Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/LjWjSfBXP5aAHTYc5yte7ujuslI.roa
File:                     LjWjSfBXP5aAHTYc5yte7ujuslI.roa (raw, json)
Hash identifier:          fh1OqjjmF7TvZwwkEyI13E4hxTfk25ruWPjz4Tsk9ws=
Subject key identifier:   2E:35:A3:49:F0:57:3F:96:80:1D:36:1C:E7:2B:5E:EE:E8:EE:B2:52
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       018D78569233C725A6E5A1DF630F523DE40F
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/LjWjSfBXP5aAHTYc5yte7ujuslI.roa
Signing time:             Mon 05 Feb 2024 08:15:55 +0000
ROA not before:           Mon 05 Feb 2024 08:15:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202423
IP address blocks:        5.44.43.0/24 maxlen: 24
                          5.44.45.0/24 maxlen: 24
                          45.89.188.0/24 maxlen: 24
                          45.89.189.0/24 maxlen: 24
                          45.89.191.0/24 maxlen: 24
                          89.191.230.0/24 maxlen: 24
                          89.191.231.0/24 maxlen: 24
                          89.191.233.0/24 maxlen: 24
                          89.191.235.0/24 maxlen: 24
                          91.107.119.0/24 maxlen: 24
                          194.116.162.0/24 maxlen: 24
                          194.116.163.0/24 maxlen: 24
                          212.60.22.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:56:92:33:c7:25:a6:e5:a1:df:63:0f:52:3d:e4:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Feb  5 08:15:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e35a349f0573f96801d361ce72b5eeee8eeb252
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:20:4f:f7:f4:fe:75:71:39:87:21:8b:da:77:
                    a4:71:fa:0b:88:5a:44:f0:34:58:b6:5e:6b:44:5e:
                    be:e7:a9:49:63:51:2d:65:b1:d1:d5:c3:46:ab:0b:
                    0e:07:8a:97:02:65:6e:3d:93:93:b3:ab:bb:d2:ed:
                    18:59:73:f7:b9:d5:95:d4:e0:db:0b:df:1e:dc:64:
                    92:44:3c:82:9e:95:bf:31:80:1f:4d:ec:81:0f:04:
                    8a:14:d7:7c:df:ca:b7:81:b5:bb:63:6d:db:58:b0:
                    b0:97:50:e3:82:98:55:53:66:5a:e8:dc:ad:7e:3d:
                    47:fe:cc:06:95:a9:0f:df:50:b5:a8:af:0e:c9:ec:
                    f8:49:ef:9f:ff:73:39:b4:6b:6c:88:ab:dd:f4:00:
                    9d:a9:ba:0d:87:71:50:6c:09:8d:58:3a:c7:55:d5:
                    b7:5e:8e:c9:1e:bf:2e:00:45:d8:e3:fc:07:8a:03:
                    d6:79:29:3f:48:28:65:29:6d:38:e0:0b:e1:39:03:
                    d4:f6:b6:07:ae:23:6f:b0:e2:e4:96:70:ce:2d:3b:
                    d0:ac:f7:3c:c2:ec:af:4e:5b:9e:0d:6f:7d:75:a2:
                    47:24:33:2e:bc:69:f4:b7:73:a7:8b:3b:cc:dd:6e:
                    bf:a6:23:52:2c:9d:77:fd:cf:42:d8:c9:0c:da:ce:
                    44:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:35:A3:49:F0:57:3F:96:80:1D:36:1C:E7:2B:5E:EE:E8:EE:B2:52
