Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/XPVdlmwGUFCe24P9rXc18dhyQwI.roa
File:                     XPVdlmwGUFCe24P9rXc18dhyQwI.roa (raw, json)
Hash identifier:          muVlrzLKeFuzPozSg1x2IZPzKNdd6w25KXQcpoe41E0=
Subject key identifier:   5C:F5:5D:96:6C:06:50:50:9E:DB:83:FD:AD:77:35:F1:D8:72:43:02
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018BFC13DDDD089A9E2D28BF7879F8BC67BB
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/XPVdlmwGUFCe24P9rXc18dhyQwI.roa
Signing time:             Thu 23 Nov 2023 12:07:22 +0000
ROA not before:           Thu 23 Nov 2023 12:07:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49505
IP address blocks:        212.60.7.0/24 maxlen: 24
                          194.156.106.0/24 maxlen: 24
                          194.156.107.0/24 maxlen: 24
                          94.154.191.0/24 maxlen: 24
                          94.154.188.0/24 maxlen: 24
                          94.154.189.0/24 maxlen: 24
                          45.81.139.0/24 maxlen: 24
                          45.95.28.0/24 maxlen: 24
                          45.87.255.0/24 maxlen: 24
                          45.129.79.0/24 maxlen: 24
                          193.187.106.0/24 maxlen: 24
                          194.156.104.0/24 maxlen: 24
                          194.156.105.0/24 maxlen: 24
                          2a01:48a0:4201::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:fc:13:dd:dd:08:9a:9e:2d:28:bf:78:79:f8:bc:67:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Nov 23 12:07:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5cf55d966c0650509edb83fdad7735f1d8724302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:91:32:b0:c9:fb:83:69:c7:d5:fe:47:64:de:
                    bb:c2:bc:57:12:79:4a:82:73:87:70:6a:6b:36:10:
                    62:ae:17:9d:3a:29:8e:00:dc:ec:c7:c9:3c:1c:09:
                    87:f7:48:dd:cb:5c:8e:e1:a9:19:bf:ab:77:45:f3:
                    f9:28:e5:d2:fa:ec:a2:d8:3f:6a:78:9b:c7:6e:8f:
                    0d:8a:ca:8a:e3:2d:2a:89:93:35:76:80:f7:19:00:
                    72:c0:01:1e:dd:c5:18:fb:51:b0:74:4f:7b:60:0e:
                    7f:d8:8c:c3:dd:45:52:a5:75:d5:0d:6b:ac:e3:e2:
                    0d:ce:f8:d4:8a:80:1e:a5:ba:a1:80:92:c7:f5:54:
                    5f:1e:f2:ff:d0:67:45:d0:98:ac:6d:0c:47:f5:9c:
                    1f:33:e6:1a:dc:12:48:11:9c:24:7a:dc:1a:f0:fb:
                    1c:41:6d:a6:d2:9f:df:c1:c5:06:cb:a4:9d:e2:5b:
                    d7:73:94:cc:35:a0:fb:fc:94:76:08:db:57:73:08:
                    50:20:72:ce:7b:b2:3c:79:4c:00:b3:ff:c8:d9:47:
                    b8:b5:70:c0:b3:63:c5:da:3c:bd:77:d9:b5:d5:b5:
                    1a:5b:dc:bd:fa:00:39:05:b2:42:d3:15:04:ca:9c:
                    30:88:65:5e:26:ca:99:86:f7:77:3f:e5:8e:42:a9:
                    db:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:F5:5D:96:6C:06:50:50:9E:DB:83:FD:AD:77:35:F1:D8:72:43:02
