Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/8d58b5-4f13-47b2-a57e-283bb0923817/1/8LMYPE3DcrM70CmVlFlE3u3z17E.roa
File:                     8LMYPE3DcrM70CmVlFlE3u3z17E.roa (raw, json)
Hash identifier:          ezi4MZ2uEwp/QLcirxnIWjal3WSgAVwQeH0BqtduBMk=
Subject key identifier:   F0:B3:18:3C:4D:C3:72:B3:3B:D0:29:95:94:59:44:DE:ED:F3:D7:B1
Certificate issuer:       /CN=6c1024a0bdfbad95f01064d518cf6ea966b4488a
Certificate serial:       018CC94BFA3DADF032BC0342DCE21B386427
Authority key identifier: 6C:10:24:A0:BD:FB:AD:95:F0:10:64:D5:18:CF:6E:A9:66:B4:48:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bBAkoL37rZXwEGTVGM9uqWa0SIo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/8d58b5-4f13-47b2-a57e-283bb0923817/1/8LMYPE3DcrM70CmVlFlE3u3z17E.roa
Signing time:             Tue 02 Jan 2024 08:30:48 +0000
ROA not before:           Tue 02 Jan 2024 08:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58067
IP address blocks:        176.114.16.0/20 maxlen: 20
                          176.114.17.0/24 maxlen: 24
                          176.114.16.0/24 maxlen: 24
                          176.114.24.0/24 maxlen: 24
                          176.114.18.0/24 maxlen: 24
                          176.114.19.0/24 maxlen: 24
                          176.114.20.0/24 maxlen: 24
                          176.114.21.0/24 maxlen: 24
                          185.214.76.0/22 maxlen: 22
                          176.114.22.0/24 maxlen: 24
                          176.114.23.0/24 maxlen: 24
                          176.114.31.0/24 maxlen: 24
                          176.114.25.0/24 maxlen: 24
                          176.114.26.0/24 maxlen: 24
                          176.114.27.0/24 maxlen: 24
                          176.114.28.0/24 maxlen: 24
                          176.114.29.0/24 maxlen: 24
                          176.114.30.0/24 maxlen: 24
                          2a0b:97c0::/29 maxlen: 29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:fa:3d:ad:f0:32:bc:03:42:dc:e2:1b:38:64:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c1024a0bdfbad95f01064d518cf6ea966b4488a
        Validity
            Not Before: Jan  2 08:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0b3183c4dc372b33bd02995945944deedf3d7b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:6a:5d:a5:65:2e:15:36:d2:3b:70:94:f9:e8:
                    62:95:56:61:2a:a0:2e:81:bb:a9:4c:80:6a:e2:b9:
                    99:ee:d6:33:20:a3:66:7f:12:93:cd:48:66:7c:ca:
                    62:e8:69:2f:18:b7:c9:4f:1e:0a:29:94:53:7e:60:
                    9f:2e:10:30:e2:59:0b:85:f8:fd:60:f4:17:44:24:
                    f3:a4:5f:bf:a1:90:3a:12:e6:1b:a7:96:35:8b:91:
                    e5:73:9c:9c:42:15:d0:ca:96:d3:97:40:fa:e3:c2:
                    5b:27:1c:40:64:65:82:10:38:95:62:4c:ed:5d:fc:
                    3e:37:21:c9:57:b5:26:29:ff:67:a3:95:53:02:2a:
                    31:45:72:bb:ae:ae:6b:c5:f5:cc:28:bf:52:ea:97:
                    d6:cc:38:f3:1d:29:d8:28:4f:30:f6:54:06:f5:1d:
                    e0:d8:4a:9f:d1:f2:4f:b8:9f:35:5f:98:6a:32:0b:
                    98:16:dd:90:93:b9:d0:18:55:a7:fc:d7:a0:2a:47:
                    0e:45:02:42:a2:87:7a:48:d0:80:a2:97:99:9a:fb:
                    34:fb:a0:f4:c1:ca:fe:44:48:62:fd:ef:a6:2b:bc:
                    f6:4f:93:1a:eb:11:66:e6:44:32:0b:8e:54:dd:b6:
                    dd:f7:2e:2b:38:2e:b8:29:ab:6c:46:0d:f6:d1:23:
