Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/sLPOWCsXLLpSEo6Yvsgz57zzKX0.roa
File:                     sLPOWCsXLLpSEo6Yvsgz57zzKX0.roa (raw, json)
Hash identifier:          mzbmGd3lNynHaxCtVScGLKXc/wJMFtFoy0nXy/W6EwE=
Subject key identifier:   B0:B3:CE:58:2B:17:2C:BA:52:12:8E:98:BE:C8:33:E7:BC:F3:29:7D
Certificate issuer:       /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial:       018C39F09868A19B9A275B03AF9A0F4B4B09
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/sLPOWCsXLLpSEo6Yvsgz57zzKX0.roa
Signing time:             Tue 05 Dec 2023 12:25:18 +0000
ROA not before:           Tue 05 Dec 2023 12:25:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206509
IP address blocks:        217.29.192.0/20 maxlen: 22
                          62.164.128.0/17 maxlen: 21
                          213.254.160.0/19 maxlen: 19
                          62.164.144.0/21 maxlen: 21
                          212.32.0.0/17 maxlen: 17
                          193.108.168.0/23 maxlen: 23
                          194.154.32.0/19 maxlen: 19
                          86.54.0.0/16 maxlen: 16
                          194.164.0.0/16 maxlen: 16
                          194.62.44.0/22 maxlen: 22
                          217.154.0.0/16 maxlen: 16
                          195.26.224.0/19 maxlen: 19
                          195.200.0.0/19 maxlen: 19
                          195.184.224.0/19 maxlen: 19
                          2001:15e0::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:39:f0:98:68:a1:9b:9a:27:5b:03:af:9a:0f:4b:4b:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
        Validity
            Not Before: Dec  5 12:25:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b0b3ce582b172cba52128e98bec833e7bcf3297d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ea:99:e2:b4:e5:05:a3:20:2f:a8:8c:60:24:
                    ce:f1:41:79:3e:f1:11:40:16:44:d3:fa:00:97:63:
                    b1:e6:43:8b:51:c0:52:fe:5f:2d:4c:77:b1:98:a3:
                    29:32:9e:13:ce:ed:7f:07:0d:5d:bc:46:a7:23:c2:
                    8c:a5:ec:92:00:76:d9:12:01:96:6e:cb:1c:7d:90:
                    7b:f2:fa:4c:0b:4c:f5:94:62:b2:26:69:a4:96:54:
                    5e:97:79:3a:71:62:64:76:76:e4:0f:7c:d6:15:b7:
                    6f:5e:8a:33:81:c9:c9:1c:96:50:55:a2:c9:06:56:
                    39:53:b1:0a:b2:0f:1e:dd:57:31:80:14:41:55:ae:
                    97:73:f4:f3:e6:ca:46:d2:ec:24:d4:f8:a0:2a:38:
                    7f:da:e3:18:5b:f2:6a:a8:bd:30:77:40:cb:66:25:
                    8f:87:97:b2:fd:91:85:44:f3:e5:cf:c6:50:c3:19:
                    19:4b:06:45:36:b7:01:b8:2d:3e:fb:1b:a5:11:6b:
                    6c:f5:ac:0c:cb:14:c4:76:a3:cd:3c:31:bb:9f:f2:
                    c1:b9:81:e9:59:77:3f:2b:d9:1d:72:25:73:bc:f1:
                    4d:b2:f3:28:ce:2d:1b:02:73:de:07:f3:44:7e:b4:
                    1e:68:03:91:49:01:92:aa:17:78:ed:52:fe:9e:bc:
                    fc:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:B3:CE:58:2B:17:2C:BA:52:12:8E:98:BE:C8:33:E7:BC:F3:29:7D
