Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/8d58b5-4f13-47b2-a57e-283bb0923817/1/QqvBiUcviEUQ3tVGlKTPs0O2Ap8.roa
File:                     QqvBiUcviEUQ3tVGlKTPs0O2Ap8.roa (raw, json)
Hash identifier:          ZQotcGsgtWXygU6Z3gnN5GsoStpX0Vi6jTjJnSLBNO4=
Subject key identifier:   42:AB:C1:89:47:2F:88:45:10:DE:D5:46:94:A4:CF:B3:43:B6:02:9F
Certificate issuer:       /CN=6c1024a0bdfbad95f01064d518cf6ea966b4488a
Certificate serial:       0185727115F43E56E306CAA8F6365588481B
Authority key identifier: 6C:10:24:A0:BD:FB:AD:95:F0:10:64:D5:18:CF:6E:A9:66:B4:48:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bBAkoL37rZXwEGTVGM9uqWa0SIo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/8d58b5-4f13-47b2-a57e-283bb0923817/1/QqvBiUcviEUQ3tVGlKTPs0O2Ap8.roa
Signing time:             Mon 02 Jan 2023 12:24:51 +0000
ROA not before:           Mon 02 Jan 2023 12:24:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     58067
IP address blocks:        176.114.16.0/20 maxlen: 20
                          176.114.17.0/24 maxlen: 24
                          176.114.16.0/24 maxlen: 24
                          176.114.24.0/24 maxlen: 24
                          176.114.18.0/24 maxlen: 24
                          176.114.19.0/24 maxlen: 24
                          176.114.20.0/24 maxlen: 24
                          176.114.21.0/24 maxlen: 24
                          185.214.76.0/22 maxlen: 22
                          176.114.22.0/24 maxlen: 24
                          176.114.23.0/24 maxlen: 24
                          176.114.31.0/24 maxlen: 24
                          176.114.25.0/24 maxlen: 24
                          176.114.26.0/24 maxlen: 24
                          176.114.27.0/24 maxlen: 24
                          176.114.28.0/24 maxlen: 24
                          176.114.29.0/24 maxlen: 24
                          176.114.30.0/24 maxlen: 24
                          2a0b:97c0::/29 maxlen: 29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:71:15:f4:3e:56:e3:06:ca:a8:f6:36:55:88:48:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c1024a0bdfbad95f01064d518cf6ea966b4488a
        Validity
            Not Before: Jan  2 12:24:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=42abc189472f884510ded54694a4cfb343b6029f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f4:6e:e4:9e:bf:d2:72:d4:fe:82:3e:37:95:
                    fa:0f:28:b4:c8:72:42:f7:bd:f7:44:b6:13:00:c0:
                    ab:42:84:e2:2a:02:3f:a3:a8:78:25:c0:e3:c3:3f:
                    a5:9b:23:fe:a5:5e:d5:5a:d1:1c:80:8f:51:3e:7c:
                    dc:0e:ab:6a:96:7f:1b:f3:10:45:25:2c:06:be:3b:
                    59:b4:1c:f7:cc:b4:d0:ba:7d:58:81:bd:f6:5a:d4:
                    a1:64:66:da:bc:eb:2f:1c:39:46:0c:c0:bb:bb:29:
                    3a:70:5e:b7:75:9d:33:e9:ea:a1:03:82:b1:0c:40:
                    80:46:23:3b:04:e8:6d:65:01:eb:58:63:b8:66:c9:
                    f4:90:67:c0:ac:c1:7d:43:7c:99:7b:9a:24:48:79:
                    95:f4:99:c7:88:1b:a5:b1:34:d3:c6:3e:f3:43:61:
                    df:7b:cc:91:6a:1b:9d:9c:5e:dd:d8:47:e6:3e:61:
                    e6:94:fe:f3:64:d4:a3:97:57:50:a8:e5:30:af:ff:
                    98:7d:c5:eb:ea:ac:cb:35:09:2c:fc:ad:62:2a:9f:
                    4c:8b:5d:f5:c7:fb:65:da:94:b8:15:75:09:83:bc:
                    7d:77:3b:42:cd:6a:d1:3d:7f:0b:92:8a:fe:b2:ab:
