Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/z_8XeNYBVz3_2DtP11Z3JAmT3Xk.roa
File:                     z_8XeNYBVz3_2DtP11Z3JAmT3Xk.roa (raw, json)
Hash identifier:          SGTVlTEsyVRLgCKq5rGuVZpqulwa8lz1ZqCI6zF7FrU=
Subject key identifier:   CF:FF:17:78:D6:01:57:3D:FF:D8:3B:4F:D7:56:77:24:09:93:DD:79
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       01897C6BCE610FBDBBFBCEF226E025264E73
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/z_8XeNYBVz3_2DtP11Z3JAmT3Xk.roa
Signing time:             Sat 22 Jul 2023 07:06:27 +0000
ROA not before:           Sat 22 Jul 2023 07:06:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     393427
IP address blocks:        94.190.248.0/22 maxlen: 24
                          84.234.16.0/20 maxlen: 24
                          194.88.96.0/21 maxlen: 24
                          5.35.192.0/21 maxlen: 24
                          85.204.160.0/22 maxlen: 24
                          62.112.0.0/21 maxlen: 24
                          194.88.112.0/20 maxlen: 24
                          93.113.184.0/21 maxlen: 24
                          185.77.250.0/23 maxlen: 24
                          91.232.136.0/22 maxlen: 24
                          188.240.40.0/23 maxlen: 24
                          188.212.104.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:7c:6b:ce:61:0f:bd:bb:fb:ce:f2:26:e0:25:26:4e:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Jul 22 07:06:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cfff1778d601573dffd83b4fd75677240993dd79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1c:6c:45:21:59:12:b1:5b:65:2e:bd:dc:70:
                    0e:97:60:12:90:a8:ff:4e:86:5e:3b:83:b5:9e:be:
                    5a:b5:77:8d:2a:fd:03:31:84:07:fb:10:09:a4:fb:
                    e8:1c:5b:a3:ee:bf:61:ec:1f:31:60:7c:ce:d9:bd:
                    c3:01:59:fd:4d:93:c6:c4:8a:12:be:92:f2:69:e1:
                    0a:70:21:6c:1e:81:e8:4e:93:2a:c6:a9:27:0a:a4:
                    e9:3c:8e:b5:f2:ba:69:c7:52:ba:04:77:7d:de:d2:
                    40:30:d5:75:55:a1:84:98:1e:33:e2:a5:6c:42:9d:
                    3e:4e:62:20:91:b2:68:2b:f5:9c:49:1d:73:06:55:
                    7d:00:e7:cf:9c:fc:8f:74:7c:fb:6e:18:ee:ad:55:
                    12:e9:73:bc:1d:20:18:b9:97:df:e6:88:91:63:1b:
                    78:a4:d5:14:d3:b2:d7:fe:e6:77:31:b7:c7:43:e8:
                    ee:07:96:92:e0:09:25:b9:cd:1c:1b:48:26:60:c0:
                    20:6e:8a:7c:bb:1e:3a:74:ed:1e:58:10:62:fc:de:
                    15:f0:05:d1:27:d7:f5:04:09:14:0a:95:8d:07:ed:
                    2e:9f:dc:47:28:e9:5a:30:92:2f:2c:cc:79:b9:37:
                    da:c7:c4:f0:61:c9:0b:6d:14:fd:28:7a:eb:48:68:
                    7b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:FF:17:78:D6:01:57:3D:FF:D8:3B:4F:D7:56:77:24:09:93:DD:79
