Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/7b0aae-9d27-4951-bab7-da394384e925/1/z8xYvRXZdzXWxs9rBbSav7srsSI.roa
File:                     z8xYvRXZdzXWxs9rBbSav7srsSI.roa (raw, json)
Hash identifier:          i8/BDIFqxMoPXr3VqzeQc8EquYaW1E+zYIldfu1oJIM=
Subject key identifier:   CF:CC:58:BD:15:D9:77:35:D6:C6:CF:6B:05:B4:9A:BF:BB:2B:B1:22
Certificate issuer:       /CN=63f14f8e144c6d50c38ab4faff5ac6e547fe1d47
Certificate serial:       01875FCCAFEEE2FFB05F617435D3157926A1
Authority key identifier: 63:F1:4F:8E:14:4C:6D:50:C3:8A:B4:FA:FF:5A:C6:E5:47:FE:1D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y_FPjhRMbVDDirT6_1rG5Uf-HUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/7b0aae-9d27-4951-bab7-da394384e925/1/z8xYvRXZdzXWxs9rBbSav7srsSI.roa
Signing time:             Sat 08 Apr 2023 07:37:42 +0000
ROA not before:           Sat 08 Apr 2023 07:37:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43926
IP address blocks:        46.253.36.0/24 maxlen: 24
                          46.253.35.0/24 maxlen: 24
                          46.253.37.0/24 maxlen: 24
                          46.253.38.0/24 maxlen: 24
                          46.253.32.0/24 maxlen: 24
                          46.253.34.0/24 maxlen: 24
                          46.253.33.0/24 maxlen: 24
                          46.253.39.0/24 maxlen: 24
                          46.253.41.0/24 maxlen: 24
                          46.253.40.0/24 maxlen: 24
                          46.253.43.0/24 maxlen: 24
                          46.253.42.0/24 maxlen: 24
                          46.253.44.0/24 maxlen: 24
                          185.58.172.0/24 maxlen: 24
                          46.253.46.0/24 maxlen: 24
                          46.253.45.0/24 maxlen: 24
                          46.253.47.0/24 maxlen: 24
                          185.58.173.0/24 maxlen: 24
                          185.58.174.0/24 maxlen: 24
                          185.58.175.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:5f:cc:af:ee:e2:ff:b0:5f:61:74:35:d3:15:79:26:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63f14f8e144c6d50c38ab4faff5ac6e547fe1d47
        Validity
            Not Before: Apr  8 07:37:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cfcc58bd15d97735d6c6cf6b05b49abfbb2bb122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2d:31:e4:42:4f:95:31:1a:d6:f5:44:ba:12:
                    72:25:af:40:d6:b3:32:ea:07:a6:c8:86:ef:78:4b:
                    3c:1c:4f:26:ca:ab:22:f6:ad:b6:0d:cc:ac:83:e8:
                    c5:08:40:de:b9:38:03:d6:69:a8:67:49:94:7a:17:
                    88:33:a1:46:fd:2a:e3:5d:ab:2e:e3:28:33:79:ac:
                    85:25:68:62:5c:cd:25:26:dd:df:05:38:ee:43:b7:
                    a0:e1:11:59:f9:6b:c4:36:1b:08:bb:f3:88:2e:ba:
                    b7:31:b3:d1:d7:e8:8c:1a:a7:e3:fc:7a:8f:f7:55:
                    5b:b6:17:50:f2:7c:ef:c1:32:4a:8f:da:cf:7f:10:
                    cc:44:66:aa:95:b6:fa:0a:bd:f1:74:69:07:8a:f5:
                    91:e5:7f:4b:c5:0d:46:bb:70:22:bf:4f:d2:80:51:
                    69:9f:06:48:89:e5:5f:da:f4:07:e5:8d:22:fb:30:
                    91:2d:a9:c2:44:5e:da:bd:fe:b3:8c:64:3c:95:88:
                    a8:e3:af:09:3f:54:b6:09:c9:f2:e9:03:0e:45:40:
                    44:d8:2c:0e:85:3b:ed:73:e1:92:de:68:88:60:93:
                    14:28:3e:d4:d3:41:f4:d1:a1:4a:2b:0e:3b:ad:aa:
