Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/yCfhj-bhsfRiV1LwE0TpVpJmGFQ.roa
File:                     yCfhj-bhsfRiV1LwE0TpVpJmGFQ.roa (raw, json)
Hash identifier:          2zk2RrDoRVBgos5p7wMfqFsxrSKg2N9ikkVrZ2u/hFk=
Subject key identifier:   C8:27:E1:8F:E6:E1:B1:F4:62:57:52:F0:13:44:E9:56:92:66:18:54
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       0186C835C88C719B64439E2704ED39610F2A
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/yCfhj-bhsfRiV1LwE0TpVpJmGFQ.roa
Signing time:             Thu 09 Mar 2023 21:10:13 +0000
ROA not before:           Thu 09 Mar 2023 21:10:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     393427
IP address blocks:        5.35.192.0/21 maxlen: 24
                          85.204.160.0/22 maxlen: 24
                          62.112.0.0/21 maxlen: 24
                          194.88.112.0/20 maxlen: 24
                          93.113.184.0/21 maxlen: 24
                          86.105.104.0/22 maxlen: 24
                          77.81.124.0/22 maxlen: 24
                          64.239.236.0/22 maxlen: 24
                          84.234.16.0/20 maxlen: 24
                          77.81.160.0/22 maxlen: 24
                          194.88.96.0/21 maxlen: 24
                          85.204.148.0/22 maxlen: 24
                          89.37.128.0/24 maxlen: 24
                          176.223.190.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c8:35:c8:8c:71:9b:64:43:9e:27:04:ed:39:61:0f:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Mar  9 21:10:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c827e18fe6e1b1f4625752f01344e95692661854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d6:86:e2:dd:4e:18:c6:2e:a0:80:65:f7:f5:
                    82:6d:0a:24:ef:38:61:4c:ce:ab:3f:f9:f0:ac:57:
                    8f:50:dd:50:71:ac:3c:37:52:2f:53:c1:00:58:e7:
                    3e:cb:2f:8f:7f:d9:e3:0a:c1:11:47:d4:e1:ce:80:
                    f7:e6:01:8e:ac:c2:04:c6:ac:74:30:83:d8:41:29:
                    3f:d3:65:00:97:c2:46:f7:d9:e7:05:27:c7:87:8d:
                    70:70:29:03:02:f3:84:f6:91:d5:f5:4c:24:e9:2c:
                    32:ab:bf:13:2e:60:d6:a3:60:2a:81:9f:7a:8b:f6:
                    73:ca:a7:d8:a3:b1:6a:52:19:44:64:0c:c8:f0:bc:
                    60:0b:3d:02:63:1c:85:d7:3f:89:b3:35:1e:7a:06:
                    35:05:e3:05:68:8e:c6:ac:21:01:17:39:27:48:fa:
                    e2:ab:4c:84:55:ff:4c:49:14:94:27:be:5c:c4:27:
                    27:d0:f9:f6:4e:0b:e5:07:46:42:3c:cd:e5:13:60:
                    90:21:67:a8:a5:16:b8:95:3a:85:7a:79:e4:74:18:
                    f2:c8:e3:0b:c0:41:36:b4:07:46:7a:11:3f:ad:27:
                    72:c5:78:0d:43:6d:1e:0b:1b:6f:1e:2f:39:2c:e2:
                    cc:7c:8d:5f:01:ba:44:65:09:b9:e2:cc:88:56:bb:
                    c8:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:27:E1:8F:E6:E1:B1:F4:62:57:52:F0:13:44:E9:56:92:66:18:54
