Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/XmlGYj4x1YyKPJqp_NQjcjZw6f4.roa
File:                     XmlGYj4x1YyKPJqp_NQjcjZw6f4.roa (raw, json)
Hash identifier:          L1HUSnoUFQq+fuPLM/lJcdIa65EPowiunzRKlG6Cx8E=
Subject key identifier:   5E:69:46:62:3E:31:D5:8C:8A:3C:9A:A9:FC:D4:23:72:36:70:E9:FE
Certificate issuer:       /CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
Certificate serial:       0192331AF8655980EB924C4B96A3665A4C61
Authority key identifier: 98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/XmlGYj4x1YyKPJqp_NQjcjZw6f4.roa
Signing time:             Fri 27 Sep 2024 10:50:58 +0000
ROA not before:           Fri 27 Sep 2024 10:50:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56655
IP address blocks:        45.88.200.0/24 maxlen: 24
                          45.88.201.0/24 maxlen: 24
                          151.216.64.0/21 maxlen: 24
                          185.14.97.0/24 maxlen: 24
                          185.125.168.0/22 maxlen: 22
                          185.181.60.0/22 maxlen: 22
                          185.243.216.0/24 maxlen: 24
                          185.243.217.0/24 maxlen: 24
                          185.243.218.0/24 maxlen: 24
                          193.243.189.0/24 maxlen: 24
                          194.32.107.0/24 maxlen: 24
                          195.16.73.0/24 maxlen: 24
                          2a03:94e0::/32 maxlen: 32
                          2a03:94e1::/32 maxlen: 32
                          2a03:94e2::/32 maxlen: 32
                          2a03:94e3::/32 maxlen: 48
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:33:1a:f8:65:59:80:eb:92:4c:4b:96:a3:66:5a:4c:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98c1d03b49504d34465dc40a3d0f9086cacfdb8e
        Validity
            Not Before: Sep 27 10:50:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e6946623e31d58c8a3c9aa9fcd423723670e9fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:32:1c:32:17:80:f8:98:c7:8f:5f:b0:59:c8:
                    2d:2c:7d:76:be:24:1b:94:3e:82:f3:db:52:d1:26:
                    c2:64:62:e5:02:ff:28:28:ea:25:42:b7:b6:57:91:
                    67:f9:b3:28:5b:e4:ac:f2:6d:35:b2:f4:7c:8d:92:
                    2f:fd:82:87:e1:09:ed:51:d6:ee:25:d6:33:6a:b7:
                    2c:4d:db:f7:c9:8a:93:57:be:f6:07:3b:07:50:75:
                    77:17:ac:46:da:c8:51:db:09:36:da:65:10:b7:dc:
                    9a:a1:b0:78:0a:f1:eb:c9:a8:ad:69:bd:0e:eb:13:
                    a7:18:12:23:3e:b2:26:88:a1:c5:68:eb:db:75:3b:
                    2e:cb:e8:97:f9:c6:a9:c7:92:0c:d9:7e:64:54:53:
                    64:57:70:e5:7f:15:46:83:47:e5:99:24:d0:09:6b:
                    a2:73:01:ef:40:cd:66:d6:07:e8:26:af:08:a4:aa:
                    d6:5b:3d:94:e4:3d:76:9f:45:1b:b4:25:aa:06:da:
                    b5:39:17:4e:b2:21:ce:7d:ed:15:20:61:f9:55:43:
                    75:08:d0:f7:fb:61:b8:76:66:68:af:f5:99:6b:0a:
                    3e:4f:2d:de:28:4e:b3:ed:7b:e3:d0:7e:fc:20:d7:
                    ca:36:51:7e:19:de:86:22:05:d5:a2:90:cc:ae:6c:
                    d0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:69:46:62:3E:31:D5:8C:8A:3C:9A:A9:FC:D4:23:72:36:70:E9:FE
            X509v3 Authority Key Identifier:
