Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/ptnwDLP7EJSIn95aoeOPCMI8tqc.roa
File:                     ptnwDLP7EJSIn95aoeOPCMI8tqc.roa (raw, json)
Hash identifier:          DaKLNhDGDFlGCtBvfdK0m5C4crIbxAfFTx1i5ZB+yfA=
Subject key identifier:   A6:D9:F0:0C:B3:FB:10:94:88:9F:DE:5A:A1:E3:8F:08:C2:3C:B6:A7
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018CC8DE32BD3E7FB7BE993717B7C8E13940
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/ptnwDLP7EJSIn95aoeOPCMI8tqc.roa
Signing time:             Tue 02 Jan 2024 06:30:54 +0000
ROA not before:           Tue 02 Jan 2024 06:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49505
IP address blocks:        212.60.7.0/24 maxlen: 24
                          194.156.106.0/24 maxlen: 24
                          194.156.107.0/24 maxlen: 24
                          94.154.191.0/24 maxlen: 24
                          94.154.188.0/24 maxlen: 24
                          94.154.189.0/24 maxlen: 24
                          45.81.139.0/24 maxlen: 24
                          45.95.28.0/24 maxlen: 24
                          45.87.255.0/24 maxlen: 24
                          45.129.79.0/24 maxlen: 24
                          193.187.106.0/24 maxlen: 24
                          194.156.104.0/24 maxlen: 24
                          194.156.105.0/24 maxlen: 24
                          2a01:48a0:4201::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:32:bd:3e:7f:b7:be:99:37:17:b7:c8:e1:39:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan  2 06:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6d9f00cb3fb1094889fde5aa1e38f08c23cb6a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:87:ab:95:bb:8d:de:d9:82:09:05:35:e7:cc:
                    b4:30:3a:7c:be:67:0e:72:c4:df:97:6c:46:92:22:
                    4a:9b:24:e5:34:3b:e0:88:76:12:45:9b:e4:11:59:
                    ad:a4:61:f8:8b:a4:58:c8:8a:21:38:3d:58:f8:6f:
                    bf:74:d4:08:66:20:40:de:76:3d:ab:e2:82:0e:42:
                    d8:67:d1:fe:da:70:26:2d:cc:64:30:3a:1c:74:83:
                    c8:d4:95:4e:e7:f7:69:fc:c3:d8:9e:27:49:45:78:
                    f9:c7:ab:bb:01:1c:ac:14:0e:58:4e:a1:d3:dd:07:
                    25:45:b1:a2:5d:57:0c:60:0a:7c:5a:37:61:cf:fd:
                    64:b1:b9:0d:d7:80:2e:9b:a3:5b:62:59:2b:09:65:
                    ea:53:a9:d5:90:2a:2b:df:2f:13:fa:63:c9:d9:90:
                    91:f7:db:79:18:d1:35:29:fa:25:77:95:4e:ac:09:
                    86:00:2e:34:a1:e5:65:27:31:12:88:c0:d7:3e:23:
                    82:3b:c5:2d:ed:2e:79:c9:29:df:ad:9c:ab:d0:8c:
                    fc:47:47:3c:07:4b:af:c0:98:95:3c:15:99:b4:34:
                    8e:65:c6:4f:18:e7:01:50:a7:94:12:5d:76:4d:06:
                    61:8d:56:44:79:fc:38:66:7a:14:09:8e:83:41:2a:
                    ca:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:D9:F0:0C:B3:FB:10:94:88:9F:DE:5A:A1:E3:8F:08:C2:3C:B6:A7