            X509v3 Authority Key Identifier:
                keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/sLPOWCsXLLpSEo6Yvsgz57zzKX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.128.0/17
                  86.54.0.0/16
                  193.108.168.0/23
                  194.62.44.0/22
                  194.154.32.0/19
                  194.164.0.0/16
                  195.26.224.0/19
                  195.184.224.0/19
                  195.200.0.0/19
                  212.32.0.0/17
                  213.254.160.0/19
                  217.29.192.0/20
                  217.154.0.0/16
                IPv6:
                  2001:15e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         57:fb:0a:f2:25:ba:92:14:25:c1:af:43:70:e4:5c:e6:1a:25:
         7b:28:ce:2a:7d:b7:37:1e:9b:20:36:51:62:71:15:92:d0:b8:
         0c:ea:c4:5a:f5:ef:d5:e3:2d:66:92:5a:0d:cf:bc:e3:53:f6:
         4a:90:75:9e:e0:25:04:1a:cb:e0:a5:0e:41:59:bd:15:d4:eb:
         f8:8c:fe:b5:34:39:8c:6d:c1:4d:50:a1:69:c4:f7:b8:08:c2:
         91:9b:32:46:3a:2e:4b:ae:39:a6:e0:e9:73:16:d4:4d:85:07:
         49:8f:2d:a0:09:d2:2b:3d:45:2b:d6:dd:c9:da:cc:35:18:b2:
         e6:ad:13:4a:93:08:eb:9f:f8:b5:2d:7d:a1:44:48:ec:cf:49:
         13:4c:66:c0:49:82:0e:b5:31:f1:c2:39:40:fa:bd:62:89:02:
         7a:43:22:ad:c8:c3:c4:8f:40:49:87:e3:24:36:63:4c:55:23:
         f4:9a:8a:d5:07:96:20:a0:9e:68:55:e2:8a:b8:6b:25:2b:98:
         c3:93:4d:7b:b9:50:11:e9:18:76:a8:b0:89:3d:55:34:24:43:
         ec:cd:eb:af:41:99:dd:25:b8:73:df:8a:0d:5d:57:5e:1f:4a:
         db:ef:8e:26:45:89:af:ab:b6:ca:8c:83:0b:3f:27:32:56:9a:
         84:99:89:73
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYw58JhooZuaJ1sDr5oPS0sJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjMxMjA1MTIyNTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGIzY2U1ODJiMTcyY2JhNTIxMjhlOThiZWM4MzNlN2JjZjMyOTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+qZ4rTlBaMgL6iMYCTO8UF5PvER
QBZE0/oAl2Ox5kOLUcBS/l8tTHexmKMpMp4Tzu1/Bw1dvEanI8KMpeySAHbZEgGW
bsscfZB78vpMC0z1lGKyJmmkllRel3k6cWJkdnbkD3zWFbdvXoozgcnJHJZQVaLJ
BlY5U7EKsg8e3VcxgBRBVa6Xc/Tz5spG0uwk1PigKjh/2uMYW/JqqL0wd0DLZiWP
h5ey/ZGFRPPlz8ZQwxkZSwZFNrcBuC0++xulEWts9awMyxTEdqPNPDG7n/LBuYHp
WXc/K9kdciVzvPFNsvMozi0bAnPeB/NEfrQeaAORSQGSqhd47VL+nrz8EQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFLCzzlgrFyy6UhKOmL7IM+e88yl9MB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvc0xQT1dDc1hMTHBTRW82WXZzZ3o1N3p6S1gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBRBAIAATBLAwQHPqSAAwMA
VjYDBAHBbKgDBALCPiwDBAXCmiADAwDCpAMEBcMa4AMEBcO44AMEBcPIAAMEB9Qg
AAMEBdX+oAMEBNkdwAMDANmaMA0EAgACMAcDBQAgARXgMA0GCSqGSIb3DQEBCwUA
A4IBAQBX+wryJbqSFCXBr0Nw5FzmGiV7KM4qfbc3HpsgNlFicRWS0LgM6sRa9e/V
4y1mkloNz7zjU/ZKkHWe4CUEGsvgpQ5BWb0V1Ov4jP61NDmMbcFNUKFpxPe4CMKR
mzJGOi5Lrjmm4OlzFtRNhQdJjy2gCdIrPUUr1t3J2sw1GLLmrRNKkwjrn/i1LX2h
REjsz0kTTGbASYIOtTHxwjlA+r1iiQJ6QyKtyMPEj0BJh+MkNmNMVSP0morVB5Yg
oJ5oVeKKuGslK5jDk017uVAR6Rh2qLCJPVU0JEPszeuvQZndJbhz34oNXVdeH0rb
744mRYmvq7bKjIMLPycyVpqEmYlz
-----END CERTIFICATE-----