Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/C7SElCef9foPMw7k150X3y4VE4o.roa
File:                     C7SElCef9foPMw7k150X3y4VE4o.roa (raw, json)
Hash identifier:          Akh0e+XjoSkjbR0LPxjh9jXpiHyq4MhZTroPAMWt4qo=
Subject key identifier:   0B:B4:84:94:27:9F:F5:FA:0F:33:0E:E4:D7:9D:17:DF:2E:15:13:8A
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018C2F70A8FBBDAADEDCF43CDCA12CC3C905
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/C7SElCef9foPMw7k150X3y4VE4o.roa
Signing time:             Sun 03 Dec 2023 11:29:21 +0000
ROA not before:           Sun 03 Dec 2023 11:29:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        185.123.156.0/22 maxlen: 23
                          185.130.40.0/22 maxlen: 23
                          2a0c:9e04::/32 maxlen: 32
                          2a0c:fe02::/32 maxlen: 32
                          2a0c:9e03::/32 maxlen: 32
                          2a0c:fe05::/32 maxlen: 32
                          2a0c:fe04::/32 maxlen: 32
                          2a0c:9e07::/32 maxlen: 32
                          2a0c:fe03::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:2f:70:a8:fb:bd:aa:de:dc:f4:3c:dc:a1:2c:c3:c9:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Dec  3 11:29:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0bb48494279ff5fa0f330ee4d79d17df2e15138a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b2:b8:40:63:10:c9:f4:c5:15:6c:ca:6f:f3:
                    5c:c3:46:20:53:8f:1f:e6:4b:2a:90:fa:f2:ee:ac:
                    01:b3:8d:e9:58:42:64:e8:9d:b7:63:b5:9e:07:dc:
                    11:59:ef:18:cd:8b:4d:78:5b:c3:85:cc:29:7a:03:
                    86:dd:13:df:2d:15:bc:23:04:7f:f3:19:3f:e2:a6:
                    d5:8e:5e:18:a0:5c:30:9b:b4:45:dc:4f:9c:f6:99:
                    9f:84:5b:b7:17:8a:b3:49:90:9f:3a:aa:39:04:17:
                    bf:c4:60:c7:77:75:eb:29:e7:9e:b2:52:6b:48:d7:
                    f6:20:ce:1d:d4:ff:75:40:32:c5:9f:3e:ef:5f:a4:
                    02:1b:9f:85:3c:0b:0f:51:57:9e:77:37:2b:d0:37:
                    97:90:0a:46:a4:09:11:5f:66:66:b0:ab:40:bd:f6:
                    2c:e7:e5:1f:58:92:10:8c:31:a3:8f:77:22:0e:8b:
                    f7:fe:3c:07:26:d4:85:7b:47:7c:6c:9a:0c:04:21:
                    af:44:b8:83:cd:49:32:7b:e8:97:a1:e1:2b:c9:5b:
                    7e:dd:aa:e8:46:f9:0f:e4:a1:b4:4d:6a:ab:03:d1:
                    56:68:4b:22:d1:ea:a4:56:1a:58:b6:73:4c:0e:25:
                    1b:bf:fc:32:ed:3d:3b:57:97:62:b1:52:53:a7:c6:
                    76:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:B4:84:94:27:9F:F5:FA:0F:33:0E:E4:D7:9D:17:DF:2E:15:13:8A
