocks:        185.172.20.0/22 maxlen: 22
                          89.37.228.0/22 maxlen: 24
                          89.37.236.0/22 maxlen: 24
                          62.112.12.0/23 maxlen: 24
                          86.105.104.0/22 maxlen: 24
                          188.240.40.0/23 maxlen: 24
                          188.212.104.0/22 maxlen: 22
                          94.190.248.0/22 maxlen: 24
                          89.37.188.0/22 maxlen: 24
                          89.36.236.0/22 maxlen: 24
                          89.36.32.0/22 maxlen: 24
                          185.77.250.0/23 maxlen: 24
                          188.211.252.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:24:a1:ef:9d:21:d2:d2:62:95:5c:12:5c:7e:08:bd:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Dec  1 09:07:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e2efa6092647ae6b804651ed406072d36a4eb01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e9:f6:59:9d:c7:97:ba:e9:86:3a:2e:b8:77:
                    02:b5:5d:eb:f3:ff:63:12:48:0c:4a:b4:7f:e6:3b:
                    76:33:cd:dc:03:a4:37:a1:70:dc:ca:ee:36:05:1c:
                    f1:73:f0:39:e3:af:26:4c:43:45:28:6f:21:27:fe:
                    81:7f:3a:2b:94:a7:bc:0c:41:1f:25:73:76:45:bd:
                    07:de:6b:f9:87:7d:5f:75:d3:3f:01:af:cf:17:c8:
                    d4:c1:b1:b3:b4:62:6f:b4:72:9c:d3:6a:75:3d:83:
                    6a:0f:f0:a1:6f:57:21:6a:3f:97:16:cc:49:d2:13:
                    b0:21:6e:d1:9f:bb:09:ef:19:f3:3a:65:3b:dd:02:
                    d9:2d:18:9d:d3:41:fc:63:99:f3:82:43:e6:47:20:
                    4c:06:5f:71:47:c9:33:fc:36:71:9b:1b:ef:d3:33:
                    8a:7f:48:8e:c4:bd:69:b9:87:b7:e7:6a:3d:8f:dc:
                    54:5e:05:10:e5:7c:c5:2c:8f:d5:b7:04:2c:da:b7:
                    33:d6:6f:80:48:3b:b0:9b:bb:37:a0:1d:a5:5a:f4:
                    e2:3d:eb:a7:28:b2:82:34:29:cc:f2:19:34:51:7d:
                    58:d1:8c:75:ca:df:8d:84:a1:1a:5a:58:fc:92:6a:
                    41:66:7f:27:3f:57:ad:c1:e0:a7:9c:a4:aa:dc:2a:
                    0e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:2E:FA:60:92:64:7A:E6:B8:04:65:1E:D4:06:07:2D:36:A4:EB:01
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Xi76YJJkeua4BGUe1AYHLTak6wE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.12.0/23
                  86.105.104.0/22
                  89.36.32.0/22
                  89.36.236.0/22
                  89.37.188.0/22
                  89.37.228.0/22
                  89.37.236.0/22
                  94.190.248.0/22
                  185.77.250.0/23
                  185.172.20.0/22
                  188.211.252.0/22
                  188.212.104.0/22
                  188.240.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:9c:4b:c4:f1:da:3c:68:50:a4:4b:46:93:0f:2f:f8:33:7b:
         3f:27:4c:5a:c6:08:0f:4f:f3:ab:67:22:bb:4f:d1:ad:6a:86:
         4a:2b:e8:e7:1e:03:15:6a:49:7b:cc:12:94:75:3a:87:4d:93:
         5a:ac:00:74:7b:d6:de:a5:83:6e:91:d7:28:c1:d6:66:a5:5a:
         0e:cd:7e:df:ce:e8:f7:4e:17:86:76:d1:de:5f:6c:dc:b0:a7:
         f5:49:32:76:9e:3a:2d:38:9e:90:86:20:f0:2d:d0:74:2b:3b:
         69:f9:e3:b6:36:15:bc:44:59:52:5c:3f:8a:93:e8:d5:49:dc:
         32:3a:99:4e:bc:4d:98:f3:f4:3e:c3:d0:48:50:5b:b4:68:87:
         4e:57:ab:6f:c5:9a:aa:a5:01:e5:5c:c0:5d:7a:88:59:d3:55:
         66:73:fc:b8:e5:4a:93:8a:ae:ef:35:fa:f0:4d:de:16:ba:2a:
         e5:24:b4:a5:8c:83:ff:23:4b:65:be:ff:5a:d2:7e:a7:6b:24:
         60:28:cc:ee:63:93:0d:8e:e1:22:e8:77:43:55:99:ae:52:72:
         9c:7e:5e:15:95:dd:09:6d:35:5c:aa:62:e3:e6:3e:75:5a:df:
         c0:58:33:27:45:c6:76:22:81:d5:01:79:22:b7:8e:9a:af:b7:
         5c:20:53:f3
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYwkoe+dIdLSYpVcElx+CL1gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMxMjAxMDkwNzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTJlZmE2MDkyNjQ3YWU2YjgwNDY1MWVkNDA2MDcyZDM2YTRlYjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgun2WZ3Hl7rphjouuHcCtV3r8/9j
EkgMSrR/5jt2M83cA6Q3oXDcyu42BRzxc/A5468mTENFKG8hJ/6BfzorlKe8DEEf
JXN2Rb0H3mv5h31fddM/Aa/PF8jUwbGztGJvtHKc02p1PYNqD/Chb1chaj+XFsxJ
0hOwIW7Rn7sJ7xnzOmU73QLZLRid00H8Y5nzgkPmRyBMBl9xR8kz/DZxmxvv0zOK
f0iOxL1puYe352o9j9xUXgUQ5XzFLI/VtwQs2rcz1m+ASDuwm7s3oB2lWvTiPeun
KLKCNCnM8hk0UX1Y0Yx1yt+NhKEaWlj8kmpBZn8nP1etweCnnKSq3CoOtQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFF4u+mCSZHrmuARlHtQGBy02pOsBMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvWGk3NllKSmtldWE0QkdVZTFBWUhMVGFrNndFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQBPnAMAwQC
VmloAwQCWSQgAwQCWSTsAwQCWSW8AwQCWSXkAwQCWSXsAwQCXr74AwQBuU36AwQC
uawUAwQCvNP8AwQCvNRoAwQBvPAoMA0GCSqGSIb3DQEBCwUAA4IBAQCEnEvE8do8
aFCkS0aTDy/4M3s/J0xaxggPT/OrZyK7T9GtaoZKK+jnHgMVakl7zBKUdTqHTZNa
rAB0e9bepYNukdcowdZmpVoOzX7fzuj3TheGdtHeX2zcsKf1STJ2njotOJ6QhiDw
LdB0Kztp+eO2NhW8RFlSXD+Kk+jVSdwyOplOvE2Y8/Q+w9BIUFu0aIdOV6tvxZqq
pQHlXMBdeohZ01Vmc/y45UqTiq7vNfrwTd4WuirlJLSljIP/I0tlvv9a0n6nayRg
KMzuY5MNjuEi6HdDVZmuUnKcfl4Vld0JbTVcqmLj5j51Wt/AWDMnRcZ2IoHVAXki
t46ar7dcIFPz
-----END CERTIFICATE-----