Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/692b1e-c9fe-43e0-b722-53a60480761d/1/iWYvmEzG2393iTmUZlRCfA2rgUs.roa
File:                     iWYvmEzG2393iTmUZlRCfA2rgUs.roa (raw, json)
Hash identifier:          7ygb8cqeso5e9nnQO2EB9GNB6tz8/bmxzHyco3yzxxY=
Subject key identifier:   89:66:2F:98:4C:C6:DB:7F:77:89:39:94:66:54:42:7C:0D:AB:81:4B
Certificate issuer:       /CN=efa70cb849e3837451bd79af7dc7e035963e6043
Certificate serial:       018572D5B89A9CC1D8966EB04EDB38FF7A6E
Authority key identifier: EF:A7:0C:B8:49:E3:83:74:51:BD:79:AF:7D:C7:E0:35:96:3E:60:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/76cMuEnjg3RRvXmvfcfgNZY-YEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/692b1e-c9fe-43e0-b722-53a60480761d/1/iWYvmEzG2393iTmUZlRCfA2rgUs.roa
Signing time:             Mon 02 Jan 2023 14:14:47 +0000
ROA not before:           Mon 02 Jan 2023 14:14:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34916
IP address blocks:        91.246.38.0/24 maxlen: 24
                          89.44.238.0/23 maxlen: 23
                          89.42.118.0/23 maxlen: 23
                          86.106.27.0/24 maxlen: 24
                          89.43.206.0/23 maxlen: 23
                          86.104.231.0/24 maxlen: 24
                          86.105.204.0/23 maxlen: 23
                          85.204.193.0/24 maxlen: 24
                          86.105.226.0/24 maxlen: 24
                          89.35.250.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:d5:b8:9a:9c:c1:d8:96:6e:b0:4e:db:38:ff:7a:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efa70cb849e3837451bd79af7dc7e035963e6043
        Validity
            Not Before: Jan  2 14:14:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=89662f984cc6db7f778939946654427c0dab814b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d9:9f:9d:e3:7c:e7:90:99:bf:5d:8e:f5:2e:
                    f4:13:6b:4c:0f:0b:dd:5b:0c:bf:1c:86:77:ca:6d:
                    06:0f:e2:19:2c:e8:c5:18:8b:5b:7c:96:08:41:d5:
                    4c:49:4b:38:42:48:0e:07:13:18:58:9c:92:4f:27:
                    c0:15:62:f7:28:0b:fd:61:2e:82:9f:a1:06:2b:19:
                    be:3f:f6:9b:17:0e:7d:91:7f:ba:24:6f:24:1d:40:
                    6c:db:67:d4:e5:da:36:66:9f:80:1a:12:9e:67:4e:
                    24:4f:6e:60:e7:e7:95:56:b7:01:9c:6e:0b:6a:ca:
                    73:bf:05:5e:54:ee:e0:a6:6e:66:94:0e:53:c0:48:
                    98:28:9b:8e:db:a4:66:9f:d5:78:f7:9e:b7:ba:de:
                    5f:24:e3:8e:e3:57:4c:ac:30:3c:1b:7c:45:e7:d9:
                    93:48:bb:70:a0:f7:c5:72:4b:fd:ba:b3:13:87:4b:
                    95:cc:39:b3:1b:ee:ae:cb:d3:9c:6c:3d:6e:63:c4:
                    81:17:d3:ae:83:02:e4:8c:ab:8c:10:55:ac:79:c4:
                    19:24:fd:57:7d:97:58:9c:cb:54:68:92:71:f9:1a:
                    0b:f5:54:b1:3d:4c:30:59:f8:4d:f7:3b:fe:fe:b1:
                    50:0b:26:20:01:63:19:17:53:08:cd:10:12:b8:c6:
                    be:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:66:2F:98:4C:C6:DB:7F:77:89:39:94:66:54:42:7C:0D:AB:81:4B
