Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/ldNszVfUwEKSSP-6o9u7zhTKf5Q.roa
File:                     ldNszVfUwEKSSP-6o9u7zhTKf5Q.roa (raw, json)
Hash identifier:          WuSEek7O8GaQWG4ZIjyJXNS+R8r11V0Lwh9qL8UdxTQ=
Subject key identifier:   95:D3:6C:CD:57:D4:C0:42:92:48:FF:BA:A3:DB:BB:CE:14:CA:7F:94
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01866EF3AE88183469A1344381673248C048
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/ldNszVfUwEKSSP-6o9u7zhTKf5Q.roa
Signing time:             Mon 20 Feb 2023 13:11:49 +0000
ROA not before:           Mon 20 Feb 2023 13:11:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12325
IP address blocks:        94.177.28.0/24 maxlen: 24
                          86.105.144.0/22 maxlen: 24
                          185.18.224.0/23 maxlen: 24
                          89.35.124.0/23 maxlen: 24
                          89.46.128.0/22 maxlen: 24
                          188.213.212.0/24 maxlen: 24
                          188.213.216.0/24 maxlen: 24
                          188.215.40.0/22 maxlen: 24
                          92.114.32.0/24 maxlen: 24
                          89.40.222.0/23 maxlen: 24
                          92.114.54.0/24 maxlen: 24
                          31.14.228.0/22 maxlen: 24
                          89.46.232.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:6e:f3:ae:88:18:34:69:a1:34:43:81:67:32:48:c0:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Feb 20 13:11:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=95d36ccd57d4c0429248ffbaa3dbbbce14ca7f94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:43:23:11:f4:f8:a5:df:01:87:d5:2d:9a:cf:
                    a7:e1:bf:4b:41:d6:b8:ff:cf:3d:e4:77:2b:84:27:
                    7f:65:1f:a2:e8:60:c0:e5:6c:fc:7c:e8:62:76:f6:
                    90:c7:f9:55:0d:96:fd:4a:ac:11:79:b5:3d:17:6b:
                    c2:14:c9:73:fb:a4:ec:0c:ec:1b:8c:59:a6:82:09:
                    c8:cc:22:5e:37:7d:39:6b:aa:5c:fb:50:8f:6f:e6:
                    de:76:91:80:32:ff:f5:6c:c8:d5:23:67:77:cc:5c:
                    55:77:e3:d7:70:7d:d3:60:11:e7:32:cf:70:ac:ee:
                    f4:34:d7:24:9e:b9:fc:60:dd:af:06:32:29:d4:e1:
                    30:e4:6e:fd:f3:e9:f2:d5:ed:1c:82:a6:bc:b9:ce:
                    42:3e:31:fc:ca:7d:c6:50:ad:19:c6:5e:24:82:47:
                    0b:55:93:4c:8c:7c:e5:a8:c4:a4:40:ee:58:f9:1c:
                    ac:6e:70:a2:63:15:05:3a:d5:85:85:9a:5f:5b:b2:
                    55:ed:90:e6:48:d2:e9:4c:f0:c6:74:1b:7a:32:27:
                    21:41:f7:05:4c:44:fb:74:19:7f:73:83:3d:7f:d5:
                    7f:de:54:72:4f:3c:f5:86:25:48:8b:af:a0:cd:1e:
                    78:39:23:54:a2:0e:ab:88:a7:c9:01:88:8f:91:a6:
                    be:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:D3:6C:CD:57:D4:C0:42:92:48:FF:BA:A3:DB:BB:CE:14:CA:7F:94