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/ptnwDLP7EJSIn95aoeOPCMI8tqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.139.0/24
                  45.87.255.0/24
                  45.95.28.0/24
                  45.129.79.0/24
                  94.154.188.0/23
                  94.154.191.0/24
                  193.187.106.0/24
                  194.156.104.0/22
                  212.60.7.0/24
                IPv6:
                  2a01:48a0:4201::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:5f:28:cb:67:ba:dc:88:89:af:b3:92:f1:f4:7a:c9:ff:fd:
         2a:9b:02:72:17:16:0a:8f:a9:0d:a0:fe:8d:06:78:58:c8:a6:
         d5:8c:e4:69:d1:d7:63:30:a7:fb:3c:68:49:bb:80:1e:e0:a6:
         62:2d:3c:a5:94:a6:8b:a5:32:6c:a5:9c:71:8c:5d:83:91:98:
         62:fa:19:c3:4a:6f:c4:ba:22:02:68:a1:3e:79:34:8c:20:c9:
         71:ca:83:e5:3a:4e:90:fe:ba:aa:7a:c4:d4:33:a6:d2:d5:8e:
         7f:b2:08:64:72:bc:78:e8:9d:9c:1a:f1:de:09:1a:ab:e1:ed:
         48:96:82:e4:3d:88:71:65:7f:1d:91:12:49:3e:83:67:66:2d:
         38:87:55:bc:f8:ff:49:36:b8:bb:62:4d:e2:b1:c2:a4:5e:08:
         ff:49:da:36:2c:ec:22:42:3f:2b:8e:df:f9:d1:bf:44:55:f7:
         44:71:cd:05:a6:3e:82:a8:8d:f7:5c:e7:bd:49:e6:4a:44:34:
         b7:e5:5f:d4:72:2e:46:cc:1b:3a:70:15:b5:e8:e0:34:7c:3e:
         5c:a7:21:e3:c8:09:f2:30:62:62:e9:d0:0b:3e:3b:ed:85:76:
         9a:a3:7f:04:f6:52:7e:e7:cc:e0:da:89:04:8e:16:89:6a:29:
         1c:84:ec:6f
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYzI3jK9Pn+3vpk3F7fI4TlAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMTAyMDYzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmQ5ZjAwY2IzZmIxMDk0ODg5ZmRlNWFhMWUzOGYwOGMyM2NiNmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4erlbuN3tmCCQU158y0MDp8vmcO
csTfl2xGkiJKmyTlNDvgiHYSRZvkEVmtpGH4i6RYyIohOD1Y+G+/dNQIZiBA3nY9
q+KCDkLYZ9H+2nAmLcxkMDocdIPI1JVO5/dp/MPYnidJRXj5x6u7ARysFA5YTqHT
3QclRbGiXVcMYAp8Wjdhz/1ksbkN14Aum6NbYlkrCWXqU6nVkCor3y8T+mPJ2ZCR
99t5GNE1Kfold5VOrAmGAC40oeVlJzESiMDXPiOCO8Ut7S55ySnfrZyr0Iz8R0c8
B0uvwJiVPBWZtDSOZcZPGOcBUKeUEl12TQZhjVZEefw4ZnoUCY6DQSrKXQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFKbZ8Ayz+xCUiJ/eWqHjjwjCPLanMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvcHRud0RMUDdFSlNJbjk1YW9lT1BDTUk4dHFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA8BAIAATA2AwQALVGLAwQA
LVf/AwQALV8cAwQALYFPAwQBXpq8AwQAXpq/AwQAwbtqAwQCwpxoAwQA1DwHMA8E
AgACMAkDBwAqAUigQgEwDQYJKoZIhvcNAQELBQADggEBAJFfKMtnutyIia+zkvH0
esn//SqbAnIXFgqPqQ2g/o0GeFjIptWM5GnR12Mwp/s8aEm7gB7gpmItPKWUpoul
MmylnHGMXYORmGL6GcNKb8S6IgJooT55NIwgyXHKg+U6TpD+uqp6xNQzptLVjn+y
CGRyvHjonZwa8d4JGqvh7UiWguQ9iHFlfx2REkk+g2dmLTiHVbz4/0k2uLtiTeKx
wqReCP9J2jYs7CJCPyuO3/nRv0RV90RxzQWmPoKojfdc571J5kpENLflX9RyLkbM
GzpwFbXo4DR8PlynIePICfIwYmLp0As+O+2FdpqjfwT2Un7nzODaiQSOFolqKRyE
7G8=
-----END CERTIFICATE-----