Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CGqNTi7Ly9FFmEexKJ8zNlwIPhQ.roa
File:                     CGqNTi7Ly9FFmEexKJ8zNlwIPhQ.roa (raw, json)
Hash identifier:          Ewu6Sqitl/JRn03dYk1O9guKzxqdYPSL/+SC64602y8=
Subject key identifier:   08:6A:8D:4E:2E:CB:CB:D1:45:98:47:B1:28:9F:33:36:5C:08:3E:14
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018B84BCA20050D9C073B0B656A3E0DA7D57
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CGqNTi7Ly9FFmEexKJ8zNlwIPhQ.roa
Signing time:             Tue 31 Oct 2023 07:57:16 +0000
ROA not before:           Tue 31 Oct 2023 07:57:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207459
IP address blocks:        84.54.49.0/24 maxlen: 24
                          85.217.145.0/24 maxlen: 24
                          193.149.29.0/24 maxlen: 24
                          193.149.30.0/24 maxlen: 24
                          94.156.176.0/24 maxlen: 24
                          193.149.28.0/22 maxlen: 22
                          193.149.31.0/24 maxlen: 24
                          193.149.28.0/24 maxlen: 24
                          45.84.90.0/24 maxlen: 24
                          185.226.175.0/24 maxlen: 24
                          212.115.41.0/24 maxlen: 24
                          79.110.50.0/24 maxlen: 24
                          79.110.51.0/24 maxlen: 24
                          194.49.86.0/24 maxlen: 24
                          45.151.90.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:84:bc:a2:00:50:d9:c0:73:b0:b6:56:a3:e0:da:7d:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Oct 31 07:57:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=086a8d4e2ecbcbd1459847b1289f33365c083e14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7f:27:47:84:24:e4:97:eb:bf:c4:6e:26:e5:
                    31:1a:aa:2f:6f:22:13:6f:60:4f:08:13:87:97:ff:
                    c4:f5:f7:bb:fa:ad:9c:94:d8:9f:65:76:4f:bc:18:
                    c1:21:0c:1b:b2:e8:3f:23:6a:d3:13:e3:58:8e:c1:
                    90:8b:84:4d:24:42:47:5d:f1:75:76:20:70:c3:96:
                    b1:85:d1:89:b0:ba:d9:c0:4e:d1:f6:2d:16:2f:af:
                    8e:61:7b:c7:7a:50:ca:08:a4:a2:96:00:a2:d6:f1:
                    ba:2e:67:af:79:84:e5:0f:d9:b3:09:4e:4b:b8:c1:
                    03:77:9a:ec:e5:5e:a5:a7:8a:06:93:64:88:99:b1:
                    d0:2f:35:0a:c8:12:36:41:aa:01:e3:70:3a:2b:3a:
                    33:86:2b:8d:b7:1e:5a:89:a9:9e:ee:d0:16:1b:66:
                    aa:a9:47:f2:61:c9:ba:49:5f:64:bb:5e:87:d0:3d:
                    d4:c2:0d:c0:ff:42:b5:af:66:4d:fc:f6:79:39:5c:
                    11:ab:19:21:99:0f:ac:3a:2f:a7:f2:32:8a:83:58:
                    f3:e5:fa:33:74:10:1a:bb:ae:60:f3:98:90:e2:fb:
                    72:64:b3:0f:af:a8:3a:54:7b:fa:6a:81:a8:17:a3:
                    ba:e2:db:44:74:ae:f7:75:13:b1:44:52:c2:86:05:
