Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/RdRh-krYKz7UOzR0Ysm_CydYcW0.roa
File:                     RdRh-krYKz7UOzR0Ysm_CydYcW0.roa (raw, json)
Hash identifier:          Pgi8U7Xpno/LpOm3zTK/TmnFAzJdbYBR9V+UncD2WfU=
Subject key identifier:   45:D4:61:FA:4A:D8:2B:3E:D4:3B:34:74:62:C9:BF:0B:27:58:71:6D
Certificate issuer:       /CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
Certificate serial:       01932AC7FDEE5DA3AB819E62B61D1B65F5C3
Authority key identifier: 98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/RdRh-krYKz7UOzR0Ysm_CydYcW0.roa
Signing time:             Thu 14 Nov 2024 13:06:09 +0000
ROA not before:           Thu 14 Nov 2024 13:06:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56655
IP address blocks:        45.88.200.0/24 maxlen: 24
                          45.88.201.0/24 maxlen: 24
                          151.216.72.0/22 maxlen: 22
                          185.14.97.0/24 maxlen: 24
                          185.125.168.0/22 maxlen: 22
                          185.181.60.0/22 maxlen: 22
                          185.243.216.0/24 maxlen: 24
                          185.243.217.0/24 maxlen: 24
                          185.243.218.0/24 maxlen: 24
                          193.243.189.0/24 maxlen: 24
                          194.32.107.0/24 maxlen: 24
                          195.16.73.0/24 maxlen: 24
                          198.140.141.0/24 maxlen: 24
                          2a03:94e0::/32 maxlen: 32
                          2a03:94e1::/32 maxlen: 32
                          2a03:94e2::/32 maxlen: 32
                          2a03:94e3::/32 maxlen: 48
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2a:c7:fd:ee:5d:a3:ab:81:9e:62:b6:1d:1b:65:f5:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
        Validity
            Not Before: Nov 14 13:06:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45d461fa4ad82b3ed43b347462c9bf0b2758716d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d9:b0:c2:61:98:f1:ef:c8:a2:63:73:62:cb:
                    ec:75:95:bc:e4:44:97:85:79:b9:fc:d2:1e:cc:32:
                    a8:d0:cf:13:a7:5c:91:86:ac:7e:1b:45:25:df:34:
                    11:d6:ef:10:b8:8d:51:0b:c4:f7:75:aa:db:ac:ef:
                    d6:6f:51:03:ba:da:54:f4:cd:61:33:ce:e2:d2:b5:
                    25:a0:36:e1:d1:98:c8:d6:c7:bd:6b:02:31:67:67:
                    e5:c3:f9:78:2a:87:bf:31:19:a5:f4:c5:07:f5:76:
                    92:9e:e1:9b:5c:16:0a:fe:ee:de:6d:86:21:2b:df:
                    b0:32:48:16:22:fb:04:f5:c2:49:84:66:3f:dc:4d:
                    42:e8:9b:81:aa:82:6e:32:5c:03:57:f7:8b:3f:75:
                    6d:9d:86:14:d0:2f:1a:98:f3:2f:ed:2f:c6:48:6d:
                    91:93:9a:f0:cb:a0:a0:7b:b7:e1:12:e5:bb:9b:6e:
                    75:43:ad:11:ca:12:b9:8b:1a:28:0d:b8:55:fc:f6:
                    7a:57:1e:b9:b7:e6:f3:3b:1b:86:34:54:b8:13:14:
                    2a:b2:68:71:f6:1a:94:b7:62:0e:2c:f0:ee:88:0c:
                    d6:43:01:28:26:fa:c2:8f:e9:b8:ce:46:3b:e1:db:
                    bb:11:6d:b9:b2:57:c6:fd:bf:0d:d8:fb:90:01:f5:
                    d8:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:D4:61:FA:4A:D8:2B:3E:D4:3B:34:74:62:C9:BF:0B:27:58:71:6D