                    1c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:B3:18:3C:4D:C3:72:B3:3B:D0:29:95:94:59:44:DE:ED:F3:D7:B1
            X509v3 Authority Key Identifier:
                keyid:6C:10:24:A0:BD:FB:AD:95:F0:10:64:D5:18:CF:6E:A9:66:B4:48:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bBAkoL37rZXwEGTVGM9uqWa0SIo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8d58b5-4f13-47b2-a57e-283bb0923817/1/8LMYPE3DcrM70CmVlFlE3u3z17E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8d58b5-4f13-47b2-a57e-283bb0923817/1/bBAkoL37rZXwEGTVGM9uqWa0SIo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.114.16.0/20
                  185.214.76.0/22
                IPv6:
                  2a0b:97c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:48:11:90:39:53:82:f1:d3:c9:7e:ae:db:05:f7:f7:e5:bf:
         f8:4d:4a:d6:11:47:ad:8c:5b:04:cb:77:ee:05:23:20:91:9c:
         f1:39:9f:30:6c:ea:41:ce:39:8b:58:e0:6f:42:db:8c:a5:46:
         58:77:9c:9a:a4:f8:ff:de:57:26:63:58:fe:16:b3:67:9b:d5:
         c9:5c:c8:53:88:7b:f2:dd:73:75:7f:8c:c3:a7:da:9b:97:0c:
         c8:9e:ae:42:19:47:a5:06:80:8f:51:b9:af:05:da:55:7d:5b:
         f3:ea:10:e3:45:0e:18:b1:13:66:50:ac:88:9b:2d:e8:80:99:
         6c:14:70:47:2d:ee:f2:5f:69:0a:30:ea:1c:a3:ea:49:02:3d:
         4d:ac:da:14:41:05:0b:c6:62:7f:b6:61:58:22:e9:0b:93:64:
         49:32:74:76:68:8e:3d:53:58:c0:b1:a1:f9:a7:50:52:80:77:
         49:40:de:b1:1e:3b:9c:b0:91:65:cc:c9:48:9e:0b:d9:ca:56:
         ef:ef:38:6a:70:98:a0:cf:40:7e:56:22:c0:52:cf:03:11:e1:
         67:1f:4f:d7:d1:c4:75:41:5e:c7:35:04:36:04:9e:c8:3b:2e:
         71:cd:a6:59:c5:37:af:09:87:31:17:2f:fe:4b:eb:84:95:c7:
         24:94:7d:8d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJS/o9rfAyvANC3OIbOGQnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMTAyNGEwYmRmYmFkOTVmMDEwNjRkNTE4Y2Y2ZWE5NjZi
NDQ4OGEwHhcNMjQwMTAyMDgzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGIzMTgzYzRkYzM3MmIzM2JkMDI5OTU5NDU5NDRkZWVkZjNkN2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+GpdpWUuFTbSO3CU+ehilVZhKqAu
gbupTIBq4rmZ7tYzIKNmfxKTzUhmfMpi6GkvGLfJTx4KKZRTfmCfLhAw4lkLhfj9
YPQXRCTzpF+/oZA6EuYbp5Y1i5Hlc5ycQhXQypbTl0D648JbJxxAZGWCEDiVYkzt
Xfw+NyHJV7UmKf9no5VTAioxRXK7rq5rxfXMKL9S6pfWzDjzHSnYKE8w9lQG9R3g
2Eqf0fJPuJ81X5hqMguYFt2Qk7nQGFWn/NegKkcORQJCood6SNCAopeZmvs0+6D0
wcr+REhi/e+mK7z2T5Ma6xFm5kQyC45U3bbd9y4rOC64KatsRg320SMcSwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPCzGDxNw3KzO9AplZRZRN7t89exMB8GA1UdIwQY
MBaAFGwQJKC9+62V8BBk1RjPbqlmtEiKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkJBa29MMzdyWlh3RUdUVkdNOXVxV2EwU0lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84ZDU4YjUtNGYxMy00N2IyLWE1N2Ut
MjgzYmIwOTIzODE3LzEvOExNWVBFM0Rjck03MENtVmxGbEUzdTN6MTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84ZDU4YjUtNGYxMy00N2IyLWE1N2UtMjgzYmIwOTIzODE3
LzEvYkJBa29MMzdyWlh3RUdUVkdNOXVxV2EwU0lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEsHIQAwQC
udZMMA0EAgACMAcDBQMqC5fAMA0GCSqGSIb3DQEBCwUAA4IBAQAASBGQOVOC8dPJ
fq7bBff35b/4TUrWEUetjFsEy3fuBSMgkZzxOZ8wbOpBzjmLWOBvQtuMpUZYd5ya
pPj/3lcmY1j+FrNnm9XJXMhTiHvy3XN1f4zDp9qblwzInq5CGUelBoCPUbmvBdpV
fVvz6hDjRQ4YsRNmUKyImy3ogJlsFHBHLe7yX2kKMOoco+pJAj1NrNoUQQULxmJ/
tmFYIukLk2RJMnR2aI49U1jAsaH5p1BSgHdJQN6xHjucsJFlzMlIngvZylbv7zhq
cJigz0B+ViLAUs8DEeFnH0/X0cR1QV7HNQQ2BJ7IOy5xzaZZxTevCYcxFy/+S+uE
lccklH2N
-----END CERTIFICATE-----