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/XPVdlmwGUFCe24P9rXc18dhyQwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.139.0/24
                  45.87.255.0/24
                  45.95.28.0/24
                  45.129.79.0/24
                  94.154.188.0/23
                  94.154.191.0/24
                  193.187.106.0/24
                  194.156.104.0/22
                  212.60.7.0/24
                IPv6:
                  2a01:48a0:4201::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:b8:2d:b2:5f:4d:23:98:9b:76:56:20:ee:22:67:f7:7c:8a:
         3e:51:02:f5:c4:e1:ff:5b:8e:a9:cf:59:a7:6e:86:d3:67:df:
         85:10:82:7b:82:51:af:17:14:c7:cf:aa:c7:06:0f:12:8c:50:
         2d:b7:c7:0b:93:ec:58:84:3e:a2:42:09:ef:90:9c:21:7c:09:
         93:6b:b2:9f:90:dd:c4:26:a5:8d:b0:07:19:0b:6b:ba:7d:0c:
         79:fd:da:df:dd:99:36:ca:6d:e8:91:75:c7:ae:67:2b:d7:85:
         ca:54:c1:09:be:67:f3:78:4e:8b:ad:56:bc:98:5a:77:25:23:
         cb:05:42:0f:3d:d4:ed:23:37:61:b7:73:78:a9:07:ab:c0:0a:
         bc:a2:54:21:4e:47:eb:9d:39:6a:e1:a1:f2:51:e2:d0:35:54:
         11:3e:49:bd:6a:27:16:6d:be:f4:9a:3f:3d:f8:71:71:92:bf:
         0f:65:f0:a4:8c:fe:a0:02:06:06:2a:d2:83:9d:26:f6:0d:0f:
         59:58:ea:9f:df:db:86:ae:0c:a2:bb:9c:1b:3a:67:5b:ba:e4:
         aa:8d:4d:33:16:17:6d:90:97:01:b7:d9:eb:b2:dd:3d:55:f1:
         9c:90:99:4d:98:75:1c:fa:f1:d9:b5:23:00:13:30:3d:31:ce:
         65:cf:65:69
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYv8E93dCJqeLSi/eHn4vGe7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMxMTIzMTIwNzIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2Y1NWQ5NjZjMDY1MDUwOWVkYjgzZmRhZDc3MzVmMWQ4NzI0MzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5EysMn7g2nH1f5HZN67wrxXEnlK
gnOHcGprNhBirhedOimOANzsx8k8HAmH90jdy1yO4akZv6t3RfP5KOXS+uyi2D9q
eJvHbo8NisqK4y0qiZM1doD3GQBywAEe3cUY+1GwdE97YA5/2IzD3UVSpXXVDWus
4+INzvjUioAepbqhgJLH9VRfHvL/0GdF0JisbQxH9ZwfM+Ya3BJIEZwketwa8Psc
QW2m0p/fwcUGy6Sd4lvXc5TMNaD7/JR2CNtXcwhQIHLOe7I8eUwAs//I2Ue4tXDA
s2PF2jy9d9m11bUaW9y9+gA5BbJC0xUEypwwiGVeJsqZhvd3P+WOQqnbAwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFz1XZZsBlBQntuD/a13NfHYckMCMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvWFBWZGxtd0dVRkNlMjRQOXJYYzE4ZGh5UXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA8BAIAATA2AwQALVGLAwQA
LVf/AwQALV8cAwQALYFPAwQBXpq8AwQAXpq/AwQAwbtqAwQCwpxoAwQA1DwHMA8E
AgACMAkDBwAqAUigQgEwDQYJKoZIhvcNAQELBQADggEBAD64LbJfTSOYm3ZWIO4i
Z/d8ij5RAvXE4f9bjqnPWaduhtNn34UQgnuCUa8XFMfPqscGDxKMUC23xwuT7FiE
PqJCCe+QnCF8CZNrsp+Q3cQmpY2wBxkLa7p9DHn92t/dmTbKbeiRdceuZyvXhcpU
wQm+Z/N4ToutVryYWnclI8sFQg891O0jN2G3c3ipB6vACryiVCFOR+udOWrhofJR
4tA1VBE+Sb1qJxZtvvSaPz34cXGSvw9l8KSM/qACBgYq0oOdJvYND1lY6p/f24au
DKK7nBs6Z1u65KqNTTMWF22QlwG32euy3T1V8ZyQmU2YdRz68dm1IwATMD0xzmXP
ZWk=
-----END CERTIFICATE-----