Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/W0vleP9vYR5Cv8RuZe1nboAY_Rc.roa
File:                     W0vleP9vYR5Cv8RuZe1nboAY_Rc.roa (raw, json)
Hash identifier:          LodA5S+EGSP3UOo+AnI0j8QIMPxy3fBuZ7GBoVbRWHY=
Subject key identifier:   5B:4B:E5:78:FF:6F:61:1E:42:BF:C4:6E:65:ED:67:6E:80:18:FD:17
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       01834639A8AD7315A680A1005EDB456BD304
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/W0vleP9vYR5Cv8RuZe1nboAY_Rc.roa
Signing time:             Fri 16 Sep 2022 12:15:27 +0000
ROA not before:           Fri 16 Sep 2022 12:15:27 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     39779
IP address blocks:        185.35.184.0/22 maxlen: 22
                          46.226.8.0/21 maxlen: 21
                          193.93.220.0/22 maxlen: 22
                          62.122.248.0/21 maxlen: 21
                          91.192.220.0/22 maxlen: 22
                          185.7.60.0/22 maxlen: 22
                          91.189.168.0/21 maxlen: 21
                          91.189.168.0/24 maxlen: 24
                          2a02:2690::/32 maxlen: 32
                          2a01:488:bb06::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:46:39:a8:ad:73:15:a6:80:a1:00:5e:db:45:6b:d3:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Sep 16 12:15:27 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5b4be578ff6f611e42bfc46e65ed676e8018fd17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:25:f3:13:d9:30:26:5b:44:1f:87:dc:66:da:
                    67:08:1e:f6:2e:fa:99:5e:35:44:97:f0:c4:5f:08:
                    aa:e1:9d:0a:9a:dd:a6:c5:ae:43:fc:47:04:d3:39:
                    6d:a8:9c:ae:d5:13:53:92:a8:10:bc:58:0c:c0:77:
                    0f:d4:c2:68:9b:59:70:a7:cf:9e:af:3a:f0:12:45:
                    a8:60:d6:3f:d9:d6:a3:53:bf:5c:69:d5:f5:f8:3e:
                    0e:45:ed:39:6a:40:f9:9c:60:93:84:ed:39:88:0a:
                    1c:b0:66:fd:e4:96:51:bd:4b:99:5e:54:ad:51:ff:
                    2f:21:86:8b:82:f6:e0:c9:70:82:cf:06:68:34:3a:
                    e4:be:ae:a1:76:65:88:79:3b:32:dd:6e:e7:3c:22:
                    8e:46:a2:6a:9b:dc:04:bb:be:14:f5:b1:b2:a7:76:
                    e8:e2:48:bb:1e:7e:49:30:ee:78:8d:6e:ea:5b:22:
                    94:2a:d7:ce:01:30:07:7a:6a:11:3e:fd:de:05:a4:
                    de:39:56:08:ba:9b:3d:61:76:01:3e:dd:05:8c:ef:
                    94:58:7e:a7:30:0f:7e:6f:15:4d:cc:a0:66:97:de:
                    bc:5e:68:ca:07:7f:5e:51:f7:50:3e:6e:02:32:3c:
                    a7:35:e2:7e:a6:c1:d9:38:ec:1d:51:3d:f8:cc:8c:
                    f5:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:4B:E5:78:FF:6F:61:1E:42:BF:C4:6E:65:ED:67:6E:80:18:FD:17
