Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rqpiJPG0kUkUd4BuEbYQtaIY04Q.roa
File:                     rqpiJPG0kUkUd4BuEbYQtaIY04Q.roa (raw, json)
Hash identifier:          tacc2xq3myo3gedXrLJfg8XAI8EDIKfoZisI+v5ytGs=
Subject key identifier:   AE:AA:62:24:F1:B4:91:49:14:77:80:6E:11:B6:10:B5:A2:18:D3:84
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018BA4AB893B155A99BF11DB53F641B49AE4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rqpiJPG0kUkUd4BuEbYQtaIY04Q.roa
Signing time:             Mon 06 Nov 2023 12:46:27 +0000
ROA not before:           Mon 06 Nov 2023 12:46:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200105
IP address blocks:        87.121.124.0/23 maxlen: 24
                          81.161.230.0/24 maxlen: 24
                          178.215.226.0/24 maxlen: 24
                          91.200.192.0/22 maxlen: 24
                          45.9.156.0/24 maxlen: 24
                          45.139.104.0/24 maxlen: 24
                          45.129.84.0/24 maxlen: 24
                          45.129.86.0/24 maxlen: 24
                          147.78.100.0/23 maxlen: 24
                          94.154.172.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a4:ab:89:3b:15:5a:99:bf:11:db:53:f6:41:b4:9a:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Nov  6 12:46:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aeaa6224f1b491491477806e11b610b5a218d384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bf:33:ad:d7:94:a2:59:09:fe:b8:98:47:e9:
                    1e:a9:39:9c:a7:cb:a8:f2:6a:e2:c3:b2:36:73:a4:
                    a5:fc:77:ef:83:58:55:73:f8:97:40:97:0b:10:f0:
                    51:a6:96:fa:74:d0:32:82:e7:9b:01:57:07:17:a9:
                    ee:c4:4c:a2:6f:5b:4f:84:e2:cb:ed:6d:27:c7:58:
                    54:33:17:27:2a:19:e2:11:0d:68:8b:de:81:be:0a:
                    fa:e2:3d:9b:7d:4b:1b:fe:c7:25:96:93:14:04:09:
                    17:5d:b5:86:91:c1:de:1d:85:86:91:56:72:44:7c:
                    e9:1f:4d:b5:8c:c8:83:b5:f6:f4:56:fd:1f:34:52:
                    1f:55:79:80:0e:82:c0:d1:7f:70:7c:bd:41:f8:d8:
                    4a:bb:b6:bf:47:7d:52:57:5d:9b:25:94:70:e4:43:
                    79:cb:5c:dc:d1:56:d9:39:f8:9a:9e:7e:a9:de:da:
                    cb:a5:a6:48:f1:11:a0:c0:63:8a:cf:dd:54:70:11:
                    cd:56:c0:a2:f4:9e:bf:1e:fe:da:29:3c:31:c5:11:
                    27:37:52:04:5f:a5:7b:24:f0:a1:38:fd:14:72:7f:
                    2a:74:81:a0:73:6a:a5:62:7a:9d:78:59:81:62:ea:
                    1c:64:56:83:91:63:43:91:c3:6e:f9:25:94:42:c6:
                    d0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:AA:62:24:F1:B4:91:49:14:77:80:6E:11:B6:10:B5:A2:18:D3:84
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rqpiJPG0kUkUd4BuEbYQtaIY04Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.156.0/24
                  45.129.84.0/24
                  45.129.86.0/24
                  45.139.104.0/24
                  81.161.230.0/24
                  87.121.124.0/23
                  91.200.192.0/22
                  94.154.172.0/24
                  147.78.100.0/23
                  178.215.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:ad:5c:54:5b:85:4a:24:59:0f:6f:bb:eb:12:b1:2d:69:43:
         28:66:aa:c2:36:47:42:cd:a5:c6:2d:50:42:da:01:ff:40:80:
         18:38:e3:d3:cd:67:d2:e4:a6:22:e1:41:1e:f4:80:cb:04:10:
         76:8d:ba:10:fa:9f:3a:e6:e6:a9:f5:d3:e4:4c:ac:f3:7e:21:
         d3:b3:e9:82:44:b9:cd:7c:5e:8d:a9:ee:a3:4a:24:24:3d:fc:
         5a:a5:37:95:1f:fb:c9:36:4b:06:59:d8:b6:c2:50:d9:c2:b1:
         1c:b7:c7:50:c6:fb:64:84:a2:98:ff:20:b3:b2:7a:39:42:3e:
         88:50:ce:b4:6f:cf:db:62:06:5d:df:ac:33:8f:5b:a7:51:7b:
         cc:dd:ec:20:1d:17:38:d9:ec:0d:6e:78:e0:5d:9b:6f:36:82:
         9b:f6:7e:ff:29:b2:30:b5:5d:91:bf:88:df:6b:4d:6a:81:11:
         00:51:24:c2:67:af:b3:11:89:d5:e7:f6:fb:fe:3c:2d:17:f4:
         f2:1a:10:96:b1:b7:1b:ea:8a:3f:d1:2b:94:95:44:f8:1f:d6:
         30:73:d0:72:7a:32:e0:89:9b:d4:af:20:af:0d:4f:2c:94:b3:
         50:7d:00:4a:47:eb:d1:24:41:bf:56:6e:96:08:83:1b:13:e2:
         84:00:1a:30
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYukq4k7FVqZvxHbU/ZBtJrkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMTA2MTI0NjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWFhNjIyNGYxYjQ5MTQ5MTQ3NzgwNmUxMWI2MTBiNWEyMThkMzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvb8zrdeUolkJ/riYR+keqTmcp8uo
8mriw7I2c6Sl/Hfvg1hVc/iXQJcLEPBRppb6dNAyguebAVcHF6nuxEyib1tPhOLL
7W0nx1hUMxcnKhniEQ1oi96Bvgr64j2bfUsb/scllpMUBAkXXbWGkcHeHYWGkVZy
RHzpH021jMiDtfb0Vv0fNFIfVXmADoLA0X9wfL1B+NhKu7a/R31SV12bJZRw5EN5
y1zc0VbZOfiann6p3trLpaZI8RGgwGOKz91UcBHNVsCi9J6/Hv7aKTwxxREnN1IE
X6V7JPChOP0Ucn8qdIGgc2qlYnqdeFmBYuocZFaDkWNDkcNu+SWUQsbQBQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFK6qYiTxtJFJFHeAbhG2ELWiGNOEMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcnFwaUpQRzBrVWtVZDRCdUViWVF0YUlZMDRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALQmcAwQA
LYFUAwQALYFWAwQALYtoAwQAUaHmAwQBV3l8AwQCW8jAAwQAXpqsAwQBk05kAwQA
stfiMA0GCSqGSIb3DQEBCwUAA4IBAQBIrVxUW4VKJFkPb7vrErEtaUMoZqrCNkdC
zaXGLVBC2gH/QIAYOOPTzWfS5KYi4UEe9IDLBBB2jboQ+p865uap9dPkTKzzfiHT
s+mCRLnNfF6Nqe6jSiQkPfxapTeVH/vJNksGWdi2wlDZwrEct8dQxvtkhKKY/yCz
sno5Qj6IUM60b8/bYgZd36wzj1unUXvM3ewgHRc42ewNbnjgXZtvNoKb9n7/KbIw
tV2Rv4jfa01qgREAUSTCZ6+zEYnV5/b7/jwtF/TyGhCWsbcb6oo/0SuUlUT4H9Yw
c9ByejLgiZvUryCvDU8slLNQfQBKR+vRJEG/Vm6WCIMbE+KEABow
-----END CERTIFICATE-----