Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/RVEUM1hcVcbZ5oCKQ72F1_oMOPo.roa
File:                     RVEUM1hcVcbZ5oCKQ72F1_oMOPo.roa (raw, json)
Hash identifier:          GH7eUeQcawAgCmbeSElFBnAapCMHSGk/EUTDtt+qFVU=
Subject key identifier:   45:51:14:33:58:5C:55:C6:D9:E6:80:8A:43:BD:85:D7:FA:0C:38:FA
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       018D6A4E5BF2F5C8B34B31F36B353FC2CEAB
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/RVEUM1hcVcbZ5oCKQ72F1_oMOPo.roa
Signing time:             Fri 02 Feb 2024 14:52:16 +0000
ROA not before:           Fri 02 Feb 2024 14:52:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202423
IP address blocks:        5.44.43.0/24 maxlen: 24
                          5.44.45.0/24 maxlen: 24
                          45.89.188.0/24 maxlen: 24
                          45.89.189.0/24 maxlen: 24
                          45.89.191.0/24 maxlen: 24
                          45.129.186.0/24 maxlen: 24
                          89.191.225.0/24 maxlen: 24
                          89.191.230.0/24 maxlen: 24
                          89.191.231.0/24 maxlen: 24
                          89.191.233.0/24 maxlen: 24
                          89.191.235.0/24 maxlen: 24
                          91.107.119.0/24 maxlen: 24
                          194.116.162.0/24 maxlen: 24
                          194.116.163.0/24 maxlen: 24
                          212.60.22.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6a:4e:5b:f2:f5:c8:b3:4b:31:f3:6b:35:3f:c2:ce:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Feb  2 14:52:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45511433585c55c6d9e6808a43bd85d7fa0c38fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:5f:2c:00:af:d0:e5:e6:6f:1b:87:9f:74:be:
                    4e:d4:73:f1:f9:d6:37:3a:da:b0:1b:1e:a7:7b:58:
                    5e:cf:ce:a8:f0:79:31:b9:3a:01:70:b4:51:5b:d2:
                    c0:9c:ca:07:64:8c:c0:d8:2c:16:a0:e1:e9:02:1c:
                    1a:54:48:58:23:96:77:d9:2b:e4:7f:49:3d:04:43:
                    6a:fd:a5:b7:db:ac:4b:69:af:c8:6c:80:41:22:9e:
                    24:b6:e3:0b:83:78:04:c2:73:bb:29:15:6c:c1:e1:
                    e4:b6:6c:df:30:f7:72:8b:87:f2:35:f1:bf:28:a1:
                    ba:26:9d:28:ab:dd:7b:84:e4:5a:4c:ea:b9:7c:9e:
                    76:f1:4b:ed:dd:a7:b2:a5:e9:f7:15:0b:cc:21:d8:
                    c9:2b:3d:a8:d0:51:1a:3f:b8:d6:a6:2d:f5:76:f2:
                    4a:34:76:23:45:53:18:02:6d:bf:3c:cf:cd:b8:c6:
                    c8:07:ad:bd:a5:a7:fb:2d:83:e7:92:ab:89:ae:2d:
                    c3:7c:b4:77:49:46:f3:32:06:c3:b9:87:30:eb:e2:
                    af:cb:61:00:2c:7a:e3:d0:60:b9:29:e2:36:a6:c7:
                    00:53:e4:f4:da:e8:cc:4f:cf:7e:db:91:84:f7:a9:
                    ee:a0:4a:1b:a7:6d:a9:f1:d5:79:ff:9a:af:15:d1:
