Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/Tkc_fgU0Uzk9lqfGfIYZB4BsWY4.roa
File:                     Tkc_fgU0Uzk9lqfGfIYZB4BsWY4.roa (raw, json)
Hash identifier:          AZoAj6wG6bPv+7+CxTKaGnd22DtchbC/CJc3Vz0jcyI=
Subject key identifier:   4E:47:3F:7E:05:34:53:39:3D:96:A7:C6:7C:86:19:07:80:6C:59:8E
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       01870A47C026AC0559B346DF1DD0558E2846
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/Tkc_fgU0Uzk9lqfGfIYZB4BsWY4.roa
Signing time:             Wed 22 Mar 2023 17:04:47 +0000
ROA not before:           Wed 22 Mar 2023 17:04:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44477
IP address blocks:        94.131.96.0/24 maxlen: 24
                          94.131.98.0/24 maxlen: 24
                          94.131.97.0/24 maxlen: 24
                          94.131.99.0/24 maxlen: 24
                          94.131.102.0/24 maxlen: 24
                          94.131.101.0/24 maxlen: 24
                          94.131.100.0/24 maxlen: 24
                          94.131.105.0/24 maxlen: 24
                          94.131.106.0/24 maxlen: 24
                          94.131.108.0/24 maxlen: 24
                          94.131.107.0/24 maxlen: 24
                          94.131.116.0/24 maxlen: 24
                          94.131.114.0/24 maxlen: 24
                          94.131.2.0/24 maxlen: 24
                          94.131.3.0/24 maxlen: 24
                          94.131.8.0/21 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0a:47:c0:26:ac:05:59:b3:46:df:1d:d0:55:8e:28:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Mar 22 17:04:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4e473f7e053453393d96a7c67c861907806c598e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0a:c0:b0:08:df:75:26:45:4a:9d:22:d1:a0:
                    27:fc:fc:d3:60:c8:be:9e:77:fe:3b:b4:0b:8d:40:
                    60:6a:4f:d9:aa:78:5b:08:d8:6d:5e:f6:cc:17:df:
                    0d:4a:3b:48:aa:77:1a:d9:cd:a2:6e:ea:e3:af:95:
                    af:33:f1:e1:34:4f:3e:fa:ce:d7:59:82:01:d9:03:
                    7e:6d:06:30:6d:df:c3:f1:30:e4:15:c9:2b:1e:ee:
                    a4:bf:64:52:45:7c:c2:93:61:f4:18:21:b8:9e:bd:
                    df:b1:a9:3f:6f:4b:89:02:9b:29:20:5d:44:58:42:
                    ba:de:18:36:70:ec:6b:26:07:ad:47:d6:73:ad:cc:
                    ac:a0:0f:ed:0e:ad:63:cb:07:a0:20:b8:82:94:3d:
                    11:91:20:96:a5:8b:dd:dc:a6:14:bf:35:b9:4e:5d:
                    e1:42:5e:d8:27:96:ea:84:f7:c4:ba:a7:4a:75:85:
                    ac:c3:25:08:80:fa:f8:6d:77:66:4d:69:2b:b1:05:
                    71:c8:d2:ef:73:85:08:fc:65:70:b6:9b:21:ac:c4:
                    c5:fd:16:fd:fc:8d:ad:a0:e5:2c:47:eb:f9:62:ee:
                    e8:6a:08:ef:93:81:3b:ad:9c:69:a9:86:c4:cc:e4:
