Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/1fyRdYcieZAxqo3Cm6bDRZO_Pzg.roa
File:                     1fyRdYcieZAxqo3Cm6bDRZO_Pzg.roa (raw, json)
Hash identifier:          1Z/940jjKXctUBhXNIH4humpuC+HxUL9Ksx7i0bT2eY=
Subject key identifier:   D5:FC:91:75:87:22:79:90:31:AA:8D:C2:9B:A6:C3:45:93:BF:3F:38
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019300CCFAAB248086C47AF4974D0E3C59C1
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/1fyRdYcieZAxqo3Cm6bDRZO_Pzg.roa
Signing time:             Wed 06 Nov 2024 09:27:33 +0000
ROA not before:           Wed 06 Nov 2024 09:27:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        45.139.6.0/23 maxlen: 24
                          46.249.110.0/24 maxlen: 24
                          82.115.9.0/24 maxlen: 24
                          82.115.28.0/23 maxlen: 24
                          89.251.10.0/24 maxlen: 24
                          159.255.32.0/22 maxlen: 22
                          159.255.36.0/22 maxlen: 22
                          185.80.197.0/24 maxlen: 24
                          185.231.172.0/22 maxlen: 24
                          188.209.156.0/22 maxlen: 24
                          188.253.8.0/21 maxlen: 24
                          193.36.72.0/24 maxlen: 24
                          202.133.90.0/23 maxlen: 24
                          213.173.32.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:00:cc:fa:ab:24:80:86:c4:7a:f4:97:4d:0e:3c:59:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Nov  6 09:27:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5fc91758722799031aa8dc29ba6c34593bf3f38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e9:30:d5:d6:18:4f:4c:ee:1b:0b:14:ff:e7:
                    e8:0f:8b:63:6f:93:da:db:ec:b6:aa:0a:20:df:34:
                    c0:0f:b2:40:94:2e:79:05:4a:69:4d:79:fd:ba:97:
                    f4:50:34:1a:6d:18:72:8f:93:12:1a:79:1c:16:83:
                    e8:3f:bf:e2:2a:f1:09:6a:02:51:04:7f:9a:93:a7:
                    7a:54:ba:f7:ec:d4:5c:29:1c:f8:ea:ba:3d:78:ea:
                    22:fb:ac:94:d7:19:f3:ca:dc:83:57:c4:61:30:6b:
                    8d:3d:57:8e:a9:78:b3:48:fe:18:a7:90:a3:13:b4:
                    a5:56:44:76:ce:11:13:a0:a3:1e:92:28:e7:89:d3:
                    63:2e:0b:5a:02:b1:10:cb:69:7f:cc:54:49:5f:37:
                    89:83:1f:53:8d:56:a1:39:08:7d:fc:c7:6b:53:a1:
                    f3:1a:45:bf:28:78:af:8c:e9:be:9b:cf:68:99:7e:
                    19:37:82:2e:b4:5b:ab:a8:b1:84:4a:30:ac:92:8a:
                    3e:d7:19:8f:5d:40:44:5b:83:00:41:51:d0:7b:66:
                    19:a4:fc:0a:36:93:d8:87:8d:1e:d1:11:9a:48:49:
                    c1:f3:d1:b8:c6:e8:58:05:bb:9b:e7:23:27:1a:5f:
                    39:d2:d9:13:e2:8f:ba:35:3e:7e:6e:a5:1b:f0:b7:
                    ce:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:FC:91:75:87:22:79:90:31:AA:8D:C2:9B:A6:C3:45:93:BF:3F:38