                    88:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:51:14:33:58:5C:55:C6:D9:E6:80:8A:43:BD:85:D7:FA:0C:38:FA
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/RVEUM1hcVcbZ5oCKQ72F1_oMOPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.44.43.0/24
                  5.44.45.0/24
                  45.89.188.0/23
                  45.89.191.0/24
                  45.129.186.0/24
                  89.191.225.0/24
                  89.191.230.0/23
                  89.191.233.0/24
                  89.191.235.0/24
                  91.107.119.0/24
                  194.116.162.0/23
                  212.60.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:89:3b:71:3d:c9:ee:2c:1d:60:4d:c1:22:92:5b:b3:ac:94:
         22:59:a8:90:74:a2:0b:b0:f3:72:1a:2b:6c:d6:52:83:12:a3:
         e5:00:8b:d0:88:e5:5c:4b:9f:32:6d:6a:3a:6b:a2:10:78:52:
         f8:bb:b4:b3:d1:26:8d:fd:05:ae:16:d2:f1:b5:ce:37:9a:8f:
         60:5c:35:80:93:e0:e1:e7:9b:fe:61:c0:4f:9f:f2:ed:b4:d8:
         71:c7:df:a2:7d:8c:eb:b9:46:78:7c:df:b4:9e:35:c0:39:43:
         a8:43:33:18:7f:9f:94:7d:08:b9:2a:d6:5b:22:78:4c:f7:a6:
         1d:90:0e:16:d4:f6:61:06:3d:73:c6:e2:72:6f:9e:c4:ba:df:
         33:6d:99:2b:46:5c:0d:58:8e:a3:3e:6d:59:e8:1a:fd:b5:8e:
         d9:63:c2:f8:8e:80:19:70:e1:c5:b9:7a:b0:08:bb:a9:02:e3:
         1c:07:40:80:3d:9c:78:69:3a:6d:77:c0:37:b1:4f:07:44:10:
         c2:e3:f5:16:67:b7:91:a3:fb:94:35:97:c8:59:10:de:92:4e:
         40:46:8e:65:c8:27:22:31:cd:cd:e9:72:87:f2:28:22:64:36:
         ec:5c:d5:2b:75:7d:65:39:40:52:16:58:0b:57:1a:81:91:1e:
         ab:c4:e0:44
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY1qTlvy9cizSzHzazU/ws6rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjQwMjAyMTQ1MjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTUxMTQzMzU4NWM1NWM2ZDllNjgwOGE0M2JkODVkN2ZhMGMzOGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0V8sAK/Q5eZvG4efdL5O1HPx+dY3
OtqwGx6ne1hez86o8HkxuToBcLRRW9LAnMoHZIzA2CwWoOHpAhwaVEhYI5Z32Svk
f0k9BENq/aW326xLaa/IbIBBIp4ktuMLg3gEwnO7KRVsweHktmzfMPdyi4fyNfG/
KKG6Jp0oq917hORaTOq5fJ528Uvt3aeypen3FQvMIdjJKz2o0FEaP7jWpi31dvJK
NHYjRVMYAm2/PM/NuMbIB629paf7LYPnkquJri3DfLR3SUbzMgbDuYcw6+Kvy2EA
LHrj0GC5KeI2pscAU+T02ujMT89+25GE96nuoEobp22p8dV5/5qvFdGIiwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFEVRFDNYXFXG2eaAikO9hdf6DDj6MB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvUlZFVU0xaGNWY2JaNW9DS1E3MkYxX29NT1BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQABSwrAwQA
BSwtAwQBLVm8AwQALVm/AwQALYG6AwQAWb/hAwQBWb/mAwQAWb/pAwQAWb/rAwQA
W2t3AwQBwnSiAwQA1DwWMA0GCSqGSIb3DQEBCwUAA4IBAQBYiTtxPcnuLB1gTcEi
kluzrJQiWaiQdKILsPNyGits1lKDEqPlAIvQiOVcS58ybWo6a6IQeFL4u7Sz0SaN
/QWuFtLxtc43mo9gXDWAk+Dh55v+YcBPn/LttNhxx9+ifYzruUZ4fN+0njXAOUOo
QzMYf5+UfQi5KtZbInhM96YdkA4W1PZhBj1zxuJyb57Eut8zbZkrRlwNWI6jPm1Z
6Br9tY7ZY8L4joAZcOHFuXqwCLupAuMcB0CAPZx4aTptd8A3sU8HRBDC4/UWZ7eR
o/uUNZfIWRDekk5ARo5lyCciMc3N6XKH8igiZDbsXNUrdX1lOUBSFlgLVxqBkR6r
xOBE
-----END CERTIFICATE-----