                    78:04:64:6c:99:5f:b0:2a:29:9a:1a:01:35:53:1b:
                    61:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:47:3F:7E:05:34:53:39:3D:96:A7:C6:7C:86:19:07:80:6C:59:8E
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/Tkc_fgU0Uzk9lqfGfIYZB4BsWY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.2.0/23
                  94.131.8.0/21
                  94.131.96.0-94.131.102.255
                  94.131.105.0-94.131.108.255
                  94.131.114.0/24
                  94.131.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:af:1c:67:8b:4b:55:0d:94:15:dc:8b:d3:11:29:8a:11:92:
         d3:5b:1e:39:46:f9:62:5a:45:e2:52:64:64:1c:7b:e2:76:93:
         e7:74:6d:5b:01:3c:d3:3c:ce:54:fb:78:29:81:00:69:cd:ed:
         a4:cd:fb:8c:dd:95:4e:61:23:79:2b:db:30:2f:ab:72:6c:94:
         b0:59:bd:b5:d1:30:f0:ea:4c:d4:7d:f0:59:d6:82:99:2f:07:
         04:7d:c3:40:87:24:58:24:fe:ce:fc:31:78:0c:a6:25:55:30:
         58:c1:1a:75:ab:80:ad:4c:43:d3:72:bb:d9:ac:cb:0a:a3:ef:
         f0:c7:df:08:27:e1:c6:e7:e3:60:b5:35:16:d6:98:bb:22:e0:
         1d:f8:f6:21:dd:7f:ae:27:1d:98:e3:c9:5c:e5:4e:54:9b:ed:
         76:1f:78:b5:e8:d9:b3:00:1c:aa:79:5a:bc:53:a0:ec:e5:11:
         4c:d4:2d:ba:0c:c1:f6:e1:4a:eb:71:43:e8:34:17:66:ad:3b:
         e9:e3:65:87:79:27:25:71:13:9b:7b:71:44:68:76:fe:78:aa:
         a5:71:f7:f1:3b:e5:5b:8f:f5:31:dd:c6:c0:72:22:b6:d1:49:
         d1:58:c9:7b:b0:32:d9:e8:79:86:91:11:6a:5a:58:49:93:bd:
         60:c8:67:6e
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYcKR8AmrAVZs0bfHdBVjihGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjMwMzIyMTcwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQ3M2Y3ZTA1MzQ1MzM5M2Q5NmE3YzY3Yzg2MTkwNzgwNmM1OThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjArAsAjfdSZFSp0i0aAn/PzTYMi+
nnf+O7QLjUBgak/ZqnhbCNhtXvbMF98NSjtIqnca2c2iburjr5WvM/HhNE8++s7X
WYIB2QN+bQYwbd/D8TDkFckrHu6kv2RSRXzCk2H0GCG4nr3fsak/b0uJApspIF1E
WEK63hg2cOxrJgetR9ZzrcysoA/tDq1jywegILiClD0RkSCWpYvd3KYUvzW5Tl3h
Ql7YJ5bqhPfEuqdKdYWswyUIgPr4bXdmTWkrsQVxyNLvc4UI/GVwtpshrMTF/Rb9
/I2toOUsR+v5Yu7oagjvk4E7rZxpqYbEzOR4BGRsmV+wKimaGgE1UxthHwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFE5HP34FNFM5PZanxnyGGQeAbFmOMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvVGtjX2ZnVTBVems5bHFmR2ZJWVpCNEJzV1k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQBXoMCAwQD
XoMIMAwDBAVeg2ADBABeg2YwDAMEAF6DaQMEAF6DbAMEAF6DcgMEAF6DdDANBgkq
hkiG9w0BAQsFAAOCAQEAcK8cZ4tLVQ2UFdyL0xEpihGS01seOUb5YlpF4lJkZBx7
4naT53RtWwE80zzOVPt4KYEAac3tpM37jN2VTmEjeSvbMC+rcmyUsFm9tdEw8OpM
1H3wWdaCmS8HBH3DQIckWCT+zvwxeAymJVUwWMEadauArUxD03K72azLCqPv8Mff
CCfhxufjYLU1FtaYuyLgHfj2Id1/ricdmOPJXOVOVJvtdh94tejZswAcqnlavFOg
7OURTNQtugzB9uFK63FD6DQXZq076eNlh3knJXETm3txRGh2/niqpXH38TvlW4/1
Md3GwHIittFJ0VjJe7Ay2eh5hpERalpYSZO9YMhnbg==
-----END CERTIFICATE-----