Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/_gjkr5TPHeE0aaApLfRTKFeq62c.roa
File:                     _gjkr5TPHeE0aaApLfRTKFeq62c.roa (raw, json)
Hash identifier:          7gzDInfEjNFL/FxDDv5k/wQqtH+uf4ADokbyHEOcJ+8=
Subject key identifier:   FE:08:E4:AF:94:CF:1D:E1:34:69:A0:29:2D:F4:53:28:57:AA:EB:67
Certificate issuer:       /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial:       018C3A0C0FA492F7F22D3D8A0BEDE42511A4
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/_gjkr5TPHeE0aaApLfRTKFeq62c.roa
Signing time:             Tue 05 Dec 2023 12:55:18 +0000
ROA not before:           Tue 05 Dec 2023 12:55:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206509
IP address blocks:        217.29.192.0/20 maxlen: 22
                          62.164.128.0/17 maxlen: 21
                          213.254.160.0/19 maxlen: 19
                          62.164.144.0/21 maxlen: 21
                          212.32.0.0/17 maxlen: 17
                          193.108.168.0/23 maxlen: 23
                          194.154.32.0/19 maxlen: 19
                          86.54.0.0/16 maxlen: 16
                          194.62.44.0/22 maxlen: 22
                          217.154.0.0/16 maxlen: 16
                          195.26.224.0/19 maxlen: 19
                          195.200.0.0/19 maxlen: 19
                          195.184.224.0/19 maxlen: 19
                          2001:15e0::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:3a:0c:0f:a4:92:f7:f2:2d:3d:8a:0b:ed:e4:25:11:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
        Validity
            Not Before: Dec  5 12:55:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fe08e4af94cf1de13469a0292df4532857aaeb67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4d:08:68:6c:fe:bb:d2:2b:6d:3e:dc:04:d9:
                    30:80:c3:87:f0:31:e3:0b:94:eb:70:98:9f:85:be:
                    f2:ef:00:a8:db:ca:14:7c:44:ae:10:d7:82:e5:72:
                    c4:c9:8a:96:ac:a2:85:18:7d:d4:a7:e3:47:9f:52:
                    77:98:8e:4d:74:0a:99:da:56:a9:1d:e7:f5:eb:54:
                    57:ee:ea:83:11:b4:17:fe:1d:c5:7f:b6:29:7b:06:
                    1e:b1:01:64:b2:b7:94:13:36:15:7b:3c:fb:72:e0:
                    36:d4:8a:33:65:a0:03:79:fb:e8:08:61:a6:02:58:
                    7b:1e:32:b4:ce:88:7d:d7:ad:71:0b:08:0e:18:5e:
                    5d:5c:2c:58:7e:bf:de:ae:5e:c9:47:94:01:d0:94:
                    62:1d:93:3e:58:eb:dc:a7:5f:8e:54:35:cb:78:29:
                    8d:c7:72:d9:68:c7:e6:07:f1:bc:54:9a:e6:60:74:
                    4d:d9:f1:3f:27:92:ad:e0:bf:06:65:ae:4c:21:d2:
                    2c:6b:33:a4:0b:96:7d:85:c1:bd:43:0d:0d:5b:49:
                    21:63:72:3a:1f:38:15:e3:7a:f4:c1:d3:12:d1:cc:
                    56:ba:e0:e2:be:fe:d4:e6:ac:61:6e:b5:39:56:bb:
                    9d:5b:4a:93:5f:44:a8:0b:87:a6:c3:cf:be:bb:86:
                    cb:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:08:E4:AF:94:CF:1D:E1:34:69:A0:29:2D:F4:53:28:57:AA:EB:67