                    79:52:8d:3f:41:32:52:13:6b:cd:26:18:59:20:3c:
                    d8:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:CC:58:BD:15:D9:77:35:D6:C6:CF:6B:05:B4:9A:BF:BB:2B:B1:22
            X509v3 Authority Key Identifier:
                keyid:63:F1:4F:8E:14:4C:6D:50:C3:8A:B4:FA:FF:5A:C6:E5:47:FE:1D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y_FPjhRMbVDDirT6_1rG5Uf-HUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/7b0aae-9d27-4951-bab7-da394384e925/1/z8xYvRXZdzXWxs9rBbSav7srsSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/7b0aae-9d27-4951-bab7-da394384e925/1/Y_FPjhRMbVDDirT6_1rG5Uf-HUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.32.0/20
                  185.58.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:cd:52:76:fb:f7:85:25:dc:73:9d:20:c8:ea:84:e5:44:40:
         ae:76:45:51:8a:c7:b7:6b:ae:b0:21:c1:67:38:06:ce:e4:3b:
         cd:ab:6a:fd:ca:0c:dc:5d:ce:4e:ef:18:a2:59:5b:66:5a:a4:
         cd:99:46:00:77:e3:9b:71:79:7c:40:88:8c:1d:56:51:e2:59:
         72:72:37:96:c8:5b:83:72:59:56:cf:17:2d:ed:ff:ec:0f:17:
         18:53:35:15:75:eb:88:ef:eb:42:0f:4d:68:e9:c7:04:1b:21:
         43:d2:b1:ed:ee:39:a1:f6:71:04:4b:99:b3:5b:c3:8c:6a:c8:
         fc:22:29:cb:4f:07:3b:bf:6f:7d:60:04:fb:56:a7:41:7a:12:
         0f:16:b4:27:d6:6f:e0:a2:47:19:0c:81:31:88:73:5b:ee:63:
         62:a0:ee:d4:07:14:ff:d7:be:88:6b:90:f4:29:6e:61:af:51:
         ab:b8:c1:cf:68:70:2a:a4:ce:b6:62:64:4e:88:1f:4e:d4:59:
         da:a5:fd:26:5b:a7:e1:09:19:90:78:72:b2:5e:a3:06:ca:6d:
         24:ea:b5:9a:6e:86:14:a0:ab:86:37:90:ff:63:a3:b3:fd:d0:
         27:15:79:e6:7d:10:67:11:bd:5b:da:91:f2:87:9a:bb:f5:1b:
         4a:72:87:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYdfzK/u4v+wX2F0NdMVeSahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZjE0ZjhlMTQ0YzZkNTBjMzhhYjRmYWZmNWFjNmU1NDdm
ZTFkNDcwHhcNMjMwNDA4MDczNzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmNjNThiZDE1ZDk3NzM1ZDZjNmNmNmIwNWI0OWFiZmJiMmJiMTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAry0x5EJPlTEa1vVEuhJyJa9A1rMy
6gemyIbveEs8HE8myqsi9q22Dcysg+jFCEDeuTgD1mmoZ0mUeheIM6FG/SrjXasu
4ygzeayFJWhiXM0lJt3fBTjuQ7eg4RFZ+WvENhsIu/OILrq3MbPR1+iMGqfj/HqP
91VbthdQ8nzvwTJKj9rPfxDMRGaqlbb6Cr3xdGkHivWR5X9LxQ1Gu3Aiv0/SgFFp
nwZIieVf2vQH5Y0i+zCRLanCRF7avf6zjGQ8lYio468JP1S2Ccny6QMORUBE2CwO
hTvtc+GS3miIYJMUKD7U00H00aFKKw47rap5Uo0/QTJSE2vNJhhZIDzYkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM/MWL0V2Xc11sbPawW0mr+7K7EiMB8GA1UdIwQY
MBaAFGPxT44UTG1Qw4q0+v9axuVH/h1HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWV9GUGpoUk1iVkREaXJUNl8xckc1VWYtSFVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS83YjBhYWUtOWQyNy00OTUxLWJhYjct
ZGEzOTQzODRlOTI1LzEvejh4WXZSWFpkelhXeHM5ckJiU2F2N3Nyc1NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS83YjBhYWUtOWQyNy00OTUxLWJhYjctZGEzOTQzODRlOTI1
LzEvWV9GUGpoUk1iVkREaXJUNl8xckc1VWYtSFVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQELv0gAwQC
uTqsMA0GCSqGSIb3DQEBCwUAA4IBAQClzVJ2+/eFJdxznSDI6oTlRECudkVRise3
a66wIcFnOAbO5DvNq2r9ygzcXc5O7xiiWVtmWqTNmUYAd+ObcXl8QIiMHVZR4lly
cjeWyFuDcllWzxct7f/sDxcYUzUVdeuI7+tCD01o6ccEGyFD0rHt7jmh9nEES5mz
W8OMasj8IinLTwc7v299YAT7VqdBehIPFrQn1m/gokcZDIExiHNb7mNioO7UBxT/
176Ia5D0KW5hr1GruMHPaHAqpM62YmROiB9O1Fnapf0mW6fhCRmQeHKyXqMGym0k
6rWaboYUoKuGN5D/Y6Oz/dAnFXnmfRBnEb1b2pHyh5q79RtKcocs
-----END CERTIFICATE-----