Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ro3KFF_ayQdNVahByN2V1XwtT3A.roa
File:                     Ro3KFF_ayQdNVahByN2V1XwtT3A.roa (raw, json)
Hash identifier:          N4yuMLaaapWcU/4AlJ3UQZCyRKiVJGWHXZxwHzVokKM=
Subject key identifier:   46:8D:CA:14:5F:DA:C9:07:4D:55:A8:41:C8:DD:95:D5:7C:2D:4F:70
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01922E33A308C18E3F3D87860C13B1623EF1
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ro3KFF_ayQdNVahByN2V1XwtT3A.roa
Signing time:             Thu 26 Sep 2024 11:59:48 +0000
ROA not before:           Thu 26 Sep 2024 11:59:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.58.155.0/24 maxlen: 24
                          194.87.82.0/24 maxlen: 24
                          194.87.169.0/24 maxlen: 24
                          195.133.24.0/23 maxlen: 23
                          195.133.40.0/23 maxlen: 23
                          195.133.50.0/23 maxlen: 23
                          195.133.92.0/23 maxlen: 23
                          212.192.1.0/24 maxlen: 24
                          212.193.26.0/23 maxlen: 23
                          2a01:57c0::/29 maxlen: 29
                          2a0c:ff40::/29 maxlen: 29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2e:33:a3:08:c1:8e:3f:3d:87:86:0c:13:b1:62:3e:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep 26 11:59:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=468dca145fdac9074d55a841c8dd95d57c2d4f70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f8:63:e0:9a:4d:6e:5f:42:ed:04:5d:dd:fd:
                    48:ad:4c:f5:e9:83:f3:46:dc:e5:ea:5f:6b:cc:42:
                    85:b6:5b:be:c3:a6:6e:03:da:b3:6d:d8:d3:14:08:
                    74:3d:06:14:50:24:26:d2:bd:11:69:77:f3:3e:00:
                    55:27:4c:c8:f1:d0:9e:55:81:7c:ff:40:a2:8a:bb:
                    f0:55:c6:79:64:a1:7b:9f:6d:60:61:b1:56:97:07:
                    98:92:a0:25:1b:17:82:56:da:1c:83:0f:50:cf:41:
                    c4:3d:d9:50:b2:be:40:22:42:22:90:7a:9d:23:61:
                    d8:c3:94:8b:ab:b2:78:01:6a:fb:6e:aa:07:81:b4:
                    7a:35:d7:68:b3:af:04:5b:f0:6d:29:3b:9d:45:a2:
                    8a:1c:af:cc:5e:8f:56:3b:57:74:81:4e:c4:07:d7:
                    b0:bb:19:ed:b7:34:bd:f2:59:e0:ce:83:8a:f1:47:
                    0a:7d:83:bd:e6:63:3e:22:fd:e7:37:5f:1d:90:be:
                    08:e0:7d:cd:bd:64:f2:7b:5b:c8:34:00:b4:01:a0:
                    50:de:ce:37:49:c7:f0:dd:d7:a1:62:dd:5f:d8:38:
                    21:14:15:b7:c0:10:d8:37:65:0f:ed:05:c6:f0:08:
                    a2:71:44:50:ff:6a:c3:2a:3c:54:12:da:76:0f:85:
                    87:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:8D:CA:14:5F:DA:C9:07:4D:55:A8:41:C8:DD:95:D5:7C:2D:4F:70