            X509v3 Authority Key Identifier:
                keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/_gjkr5TPHeE0aaApLfRTKFeq62c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.128.0/17
                  86.54.0.0/16
                  193.108.168.0/23
                  194.62.44.0/22
                  194.154.32.0/19
                  195.26.224.0/19
                  195.184.224.0/19
                  195.200.0.0/19
                  212.32.0.0/17
                  213.254.160.0/19
                  217.29.192.0/20
                  217.154.0.0/16
                IPv6:
                  2001:15e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9a:44:de:89:a1:3e:d5:33:a2:88:e4:62:69:d2:02:64:7d:33:
         e0:fe:b4:ed:b8:b7:56:3a:13:50:84:a4:bd:02:3c:e7:ba:f9:
         df:bd:23:c3:5e:97:16:f1:b6:32:88:5f:e2:5f:49:05:69:36:
         e7:7b:97:8f:6e:f9:7c:4b:38:0d:22:00:32:ad:70:26:dd:e7:
         c7:a3:90:92:9c:3b:38:8f:5c:ff:7b:39:44:ce:57:a2:2e:18:
         97:8a:c2:61:94:bd:d5:81:ce:61:58:98:d0:01:38:35:8d:57:
         af:e6:d8:bc:85:a3:0e:92:51:d7:48:b8:ad:b3:1b:e6:fe:32:
         45:b5:53:53:b5:49:1e:97:41:83:6e:67:34:e1:e8:ba:11:e8:
         50:b6:27:74:7c:26:f6:6b:5c:30:0a:a0:ec:80:7a:c5:a9:8f:
         34:d1:83:a6:55:1b:3c:dd:b8:0b:05:4f:6d:fd:a4:0a:a6:f1:
         e9:4c:fc:90:3c:1a:29:0f:20:f9:56:c0:cf:03:04:90:90:38:
         36:5a:b9:10:63:d6:b8:05:8a:75:2f:c5:00:1b:53:1e:0d:0e:
         f2:44:25:7e:4c:68:73:5a:35:3f:61:75:26:48:1c:e1:c7:ea:
         0f:e0:65:12:d4:52:4a:f7:7e:68:f7:82:25:4b:db:43:c8:ec:
         03:db:e2:c8
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYw6DA+kkvfyLT2KC+3kJRGkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMxMjA1MTI1NTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTA4ZTRhZjk0Y2YxZGUxMzQ2OWEwMjkyZGY0NTMyODU3YWFlYjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArk0IaGz+u9IrbT7cBNkwgMOH8DHj
C5TrcJifhb7y7wCo28oUfESuENeC5XLEyYqWrKKFGH3Up+NHn1J3mI5NdAqZ2lap
Hef161RX7uqDEbQX/h3Ff7YpewYesQFksreUEzYVezz7cuA21IozZaADefvoCGGm
Alh7HjK0zoh9161xCwgOGF5dXCxYfr/erl7JR5QB0JRiHZM+WOvcp1+OVDXLeCmN
x3LZaMfmB/G8VJrmYHRN2fE/J5Kt4L8GZa5MIdIsazOkC5Z9hcG9Qw0NW0khY3I6
HzgV43r0wdMS0cxWuuDivv7U5qxhbrU5VrudW0qTX0SoC4emw8++u4bLDQIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFP4I5K+Uzx3hNGmgKS30UyhXqutnMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvX2dqa3I1VFBIZUUwYWFBcExmUlRLRmVxNjJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwQHPqSAAwMA
VjYDBAHBbKgDBALCPiwDBAXCmiADBAXDGuADBAXDuOADBAXDyAADBAfUIAADBAXV
/qADBATZHcADAwDZmjANBAIAAjAHAwUAIAEV4DANBgkqhkiG9w0BAQsFAAOCAQEA
mkTeiaE+1TOiiORiadICZH0z4P607bi3VjoTUISkvQI857r5370jw16XFvG2Mohf
4l9JBWk253uXj275fEs4DSIAMq1wJt3nx6OQkpw7OI9c/3s5RM5Xoi4Yl4rCYZS9
1YHOYViY0AE4NY1Xr+bYvIWjDpJR10i4rbMb5v4yRbVTU7VJHpdBg25nNOHouhHo
ULYndHwm9mtcMAqg7IB6xamPNNGDplUbPN24CwVPbf2kCqbx6Uz8kDwaKQ8g+VbA
zwMEkJA4Nlq5EGPWuAWKdS/FABtTHg0O8kQlfkxoc1o1P2F1Jkgc4cfqD+BlEtRS
Svd+aPeCJUvbQ8jsA9viyA==
-----END CERTIFICATE-----