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/W0vleP9vYR5Cv8RuZe1nboAY_Rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.226.8.0/21
                  62.122.248.0/21
                  91.189.168.0/21
                  91.192.220.0/22
                  185.7.60.0/22
                  185.35.184.0/22
                  193.93.220.0/22
                IPv6:
                  2a01:488:bb06::/48
                  2a02:2690::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:1a:27:ba:eb:a2:4a:4b:7b:d9:b1:35:8a:18:29:f0:78:5c:
         65:0b:01:0f:2b:49:27:45:e6:a2:98:1e:34:f8:93:ed:fc:68:
         49:b2:c4:b0:cf:eb:d6:3c:72:f6:86:f3:1c:9a:96:ee:23:0b:
         0a:21:d2:2b:21:7a:28:0d:06:e8:00:28:b6:0f:44:cf:ce:7f:
         c5:52:75:d5:e2:3f:64:f0:9e:6f:b5:e0:38:18:1e:8f:cc:2b:
         86:82:2d:74:18:9f:f2:ea:80:28:be:26:62:b2:78:57:a8:a4:
         e9:5f:69:39:1d:6c:25:3e:de:6f:79:67:d6:3c:68:6d:1e:2c:
         2b:a8:62:d6:f7:2b:e4:53:08:f8:34:d4:5f:ca:04:fd:cf:cd:
         cb:a3:3c:02:0f:65:a0:c0:69:6f:27:79:48:ba:d0:43:24:4b:
         58:93:99:b3:f8:35:a8:3e:50:ff:74:da:51:07:6c:a3:26:cb:
         c6:36:65:1b:9a:e6:ab:3c:e0:69:88:83:1f:b4:c1:56:03:76:
         a1:8c:1b:d7:2d:af:a8:bd:26:46:a7:8f:32:4c:8b:97:ee:b2:
         73:e5:fc:c7:89:13:15:34:d1:bc:fe:6a:51:11:3e:f4:8e:22:
         a1:81:e0:f6:52:d7:62:65:3c:e0:a7:ec:6d:28:06:72:2e:31:
         78:36:77:23
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYNGOaitcxWmgKEAXttFa9MEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjIwOTE2MTIxNTI3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjRiZTU3OGZmNmY2MTFlNDJiZmM0NmU2NWVkNjc2ZTgwMThmZDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiXzE9kwJltEH4fcZtpnCB72LvqZ
XjVEl/DEXwiq4Z0Kmt2mxa5D/EcE0zltqJyu1RNTkqgQvFgMwHcP1MJom1lwp8+e
rzrwEkWoYNY/2dajU79cadX1+D4ORe05akD5nGCThO05iAocsGb95JZRvUuZXlSt
Uf8vIYaLgvbgyXCCzwZoNDrkvq6hdmWIeTsy3W7nPCKORqJqm9wEu74U9bGyp3bo
4ki7Hn5JMO54jW7qWyKUKtfOATAHemoRPv3eBaTeOVYIups9YXYBPt0FjO+UWH6n
MA9+bxVNzKBml968XmjKB39eUfdQPm4CMjynNeJ+psHZOOwdUT34zIz1aQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFFtL5Xj/b2EeQr/EbmXtZ26AGP0XMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvVzB2bGVQOXZZUjVDdjhSdVplMW5ib0FZX1JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjAwBAIAATAqAwQDLuIIAwQD
Pnr4AwQDW72oAwQCW8DcAwQCuQc8AwQCuSO4AwQCwV3cMBYEAgACMBADBwAqAQSI
uwYDBQAqAiaQMA0GCSqGSIb3DQEBCwUAA4IBAQCUGie666JKS3vZsTWKGCnweFxl
CwEPK0knReaimB40+JPt/GhJssSwz+vWPHL2hvMcmpbuIwsKIdIrIXooDQboACi2
D0TPzn/FUnXV4j9k8J5vteA4GB6PzCuGgi10GJ/y6oAoviZisnhXqKTpX2k5HWwl
Pt5veWfWPGhtHiwrqGLW9yvkUwj4NNRfygT9z83LozwCD2WgwGlvJ3lIutBDJEtY
k5mz+DWoPlD/dNpRB2yjJsvGNmUbmuarPOBpiIMftMFWA3ahjBvXLa+ovSZGp48y
TIuX7rJz5fzHiRMVNNG8/mpRET70jiKhgeD2UtdiZTzgp+xtKAZyLjF4Nncj
-----END CERTIFICATE-----