Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/3Tctrd4Qqcn0fZSSjI4NoMq6YzQ.roa
File:                     3Tctrd4Qqcn0fZSSjI4NoMq6YzQ.roa (raw, json)
Hash identifier:          cKq7tIsuqLAuuM+zwTXjCs7dHv8trHEFZ15cMuQVc+s=
Subject key identifier:   DD:37:2D:AD:DE:10:A9:C9:F4:7D:94:92:8C:8E:0D:A0:CA:BA:63:34
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018737ECBF115085DD3E546F17E20BE8B551
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/3Tctrd4Qqcn0fZSSjI4NoMq6YzQ.roa
Signing time:             Fri 31 Mar 2023 13:47:54 +0000
ROA not before:           Fri 31 Mar 2023 13:47:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6079
IP address blocks:        45.138.0.0/23 maxlen: 23
                          45.134.176.0/23 maxlen: 23
                          46.161.218.0/23 maxlen: 23
                          2a0e:eb45::/32 maxlen: 32
                          2a0c:9e05::/32 maxlen: 32
                          2a0e:eb46::/32 maxlen: 32
                          2a0e:eb41::/32 maxlen: 32
                          2a0e:eb43::/32 maxlen: 32
                          2a0e:eb47::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:37:ec:bf:11:50:85:dd:3e:54:6f:17:e2:0b:e8:b5:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Mar 31 13:47:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dd372dadde10a9c9f47d94928c8e0da0caba6334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:dd:bd:4f:85:e4:5c:43:87:66:28:de:c6:4f:
                    14:79:ff:13:dc:af:46:50:71:1d:57:9b:4b:8e:03:
                    38:5a:ce:f0:a3:7f:98:d0:a3:99:85:61:b0:21:58:
                    b8:80:47:b5:45:96:02:25:43:b4:14:43:b8:66:07:
                    3c:72:52:b3:2e:fe:f1:62:fc:9d:38:36:8e:1a:6c:
                    d4:13:24:09:57:f8:b4:7a:b9:60:21:42:4a:b1:59:
                    9e:f9:85:e4:69:de:d1:a9:9e:6e:b3:c1:9d:74:88:
                    d4:b9:85:a0:52:5b:99:25:5c:84:5f:42:05:cf:78:
                    57:af:5f:e7:42:05:f0:c9:75:f9:a4:e9:9f:30:e4:
                    6e:c1:5e:82:82:92:db:72:b2:17:36:47:eb:1d:47:
                    fa:10:7a:cb:26:5f:04:f6:c3:c6:a0:11:55:ec:99:
                    c4:df:23:2b:31:e4:2d:4c:fc:ae:3e:3e:11:f8:54:
                    c4:94:68:30:09:5c:96:ca:12:b8:23:ee:2a:17:06:
                    08:1f:e9:c7:5b:80:0f:47:c8:a4:51:1c:1b:13:85:
                    53:91:0a:12:c2:b1:1e:65:dd:0c:ed:a0:c4:b0:00:
                    ce:0d:5f:5b:40:79:f7:a3:be:a1:2d:d4:0a:bd:4b:
                    c8:aa:cc:a5:d5:02:81:48:50:6f:d5:ae:a0:57:df:
                    23:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:37:2D:AD:DE:10:A9:C9:F4:7D:94:92:8C:8E:0D:A0:CA:BA:63:34
