Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/zjDQ2nKhc_ZJd6bEUGiY8VrvBEU.roa
File:                     zjDQ2nKhc_ZJd6bEUGiY8VrvBEU.roa (raw, json)
Hash identifier:          8eNVOCkH4O+3dsWDO7JbJEneBoNBvu2ixw+wNAMDIdk=
Subject key identifier:   CE:30:D0:DA:72:A1:73:F6:49:77:A6:C4:50:68:98:F1:5A:EF:04:45
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       0189ADBCF0134746C75703F76FD50807E9C7
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/zjDQ2nKhc_ZJd6bEUGiY8VrvBEU.roa
Signing time:             Mon 31 Jul 2023 20:56:27 +0000
ROA not before:           Mon 31 Jul 2023 20:56:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        188.240.83.0/24 maxlen: 24
                          84.247.20.0/24 maxlen: 24
                          91.250.244.0/24 maxlen: 24
                          62.112.30.0/24 maxlen: 24
                          89.36.231.0/24 maxlen: 24
                          46.102.174.0/24 maxlen: 24
                          89.37.128.0/24 maxlen: 24
                          93.114.69.0/24 maxlen: 24
                          89.40.43.0/24 maxlen: 24
                          176.223.190.0/24 maxlen: 24
                          188.211.249.0/24 maxlen: 24
                          94.177.113.0/24 maxlen: 24
                          94.177.118.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:ad:bc:f0:13:47:46:c7:57:03:f7:6f:d5:08:07:e9:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Jul 31 20:56:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ce30d0da72a173f64977a6c4506898f15aef0445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:89:ba:bf:eb:d2:0e:c2:7d:a7:84:6b:e1:a8:
                    02:7c:34:d4:46:93:e7:c7:ff:0c:f3:a3:f5:e3:17:
                    84:0a:b2:15:9a:82:c9:8c:02:e7:30:3f:f1:7c:de:
                    7a:d4:d2:f4:e1:5c:c0:d4:74:c6:b7:e3:6a:67:f3:
                    c0:5a:da:b6:f0:ad:f3:b3:27:f9:c4:35:67:94:0f:
                    18:4d:a5:0b:e7:54:78:3b:20:e9:d6:58:25:1b:5b:
                    4a:62:1b:7b:86:3b:80:76:af:ff:b0:c5:80:3d:e6:
                    7a:74:c6:bb:96:a0:28:e9:36:69:7a:24:b8:63:76:
                    99:53:dc:d9:a7:30:37:33:12:32:2a:8b:1a:11:e5:
                    f0:d5:3a:d7:12:2d:14:57:13:a3:16:d0:ff:1d:8c:
                    ef:da:4b:f1:67:a0:10:e0:0a:7a:9f:6f:eb:73:c6:
                    5d:e7:59:05:c5:47:5a:12:d8:63:d4:64:b9:21:39:
                    2f:0b:01:ff:f8:52:60:fe:3f:70:5b:76:7a:6e:dc:
                    61:1f:0b:8f:93:3b:7d:36:33:d4:87:d3:e8:7a:1b:
                    42:79:e5:28:7b:b4:14:7a:ba:78:f1:8c:1d:e4:18:
                    95:e2:9d:3e:a1:c4:79:5d:ad:f7:60:c3:ee:b7:df:
                    93:db:74:a4:88:af:1e:e3:ff:6b:df:b3:3c:fb:13:
                    99:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:30:D0:DA:72:A1:73:F6:49:77:A6:C4:50:68:98:F1:5A:EF:04:45