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/yCfhj-bhsfRiV1LwE0TpVpJmGFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.192.0/21
                  62.112.0.0/21
                  64.239.236.0/22
                  77.81.124.0/22
                  77.81.160.0/22
                  84.234.16.0/20
                  85.204.148.0/22
                  85.204.160.0/22
                  86.105.104.0/22
                  89.37.128.0/24
                  93.113.184.0/21
                  176.223.190.0/24
                  194.88.96.0/21
                  194.88.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         78:8d:f9:05:10:a3:a9:32:2c:43:e0:cc:f0:d4:79:9e:28:8e:
         3f:11:33:4f:bc:a4:22:bc:2d:b4:3f:36:92:0d:86:fb:c8:b3:
         0a:0a:cf:fd:8d:75:f1:85:e4:c7:10:fc:84:e7:7f:d1:96:84:
         eb:dd:20:bb:87:2a:75:cb:91:77:ea:a6:c4:4a:aa:26:8e:bc:
         ec:27:11:cb:0d:c7:d4:81:29:49:f1:15:36:72:a0:af:06:fc:
         07:4e:4c:13:0d:b0:4d:4f:7a:7d:2e:ac:d3:69:75:40:27:9b:
         9d:d9:51:3b:f9:f3:c8:d9:49:a1:c2:39:d5:05:86:80:ed:ca:
         1f:e6:fb:99:76:86:e3:dd:2f:f3:f1:d9:aa:33:27:bf:38:d7:
         e7:99:fe:2d:f1:49:5a:64:5e:98:a8:ed:07:01:ed:07:e4:1b:
         fa:e0:44:d6:0d:f9:d0:eb:77:45:17:b1:91:54:c1:d8:9b:d1:
         9e:1c:37:28:66:97:69:80:ce:12:47:1c:fd:95:1b:af:b6:52:
         b2:7f:97:fb:8b:53:65:b4:f1:b3:d1:b5:e0:04:37:31:7b:ba:
         33:0b:b4:f5:01:cf:a3:58:9b:dd:cb:1a:17:b1:7f:dc:d1:44:
         00:d1:06:c9:2b:92:66:71:f8:8f:81:86:2c:dc:bc:89:71:a5:
         e7:80:35:4b
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYbINciMcZtkQ54nBO05YQ8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwMzA5MjExMDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODI3ZTE4ZmU2ZTFiMWY0NjI1NzUyZjAxMzQ0ZTk1NjkyNjYxODU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttaG4t1OGMYuoIBl9/WCbQok7zhh
TM6rP/nwrFePUN1Qcaw8N1IvU8EAWOc+yy+Pf9njCsERR9ThzoD35gGOrMIExqx0
MIPYQSk/02UAl8JG99nnBSfHh41wcCkDAvOE9pHV9Uwk6Swyq78TLmDWo2AqgZ96
i/ZzyqfYo7FqUhlEZAzI8LxgCz0CYxyF1z+JszUeegY1BeMFaI7GrCEBFzknSPri
q0yEVf9MSRSUJ75cxCcn0Pn2TgvlB0ZCPM3lE2CQIWeopRa4lTqFennkdBjyyOML
wEE2tAdGehE/rSdyxXgNQ20eCxtvHi85LOLMfI1fAbpEZQm54syIVrvIjwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFMgn4Y/m4bH0YldS8BNE6VaSZhhUMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEveUNmaGotYmhzZlJpVjFMd0UwVHBWcEptR0ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQDBSPAAwQD
PnAAAwQCQO/sAwQCTVF8AwQCTVGgAwQEVOoQAwQCVcyUAwQCVcygAwQCVmloAwQA
WSWAAwQDXXG4AwQAsN++AwQDwlhgAwQEwlhwMA0GCSqGSIb3DQEBCwUAA4IBAQB4
jfkFEKOpMixD4Mzw1HmeKI4/ETNPvKQivC20PzaSDYb7yLMKCs/9jXXxheTHEPyE
53/RloTr3SC7hyp1y5F36qbESqomjrzsJxHLDcfUgSlJ8RU2cqCvBvwHTkwTDbBN
T3p9LqzTaXVAJ5ud2VE7+fPI2UmhwjnVBYaA7cof5vuZdobj3S/z8dmqMye/ONfn
mf4t8UlaZF6YqO0HAe0H5Bv64ETWDfnQ63dFF7GRVMHYm9GeHDcoZpdpgM4SRxz9
lRuvtlKyf5f7i1NltPGz0bXgBDcxe7ozC7T1Ac+jWJvdyxoXsX/c0UQA0QbJK5Jm
cfiPgYYs3LyJcaXngDVL
-----END CERTIFICATE-----