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/LjWjSfBXP5aAHTYc5yte7ujuslI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.43.0/24
                  5.44.45.0/24
                  45.89.188.0/23
                  45.89.191.0/24
                  89.191.230.0/23
                  89.191.233.0/24
                  89.191.235.0/24
                  91.107.119.0/24
                  194.116.162.0/23
                  212.60.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:39:62:69:0a:bc:28:24:16:2a:37:18:97:3c:80:9c:ab:ed:
         06:5b:35:c8:81:47:16:16:3e:84:f3:14:3f:9e:f8:94:e9:b3:
         94:97:58:15:de:bc:8a:c7:17:1d:c9:8b:35:72:63:c2:7e:dd:
         57:cc:54:b6:91:ab:1d:d0:7b:4a:f9:ef:36:48:76:17:c9:e1:
         30:61:60:19:5b:72:47:f2:f1:86:91:38:3f:ca:28:06:29:cf:
         f8:bf:04:41:1b:45:e2:b7:75:19:23:53:9c:20:22:aa:c8:bf:
         7f:b8:64:4d:9b:4c:89:68:76:02:f8:a3:2c:78:60:59:4b:46:
         ea:00:b0:81:3c:aa:00:4c:34:57:7f:32:8a:be:84:0c:29:5b:
         f4:17:af:14:99:6a:5f:1b:7d:80:ea:86:87:bb:1b:72:11:bf:
         1b:a0:04:1d:a1:69:7b:d8:fe:a0:2f:d8:e2:db:4a:8d:40:9f:
         f6:31:c5:b5:56:00:91:d4:86:b5:d0:20:27:e6:6f:20:7a:b3:
         b3:d3:bc:41:40:b0:6b:91:6d:af:7b:8a:91:2b:37:57:8c:fa:
         b2:b4:a1:58:fc:5b:87:bf:1d:c4:25:87:a7:fa:c4:06:e1:c8:
         b2:56:76:ef:e5:ec:b8:e3:25:bd:0d:e6:cb:ab:40:ab:19:d1:
         89:15:db:79
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY14VpIzxyWm5aHfYw9SPeQPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjQwMjA1MDgxNTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTM1YTM0OWYwNTczZjk2ODAxZDM2MWNlNzJiNWVlZWU4ZWViMjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCBP9/T+dXE5hyGL2nekcfoLiFpE
8DRYtl5rRF6+56lJY1EtZbHR1cNGqwsOB4qXAmVuPZOTs6u70u0YWXP3udWV1ODb
C98e3GSSRDyCnpW/MYAfTeyBDwSKFNd838q3gbW7Y23bWLCwl1DjgphVU2Za6Nyt
fj1H/swGlakP31C1qK8Oyez4Se+f/3M5tGtsiKvd9ACdqboNh3FQbAmNWDrHVdW3
Xo7JHr8uAEXY4/wHigPWeSk/SChlKW044AvhOQPU9rYHriNvsOLklnDOLTvQrPc8
wuyvTlueDW99daJHJDMuvGn0t3OnizvM3W6/piNSLJ13/c9C2MkM2s5EoQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFC41o0nwVz+WgB02HOcrXu7o7rJSMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvTGpXalNmQlhQNWFBSFRZYzV5dGU3dWp1c2xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQABSwrAwQA
BSwtAwQBLVm8AwQALVm/AwQBWb/mAwQAWb/pAwQAWb/rAwQAW2t3AwQBwnSiAwQA
1DwWMA0GCSqGSIb3DQEBCwUAA4IBAQChOWJpCrwoJBYqNxiXPICcq+0GWzXIgUcW
Fj6E8xQ/nviU6bOUl1gV3ryKxxcdyYs1cmPCft1XzFS2kasd0HtK+e82SHYXyeEw
YWAZW3JH8vGGkTg/yigGKc/4vwRBG0Xit3UZI1OcICKqyL9/uGRNm0yJaHYC+KMs
eGBZS0bqALCBPKoATDRXfzKKvoQMKVv0F68UmWpfG32A6oaHuxtyEb8boAQdoWl7
2P6gL9ji20qNQJ/2McW1VgCR1Ia10CAn5m8gerOz07xBQLBrkW2ve4qRKzdXjPqy
tKFY/FuHvx3EJYen+sQG4ciyVnbv5ey44yW9DebLq0CrGdGJFdt5
-----END CERTIFICATE-----