Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/a5THsn0uACN4wqUAueYb-sPJ4Sg.roa
File:                     a5THsn0uACN4wqUAueYb-sPJ4Sg.roa (raw, json)
Hash identifier:          bdeVTZiLQOLyyjy3WGt3UtIuXzfd23bk2+wPALI2bJU=
Subject key identifier:   6B:94:C7:B2:7D:2E:00:23:78:C2:A5:00:B9:E6:1B:FA:C3:C9:E1:28
Certificate issuer:       /CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
Certificate serial:       0188F35A71B09CC03EDDC80D0D8BD6894449
Authority key identifier: FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/a5THsn0uACN4wqUAueYb-sPJ4Sg.roa
Signing time:             Sun 25 Jun 2023 16:19:30 +0000
ROA not before:           Sun 25 Jun 2023 16:19:30 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48265
IP address blocks:        91.210.137.0/24 maxlen: 24
                          91.210.138.0/24 maxlen: 24
                          91.210.136.0/24 maxlen: 24
                          91.210.139.0/24 maxlen: 24
                          109.104.131.0/24 maxlen: 24
                          109.104.132.0/24 maxlen: 24
                          109.104.129.0/24 maxlen: 24
                          109.104.130.0/24 maxlen: 24
                          109.104.128.0/24 maxlen: 24
                          109.104.138.0/24 maxlen: 24
                          109.104.139.0/24 maxlen: 24
                          109.104.136.0/24 maxlen: 24
                          109.104.137.0/24 maxlen: 24
                          109.104.135.0/24 maxlen: 24
                          109.104.133.0/24 maxlen: 24
                          109.104.134.0/24 maxlen: 24
                          109.104.145.0/24 maxlen: 24
                          109.104.144.0/24 maxlen: 24
                          109.104.159.0/24 maxlen: 24
                          109.104.157.0/24 maxlen: 24
                          109.104.158.0/24 maxlen: 24
                          109.104.156.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:f3:5a:71:b0:9c:c0:3e:dd:c8:0d:0d:8b:d6:89:44:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbf62f7606273f41a6ccc8e2956076f3c0a1eb54
        Validity
            Not Before: Jun 25 16:19:30 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6b94c7b27d2e002378c2a500b9e61bfac3c9e128
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:86:1d:f3:5a:f7:9a:61:c1:47:69:a3:34:6a:
                    8c:bd:67:12:6a:86:03:2e:90:4a:8b:36:74:c9:28:
                    92:6d:ae:10:a2:84:47:a6:18:e8:46:1b:71:f4:c3:
                    ac:dd:21:ec:3c:e1:8a:cd:31:1d:64:54:e0:9a:7c:
                    d7:33:67:09:47:f5:27:ba:ce:98:4b:36:39:0d:d8:
                    66:39:fa:21:3f:d6:50:c3:b6:d8:17:dc:0e:c5:58:
                    75:fc:31:52:ba:1e:ff:3a:b7:db:66:2f:f1:f1:97:
                    92:eb:6a:6b:58:d8:6a:4c:63:97:77:95:ac:24:d8:
                    6b:6e:69:eb:ef:e7:64:09:05:5e:9d:07:f4:dd:7f:
                    a3:5b:4e:dd:17:fc:a9:89:0b:cb:13:bb:49:25:87:
                    f0:09:0f:48:5b:1d:64:cc:43:ca:7e:40:fe:bf:9a:
                    cb:9e:4b:02:70:e3:7d:ba:c3:37:d0:fd:ed:49:9e:
                    5a:3d:79:fd:69:ee:d3:a8:62:37:3e:64:59:ad:84:
                    fd:87:d2:14:99:95:16:d6:21:c8:7f:d9:bf:45:3a:
                    3b:a3:35:e4:1d:ce:aa:7d:ec:91:f9:c3:fc:a2:ad:
                    ff:a3:dc:77:c7:2c:db:cb:34:48:02:ac:64:fa:96:
                    59:c7:6f:15:b8:2e:2c:29:5a:bc:90:92:c2:70:62:
                    eb:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:94:C7:B2:7D:2E:00:23:78:C2:A5:00:B9:E6:1B:FA:C3:C9:E1:28
            X509v3 Authority Key Identifier:
                keyid:FB:F6:2F:76:06:27:3F:41:A6:CC:C8:E2:95:60:76:F3:C0:A1:EB:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-_YvdgYnP0GmzMjilWB288Ch61Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/a5THsn0uACN4wqUAueYb-sPJ4Sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/95eebb-0a9d-4f71-b3f9-5649e1b192bb/1/1-_YvdgYnP0GmzMjilWB288Ch61Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.136.0/22
                  109.104.128.0-109.104.139.255
                  109.104.144.0/23
                  109.104.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:e6:63:f6:a8:5a:da:00:62:f2:92:83:c6:d3:94:16:6d:37:
         d7:da:3e:04:b8:a9:2e:ee:12:8b:01:04:dc:30:cd:a1:dc:e0:
         10:2a:be:58:02:1d:9b:da:be:d3:c3:da:6c:38:9a:1c:fb:7c:
         af:bd:23:8e:40:78:fd:8e:2d:f9:d9:74:b0:d3:ee:b2:1e:1a:
         b0:47:5c:1e:ce:25:09:dc:ae:1f:71:d7:48:67:88:9e:27:f0:
         46:62:e0:1c:c9:a0:c9:0b:da:91:66:9a:cd:41:b3:3f:94:67:
         5f:79:90:97:02:36:e8:ed:71:a8:7b:01:96:41:d0:bc:f6:66:
         75:33:fd:91:d3:01:59:d6:e9:f5:d6:0b:7d:c0:12:48:38:11:
         71:c5:61:4b:ab:52:c8:17:e2:30:5c:b5:54:cd:87:9f:a8:96:
         27:82:44:4f:d6:72:ba:3e:f8:db:c1:5d:cd:d0:48:33:1f:bb:
         0f:08:a5:c3:39:75:91:b0:06:a4:48:ba:72:57:2d:06:fe:6e:
         3e:09:01:31:50:81:30:58:2d:e1:88:0b:e2:a0:fc:2c:5f:56:
         26:1d:f4:3d:d3:56:d7:fe:16:3d:58:bc:41:28:5c:78:2f:02:
         a0:b9:be:0e:ea:cc:0a:4f:49:6d:66:e5:56:62:f0:99:53:28:
         7f:df:24:cf
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYjzWnGwnMA+3cgNDYvWiURJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZjYyZjc2MDYyNzNmNDFhNmNjYzhlMjk1NjA3NmYzYzBh
MWViNTQwHhcNMjMwNjI1MTYxOTMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjk0YzdiMjdkMmUwMDIzNzhjMmE1MDBiOWU2MWJmYWMzYzllMTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYYd81r3mmHBR2mjNGqMvWcSaoYD
LpBKizZ0ySiSba4QooRHphjoRhtx9MOs3SHsPOGKzTEdZFTgmnzXM2cJR/Unus6Y
SzY5DdhmOfohP9ZQw7bYF9wOxVh1/DFSuh7/OrfbZi/x8ZeS62prWNhqTGOXd5Ws
JNhrbmnr7+dkCQVenQf03X+jW07dF/ypiQvLE7tJJYfwCQ9IWx1kzEPKfkD+v5rL
nksCcON9usM30P3tSZ5aPXn9ae7TqGI3PmRZrYT9h9IUmZUW1iHIf9m/RTo7ozXk
Hc6qfeyR+cP8oq3/o9x3xyzbyzRIAqxk+pZZx28VuC4sKVq8kJLCcGLrPwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFGuUx7J9LgAjeMKlALnmG/rDyeEoMB8GA1UdIwQY
MBaAFPv2L3YGJz9BpszI4pVgdvPAoetUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1fWXZkZ1luUDBHbXpNamlsV0IyODhDaDYxUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5
LTU2NDllMWIxOTJiYi8xL2E1VEhzbjB1QUNONHdxVUF1ZVliLXNQSjRTZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvOTVlZWJiLTBhOWQtNGY3MS1iM2Y5LTU2NDllMWIxOTJi
Yi8xLzEtX1l2ZGdZblAwR216TWppbFdCMjg4Q2g2MVEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwOQYIKwYBBQUHAQcBAf8EKjAoMCYEAgABMCADBAJb0ogw
DAMEB21ogAMEAm1oiAMEAW1okAMEAm1onDANBgkqhkiG9w0BAQsFAAOCAQEAZOZj
9qha2gBi8pKDxtOUFm0319o+BLipLu4SiwEE3DDNodzgECq+WAIdm9q+08PabDia
HPt8r70jjkB4/Y4t+dl0sNPush4asEdcHs4lCdyuH3HXSGeInifwRmLgHMmgyQva
kWaazUGzP5RnX3mQlwI26O1xqHsBlkHQvPZmdTP9kdMBWdbp9dYLfcASSDgRccVh
S6tSyBfiMFy1VM2Hn6iWJ4JET9Zyuj7428FdzdBIMx+7Dwilwzl1kbAGpEi6clct
Bv5uPgkBMVCBMFgt4YgL4qD8LF9WJh30PdNW1/4WPVi8QShceC8CoLm+DurMCk9J
bWblVmLwmVMof98kzw==
-----END CERTIFICATE-----