Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/_LPBfowKtRir0H7ZntcQeqTVV4o.roa
File:                     _LPBfowKtRir0H7ZntcQeqTVV4o.roa (raw, json)
Hash identifier:          pEtla3QHoBawAXoSkY77/YsiXiIvde6v18s5hxw/rio=
Subject key identifier:   FC:B3:C1:7E:8C:0A:B5:18:AB:D0:7E:D9:9E:D7:10:7A:A4:D5:57:8A
Certificate issuer:       /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial:       019425FDD822C7FC1DD8478544824C8FB8EC
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/_LPBfowKtRir0H7ZntcQeqTVV4o.roa
Signing time:             Thu 02 Jan 2025 07:49:40 +0000
ROA not before:           Thu 02 Jan 2025 07:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206576
IP address blocks:        5.181.72.0/22 maxlen: 24
                          45.137.44.0/22 maxlen: 24
                          83.150.252.0/22 maxlen: 24
                          185.90.0.0/22 maxlen: 24
                          185.182.200.0/23 maxlen: 24
                          185.229.4.0/22 maxlen: 24
                          185.246.132.0/22 maxlen: 24
                          185.247.200.0/22 maxlen: 24
                          185.248.252.0/24 maxlen: 24
                          185.248.254.0/24 maxlen: 24
                          2a0a:f480::/29 maxlen: 48
                          2a0d:7680::/29 maxlen: 48
                          2a0d:bf80::/29 maxlen: 29
                          2a0e:a1c0::/29 maxlen: 29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d8:22:c7:fc:1d:d8:47:85:44:82:4c:8f:b8:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66df7742890173927935206a28efbf48123e787c
        Validity
            Not Before: Jan  2 07:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fcb3c17e8c0ab518abd07ed99ed7107aa4d5578a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:63:9b:69:38:37:fe:89:3b:88:5e:9d:c7:05:
                    8d:3b:85:d5:3d:6c:fc:7f:cc:23:19:a2:fb:3d:d3:
                    95:b6:bb:16:ea:19:6b:9d:cc:83:55:58:0c:39:cb:
                    45:d0:e8:3b:e6:26:be:cc:09:26:2b:21:b3:2f:2d:
                    44:28:14:81:8f:4d:7e:29:60:77:11:19:1d:23:f7:
                    3e:1c:75:2e:eb:f2:25:a5:19:76:39:b1:d8:60:fe:
                    5a:5c:e2:0b:b8:10:48:19:f5:f3:36:2b:d8:fa:eb:
                    c6:ca:8b:bb:3e:32:bd:4f:fb:50:70:95:b5:35:3f:
                    17:e2:2b:eb:6f:45:d5:c2:44:69:98:bd:71:2b:b3:
                    38:d5:29:c1:85:0e:5a:80:c7:f6:a9:6b:d8:8f:57:
                    ab:04:6e:00:0a:36:21:95:0c:96:40:c6:df:bc:47:
                    a9:c4:99:ed:be:c9:0f:30:c2:b4:87:b5:f5:72:61:
                    e0:f9:a2:7d:88:ce:25:c5:18:72:b9:ce:a4:29:48:
                    a4:d6:68:33:60:8b:ab:bf:70:74:b8:1b:3c:8d:f6:
                    86:76:8a:4a:56:f1:b5:e4:1e:1b:99:68:65:cf:f9:
                    f8:ef:3c:ef:b7:69:61:7c:29:bc:42:0d:32:fd:91:
                    15:43:71:fe:c6:0b:01:37:93:75:f9:fe:78:2f:65:
                    91:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:B3:C1:7E:8C:0A:B5:18:AB:D0:7E:D9:9E:D7:10:7A:A4:D5:57:8A
