Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/uqSpF4RhxgfwgxeZJQvmzdcBnVE.roa
File:                     uqSpF4RhxgfwgxeZJQvmzdcBnVE.roa (raw, json)
Hash identifier:          pmRKRpICpSkdZJWvlyY9CjTlv6AArapu3XLVpXumKIY=
Subject key identifier:   BA:A4:A9:17:84:61:C6:07:F0:83:17:99:25:0B:E6:CD:D7:01:9D:51
Certificate issuer:       /CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
Certificate serial:       01857169A9584175AC0321B165F9C160B2F9
Authority key identifier: 6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/uqSpF4RhxgfwgxeZJQvmzdcBnVE.roa
Signing time:             Mon 02 Jan 2023 07:37:08 +0000
ROA not before:           Mon 02 Jan 2023 07:37:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39216
IP address blocks:        188.72.63.0/24 maxlen: 24
                          188.72.62.0/24 maxlen: 24
                          188.72.61.0/24 maxlen: 24
                          188.72.60.0/24 maxlen: 24
                          188.72.4.0/24 maxlen: 24
                          188.72.3.0/24 maxlen: 24
                          188.72.2.0/24 maxlen: 24
                          188.72.7.0/24 maxlen: 24
                          188.72.6.0/24 maxlen: 24
                          188.72.5.0/24 maxlen: 24
                          188.72.9.0/24 maxlen: 24
                          188.72.35.0/24 maxlen: 24
                          188.72.34.0/24 maxlen: 24
                          185.72.253.0/24 maxlen: 24
                          185.72.252.0/24 maxlen: 24
                          188.72.40.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:69:a9:58:41:75:ac:03:21:b1:65:f9:c1:60:b2:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
        Validity
            Not Before: Jan  2 07:37:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=baa4a9178461c607f0831799250be6cdd7019d51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ae:66:a4:ea:d3:af:f4:10:a3:ad:3f:ae:82:
                    1e:4c:14:7c:47:cf:11:e0:2b:39:50:92:3b:95:0e:
                    84:b9:a1:a8:41:2b:f5:06:31:e6:72:82:c3:d2:ec:
                    63:28:50:d6:8c:46:6f:57:31:71:71:9e:4a:84:97:
                    34:9a:c4:62:67:ec:1f:ab:c0:5b:d9:9d:d3:c0:43:
                    ad:28:76:40:a4:20:08:ff:75:d9:f5:a2:bd:d9:67:
                    90:72:d0:9e:32:8c:0b:c2:46:8e:34:12:c3:b1:73:
                    4d:93:a2:89:bd:cd:a2:c2:bf:4a:dc:17:db:4f:78:
                    25:2b:79:11:33:75:56:4f:7e:13:75:95:7b:45:d7:
                    f0:00:af:54:2f:bd:5e:58:1a:2f:26:0d:13:99:9f:
                    58:f0:81:33:dd:4e:8b:b5:4e:9e:87:c6:6f:03:d0:
                    81:df:7c:35:94:be:88:58:5b:78:98:78:c1:12:db:
                    43:b0:ff:5f:07:10:39:49:7a:66:05:82:46:57:eb:
                    23:ef:71:45:c9:3f:ed:36:7b:57:0e:37:63:69:7f:
                    6f:30:74:2f:5a:7a:fa:82:46:f9:ba:a9:39:7c:33:
                    ce:df:1a:27:25:a9:30:5d:97:3d:1e:30:a9:c1:4f:
                    9c:02:b0:31:2a:04:2a:5f:01:fa:00:e8:3e:44:ef:
                    67:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:A4:A9:17:84:61:C6:07:F0:83:17:99:25:0B:E6:CD:D7:01:9D:51