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/ldNszVfUwEKSSP-6o9u7zhTKf5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.228.0/22
                  86.105.144.0/22
                  89.35.124.0/23
                  89.40.222.0/23
                  89.46.128.0/22
                  89.46.232.0/21
                  92.114.32.0/24
                  92.114.54.0/24
                  94.177.28.0/24
                  185.18.224.0/23
                  188.213.212.0/24
                  188.213.216.0/24
                  188.215.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:6c:3e:dd:7c:5b:8e:b2:6c:13:c6:28:8d:4d:83:ad:dd:cd:
         8f:aa:a5:ca:86:2d:14:57:2c:11:49:c0:5c:ac:af:32:de:4a:
         51:03:de:a1:44:94:59:94:8e:f4:a7:10:c9:cd:48:a5:e1:65:
         52:71:57:35:97:e3:f6:ad:98:c1:63:8f:f3:a9:c9:01:d2:ff:
         72:1f:8d:77:b6:83:8b:51:87:a6:8a:44:72:ba:3d:ce:b4:d2:
         6d:87:f9:af:4c:dc:2a:32:f1:07:60:20:2e:7e:ef:b0:54:42:
         0b:58:ff:b4:20:63:38:a1:db:52:19:89:79:8a:db:c3:72:ca:
         e4:50:bf:5e:fc:51:36:13:2f:df:a7:53:12:29:e2:4a:0d:4f:
         d2:23:a6:a9:84:3a:4e:e5:c8:7e:85:83:7b:36:a8:8a:ad:02:
         ae:ec:c3:b3:ef:81:6c:97:64:ae:c0:1f:ae:5e:dd:a5:33:ca:
         b1:db:40:61:92:8f:32:18:96:6f:f1:53:83:04:27:d5:68:d3:
         d6:2c:62:37:2a:e2:29:84:42:a5:24:89:57:1c:3d:90:f6:e5:
         e8:cb:d1:54:d7:1e:80:ff:0f:d9:5e:8f:e0:e9:90:34:41:6e:
         fa:0c:73:15:91:fc:4c:66:05:34:37:76:84:84:0e:25:8a:d8:
         2c:68:76:f1
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYZu866IGDRpoTRDgWcySMBIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMwMjIwMTMxMTQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWQzNmNjZDU3ZDRjMDQyOTI0OGZmYmFhM2RiYmJjZTE0Y2E3Zjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskMjEfT4pd8Bh9Utms+n4b9LQda4
/8895HcrhCd/ZR+i6GDA5Wz8fOhidvaQx/lVDZb9SqwRebU9F2vCFMlz+6TsDOwb
jFmmggnIzCJeN305a6pc+1CPb+bedpGAMv/1bMjVI2d3zFxVd+PXcH3TYBHnMs9w
rO70NNcknrn8YN2vBjIp1OEw5G798+ny1e0cgqa8uc5CPjH8yn3GUK0Zxl4kgkcL
VZNMjHzlqMSkQO5Y+RysbnCiYxUFOtWFhZpfW7JV7ZDmSNLpTPDGdBt6MichQfcF
TET7dBl/c4M9f9V/3lRyTzz1hiVIi6+gzR54OSNUog6riKfJAYiPkaa+FQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFJXTbM1X1MBCkkj/uqPbu84Uyn+UMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2xkTnN6VmZVd0VLU1NQLTZvOXU3emhUS2Y1US5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwZwYIKwYBBQUHAQcBAf8EWDBWMFQEAgABME4DBAIfDuQD
BAJWaZADBAFZI3wDBAFZKN4DBAJZLoADBANZLugDBABcciADBABccjYDBABesRwD
BAG5EuADBAC81dQDBAC81dgDBAK81ygwDQYJKoZIhvcNAQELBQADggEBAGlsPt18
W46ybBPGKI1Ng63dzY+qpcqGLRRXLBFJwFysrzLeSlED3qFElFmUjvSnEMnNSKXh
ZVJxVzWX4/atmMFjj/OpyQHS/3IfjXe2g4tRh6aKRHK6Pc600m2H+a9M3Coy8Qdg
IC5+77BUQgtY/7QgYzih21IZiXmK28NyyuRQv178UTYTL9+nUxIp4koNT9IjpqmE
Ok7lyH6Fg3s2qIqtAq7sw7PvgWyXZK7AH65e3aUzyrHbQGGSjzIYlm/xU4MEJ9Vo
09YsYjcq4imEQqUkiVccPZD25ejL0VTXHoD/D9lej+DpkDRBbvoMcxWR/ExmBTQ3
doSEDiWK2CxodvE=
-----END CERTIFICATE-----