            X509v3 Authority Key Identifier:
                keyid:98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/RdRh-krYKz7UOzR0Ysm_CydYcW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.200.0/23
                  151.216.72.0/22
                  185.14.97.0/24
                  185.125.168.0/22
                  185.181.60.0/22
                  185.243.216.0-185.243.218.255
                  193.243.189.0/24
                  194.32.107.0/24
                  195.16.73.0/24
                  198.140.141.0/24
                IPv6:
                  2a03:94e0::/30

    Signature Algorithm: sha256WithRSAEncryption
         27:ce:e9:9a:dc:d7:52:15:4b:dc:c1:3f:1b:2b:06:c0:df:56:
         de:1f:4b:9c:57:40:47:83:d0:03:17:42:4c:84:48:52:9f:00:
         43:7e:f6:fe:1f:aa:a3:f8:05:8c:48:b2:1c:00:61:8f:04:e1:
         7b:6c:70:a7:63:40:dc:04:98:e8:a6:09:dc:f8:e6:7f:b8:51:
         82:fc:83:fb:43:c6:10:82:17:47:f6:2a:56:92:14:cf:6c:d6:
         6c:50:02:ae:b7:32:b1:ca:99:bf:df:ff:9a:35:33:36:3f:96:
         d5:f3:75:2f:ec:99:7c:42:4c:8c:6c:1d:34:c1:c0:47:da:74:
         c8:51:41:e4:38:70:3b:4f:db:e8:ad:c1:7e:6d:b8:77:31:ee:
         0f:c4:11:3e:93:e9:69:18:bc:41:aa:41:d4:be:fc:b5:63:6a:
         76:03:2a:66:a5:87:f9:71:5a:64:2a:3f:f1:b6:3c:e6:ed:9f:
         36:f1:c1:0f:76:01:92:49:68:02:32:32:da:f5:1b:bb:43:f0:
         bd:ff:ec:a1:0b:e2:29:ef:97:86:95:58:5d:51:34:5f:22:4e:
         c3:c4:16:07:96:bc:e1:1a:49:8d:ee:ea:7c:8d:6a:50:68:c3:
         0a:d3:5c:c3:1b:31:b9:6a:c4:e8:fe:63:3b:30:09:fb:dc:ab:
         e5:71:98:bb
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAZMqx/3uXaOrgZ5ith0bZfXDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YzFkMDNiNDk1MDRkMzQ0NjVkYzQwYTNkMGY5MDg2Y2Fj
ZmRiOGUwHhcNMjQxMTE0MTMwNjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWQ0NjFmYTRhZDgyYjNlZDQzYjM0NzQ2MmM5YmYwYjI3NTg3MTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdmwwmGY8e/IomNzYsvsdZW85ESX
hXm5/NIezDKo0M8Tp1yRhqx+G0Ul3zQR1u8QuI1RC8T3darbrO/Wb1EDutpU9M1h
M87i0rUloDbh0ZjI1se9awIxZ2flw/l4Koe/MRml9MUH9XaSnuGbXBYK/u7ebYYh
K9+wMkgWIvsE9cJJhGY/3E1C6JuBqoJuMlwDV/eLP3VtnYYU0C8amPMv7S/GSG2R
k5rwy6Cge7fhEuW7m251Q60RyhK5ixooDbhV/PZ6Vx65t+bzOxuGNFS4ExQqsmhx
9hqUt2IOLPDuiAzWQwEoJvrCj+m4zkY74du7EW25slfG/b8N2PuQAfXYFQIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFEXUYfpK2Cs+1Ds0dGLJvwsnWHFtMB8GA1UdIwQY
MBaAFJjB0DtJUE00Rl3ECj0PkIbKz9uOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEt
YzMxYmRlNTEwMDg1LzEvUmRSaC1rcllLejdVT3pSMFlzbV9DeWRZY1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEtYzMxYmRlNTEwMDg1
LzEvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBKBAIAATBEAwQBLVjIAwQC
l9hIAwQAuQ5hAwQCuX2oAwQCubU8MAwDBAO589gDBAC589oDBADB870DBADCIGsD
BADDEEkDBADGjI0wDQQCAAIwBwMFAioDlOAwDQYJKoZIhvcNAQELBQADggEBACfO
6Zrc11IVS9zBPxsrBsDfVt4fS5xXQEeD0AMXQkyESFKfAEN+9v4fqqP4BYxIshwA
YY8E4XtscKdjQNwEmOimCdz45n+4UYL8g/tDxhCCF0f2KlaSFM9s1mxQAq63MrHK
mb/f/5o1MzY/ltXzdS/smXxCTIxsHTTBwEfadMhRQeQ4cDtP2+itwX5tuHcx7g/E
ET6T6WkYvEGqQdS+/LVjanYDKmalh/lxWmQqP/G2PObtnzbxwQ92AZJJaAIyMtr1
G7tD8L3/7KEL4invl4aVWF1RNF8iTsPEFgeWvOEaSY3u6nyNalBowwrTXMMbMblq
xOj+YzswCfvcq+VxmLs=
-----END CERTIFICATE-----