Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/Lu_eIka8Zgt2qVCs1ExhHzUFqfM.roa
File:                     Lu_eIka8Zgt2qVCs1ExhHzUFqfM.roa (raw, json)
Hash identifier:          Qwb6hi8G/0uDIw3CacJCZ0seIBzTcbiGoq7KVn7kQqY=
Subject key identifier:   2E:EF:DE:22:46:BC:66:0B:76:A9:50:AC:D4:4C:61:1F:35:05:A9:F3
Certificate issuer:       /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial:       019428279D783085B546FFCF6A20E4F5F08E
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/Lu_eIka8Zgt2qVCs1ExhHzUFqfM.roa
Signing time:             Thu 02 Jan 2025 17:54:32 +0000
ROA not before:           Thu 02 Jan 2025 17:54:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44843
IP address blocks:        31.207.64.0/20 maxlen: 20
                          31.207.66.0/24 maxlen: 24
                          31.207.67.0/24 maxlen: 24
                          31.207.70.0/24 maxlen: 24
                          31.207.79.0/24 maxlen: 24
                          152.89.134.0/24 maxlen: 24
                          178.236.128.0/21 maxlen: 21
                          178.236.128.0/24 maxlen: 24
                          178.236.129.0/24 maxlen: 24
                          178.236.130.0/24 maxlen: 24
                          178.236.131.0/24 maxlen: 24
                          178.236.132.0/24 maxlen: 24
                          178.236.133.0/24 maxlen: 24
                          178.236.134.0/24 maxlen: 24
                          178.236.135.0/24 maxlen: 24
                          2a02:1710:4::/48 maxlen: 48
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:9d:78:30:85:b5:46:ff:cf:6a:20:e4:f5:f0:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
        Validity
            Not Before: Jan  2 17:54:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2eefde2246bc660b76a950acd44c611f3505a9f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:41:b3:f0:20:86:7c:73:14:7a:ff:55:91:e7:
                    d6:aa:01:6a:a8:eb:4e:c4:79:be:48:c8:ea:db:5b:
                    fa:14:c1:88:38:54:8e:2e:5c:ab:c7:fe:2c:e7:d6:
                    ff:40:f9:03:b0:ce:c0:79:f1:34:01:4a:0c:4e:fa:
                    e5:c2:02:9c:f9:59:e9:1c:4b:ea:16:b8:5a:10:00:
                    e3:bb:ff:ed:a8:1d:c6:ee:6d:13:57:d3:fb:3f:c4:
                    28:d1:5f:ff:de:f2:54:b7:0b:99:60:dc:e0:67:00:
                    de:7b:5d:a4:91:4d:89:7d:6b:a6:90:7e:8d:cf:46:
                    c8:35:71:f2:18:56:1b:df:3d:75:7f:03:6f:58:3c:
                    6b:8d:7a:7a:a3:b6:9c:a4:ac:c0:f3:d4:60:b6:dc:
                    f4:32:a5:03:e3:34:21:c6:61:0e:77:ce:d0:79:78:
                    56:44:46:b1:e5:9a:08:de:74:12:87:63:cf:8b:51:
                    be:6c:a8:54:7a:5b:f0:d9:61:02:c1:af:bd:08:44:
                    77:7b:b8:e2:8c:43:81:a5:00:31:48:34:30:10:41:
                    9d:49:c0:3a:5a:59:d4:f4:e4:87:70:f5:77:7f:4d:
                    e0:0b:28:88:f7:a7:ea:94:91:fc:d4:c6:1a:73:73:
                    54:f6:29:35:98:58:69:15:f4:db:86:d5:52:96:d2:
                    ec:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:EF:DE:22:46:BC:66:0B:76:A9:50:AC:D4:4C:61:1F:35:05:A9:F3
            X509v3 Authority Key Identifier:
                keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/Lu_eIka8Zgt2qVCs1ExhHzUFqfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.207.64.0/20
                  152.89.134.0/24
                  178.236.128.0/21
                IPv6:
                  2a02:1710:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:3d:19:9b:a1:18:62:1b:73:c5:a0:9f:bb:9f:21:9b:88:4a:
         43:4a:44:59:ea:85:fc:d7:db:4f:76:b1:5b:dc:60:9a:6b:e7:
         3a:55:84:06:4a:73:54:80:cd:f9:f6:1d:07:94:8f:7f:d1:29:
         69:0d:55:f5:be:6a:06:f8:81:09:a8:ad:23:75:df:db:47:f9:
         16:84:07:3e:b0:7c:9e:42:98:1e:a9:23:2a:13:e3:b8:0f:15:
         ca:87:ae:eb:07:d1:e2:2c:47:7d:0a:cf:6b:8c:63:df:3e:3f:
         39:11:98:fd:c0:af:58:3c:3b:85:4d:6b:29:6a:bf:60:08:a0:
         51:b6:0c:1e:fb:f4:20:13:2f:73:cf:61:fa:48:04:55:c0:e8:
         87:c9:5f:2a:05:c2:d3:70:11:58:e6:86:dc:55:ab:34:b7:69:
         25:e5:a7:b9:5f:33:a8:de:dd:9b:65:33:85:30:8b:51:57:a2:
         17:69:f7:e4:15:10:cb:68:24:94:94:b5:05:23:ab:55:7e:86:
         c5:00:72:6b:a4:19:e3:75:29:4e:6c:95:b0:2a:e6:bd:5b:e9:
         f4:33:7d:b2:88:e6:de:62:20:e0:c8:52:be:09:b1:64:b3:be:
         f9:72:b0:05:d8:00:5c:40:94:99:2c:a4:8d:9f:b8:9c:1a:b9:
         4e:1e:e0:c3
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZQoJ514MIW1Rv/PaiDk9fCOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjUwMTAyMTc1NDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWVmZGUyMjQ2YmM2NjBiNzZhOTUwYWNkNDRjNjExZjM1MDVhOWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUGz8CCGfHMUev9VkefWqgFqqOtO
xHm+SMjq21v6FMGIOFSOLlyrx/4s59b/QPkDsM7AefE0AUoMTvrlwgKc+VnpHEvq
FrhaEADju//tqB3G7m0TV9P7P8Qo0V//3vJUtwuZYNzgZwDee12kkU2JfWumkH6N
z0bINXHyGFYb3z11fwNvWDxrjXp6o7acpKzA89Rgttz0MqUD4zQhxmEOd87QeXhW
REax5ZoI3nQSh2PPi1G+bKhUelvw2WECwa+9CER3e7jijEOBpQAxSDQwEEGdScA6
WlnU9OSHcPV3f03gCyiI96fqlJH81MYac3NU9ik1mFhpFfTbhtVSltLsfwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFC7v3iJGvGYLdqlQrNRMYR81BanzMB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEvTHVfZUlrYThaZ3QycVZDczFFeGhIelVGcWZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQEH89AAwQA
mFmGAwQDsuyAMA8EAgACMAkDBwAqAhcQAAQwDQYJKoZIhvcNAQELBQADggEBAH49
GZuhGGIbc8Wgn7ufIZuISkNKRFnqhfzX2092sVvcYJpr5zpVhAZKc1SAzfn2HQeU
j3/RKWkNVfW+agb4gQmorSN139tH+RaEBz6wfJ5CmB6pIyoT47gPFcqHrusH0eIs
R30Kz2uMY98+PzkRmP3Ar1g8O4VNaylqv2AIoFG2DB779CATL3PPYfpIBFXA6IfJ
XyoFwtNwEVjmhtxVqzS3aSXlp7lfM6je3ZtlM4Uwi1FXohdp9+QVEMtoJJSUtQUj
q1V+hsUAcmukGeN1KU5slbAq5r1b6fQzfbKI5t5iIODIUr4JsWSzvvlysAXYAFxA
lJkspI2fuJwauU4e4MM=
-----END CERTIFICATE-----