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/z_8XeNYBVz3_2DtP11Z3JAmT3Xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.192.0/21
                  62.112.0.0/21
                  84.234.16.0/20
                  85.204.160.0/22
                  91.232.136.0/22
                  93.113.184.0/21
                  94.190.248.0/22
                  185.77.250.0/23
                  188.212.104.0/22
                  188.240.40.0/23
                  194.88.96.0/21
                  194.88.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         95:d3:01:12:62:3f:04:b1:42:c7:f4:1d:8e:31:7b:66:6b:0c:
         71:a4:e0:d2:fe:39:37:d6:64:3b:4a:7b:c9:1c:25:e0:d1:f8:
         63:cb:07:aa:28:14:95:df:28:d1:3a:ae:ac:2c:7f:b0:54:35:
         e6:c5:40:92:a8:38:79:12:be:93:0e:15:6f:81:86:f3:4b:43:
         d7:53:c4:48:87:8d:6f:a5:50:d5:2f:a2:f0:39:19:b0:94:7c:
         36:ea:8b:ea:f9:7a:bb:d1:53:f7:d6:ad:93:79:cc:01:84:e1:
         97:77:67:a5:0a:ab:db:8d:e1:b3:9f:de:0c:a7:6f:11:c8:0f:
         23:8a:c3:04:14:4a:bc:7b:92:90:ad:e2:73:29:1d:3a:f0:e5:
         41:55:79:cc:0c:a7:aa:42:8e:f8:16:18:c2:c6:61:db:21:bd:
         b2:c8:40:35:2d:5d:42:72:d2:20:0f:65:8d:d6:4f:74:ce:f4:
         a6:b0:d6:74:a6:ac:86:ed:fd:4d:63:8c:32:a5:df:7b:6b:46:
         eb:44:b1:6d:58:fe:aa:38:17:ff:b2:2b:4a:eb:8b:e5:fd:02:
         08:ad:aa:73:f9:8b:65:12:f4:84:49:25:be:4c:d2:a5:fc:8a:
         6b:a0:7d:e0:69:17:cf:30:b0:8e:6e:21:24:92:38:9f:71:09:
         4b:47:c2:f1
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYl8a85hD727+87yJuAlJk5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNzIyMDcwNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmZmMTc3OGQ2MDE1NzNkZmZkODNiNGZkNzU2NzcyNDA5OTNkZDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRxsRSFZErFbZS693HAOl2ASkKj/
ToZeO4O1nr5atXeNKv0DMYQH+xAJpPvoHFuj7r9h7B8xYHzO2b3DAVn9TZPGxIoS
vpLyaeEKcCFsHoHoTpMqxqknCqTpPI618rppx1K6BHd93tJAMNV1VaGEmB4z4qVs
Qp0+TmIgkbJoK/WcSR1zBlV9AOfPnPyPdHz7bhjurVUS6XO8HSAYuZff5oiRYxt4
pNUU07LX/uZ3MbfHQ+juB5aS4Akluc0cG0gmYMAgbop8ux46dO0eWBBi/N4V8AXR
J9f1BAkUCpWNB+0un9xHKOlaMJIvLMx5uTfax8TwYckLbRT9KHrrSGh74QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFM//F3jWAVc9/9g7T9dWdyQJk915MB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvel84WGVOWUJWejNfMkR0UDExWjNKQW1UM1hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQDBSPAAwQD
PnAAAwQEVOoQAwQCVcygAwQCW+iIAwQDXXG4AwQCXr74AwQBuU36AwQCvNRoAwQB
vPAoAwQDwlhgAwQEwlhwMA0GCSqGSIb3DQEBCwUAA4IBAQCV0wESYj8EsULH9B2O
MXtmawxxpODS/jk31mQ7SnvJHCXg0fhjyweqKBSV3yjROq6sLH+wVDXmxUCSqDh5
Er6TDhVvgYbzS0PXU8RIh41vpVDVL6LwORmwlHw26ovq+Xq70VP31q2TecwBhOGX
d2elCqvbjeGzn94Mp28RyA8jisMEFEq8e5KQreJzKR068OVBVXnMDKeqQo74FhjC
xmHbIb2yyEA1LV1CctIgD2WN1k90zvSmsNZ0pqyG7f1NY4wypd97a0brRLFtWP6q
OBf/sitK64vl/QIIrapz+YtlEvSESSW+TNKl/IproH3gaRfPMLCObiEkkjifcQlL
R8Lx
-----END CERTIFICATE-----