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ro3KFF_ayQdNVahByN2V1XwtT3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.155.0/24
                  194.87.82.0/24
                  194.87.169.0/24
                  195.133.24.0/23
                  195.133.40.0/23
                  195.133.50.0/23
                  195.133.92.0/23
                  212.192.1.0/24
                  212.193.26.0/23
                IPv6:
                  2a01:57c0::/29
                  2a0c:ff40::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:b2:b6:87:73:08:d9:d4:0c:f3:58:78:b5:d3:a2:63:3e:32:
         e7:f2:56:a1:ba:0e:94:2d:c1:51:aa:a6:ba:43:47:bb:9f:fb:
         64:8e:6e:d5:21:43:bd:cd:b3:7c:d0:e2:b7:11:e3:e8:ca:3b:
         47:86:cf:c8:4c:b0:d2:7c:cb:5d:08:c8:9f:a2:e8:2b:db:24:
         da:62:39:f4:e6:69:f7:66:2e:ee:70:20:03:09:fa:52:a1:71:
         14:17:90:fe:63:e3:54:b5:01:32:9d:5f:fd:71:e4:2c:10:f5:
         a3:29:3c:d2:3f:95:58:ad:e0:de:68:f9:b5:0a:53:29:c8:79:
         11:db:37:4b:e2:8b:38:67:af:6d:41:77:67:ba:61:a8:99:b8:
         8e:c6:8b:d9:76:13:3e:65:7a:f2:16:83:40:ee:5d:77:a9:bc:
         8b:b0:34:0f:71:c4:ea:8f:35:41:a7:0a:bf:7e:e8:62:4a:6e:
         fd:ad:3e:1b:e9:16:de:93:46:d3:ff:4e:ba:58:4a:54:84:e6:
         a1:cc:22:eb:f5:b1:fd:e3:b7:88:a4:80:ce:f2:58:e5:e0:e6:
         39:99:7f:f4:9c:28:02:ff:b0:8a:08:d0:07:48:85:30:81:75:
         6b:8f:b2:b3:23:bf:31:57:df:98:25:87:f0:11:1d:53:99:d3:
         7c:13:6b:a2
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZIuM6MIwY4/PYeGDBOxYj7xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwOTI2MTE1OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjhkY2ExNDVmZGFjOTA3NGQ1NWE4NDFjOGRkOTVkNTdjMmQ0ZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6fhj4JpNbl9C7QRd3f1IrUz16YPz
Rtzl6l9rzEKFtlu+w6ZuA9qzbdjTFAh0PQYUUCQm0r0RaXfzPgBVJ0zI8dCeVYF8
/0CiirvwVcZ5ZKF7n21gYbFWlweYkqAlGxeCVtocgw9Qz0HEPdlQsr5AIkIikHqd
I2HYw5SLq7J4AWr7bqoHgbR6Nddos68EW/BtKTudRaKKHK/MXo9WO1d0gU7EB9ew
uxnttzS98lngzoOK8UcKfYO95mM+Iv3nN18dkL4I4H3NvWTye1vINAC0AaBQ3s43
Scfw3dehYt1f2DghFBW3wBDYN2UP7QXG8AiicURQ/2rDKjxUEtp2D4WH3wIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFEaNyhRf2skHTVWoQcjdldV8LU9wMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUm8zS0ZGX2F5UWROVmFoQnlOMlYxWHd0VDNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQAwjqbAwQA
wldSAwQAwlepAwQBw4UYAwQBw4UoAwQBw4UyAwQBw4VcAwQA1MABAwQB1MEaMBQE
AgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEACLK2h3MI2dQM
81h4tdOiYz4y5/JWoboOlC3BUaqmukNHu5/7ZI5u1SFDvc2zfNDitxHj6Mo7R4bP
yEyw0nzLXQjIn6LoK9sk2mI59OZp92Yu7nAgAwn6UqFxFBeQ/mPjVLUBMp1f/XHk
LBD1oyk80j+VWK3g3mj5tQpTKch5Eds3S+KLOGevbUF3Z7phqJm4jsaL2XYTPmV6
8haDQO5dd6m8i7A0D3HE6o81QacKv37oYkpu/a0+G+kW3pNG0/9OulhKVITmocwi
6/Wx/eO3iKSAzvJY5eDmOZl/9JwoAv+wigjQB0iFMIF1a4+ysyO/MVffmCWH8BEd
U5nTfBNrog==
-----END CERTIFICATE-----