                    c8:1b:e1:fa:e4:9d:6b:51:ce:1f:be:33:d1:b3:4e:
                    2b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:AB:C1:89:47:2F:88:45:10:DE:D5:46:94:A4:CF:B3:43:B6:02:9F
            X509v3 Authority Key Identifier:
                keyid:6C:10:24:A0:BD:FB:AD:95:F0:10:64:D5:18:CF:6E:A9:66:B4:48:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bBAkoL37rZXwEGTVGM9uqWa0SIo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8d58b5-4f13-47b2-a57e-283bb0923817/1/QqvBiUcviEUQ3tVGlKTPs0O2Ap8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8d58b5-4f13-47b2-a57e-283bb0923817/1/bBAkoL37rZXwEGTVGM9uqWa0SIo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.114.16.0/20
                  185.214.76.0/22
                IPv6:
                  2a0b:97c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1c:a2:ba:52:19:56:7c:e3:8a:fc:07:cb:8b:a3:47:08:ea:57:
         a9:f1:94:f3:63:5d:68:0d:42:03:24:8c:84:0d:19:75:3d:9e:
         94:0f:9e:bb:04:ce:b9:05:93:da:e6:a1:50:f6:c1:15:77:ac:
         71:85:d8:c5:79:71:bd:5d:d8:06:23:f5:7f:8c:d7:ba:4a:cd:
         54:6a:c0:37:6f:07:64:d8:1a:7c:03:be:ef:61:9c:d7:1e:6f:
         f7:43:46:4e:16:79:c7:60:2e:01:97:17:a5:a1:72:0e:77:ed:
         4e:7b:4e:c5:04:36:17:7d:2d:0d:13:53:a3:3b:bd:db:1e:85:
         82:8c:3c:29:88:e7:88:ce:84:03:9e:65:a6:4a:b1:11:84:77:
         7d:be:41:a9:3d:ec:e2:d3:75:5a:c3:0f:d5:0f:70:6c:3b:0c:
         8b:3c:f9:14:8c:77:c5:45:ac:c9:d9:cb:30:b0:d8:88:d9:1f:
         ea:f2:80:47:80:ab:d0:dc:af:32:6e:a3:c1:8f:61:b7:f7:95:
         c7:a0:90:4f:bd:0d:c2:f9:bc:a6:54:6c:13:ee:2d:c7:60:c8:
         22:14:c7:de:07:82:98:6f:84:76:cc:ea:95:67:bd:a7:88:eb:
         b5:39:e9:fb:38:d6:5d:5b:cc:c7:05:87:33:f4:c7:b3:be:24:
         7c:54:d0:62
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVycRX0PlbjBsqo9jZViEgbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMTAyNGEwYmRmYmFkOTVmMDEwNjRkNTE4Y2Y2ZWE5NjZi
NDQ4OGEwHhcNMjMwMTAyMTIyNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmFiYzE4OTQ3MmY4ODQ1MTBkZWQ1NDY5NGE0Y2ZiMzQzYjYwMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfRu5J6/0nLU/oI+N5X6Dyi0yHJC
9733RLYTAMCrQoTiKgI/o6h4JcDjwz+lmyP+pV7VWtEcgI9RPnzcDqtqln8b8xBF
JSwGvjtZtBz3zLTQun1Ygb32WtShZGbavOsvHDlGDMC7uyk6cF63dZ0z6eqhA4Kx
DECARiM7BOhtZQHrWGO4Zsn0kGfArMF9Q3yZe5okSHmV9JnHiBulsTTTxj7zQ2Hf
e8yRahudnF7d2EfmPmHmlP7zZNSjl1dQqOUwr/+YfcXr6qzLNQks/K1iKp9Mi131
x/tl2pS4FXUJg7x9dztCzWrRPX8Lkor+sqvIG+H65J1rUc4fvjPRs04rFwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEKrwYlHL4hFEN7VRpSkz7NDtgKfMB8GA1UdIwQY
MBaAFGwQJKC9+62V8BBk1RjPbqlmtEiKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkJBa29MMzdyWlh3RUdUVkdNOXVxV2EwU0lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84ZDU4YjUtNGYxMy00N2IyLWE1N2Ut
MjgzYmIwOTIzODE3LzEvUXF2QmlVY3ZpRVVRM3RWR2xLVFBzME8yQXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84ZDU4YjUtNGYxMy00N2IyLWE1N2UtMjgzYmIwOTIzODE3
LzEvYkJBa29MMzdyWlh3RUdUVkdNOXVxV2EwU0lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEsHIQAwQC
udZMMA0EAgACMAcDBQMqC5fAMA0GCSqGSIb3DQEBCwUAA4IBAQAcorpSGVZ844r8
B8uLo0cI6lep8ZTzY11oDUIDJIyEDRl1PZ6UD567BM65BZPa5qFQ9sEVd6xxhdjF
eXG9XdgGI/V/jNe6Ss1UasA3bwdk2Bp8A77vYZzXHm/3Q0ZOFnnHYC4BlxeloXIO
d+1Oe07FBDYXfS0NE1OjO73bHoWCjDwpiOeIzoQDnmWmSrERhHd9vkGpPezi03Va
ww/VD3BsOwyLPPkUjHfFRazJ2cswsNiI2R/q8oBHgKvQ3K8ybqPBj2G395XHoJBP
vQ3C+bymVGwT7i3HYMgiFMfeB4KYb4R2zOqVZ72niOu1Oen7ONZdW8zHBYcz9Mez
viR8VNBi
-----END CERTIFICATE-----