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/zjDQ2nKhc_ZJd6bEUGiY8VrvBEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.174.0/24
                  62.112.30.0/24
                  84.247.20.0/24
                  89.36.231.0/24
                  89.37.128.0/24
                  89.40.43.0/24
                  91.250.244.0/24
                  93.114.69.0/24
                  94.177.113.0/24
                  94.177.118.0/24
                  176.223.190.0/24
                  188.211.249.0/24
                  188.240.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:b2:66:86:9b:f3:59:07:b8:ac:4e:d4:27:55:a6:6e:5e:fa:
         97:b0:48:f2:cd:35:ac:d0:b2:39:4c:41:88:d8:84:1f:5a:df:
         82:b2:18:c8:08:d3:2b:41:be:17:15:56:71:b7:d1:c1:33:08:
         93:2e:cc:d4:1d:e5:da:45:d7:54:08:4f:c3:d5:26:0b:c1:56:
         88:11:42:a4:4d:82:c3:ce:b5:8d:d6:1a:ed:b6:87:d3:78:21:
         c6:3f:39:94:bc:e6:ad:07:49:30:95:06:8a:00:6c:b8:58:57:
         7e:78:e8:6a:47:49:66:77:c6:8a:43:bd:f7:49:7d:ce:06:6b:
         3c:b2:d6:d0:5f:3e:b1:5a:c2:f4:2b:87:23:70:f7:c6:2b:f8:
         cc:1c:f2:2a:5b:a2:07:fd:9c:d3:21:a7:6e:39:43:95:05:1e:
         70:0c:59:72:ad:4b:a8:b2:3b:90:72:09:65:63:99:04:f3:2a:
         80:5a:46:45:a5:49:08:f3:7e:ac:3b:a1:cd:01:72:2b:92:c3:
         1f:15:fe:19:bb:10:ad:78:81:5b:ac:81:87:de:8b:f5:80:f0:
         36:e7:68:22:30:c4:c8:80:7b:28:3c:72:14:5f:c2:12:51:2b:
         a0:7f:88:2b:d0:23:82:38:cd:b3:1e:a0:f8:a2:67:e5:54:25:
         ac:59:a1:b0
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYmtvPATR0bHVwP3b9UIB+nHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNzMxMjA1NjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTMwZDBkYTcyYTE3M2Y2NDk3N2E2YzQ1MDY4OThmMTVhZWYwNDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIm6v+vSDsJ9p4Rr4agCfDTURpPn
x/8M86P14xeECrIVmoLJjALnMD/xfN561NL04VzA1HTGt+NqZ/PAWtq28K3zsyf5
xDVnlA8YTaUL51R4OyDp1lglG1tKYht7hjuAdq//sMWAPeZ6dMa7lqAo6TZpeiS4
Y3aZU9zZpzA3MxIyKosaEeXw1TrXEi0UVxOjFtD/HYzv2kvxZ6AQ4Ap6n2/rc8Zd
51kFxUdaEthj1GS5ITkvCwH/+FJg/j9wW3Z6btxhHwuPkzt9NjPUh9PoehtCeeUo
e7QUerp48Ywd5BiV4p0+ocR5Xa33YMPut9+T23SkiK8e4/9r37M8+xOZcwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFM4w0NpyoXP2SXemxFBomPFa7wRFMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvempEUTJuS2hjX1pKZDZiRVVHaVk4VnJ2QkVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQALmauAwQA
PnAeAwQAVPcUAwQAWSTnAwQAWSWAAwQAWSgrAwQAW/r0AwQAXXJFAwQAXrFxAwQA
XrF2AwQAsN++AwQAvNP5AwQAvPBTMA0GCSqGSIb3DQEBCwUAA4IBAQBOsmaGm/NZ
B7isTtQnVaZuXvqXsEjyzTWs0LI5TEGI2IQfWt+CshjICNMrQb4XFVZxt9HBMwiT
LszUHeXaRddUCE/D1SYLwVaIEUKkTYLDzrWN1hrttofTeCHGPzmUvOatB0kwlQaK
AGy4WFd+eOhqR0lmd8aKQ733SX3OBms8stbQXz6xWsL0K4cjcPfGK/jMHPIqW6IH
/ZzTIaduOUOVBR5wDFlyrUuosjuQcgllY5kE8yqAWkZFpUkI836sO6HNAXIrksMf
Ff4ZuxCteIFbrIGH3ov1gPA252giMMTIgHsoPHIUX8ISUSugf4gr0COCOM2zHqD4
omflVCWsWaGw
-----END CERTIFICATE-----