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/1fyRdYcieZAxqo3Cm6bDRZO_Pzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.6.0/23
                  46.249.110.0/24
                  82.115.9.0/24
                  82.115.28.0/23
                  89.251.10.0/24
                  159.255.32.0/21
                  185.80.197.0/24
                  185.231.172.0/22
                  188.209.156.0/22
                  188.253.8.0/21
                  193.36.72.0/24
                  202.133.90.0/23
                  213.173.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:fb:99:ac:a2:50:1d:56:e7:5d:7f:9d:77:4a:06:fd:31:6b:
         d1:a0:5f:c6:98:ed:e8:c6:75:34:7a:bb:07:93:34:2a:da:6d:
         92:6d:b5:62:56:b9:4a:54:4f:af:3e:41:ef:fb:b3:99:dc:b0:
         6c:8b:33:7d:a0:f0:17:e4:f9:e9:fc:31:ea:2d:d6:c1:ac:9d:
         cf:53:59:3c:a2:ed:f4:f7:3e:93:7c:57:af:38:be:c8:9f:f5:
         59:a7:5e:e8:3d:07:be:44:20:0f:93:67:57:e9:c4:c9:ed:31:
         35:92:ce:a1:e1:82:72:98:73:12:92:fa:01:3b:86:0b:1c:f0:
         e3:aa:e6:50:a2:33:88:29:6c:94:cf:d4:1e:6b:53:5e:88:45:
         51:f1:38:ab:f7:8a:25:91:01:9a:99:f9:9f:35:cf:90:67:9d:
         df:20:e3:e0:23:ae:32:1a:d6:ef:e6:7b:47:f8:c3:f3:e3:05:
         98:4d:36:f8:d0:86:32:31:af:19:91:78:ff:4b:96:55:23:88:
         41:9b:00:18:69:8f:dc:d2:d5:88:0b:eb:f5:ce:f4:e0:1a:10:
         0f:47:20:02:d8:e1:ec:e6:2c:48:b0:1a:ce:0e:c0:79:ec:c4:
         dc:0c:d8:cb:10:89:4d:57:6a:53:5a:08:f6:2e:a4:7b:b2:27:
         6d:60:c5:56
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAZMAzPqrJICGxHr0l00OPFnBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQxMTA2MDkyNzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWZjOTE3NTg3MjI3OTkwMzFhYThkYzI5YmE2YzM0NTkzYmYzZjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOkw1dYYT0zuGwsU/+foD4tjb5Pa
2+y2qgog3zTAD7JAlC55BUppTXn9upf0UDQabRhyj5MSGnkcFoPoP7/iKvEJagJR
BH+ak6d6VLr37NRcKRz46ro9eOoi+6yU1xnzytyDV8RhMGuNPVeOqXizSP4Yp5Cj
E7SlVkR2zhEToKMekijnidNjLgtaArEQy2l/zFRJXzeJgx9TjVahOQh9/MdrU6Hz
GkW/KHivjOm+m89omX4ZN4IutFurqLGESjCskoo+1xmPXUBEW4MAQVHQe2YZpPwK
NpPYh40e0RGaSEnB89G4xuhYBbub5yMnGl850tkT4o+6NT5+bqUb8LfOnwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFNX8kXWHInmQMaqNwpumw0WTvz84MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvMWZ5UmRZY2llWkF4cW8zQ202YkRSWk9fUHpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQBLYsGAwQA
LvluAwQAUnMJAwQBUnMcAwQAWfsKAwQDn/8gAwQAuVDFAwQCueesAwQCvNGcAwQD
vP0IAwQAwSRIAwQByoVaAwQC1a0gMA0GCSqGSIb3DQEBCwUAA4IBAQCW+5msolAd
Vuddf513Sgb9MWvRoF/GmO3oxnU0ersHkzQq2m2SbbViVrlKVE+vPkHv+7OZ3LBs
izN9oPAX5Pnp/DHqLdbBrJ3PU1k8ou309z6TfFevOL7In/VZp17oPQe+RCAPk2dX
6cTJ7TE1ks6h4YJymHMSkvoBO4YLHPDjquZQojOIKWyUz9Qea1NeiEVR8Tir94ol
kQGamfmfNc+QZ53fIOPgI64yGtbv5ntH+MPz4wWYTTb40IYyMa8ZkXj/S5ZVI4hB
mwAYaY/c0tWIC+v1zvTgGhAPRyAC2OHs5ixIsBrODsB57MTcDNjLEIlNV2pTWgj2
LqR7sidtYMVW
-----END CERTIFICATE-----