Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/YigPnRHn6i8vXDuak43wgRSCGq4.roa
File:                     YigPnRHn6i8vXDuak43wgRSCGq4.roa (raw, json)
Hash identifier:          MThxkF/5ScfzhB65Dqv9TJjSzvN2vPrxOjDVTaOu1RQ=
Subject key identifier:   62:28:0F:9D:11:E7:EA:2F:2F:5C:3B:9A:93:8D:F0:81:14:82:1A:AE
Certificate issuer:       /CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Certificate serial:       01909257A0F024DC36FD69A8DD6C27756AED
Authority key identifier: 94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/YigPnRHn6i8vXDuak43wgRSCGq4.roa
Signing time:             Mon 08 Jul 2024 12:35:34 +0000
ROA not before:           Mon 08 Jul 2024 12:35:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.80.28.0/24 maxlen: 24
                          45.80.30.0/24 maxlen: 24
                          45.80.31.0/24 maxlen: 24
                          86.62.28.0/24 maxlen: 24
                          86.62.29.0/24 maxlen: 24
                          86.62.30.0/24 maxlen: 24
                          86.62.31.0/24 maxlen: 24
                          185.81.126.0/24 maxlen: 24
                          185.81.127.0/24 maxlen: 24
                          193.228.139.0/24 maxlen: 24
                          194.36.32.0/23 maxlen: 23
                          194.36.32.0/24 maxlen: 24
                          194.36.33.0/24 maxlen: 24
                          194.107.160.0/24 maxlen: 24
                          194.107.161.0/24 maxlen: 24
                          194.107.162.0/24 maxlen: 24
                          194.107.163.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:92:57:a0:f0:24:dc:36:fd:69:a8:dd:6c:27:75:6a:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
        Validity
            Not Before: Jul  8 12:35:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62280f9d11e7ea2f2f5c3b9a938df08114821aae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:19:7e:d0:12:43:58:d0:18:04:78:64:dc:c6:
                    9b:41:ef:cb:04:de:9d:ad:d1:11:43:15:66:1a:b1:
                    66:38:1e:71:9f:30:2c:ad:a3:dc:d8:e5:02:0c:f6:
                    49:e0:b9:cd:99:4a:c4:52:93:47:a3:0e:9b:0d:5b:
                    4e:58:64:a1:ea:7d:7c:5d:2c:30:8a:a6:9c:d4:cf:
                    f9:3e:45:8f:05:ef:ac:39:57:7d:ec:fb:4a:df:f6:
                    f2:8c:7f:de:80:c9:45:9e:b8:01:98:90:c9:12:24:
                    17:fb:34:50:7f:8f:b4:7a:4b:df:5e:18:77:21:c3:
                    78:1d:95:fa:bd:20:af:5b:03:f6:80:03:11:7e:a4:
                    28:4b:b2:18:5b:aa:1a:e9:b7:f0:a7:38:16:a4:c9:
                    da:c6:02:ae:05:cb:91:2a:90:3b:7e:5f:28:2c:6d:
                    32:e0:db:04:c7:c3:90:6f:32:8c:92:88:21:c4:b2:
                    5d:57:b9:e2:2f:71:73:9d:f2:ae:d2:fe:a0:69:70:
                    cc:91:db:34:1e:9a:1c:bf:0b:36:08:86:b6:b0:19:
                    ae:7a:e1:d1:9d:4d:d8:08:1c:b2:85:30:1a:f3:0c:
                    f1:ab:a8:a6:19:9a:23:b4:66:0f:36:0f:89:fe:d7:
                    8f:b1:ab:45:32:24:87:1c:a0:29:1d:a2:14:68:0d:
