Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/G3mWr53RoVcWVeZ9JPSYvgfasEE.roa
File:                     G3mWr53RoVcWVeZ9JPSYvgfasEE.roa (raw, json)
Hash identifier:          I3FOysA+HEWcMxetPT5BfxgbA1ISmOiDLhwu1tzxtNs=
Subject key identifier:   1B:79:96:AF:9D:D1:A1:57:16:55:E6:7D:24:F4:98:BE:07:DA:B0:41
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0194510247C43D34CB05A8AE0FAB8B6556A9
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/G3mWr53RoVcWVeZ9JPSYvgfasEE.roa
Signing time:             Fri 10 Jan 2025 16:18:11 +0000
ROA not before:           Fri 10 Jan 2025 16:18:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.155.0/24 maxlen: 24
                          194.85.251.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          194.87.224.0/24 maxlen: 24
                          194.135.33.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.59.0/24 maxlen: 24
                          195.133.92.0/23 maxlen: 23
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:51:02:47:c4:3d:34:cb:05:a8:ae:0f:ab:8b:65:56:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan 10 16:18:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b7996af9dd1a1571655e67d24f498be07dab041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5f:98:6c:af:31:1e:f6:a4:e5:3e:c4:55:d7:
                    2f:8b:63:c1:57:5f:e1:8f:3d:d0:62:5a:66:9d:bb:
                    d8:cf:6b:50:28:c6:68:9e:2d:27:c6:f2:8e:88:7e:
                    f1:e7:76:5c:3e:84:57:73:5d:f8:e1:6f:7e:60:67:
                    37:8e:9c:a8:c8:e4:ae:49:ba:bf:47:5a:fe:5b:01:
                    a9:1b:5d:7e:f6:31:fb:42:ce:d2:8d:a2:cb:ff:35:
                    58:64:21:06:60:ff:03:bb:ae:1e:83:53:67:44:a1:
                    01:0f:b6:ae:bf:a9:bd:6a:31:ab:34:5f:41:54:31:
                    15:bd:9f:19:35:ce:95:5f:86:d9:f9:2b:7c:64:69:
                    a3:7d:5c:eb:a8:2a:3d:d0:ef:d5:d6:af:1f:d1:75:
                    34:71:83:1c:05:19:b2:f7:6e:f1:c3:00:25:93:84:
                    9e:a1:c2:64:41:f4:a4:89:9d:df:c1:41:2b:44:00:
                    28:6e:ef:d0:5f:4a:d6:56:67:dd:05:70:49:b0:e1:
                    c9:13:7c:de:4f:83:f8:1b:d7:28:ca:84:90:96:e9:
                    af:6f:3e:82:f4:44:cd:6a:b4:6a:6f:1e:33:3c:b1:
                    b9:f0:52:8e:d0:af:81:a6:ce:56:bb:28:db:9b:5c:
                    98:87:ae:37:ce:f5:8b:bc:c3:2d:e0:1c:6d:33:6e:
                    e2:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:79:96:AF:9D:D1:A1:57:16:55:E6:7D:24:F4:98:BE:07:DA:B0:41
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/G3mWr53RoVcWVeZ9JPSYvgfasEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.155.0/24
                  194.85.251.0/24
                  194.87.169.0/24
                  194.87.224.0/24
                  194.135.33.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.59.0/24
                  195.133.92.0/23
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:d0:3c:da:f7:5d:a5:4f:e7:62:1e:4f:23:11:2c:3b:8f:b3:
         ef:b0:d2:99:5e:b7:71:2c:bb:58:d3:64:76:9f:c8:b0:ed:30:
         64:29:f9:7e:8f:33:46:b6:d9:06:3c:b6:03:40:b1:7f:fc:7e:
         6d:8b:30:97:bf:be:00:f6:ad:67:94:ed:49:37:19:3d:5a:b5:
         e9:3d:e4:91:d6:fc:08:6c:87:42:cb:42:42:19:b4:82:e4:45:
         b9:eb:b6:09:9a:38:38:62:1c:6a:50:17:cf:f5:9f:58:c4:dc:
         a4:b5:af:e8:91:99:3b:50:bb:11:28:d2:6a:41:d3:ca:74:33:
         a1:13:41:f9:d2:84:2f:a5:39:e3:05:9e:43:4d:0d:15:9e:70:
         d2:11:3b:ae:0d:66:0f:67:e4:34:ab:32:5c:bf:5b:fc:7f:1f:
         62:df:74:13:bc:fb:67:5e:d7:1a:d0:b8:b8:dd:d1:30:74:55:
         0d:c2:93:d5:2e:d7:21:6d:d6:e7:ea:09:76:ca:62:28:f9:1e:
         77:3c:95:11:d5:bc:d6:2e:28:95:51:47:e1:68:48:08:86:22:
         16:bb:4f:17:9f:43:28:b2:74:72:0d:f5:67:86:e7:f6:05:9f:
         9a:14:ab:57:e5:0d:29:e3:78:93:c6:8d:c9:12:4e:5f:73:63:
         39:00:4f:f8
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZRRAkfEPTTLBaiuD6uLZVapMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTEwMTYxODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjc5OTZhZjlkZDFhMTU3MTY1NWU2N2QyNGY0OThiZTA3ZGFiMDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsl+YbK8xHvak5T7EVdcvi2PBV1/h
jz3QYlpmnbvYz2tQKMZoni0nxvKOiH7x53ZcPoRXc1344W9+YGc3jpyoyOSuSbq/
R1r+WwGpG11+9jH7Qs7SjaLL/zVYZCEGYP8Du64eg1NnRKEBD7auv6m9ajGrNF9B
VDEVvZ8ZNc6VX4bZ+St8ZGmjfVzrqCo90O/V1q8f0XU0cYMcBRmy927xwwAlk4Se
ocJkQfSkiZ3fwUErRAAobu/QX0rWVmfdBXBJsOHJE3zeT4P4G9coyoSQlumvbz6C
9ETNarRqbx4zPLG58FKO0K+Bps5Wuyjbm1yYh643zvWLvMMt4BxtM27iTQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFBt5lq+d0aFXFlXmfST0mL4H2rBBMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRzNtV3I1M1JvVmNXVmVaOUpQU1l2Z2Zhc0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQAwjqbAwQA
wlX7AwQAwlepAwQAwlfgAwQAwochAwQBw4UYAwQBw4UoAwQBw4UyAwQAw4U7AwQB
w4VcAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOC
AQEAd9A82vddpU/nYh5PIxEsO4+z77DSmV63cSy7WNNkdp/IsO0wZCn5fo8zRrbZ
Bjy2A0Cxf/x+bYswl7++APatZ5TtSTcZPVq16T3kkdb8CGyHQstCQhm0guRFueu2
CZo4OGIcalAXz/WfWMTcpLWv6JGZO1C7ESjSakHTynQzoRNB+dKEL6U54wWeQ00N
FZ5w0hE7rg1mD2fkNKsyXL9b/H8fYt90E7z7Z17XGtC4uN3RMHRVDcKT1S7XIW3W
5+oJdspiKPkedzyVEdW81i4olVFH4WhICIYiFrtPF59DKLJ0cg31Z4bn9gWfmhSr
V+UNKeN4k8aNyRJOX3NjOQBP+A==
-----END CERTIFICATE-----