            X509v3 Authority Key Identifier:
                keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/_LPBfowKtRir0H7ZntcQeqTVV4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.72.0/22
                  45.137.44.0/22
                  83.150.252.0/22
                  185.90.0.0/22
                  185.182.200.0/23
                  185.229.4.0/22
                  185.246.132.0/22
                  185.247.200.0/22
                  185.248.252.0/24
                  185.248.254.0/24
                IPv6:
                  2a0a:f480::/29
                  2a0d:7680::/29
                  2a0d:bf80::/29
                  2a0e:a1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:12:89:d9:0c:bf:d9:a7:95:0a:00:3b:b9:cb:ca:15:40:5f:
         c4:1e:d3:8b:1c:24:82:4f:88:c1:94:63:57:c4:34:f2:96:5b:
         bf:41:e6:66:af:ba:91:ab:1b:85:cf:bd:2a:b3:5d:a0:25:e3:
         90:3c:c1:74:2a:fe:d6:2d:7e:05:10:c8:5c:8e:09:0f:fd:a3:
         d0:4d:7f:55:09:70:1d:96:56:53:39:0c:eb:46:c4:41:dc:2d:
         d9:e9:50:22:33:9a:94:f3:cf:84:43:7c:ae:35:49:db:35:4d:
         16:5c:7b:2e:e8:ca:10:1f:7d:1d:ec:1a:65:84:36:d7:eb:57:
         36:50:01:b5:62:e6:f8:db:b0:49:11:44:d6:b9:34:6b:ef:ce:
         06:42:0f:5a:6d:e0:81:67:29:45:c3:94:b5:87:64:4b:3e:65:
         e7:3b:d2:77:b2:bf:89:5e:80:a3:52:6b:ac:c4:14:52:74:4a:
         7f:7e:d5:e9:f7:91:7d:90:85:72:6d:54:77:67:f9:13:65:25:
         c0:8c:28:6b:0d:77:bd:28:38:92:df:95:9c:a7:bc:84:ee:72:
         2a:4b:c5:6d:4d:e1:b0:b4:6f:0f:d1:0a:73:61:79:1e:f9:1b:
         7d:31:32:44:90:f3:c5:f8:ef:49:e8:9d:78:db:a3:91:97:6c:
         73:8f:1c:b2
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAZQl/dgix/wd2EeFRIJMj7jsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwMTAyMDc0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2IzYzE3ZThjMGFiNTE4YWJkMDdlZDk5ZWQ3MTA3YWE0ZDU1NzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomObaTg3/ok7iF6dxwWNO4XVPWz8
f8wjGaL7PdOVtrsW6hlrncyDVVgMOctF0Og75ia+zAkmKyGzLy1EKBSBj01+KWB3
ERkdI/c+HHUu6/IlpRl2ObHYYP5aXOILuBBIGfXzNivY+uvGyou7PjK9T/tQcJW1
NT8X4ivrb0XVwkRpmL1xK7M41SnBhQ5agMf2qWvYj1erBG4ACjYhlQyWQMbfvEep
xJntvskPMMK0h7X1cmHg+aJ9iM4lxRhyuc6kKUik1mgzYIurv3B0uBs8jfaGdopK
VvG15B4bmWhlz/n47zzvt2lhfCm8Qg0y/ZEVQ3H+xgsBN5N1+f54L2WRswIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFPyzwX6MCrUYq9B+2Z7XEHqk1VeKMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvX0xQQmZvd0t0UmlyMEg3Wm50Y1FlcVRWVjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBCBAIAATA8AwQCBbVIAwQC
LYksAwQCU5b8AwQCuVoAAwQBubbIAwQCueUEAwQCufaEAwQCuffIAwQAufj8AwQA
ufj+MCIEAgACMBwDBQMqCvSAAwUDKg12gAMFAyoNv4ADBQMqDqHAMA0GCSqGSIb3
DQEBCwUAA4IBAQBkEonZDL/Zp5UKADu5y8oVQF/EHtOLHCSCT4jBlGNXxDTyllu/
QeZmr7qRqxuFz70qs12gJeOQPMF0Kv7WLX4FEMhcjgkP/aPQTX9VCXAdllZTOQzr
RsRB3C3Z6VAiM5qU88+EQ3yuNUnbNU0WXHsu6MoQH30d7BplhDbX61c2UAG1Yub4
27BJEUTWuTRr784GQg9abeCBZylFw5S1h2RLPmXnO9J3sr+JXoCjUmusxBRSdEp/
ftXp95F9kIVybVR3Z/kTZSXAjChrDXe9KDiS35Wcp7yE7nIqS8VtTeGwtG8P0Qpz
YXke+Rt9MTJEkPPF+O9J6J1426ORl2xzjxyy
-----END CERTIFICATE-----