                    d4:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:28:0F:9D:11:E7:EA:2F:2F:5C:3B:9A:93:8D:F0:81:14:82:1A:AE
            X509v3 Authority Key Identifier:
                keyid:94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/YigPnRHn6i8vXDuak43wgRSCGq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.28.0/24
                  45.80.30.0/23
                  86.62.28.0/22
                  185.81.126.0/23
                  193.228.139.0/24
                  194.36.32.0/23
                  194.107.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:c8:94:af:c8:25:54:2a:59:c3:e4:96:50:41:2c:ed:2c:c9:
         2d:96:87:c8:d0:a0:04:2d:57:78:14:a6:4b:76:52:7d:74:c7:
         e1:b3:f7:80:5d:fb:f2:10:f0:e5:4d:8c:97:f9:a1:4e:9c:8c:
         94:ea:a5:97:96:5f:e0:8a:ee:18:48:0d:a9:a3:72:35:32:3e:
         73:74:19:0d:49:8c:c6:e1:0a:50:07:f4:7d:aa:99:0e:d8:40:
         e5:f8:ba:1e:c0:af:48:2e:92:37:d7:d7:0f:de:ca:1c:4e:68:
         41:5f:17:81:c0:37:78:45:f2:d7:9d:11:70:91:5a:0e:94:e4:
         13:9f:91:25:19:2a:81:af:8e:ea:51:00:6a:fb:2e:77:12:82:
         28:1a:b5:b6:5a:a3:44:1d:a4:44:f0:b5:14:4c:f6:4a:0d:d8:
         85:66:0f:49:a0:f1:31:65:da:39:d5:d5:6c:1d:fc:94:e9:ae:
         55:31:77:2a:87:de:58:81:eb:ee:b5:1f:6f:d3:8f:09:2f:05:
         8b:6b:e7:b0:42:70:f8:8a:2b:05:c9:b1:97:88:29:d7:b6:a2:
         19:ab:8f:f4:e5:4d:a5:ad:df:11:fb:82:09:e9:c2:97:90:80:
         19:c7:55:18:20:95:44:7b:51:2c:63:3c:60:0b:26:2b:a8:ff:
         af:2b:17:fd
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZCSV6DwJNw2/Wmo3WwndWrtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZTU5ZDI0NWQxNTBkYzM4YzQ4OTYyNjNkY2JkY2JiZDY3
NDcwYTcwHhcNMjQwNzA4MTIzNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjI4MGY5ZDExZTdlYTJmMmY1YzNiOWE5MzhkZjA4MTE0ODIxYWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Rl+0BJDWNAYBHhk3MabQe/LBN6d
rdERQxVmGrFmOB5xnzAsraPc2OUCDPZJ4LnNmUrEUpNHow6bDVtOWGSh6n18XSww
iqac1M/5PkWPBe+sOVd97PtK3/byjH/egMlFnrgBmJDJEiQX+zRQf4+0ekvfXhh3
IcN4HZX6vSCvWwP2gAMRfqQoS7IYW6oa6bfwpzgWpMnaxgKuBcuRKpA7fl8oLG0y
4NsEx8OQbzKMkoghxLJdV7niL3FznfKu0v6gaXDMkds0Hpocvws2CIa2sBmueuHR
nU3YCByyhTAa8wzxq6imGZojtGYPNg+J/tePsatFMiSHHKApHaIUaA3UZwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGIoD50R5+ovL1w7mpON8IEUghquMB8GA1UdIwQY
MBaAFJTlnSRdFQ3DjEiWJj3L3LvWdHCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDIt
ZWU5NWI2Y2MzNDc0LzEvWWlnUG5SSG42aTh2WER1YWs0M3dnUlNDR3E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDItZWU5NWI2Y2MzNDc0
LzEvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALVAcAwQB
LVAeAwQCVj4cAwQBuVF+AwQAweSLAwQBwiQgAwQCwmugMA0GCSqGSIb3DQEBCwUA
A4IBAQCFyJSvyCVUKlnD5JZQQSztLMktlofI0KAELVd4FKZLdlJ9dMfhs/eAXfvy
EPDlTYyX+aFOnIyU6qWXll/giu4YSA2po3I1Mj5zdBkNSYzG4QpQB/R9qpkO2EDl
+LoewK9ILpI319cP3socTmhBXxeBwDd4RfLXnRFwkVoOlOQTn5ElGSqBr47qUQBq
+y53EoIoGrW2WqNEHaRE8LUUTPZKDdiFZg9JoPExZdo51dVsHfyU6a5VMXcqh95Y
gevutR9v048JLwWLa+ewQnD4iisFybGXiCnXtqIZq4/05U2lrd8R+4IJ6cKXkIAZ
x1UYIJVEe1EsYzxgCyYrqP+vKxf9
-----END CERTIFICATE-----