Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/jYlSuC413GKePcPOjfeN8LFLwXs.roa
File:                     jYlSuC413GKePcPOjfeN8LFLwXs.roa (raw, json)
Hash identifier:          aaKRTI9D/s3P7YZnUGkxY6MppuiBpMGEMoVQzZFd+fM=
Subject key identifier:   8D:89:52:B8:2E:35:DC:62:9E:3D:C3:CE:8D:F7:8D:F0:B1:4B:C1:7B
Certificate issuer:       /CN=c6169716d0ae64068703140aa3730e3788fdd4c6
Certificate serial:       0193B5A7AB56D3DE0856CAEE865D3DC54ECB
Authority key identifier: C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/jYlSuC413GKePcPOjfeN8LFLwXs.roa
Signing time:             Wed 11 Dec 2024 12:18:04 +0000
ROA not before:           Wed 11 Dec 2024 12:18:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12679
IP address blocks:        45.134.13.0/24 maxlen: 24
                          212.8.224.0/22 maxlen: 22
                          212.8.228.0/24 maxlen: 24
                          2a07:500::/32 maxlen: 32
                          2a07:501::/32 maxlen: 32
                          2a07:502::/32 maxlen: 32
                          2a07:503::/32 maxlen: 32
                          2a07:504::/32 maxlen: 32
                          2a07:505::/32 maxlen: 32
                          2a07:506::/32 maxlen: 32
                          2a07:507::/32 maxlen: 32
                          2a0e:7c40::/32 maxlen: 32
                          2a0e:7c41::/32 maxlen: 32
                          2a0e:7c42::/32 maxlen: 32
                          2a0e:7c43::/32 maxlen: 32
                          2a0e:7c44::/32 maxlen: 32
                          2a0e:7c45::/32 maxlen: 32
                          2a0e:7c46::/32 maxlen: 32
                          2a0e:7c47::/32 maxlen: 32
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:b5:a7:ab:56:d3:de:08:56:ca:ee:86:5d:3d:c5:4e:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6169716d0ae64068703140aa3730e3788fdd4c6
        Validity
            Not Before: Dec 11 12:18:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d8952b82e35dc629e3dc3ce8df78df0b14bc17b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e1:f4:d9:73:8e:de:c9:70:94:53:9f:85:e7:
                    e2:a7:b1:07:88:b3:73:1a:ef:11:be:45:98:d5:cc:
                    7c:5e:e7:df:5d:35:aa:29:38:22:dc:1b:84:5b:ab:
                    8e:2e:1e:52:c7:8e:d9:54:2b:9a:b8:5b:d5:dc:a2:
                    92:92:9a:7e:98:9d:17:f7:09:71:f4:14:51:22:b1:
                    45:5f:03:00:23:b0:74:98:50:00:5b:f8:bb:ad:7a:
                    e3:ab:6f:18:28:da:66:6c:1e:a0:a1:33:fd:b1:9e:
                    6c:b5:b8:8b:c2:64:2d:99:06:17:9b:9b:e7:18:b0:
                    68:df:57:36:bc:6b:ba:2e:70:70:84:51:6e:b3:ab:
                    75:c3:01:16:c6:55:c9:65:66:90:b5:f2:1a:aa:1c:
                    f0:e1:e4:80:fb:0f:06:d4:6e:5d:be:8c:73:ec:1c:
                    ee:9b:ce:ae:d0:fb:b4:df:ff:cc:11:51:66:a0:29:
                    35:95:a7:b5:9a:59:1d:46:db:9f:8e:54:ad:0b:ce:
                    81:74:45:3c:28:23:73:20:75:fb:f2:ee:cc:c7:96:
                    40:46:11:1e:4b:ef:8a:ec:40:69:d2:7a:b1:b7:7f:
                    43:1f:17:72:6b:89:7d:21:05:9c:25:9b:2e:a3:58:
                    48:21:67:c6:73:42:3d:2d:78:80:58:ad:ef:c8:ed:
                    82:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:89:52:B8:2E:35:DC:62:9E:3D:C3:CE:8D:F7:8D:F0:B1:4B:C1:7B
            X509v3 Authority Key Identifier:
                keyid:C6:16:97:16:D0:AE:64:06:87:03:14:0A:A3:73:0E:37:88:FD:D4:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhaXFtCuZAaHAxQKo3MON4j91MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/jYlSuC413GKePcPOjfeN8LFLwXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/400685-f48e-4ab9-8e3f-042446b70fb1/1/xhaXFtCuZAaHAxQKo3MON4j91MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.13.0/24
                  212.8.224.0-212.8.228.255
                IPv6:
                  2a07:500::/29
                  2a0e:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:26:db:e4:d7:55:3a:bf:3c:92:dc:90:bb:b8:7a:3d:bd:9b:
         90:50:9f:7f:b1:cf:b8:c0:e7:b5:47:00:9a:4a:9d:38:62:b5:
         7b:94:eb:e1:3d:24:bf:17:b9:59:50:0c:20:bc:88:5d:dd:41:
         db:1b:7b:5b:49:47:10:a2:6b:71:da:19:22:8a:43:49:3e:ac:
         1e:f7:5d:9e:f0:3a:b6:6d:59:37:f7:85:83:20:b2:c4:75:5e:
         da:a9:3f:a6:86:2f:f3:b4:ff:f1:a3:8d:64:66:3c:08:5b:45:
         01:61:3e:e7:4b:b9:fb:8a:0c:1b:f3:78:32:ba:81:21:55:62:
         11:8b:34:eb:b4:96:a1:16:16:07:74:e1:50:24:72:2b:5c:0c:
         de:fc:8b:96:0a:fa:34:43:d4:c2:33:dc:04:1d:c3:9a:91:b9:
         cd:ae:82:37:4b:9c:55:29:d6:98:58:d4:d3:5d:bf:db:e2:f2:
         c3:8e:ad:fd:a4:da:9f:7c:0b:c0:cd:e9:78:26:92:ba:58:fe:
         ee:29:16:78:a1:f3:9e:1d:13:69:27:4b:df:f8:9f:4d:68:b4:
         3f:53:68:92:ea:61:71:54:f5:51:e7:e4:e3:86:78:a5:96:a6:
         65:37:d2:8a:7c:c1:7e:06:4d:4b:49:e6:c1:89:fb:84:b2:5c:
         19:f3:5d:a5
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZO1p6tW094IVsruhl09xU7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTY5NzE2ZDBhZTY0MDY4NzAzMTQwYWEzNzMwZTM3ODhm
ZGQ0YzYwHhcNMjQxMjExMTIxODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDg5NTJiODJlMzVkYzYyOWUzZGMzY2U4ZGY3OGRmMGIxNGJjMTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuH02XOO3slwlFOfhefip7EHiLNz
Gu8RvkWY1cx8XuffXTWqKTgi3BuEW6uOLh5Sx47ZVCuauFvV3KKSkpp+mJ0X9wlx
9BRRIrFFXwMAI7B0mFAAW/i7rXrjq28YKNpmbB6goTP9sZ5stbiLwmQtmQYXm5vn
GLBo31c2vGu6LnBwhFFus6t1wwEWxlXJZWaQtfIaqhzw4eSA+w8G1G5dvoxz7Bzu
m86u0Pu03//MEVFmoCk1lae1mlkdRtufjlStC86BdEU8KCNzIHX78u7Mx5ZARhEe
S++K7EBp0nqxt39DHxdya4l9IQWcJZsuo1hIIWfGc0I9LXiAWK3vyO2CyQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFI2JUrguNdxinj3Dzo33jfCxS8F7MB8GA1UdIwQY
MBaAFMYWlxbQrmQGhwMUCqNzDjeI/dTGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2Yt
MDQyNDQ2YjcwZmIxLzEvallsU3VDNDEzR0tlUGNQT2pmZU44TEZMd1hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC80MDA2ODUtZjQ4ZS00YWI5LThlM2YtMDQyNDQ2YjcwZmIx
LzEveGhhWEZ0Q3VaQWFIQXhRS28zTU9ONGo5MU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAaBAIAATAUAwQALYYNMAwD
BAXUCOADBADUCOQwFAQCAAIwDgMFAyoHBQADBQMqDnxAMA0GCSqGSIb3DQEBCwUA
A4IBAQAfJtvk11U6vzyS3JC7uHo9vZuQUJ9/sc+4wOe1RwCaSp04YrV7lOvhPSS/
F7lZUAwgvIhd3UHbG3tbSUcQomtx2hkiikNJPqwe912e8Dq2bVk394WDILLEdV7a
qT+mhi/ztP/xo41kZjwIW0UBYT7nS7n7igwb83gyuoEhVWIRizTrtJahFhYHdOFQ
JHIrXAze/IuWCvo0Q9TCM9wEHcOakbnNroI3S5xVKdaYWNTTXb/b4vLDjq39pNqf
fAvAzel4JpK6WP7uKRZ4ofOeHRNpJ0vf+J9NaLQ/U2iS6mFxVPVR5+TjhnillqZl
N9KKfMF+Bk1LSebBifuEslwZ812l
-----END CERTIFICATE-----