Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/jtqEqc3cPM-x3FI3lnRxhQ0oPYA.roa
File:                     jtqEqc3cPM-x3FI3lnRxhQ0oPYA.roa (raw, json)
Hash identifier:          UB9wxe3HUCOirFgmFrTP7gdmzfYVIyp0Iu/ohl9Vg8M=
Subject key identifier:   8E:DA:84:A9:CD:DC:3C:CF:B1:DC:52:37:96:74:71:85:0D:28:3D:80
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       01896553B5B5AF84192E40BB7E1918186639
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/jtqEqc3cPM-x3FI3lnRxhQ0oPYA.roa
Signing time:             Mon 17 Jul 2023 19:28:52 +0000
ROA not before:           Mon 17 Jul 2023 19:28:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49505
IP address blocks:        212.60.7.0/24 maxlen: 24
                          45.130.144.0/24 maxlen: 24
                          194.156.106.0/24 maxlen: 24
                          194.156.107.0/24 maxlen: 24
                          94.154.191.0/24 maxlen: 24
                          94.154.188.0/24 maxlen: 24
                          94.154.189.0/24 maxlen: 24
                          45.81.139.0/24 maxlen: 24
                          45.95.28.0/24 maxlen: 24
                          45.87.255.0/24 maxlen: 24
                          45.129.79.0/24 maxlen: 24
                          193.187.106.0/24 maxlen: 24
                          194.156.104.0/24 maxlen: 24
                          194.156.105.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:65:53:b5:b5:af:84:19:2e:40:bb:7e:19:18:18:66:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jul 17 19:28:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8eda84a9cddc3ccfb1dc5237967471850d283d80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:fe:08:fb:90:95:19:b5:9c:50:52:40:4a:ea:
                    e0:f2:d7:43:30:ff:4c:8d:a9:07:36:ad:87:0c:e4:
                    2e:85:d9:d7:61:c9:d5:d4:54:24:80:ec:7f:4a:e1:
                    ec:aa:01:8a:96:58:3f:99:79:b5:b3:4e:b9:65:4d:
                    9e:2b:79:6e:c6:11:98:9c:61:1d:e2:50:a8:f2:46:
                    5a:d8:d5:ad:a2:5b:17:c8:a2:ff:1f:93:de:e7:52:
                    6a:aa:f6:ba:27:33:27:8a:33:65:04:66:a6:7f:17:
                    73:5f:05:6e:0a:31:da:c0:d8:9f:4e:50:6e:da:22:
                    e7:15:fc:d8:10:e0:74:22:d1:d0:f2:7e:0b:e9:08:
                    ae:9c:72:5e:90:5a:d3:c2:72:df:ec:6d:3d:79:59:
                    57:23:df:21:34:fc:f4:6b:06:0f:1a:f6:51:bd:4f:
                    b6:90:86:c3:9f:09:02:c3:34:33:e1:0b:3e:22:f0:
                    1d:49:12:28:25:9a:93:b7:7f:f0:63:fb:c5:84:e8:
                    9b:1c:8a:d2:6a:5d:7d:3c:1a:b1:25:9f:1f:90:36:
                    2a:1e:ae:bf:64:de:eb:7a:2c:07:bb:16:c0:b9:a3:
                    d8:3c:21:d6:5c:4b:ec:30:5b:fe:63:a8:19:c7:c2:
                    23:77:eb:1a:9c:ca:49:b0:dd:60:39:5c:c1:04:a3:
                    73:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:DA:84:A9:CD:DC:3C:CF:B1:DC:52:37:96:74:71:85:0D:28:3D:80
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/jtqEqc3cPM-x3FI3lnRxhQ0oPYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.139.0/24
                  45.87.255.0/24
                  45.95.28.0/24
                  45.129.79.0/24
                  45.130.144.0/24
                  94.154.188.0/23
                  94.154.191.0/24
                  193.187.106.0/24
                  194.156.104.0/22
                  212.60.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:90:0d:45:36:28:8e:b5:a8:46:95:aa:45:2a:12:e1:05:f1:
         12:50:d6:4e:12:48:ef:3b:6d:be:3e:1c:b4:8c:2e:ee:a0:03:
         d1:86:ba:d9:c1:a7:cc:6b:6f:67:a8:a3:b8:0e:40:0f:9d:80:
         72:66:32:f5:d9:e3:b8:92:0a:08:03:f7:e8:65:bd:53:ff:8a:
         19:42:a1:6b:82:45:95:b2:a3:ee:20:13:d8:cd:84:2c:92:a8:
         8f:fc:58:fb:4c:90:60:44:7f:25:2d:8e:da:2c:22:7c:d0:92:
         d5:89:36:84:f3:b5:ef:4a:5b:30:c5:ef:b8:60:64:66:a8:ae:
         63:3f:75:41:b1:35:b9:37:6e:76:93:27:ff:2f:c6:5d:7b:e0:
         05:90:db:6a:1a:f4:82:38:bb:12:8d:92:a0:0e:8d:5b:99:52:
         ac:4a:3c:9d:cc:0a:36:70:ff:46:88:25:82:45:c4:33:fa:3c:
         35:c9:51:d9:b0:20:ca:62:62:b1:44:a8:c6:5a:09:40:1d:05:
         f6:1e:63:69:98:cb:34:fd:b6:bd:98:9c:6b:71:82:7b:2a:10:
         62:e3:b8:e3:38:1e:1c:f1:bb:30:87:b2:ae:78:ef:37:2d:c2:
         65:d5:33:4b:11:a7:b1:7a:96:4a:b1:89:e9:53:0f:c0:fd:93:
         f7:03:18:2d
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYllU7W1r4QZLkC7fhkYGGY5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwNzE3MTkyODUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWRhODRhOWNkZGMzY2NmYjFkYzUyMzc5Njc0NzE4NTBkMjgzZDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyf4I+5CVGbWcUFJASurg8tdDMP9M
jakHNq2HDOQuhdnXYcnV1FQkgOx/SuHsqgGKllg/mXm1s065ZU2eK3luxhGYnGEd
4lCo8kZa2NWtolsXyKL/H5Pe51Jqqva6JzMnijNlBGamfxdzXwVuCjHawNifTlBu
2iLnFfzYEOB0ItHQ8n4L6QiunHJekFrTwnLf7G09eVlXI98hNPz0awYPGvZRvU+2
kIbDnwkCwzQz4Qs+IvAdSRIoJZqTt3/wY/vFhOibHIrSal19PBqxJZ8fkDYqHq6/
ZN7reiwHuxbAuaPYPCHWXEvsMFv+Y6gZx8Ijd+sanMpJsN1gOVzBBKNzxQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFI7ahKnN3DzPsdxSN5Z0cYUNKD2AMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvanRxRXFjM2NQTS14M0ZJM2xuUnhoUTBvUFlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALVGLAwQA
LVf/AwQALV8cAwQALYFPAwQALYKQAwQBXpq8AwQAXpq/AwQAwbtqAwQCwpxoAwQA
1DwHMA0GCSqGSIb3DQEBCwUAA4IBAQAbkA1FNiiOtahGlapFKhLhBfESUNZOEkjv
O22+Phy0jC7uoAPRhrrZwafMa29nqKO4DkAPnYByZjL12eO4kgoIA/foZb1T/4oZ
QqFrgkWVsqPuIBPYzYQskqiP/Fj7TJBgRH8lLY7aLCJ80JLViTaE87XvSlswxe+4
YGRmqK5jP3VBsTW5N252kyf/L8Zde+AFkNtqGvSCOLsSjZKgDo1bmVKsSjydzAo2
cP9GiCWCRcQz+jw1yVHZsCDKYmKxRKjGWglAHQX2HmNpmMs0/ba9mJxrcYJ7KhBi
47jjOB4c8bswh7KueO83LcJl1TNLEaexepZKsYnpUw/A/ZP3Axgt
-----END CERTIFICATE-----