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/3Tctrd4Qqcn0fZSSjI4NoMq6YzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.176.0/23
                  45.138.0.0/23
                  46.161.218.0/23
                IPv6:
                  2a0c:9e05::/32
                  2a0e:eb41::/32
                  2a0e:eb43::/32
                  2a0e:eb45::-2a0e:eb47:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         10:3a:f9:ab:ef:9a:7f:2e:54:54:7c:00:93:b6:1a:51:ce:35:
         1c:ae:3c:84:70:74:59:ca:9a:5f:32:e2:d6:a1:64:67:0b:94:
         7e:47:1d:c5:f7:a1:bb:12:ca:d9:80:4e:f1:ad:1c:f5:21:d7:
         8a:fe:6d:b8:6f:76:bd:06:8a:34:f2:ce:83:b4:94:90:08:c9:
         1f:17:71:82:7a:7e:ef:42:82:4a:16:d2:df:76:af:1d:13:72:
         63:c2:fd:37:37:49:79:f7:76:2a:4c:c3:98:73:de:b0:61:1f:
         fe:b3:8d:18:41:dc:fe:c2:bb:8f:35:08:68:c2:c5:85:cd:62:
         80:aa:93:ad:e6:70:6a:03:73:76:c2:2d:14:2e:f3:f6:1e:d8:
         09:fb:13:67:50:72:86:d6:c8:ec:61:ab:5f:34:2e:ef:10:74:
         a4:e7:e1:37:23:66:54:23:46:a5:ca:65:ce:35:4d:dc:80:16:
         6b:16:57:9e:3d:8c:78:d3:f7:0f:09:c5:b2:6f:62:fb:82:a0:
         2f:de:4e:8a:27:22:fc:a8:3d:67:88:73:0f:44:89:e5:27:84:
         8c:67:96:77:75:1e:f0:3f:d5:f1:22:85:0c:45:b9:f9:f1:74:
         0a:d7:db:98:40:5a:49:c1:7f:29:91:fe:c3:3b:ea:dc:7d:30:
         aa:e7:c4:bf
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYc37L8RUIXdPlRvF+IL6LVRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjMwMzMxMTM0NzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDM3MmRhZGRlMTBhOWM5ZjQ3ZDk0OTI4YzhlMGRhMGNhYmE2MzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnd29T4XkXEOHZijexk8Uef8T3K9G
UHEdV5tLjgM4Ws7wo3+Y0KOZhWGwIVi4gEe1RZYCJUO0FEO4Zgc8clKzLv7xYvyd
ODaOGmzUEyQJV/i0erlgIUJKsVme+YXkad7RqZ5us8GddIjUuYWgUluZJVyEX0IF
z3hXr1/nQgXwyXX5pOmfMORuwV6CgpLbcrIXNkfrHUf6EHrLJl8E9sPGoBFV7JnE
3yMrMeQtTPyuPj4R+FTElGgwCVyWyhK4I+4qFwYIH+nHW4APR8ikURwbE4VTkQoS
wrEeZd0M7aDEsADODV9bQHn3o76hLdQKvUvIqsyl1QKBSFBv1a6gV98jFwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFN03La3eEKnJ9H2UkoyODaDKumM0MB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvM1RjdHJkNFFxY24wZlpTU2pJNE5vTXE2WXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzAYBAIAATASAwQBLYawAwQB
LYoAAwQBLqHaMCsEAgACMCUDBQAqDJ4FAwUAKg7rQQMFACoO60MwDgMFACoO60UD
BQMqDutAMA0GCSqGSIb3DQEBCwUAA4IBAQAQOvmr75p/LlRUfACTthpRzjUcrjyE
cHRZyppfMuLWoWRnC5R+Rx3F96G7EsrZgE7xrRz1IdeK/m24b3a9Boo08s6DtJSQ
CMkfF3GCen7vQoJKFtLfdq8dE3Jjwv03N0l593YqTMOYc96wYR/+s40YQdz+wruP
NQhowsWFzWKAqpOt5nBqA3N2wi0ULvP2HtgJ+xNnUHKG1sjsYatfNC7vEHSk5+E3
I2ZUI0alymXONU3cgBZrFleePYx40/cPCcWyb2L7gqAv3k6KJyL8qD1niHMPRInl
J4SMZ5Z3dR7wP9XxIoUMRbn58XQK19uYQFpJwX8pkf7DO+rcfTCq58S/
-----END CERTIFICATE-----