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/C7SElCef9foPMw7k150X3y4VE4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.156.0/22
                  185.130.40.0/22
                IPv6:
                  2a0c:9e03::-2a0c:9e04:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0c:9e07::/32
                  2a0c:fe02::-2a0c:fe05:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         39:f9:68:4b:50:a5:a8:e9:df:11:eb:ba:87:9e:f8:32:71:ca:
         38:56:cb:1a:ac:75:33:a9:00:b9:49:62:59:48:18:d4:cc:ad:
         c1:1b:10:ea:a6:31:48:35:9e:b7:02:8a:4e:56:73:cb:00:54:
         c9:8e:eb:3a:c0:a7:9c:a5:40:68:6c:0e:d9:e1:c2:00:71:c7:
         d0:24:7f:f5:70:bf:f9:2f:66:30:81:ca:f3:8c:7d:b5:27:e6:
         c5:07:6d:61:49:d1:75:59:64:cc:a2:b7:fe:6b:fb:9c:b6:54:
         8b:5e:bd:57:1a:9a:4c:13:ee:0b:4d:2a:df:96:db:14:51:bc:
         7a:be:33:4e:aa:0e:8b:8e:75:e4:a7:7e:0d:ff:fe:88:17:05:
         d8:d2:8c:c8:c1:97:86:19:b4:3e:2b:a5:40:da:ea:c5:04:54:
         55:af:12:6b:ce:7d:d4:d0:8c:6e:72:4a:cd:c0:8b:dc:3e:ca:
         6d:10:8c:0b:0b:bc:71:bf:c7:20:fe:7c:74:c3:79:66:88:e6:
         46:c6:1a:97:39:54:dd:49:44:a4:db:21:be:fb:64:95:58:35:
         88:0f:e5:6e:0a:24:54:21:96:ee:e2:c6:23:10:e9:4c:8e:c1:
         0a:22:ab:97:f1:8a:4c:fd:2a:bf:4e:e3:3a:c4:e8:b6:6d:6d:
         f9:31:f2:02
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYwvcKj7vare3PQ83KEsw8kFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjMxMjAzMTEyOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmI0ODQ5NDI3OWZmNWZhMGYzMzBlZTRkNzlkMTdkZjJlMTUxMzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbK4QGMQyfTFFWzKb/Ncw0YgU48f
5ksqkPry7qwBs43pWEJk6J23Y7WeB9wRWe8YzYtNeFvDhcwpegOG3RPfLRW8IwR/
8xk/4qbVjl4YoFwwm7RF3E+c9pmfhFu3F4qzSZCfOqo5BBe/xGDHd3XrKeeeslJr
SNf2IM4d1P91QDLFnz7vX6QCG5+FPAsPUVeedzcr0DeXkApGpAkRX2ZmsKtAvfYs
5+UfWJIQjDGjj3ciDov3/jwHJtSFe0d8bJoMBCGvRLiDzUkye+iXoeEryVt+3aro
RvkP5KG0TWqrA9FWaEsi0eqkVhpYtnNMDiUbv/wy7T07V5disVJTp8Z20wIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFAu0hJQnn/X6DzMO5NedF98uFROKMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvQzdTRWxDZWY5Zm9QTXc3azE1MFgzeTRWRTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzASBAIAATAMAwQCuXucAwQC
uYIoMC0EAgACMCcwDgMFACoMngMDBQAqDJ4EAwUAKgyeBzAOAwUBKgz+AgMFASoM
/gQwDQYJKoZIhvcNAQELBQADggEBADn5aEtQpajp3xHruoee+DJxyjhWyxqsdTOp
ALlJYllIGNTMrcEbEOqmMUg1nrcCik5Wc8sAVMmO6zrAp5ylQGhsDtnhwgBxx9Ak
f/Vwv/kvZjCByvOMfbUn5sUHbWFJ0XVZZMyit/5r+5y2VItevVcamkwT7gtNKt+W
2xRRvHq+M06qDouOdeSnfg3//ogXBdjSjMjBl4YZtD4rpUDa6sUEVFWvEmvOfdTQ
jG5ySs3Ai9w+ym0QjAsLvHG/xyD+fHTDeWaI5kbGGpc5VN1JRKTbIb77ZJVYNYgP
5W4KJFQhlu7ixiMQ6UyOwQoiq5fxikz9Kr9O4zrE6LZtbfkx8gI=
-----END CERTIFICATE-----