                keyid:98:C1:D0:3B:49:50:4D:34:46:5D:C4:0A:3D:0F:90:86:CA:CF:DB:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mMHQO0lQTTRGXcQKPQ-QhsrP244.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/XmlGYj4x1YyKPJqp_NQjcjZw6f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d6c257-f501-4796-aa61-c31bde510085/1/mMHQO0lQTTRGXcQKPQ-QhsrP244.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.200.0/23
                  151.216.64.0/21
                  185.14.97.0/24
                  185.125.168.0/22
                  185.181.60.0/22
                  185.243.216.0-185.243.218.255
                  193.243.189.0/24
                  194.32.107.0/24
                  195.16.73.0/24
                IPv6:
                  2a03:94e0::/30

    Signature Algorithm: sha256WithRSAEncryption
         34:b2:a5:ec:03:ae:0a:83:46:95:53:2c:5d:f3:ab:9b:b4:63:
         8c:53:f9:91:f5:56:53:0c:e0:cd:7c:ad:f6:29:b6:c1:5c:10:
         7f:13:ca:fe:7f:dd:3f:4b:16:31:f8:cc:83:b8:23:26:d5:29:
         ff:ac:15:a4:2e:b9:eb:9d:80:9b:c0:ef:6b:dd:8f:4c:c1:84:
         1c:91:21:67:71:f6:ed:bb:0a:bd:a8:05:84:4b:d5:e0:36:c3:
         52:4c:89:08:03:3e:1e:f3:d2:dc:df:90:c3:30:15:91:af:b8:
         1e:ff:54:bf:3f:60:51:c5:41:e4:2f:e0:5a:7e:38:6e:76:25:
         dd:ff:99:c2:ac:cd:36:8b:09:fe:ad:04:41:c1:51:91:7d:bf:
         17:8f:9a:68:16:46:ec:21:af:5d:c7:4b:9a:1c:1b:2e:36:92:
         3d:4f:51:e1:b0:f4:12:25:2f:d6:a5:12:ca:cb:3e:3d:e9:b8:
         db:08:4f:ff:2e:d8:5a:4d:c0:75:b1:90:c1:64:1b:06:2f:36:
         51:8b:f7:7d:7b:bb:47:ce:dd:50:bb:8d:05:90:49:70:7a:24:
         dd:38:62:07:73:1c:4e:fe:01:e6:ee:64:e9:84:e7:22:60:45:
         7a:57:48:6a:f1:4b:36:86:1e:b8:70:da:12:b2:cf:0c:d9:bd:
         75:da:7b:3d
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZIzGvhlWYDrkkxLlqNmWkxhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YzFkMDNiNDk1MDRkMzQ0NjVkYzQwYTNkMGY5MDg2Y2Fj
ZmRiOGUwHhcNMjQwOTI3MTA1MDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTY5NDY2MjNlMzFkNThjOGEzYzlhYTlmY2Q0MjM3MjM2NzBlOWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTIcMheA+JjHj1+wWcgtLH12viQb
lD6C89tS0SbCZGLlAv8oKOolQre2V5Fn+bMoW+Ss8m01svR8jZIv/YKH4QntUdbu
JdYzarcsTdv3yYqTV772BzsHUHV3F6xG2shR2wk22mUQt9yaobB4CvHryaitab0O
6xOnGBIjPrImiKHFaOvbdTsuy+iX+capx5IM2X5kVFNkV3DlfxVGg0flmSTQCWui
cwHvQM1m1gfoJq8IpKrWWz2U5D12n0UbtCWqBtq1ORdOsiHOfe0VIGH5VUN1CND3
+2G4dmZor/WZawo+Ty3eKE6z7Xvj0H78INfKNlF+Gd6GIgXVopDMrmzQkwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFF5pRmI+MdWMijyaqfzUI3I2cOn+MB8GA1UdIwQY
MBaAFJjB0DtJUE00Rl3ECj0PkIbKz9uOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEt
YzMxYmRlNTEwMDg1LzEvWG1sR1lqNHgxWXlLUEpxcF9OUWpjalp3NmY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kNmMyNTctZjUwMS00Nzk2LWFhNjEtYzMxYmRlNTEwMDg1
LzEvbU1IUU8wbFFUVFJHWGNRS1BRLVFoc3JQMjQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQBLVjIAwQD
l9hAAwQAuQ5hAwQCuX2oAwQCubU8MAwDBAO589gDBAC589oDBADB870DBADCIGsD
BADDEEkwDQQCAAIwBwMFAioDlOAwDQYJKoZIhvcNAQELBQADggEBADSypewDrgqD
RpVTLF3zq5u0Y4xT+ZH1VlMM4M18rfYptsFcEH8Tyv5/3T9LFjH4zIO4IybVKf+s
FaQuueudgJvA72vdj0zBhByRIWdx9u27Cr2oBYRL1eA2w1JMiQgDPh7z0tzfkMMw
FZGvuB7/VL8/YFHFQeQv4Fp+OG52Jd3/mcKszTaLCf6tBEHBUZF9vxePmmgWRuwh
r13HS5ocGy42kj1PUeGw9BIlL9alEsrLPj3puNsIT/8u2FpNwHWxkMFkGwYvNlGL
9317u0fO3VC7jQWQSXB6JN04YgdzHE7+AebuZOmE5yJgRXpXSGrxSzaGHrhw2hKy
zwzZvXXaez0=
-----END CERTIFICATE-----