            X509v3 Authority Key Identifier:
                keyid:6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/uqSpF4RhxgfwgxeZJQvmzdcBnVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.252.0/23
                  188.72.2.0-188.72.7.255
                  188.72.9.0/24
                  188.72.34.0/23
                  188.72.40.0/24
                  188.72.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:49:2d:6d:05:14:33:c5:fd:6f:37:27:8a:5d:a2:07:b1:60:
         59:39:a9:99:35:0d:ed:92:62:ee:a3:f0:db:30:25:4a:2a:d7:
         6c:3b:f0:49:6f:cc:36:c7:b0:24:e1:d5:bc:f0:7f:26:8a:f7:
         e6:f4:4d:7b:fb:a8:96:52:6c:17:e0:d6:7b:c2:27:0e:9b:59:
         66:5a:a8:4b:c2:d4:6b:04:c4:e0:6e:08:57:a5:97:f7:08:8a:
         70:01:22:6e:e2:9c:07:9a:3c:0a:d8:a5:fd:9f:4d:8e:86:de:
         ae:2a:76:c2:11:81:c4:9b:09:42:ab:52:38:4e:fe:b5:a7:e6:
         9a:dd:44:a2:0b:a7:2c:22:4a:82:fb:7d:21:98:28:fb:f2:04:
         5e:65:30:ae:74:57:17:05:00:46:db:d1:76:56:1d:34:90:82:
         ef:3d:da:7c:27:7b:bc:53:c5:65:a6:d1:90:20:d0:cc:82:cd:
         0d:96:8f:dd:35:ca:eb:c0:9f:2e:ce:dd:62:bc:f6:11:6d:4f:
         96:e5:2f:cf:f0:64:00:37:7e:c7:76:47:b6:4a:00:16:68:41:
         28:bb:b1:59:91:60:1a:c0:f4:e7:a8:a9:f9:dc:aa:15:3b:cd:
         c7:ac:16:c4:eb:d1:0a:bb:38:9b:2c:55:07:ea:e0:ea:8d:eb:
         70:b1:c8:6c
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVxaalYQXWsAyGxZfnBYLL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYjBkZWMxM2RmMjA1YTY2ZWM1MjI3OTI1YjhmNTZiZGIw
OWY0OTkwHhcNMjMwMTAyMDczNzA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWE0YTkxNzg0NjFjNjA3ZjA4MzE3OTkyNTBiZTZjZGQ3MDE5ZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhq5mpOrTr/QQo60/roIeTBR8R88R
4Cs5UJI7lQ6EuaGoQSv1BjHmcoLD0uxjKFDWjEZvVzFxcZ5KhJc0msRiZ+wfq8Bb
2Z3TwEOtKHZApCAI/3XZ9aK92WeQctCeMowLwkaONBLDsXNNk6KJvc2iwr9K3Bfb
T3glK3kRM3VWT34TdZV7RdfwAK9UL71eWBovJg0TmZ9Y8IEz3U6LtU6eh8ZvA9CB
33w1lL6IWFt4mHjBEttDsP9fBxA5SXpmBYJGV+sj73FFyT/tNntXDjdjaX9vMHQv
Wnr6gkb5uqk5fDPO3xonJakwXZc9HjCpwU+cArAxKgQqXwH6AOg+RO9n1wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFLqkqReEYcYH8IMXmSUL5s3XAZ1RMB8GA1UdIwQY
MBaAFGyw3sE98gWmbsUieSW49WvbCfSZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkxEZXdUM3lCYVp1eFNKNUpiajFhOXNKOUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9jYTQ2ZmMtMzg0Ny00ZjFkLTljZTQt
NTJiOWU2YTE2MzUwLzEvdXFTcEY0Umh4Z2Z3Z3hlWkpRdm16ZGNCblZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9jYTQ2ZmMtMzg0Ny00ZjFkLTljZTQtNTJiOWU2YTE2MzUw
LzEvYkxEZXdUM3lCYVp1eFNKNUpiajFhOXNKOUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBuUj8MAwD
BAG8SAIDBAO8SAADBAC8SAkDBAG8SCIDBAC8SCgDBAK8SDwwDQYJKoZIhvcNAQEL
BQADggEBAIhJLW0FFDPF/W83J4pdogexYFk5qZk1De2SYu6j8NswJUoq12w78Elv
zDbHsCTh1bzwfyaK9+b0TXv7qJZSbBfg1nvCJw6bWWZaqEvC1GsExOBuCFell/cI
inABIm7inAeaPArYpf2fTY6G3q4qdsIRgcSbCUKrUjhO/rWn5prdRKILpywiSoL7
fSGYKPvyBF5lMK50VxcFAEbb0XZWHTSQgu892nwne7xTxWWm0ZAg0MyCzQ2Wj901
yuvAny7O3WK89hFtT5blL8/wZAA3fsd2R7ZKABZoQSi7sVmRYBrA9OeoqfncqhU7
zcesFsTr0Qq7OJssVQfq4OqN63CxyGw=
-----END CERTIFICATE-----