                    9e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:6A:8D:4E:2E:CB:CB:D1:45:98:47:B1:28:9F:33:36:5C:08:3E:14
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CGqNTi7Ly9FFmEexKJ8zNlwIPhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.90.0/24
                  45.151.90.0/24
                  79.110.50.0/23
                  84.54.49.0/24
                  85.217.145.0/24
                  94.156.176.0/24
                  185.226.175.0/24
                  193.149.28.0/22
                  194.49.86.0/24
                  212.115.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:af:45:72:30:aa:e9:24:6d:1f:46:22:69:92:fa:5c:46:51:
         d3:4d:72:c3:8f:f3:67:e1:5b:6e:5e:71:fb:42:7e:4e:9c:94:
         18:a0:5c:7d:94:9f:80:6b:41:0d:29:23:52:7d:ed:8a:de:0b:
         68:b0:b3:2e:d9:36:70:1e:14:08:81:8d:35:15:9c:69:bd:8c:
         f9:eb:5f:74:8a:ca:54:48:da:d4:70:a9:55:85:bf:a5:7d:0d:
         57:fc:09:de:67:56:75:3b:d9:4e:a6:e4:93:f3:50:bb:75:8f:
         09:90:4d:d7:2b:8f:8f:67:e0:52:cf:43:53:db:f8:b1:84:59:
         50:84:2e:46:3a:14:bb:a9:46:48:74:f3:7c:c6:f9:20:c2:6a:
         f2:87:de:5a:c8:12:03:22:81:88:7f:0e:16:9a:08:c8:ef:fd:
         3c:64:39:24:4b:d2:ab:96:0b:c1:b5:07:43:36:de:57:9a:d5:
         cc:8c:2f:61:57:28:82:3b:38:08:c4:6b:bd:6c:e6:85:56:83:
         b4:ac:70:23:c8:9d:95:c1:2a:9a:f7:c1:14:b1:71:79:41:25:
         2e:bd:92:64:4e:17:9d:60:a9:79:5b:10:09:e3:3b:3b:e2:30:
         c5:f2:67:55:25:28:da:ba:40:60:9f:c3:aa:51:e1:86:cd:92:
         a8:37:b6:9d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYuEvKIAUNnAc7C2VqPg2n1XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMDMxMDc1NzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODZhOGQ0ZTJlY2JjYmQxNDU5ODQ3YjEyODlmMzMzNjVjMDgzZTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArX8nR4Qk5Jfrv8RuJuUxGqovbyIT
b2BPCBOHl//E9fe7+q2clNifZXZPvBjBIQwbsug/I2rTE+NYjsGQi4RNJEJHXfF1
diBww5axhdGJsLrZwE7R9i0WL6+OYXvHelDKCKSilgCi1vG6LmeveYTlD9mzCU5L
uMEDd5rs5V6lp4oGk2SImbHQLzUKyBI2QaoB43A6KzozhiuNtx5aiame7tAWG2aq
qUfyYcm6SV9ku16H0D3Uwg3A/0K1r2ZN/PZ5OVwRqxkhmQ+sOi+n8jKKg1jz5foz
dBAau65g85iQ4vtyZLMPr6g6VHv6aoGoF6O64ttEdK73dROxRFLChgWeywIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFAhqjU4uy8vRRZhHsSifMzZcCD4UMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQ0dxTlRpN0x5OUZGbUVleEtKOHpObHdJUGhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALVRaAwQA
LZdaAwQBT24yAwQAVDYxAwQAVdmRAwQAXpywAwQAueKvAwQCwZUcAwQAwjFWAwQA
1HMpMA0GCSqGSIb3DQEBCwUAA4IBAQCGr0VyMKrpJG0fRiJpkvpcRlHTTXLDj/Nn
4VtuXnH7Qn5OnJQYoFx9lJ+Aa0ENKSNSfe2K3gtosLMu2TZwHhQIgY01FZxpvYz5
6190ispUSNrUcKlVhb+lfQ1X/AneZ1Z1O9lOpuST81C7dY8JkE3XK4+PZ+BSz0NT
2/ixhFlQhC5GOhS7qUZIdPN8xvkgwmryh95ayBIDIoGIfw4WmgjI7/08ZDkkS9Kr
lgvBtQdDNt5XmtXMjC9hVyiCOzgIxGu9bOaFVoO0rHAjyJ2VwSqa98EUsXF5QSUu
vZJkThedYKl5WxAJ4zs74jDF8mdVJSjaukBgn8OqUeGGzZKoN7ad
-----END CERTIFICATE-----