            X509v3 Authority Key Identifier:
                keyid:EF:A7:0C:B8:49:E3:83:74:51:BD:79:AF:7D:C7:E0:35:96:3E:60:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/76cMuEnjg3RRvXmvfcfgNZY-YEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/692b1e-c9fe-43e0-b722-53a60480761d/1/iWYvmEzG2393iTmUZlRCfA2rgUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/692b1e-c9fe-43e0-b722-53a60480761d/1/76cMuEnjg3RRvXmvfcfgNZY-YEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.193.0/24
                  86.104.231.0/24
                  86.105.204.0/23
                  86.105.226.0/24
                  86.106.27.0/24
                  89.35.250.0/23
                  89.42.118.0/23
                  89.43.206.0/23
                  89.44.238.0/23
                  91.246.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:d8:c6:7b:b7:60:5d:76:a0:96:77:8f:77:ba:b5:0b:37:98:
         8b:2c:da:78:77:bd:0f:d4:fd:a6:40:e8:fd:fd:d9:45:bf:90:
         a1:73:8b:68:a0:46:cb:24:46:1c:90:c6:e9:a1:26:fb:d7:99:
         ea:2d:5d:f2:0b:f1:99:c4:33:8d:ce:5d:ab:c9:87:b5:97:f4:
         2a:c8:aa:11:2f:5a:c1:cd:6a:3b:25:a3:05:e3:92:a5:6a:80:
         4a:a7:7b:9f:15:16:c3:2f:21:93:c3:65:47:f4:40:d5:2f:8b:
         b3:f3:a9:00:73:82:6c:b4:04:d0:d3:66:87:db:40:b2:21:fb:
         c9:f0:91:46:16:ec:7a:4c:ca:af:73:a6:32:b5:b6:ca:8d:a9:
         dc:09:06:a9:c0:e1:30:cf:84:5c:f0:54:1a:ee:e2:2b:ef:c6:
         90:0e:d3:c0:11:40:a8:ae:40:d6:d8:e6:6d:a6:db:01:a2:e7:
         72:d5:d4:d3:b9:35:9a:a4:c8:c7:8e:b8:5f:bc:fb:6d:55:20:
         2d:55:4d:18:3e:00:b2:8d:5f:6b:53:68:49:ec:24:1b:86:69:
         fa:f8:42:00:bc:11:eb:d6:8a:88:e6:32:ee:fd:48:d6:39:e8:
         a0:88:90:91:ba:7f:62:a1:03:48:6d:3f:cf:68:f0:7c:86:4b:
         0a:da:c4:ec
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYVy1bianMHYlm6wTts4/3puMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYTcwY2I4NDllMzgzNzQ1MWJkNzlhZjdkYzdlMDM1OTYz
ZTYwNDMwHhcNMjMwMTAyMTQxNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTY2MmY5ODRjYzZkYjdmNzc4OTM5OTQ2NjU0NDI3YzBkYWI4MTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNmfneN855CZv12O9S70E2tMDwvd
Wwy/HIZ3ym0GD+IZLOjFGItbfJYIQdVMSUs4QkgOBxMYWJySTyfAFWL3KAv9YS6C
n6EGKxm+P/abFw59kX+6JG8kHUBs22fU5do2Zp+AGhKeZ04kT25g5+eVVrcBnG4L
aspzvwVeVO7gpm5mlA5TwEiYKJuO26Rmn9V49563ut5fJOOO41dMrDA8G3xF59mT
SLtwoPfFckv9urMTh0uVzDmzG+6uy9OcbD1uY8SBF9OugwLkjKuMEFWsecQZJP1X
fZdYnMtUaJJx+RoL9VSxPUwwWfhN9zv+/rFQCyYgAWMZF1MIzRASuMa+yQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFIlmL5hMxtt/d4k5lGZUQnwNq4FLMB8GA1UdIwQY
MBaAFO+nDLhJ44N0Ub15r33H4DWWPmBDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzZjTXVFbmpnM1JSdlhtdmZjZmdOWlktWUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS82OTJiMWUtYzlmZS00M2UwLWI3MjIt
NTNhNjA0ODA3NjFkLzEvaVdZdm1FekcyMzkzaVRtVVpsUkNmQTJyZ1VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS82OTJiMWUtYzlmZS00M2UwLWI3MjItNTNhNjA0ODA3NjFk
LzEvNzZjTXVFbmpnM1JSdlhtdmZjZmdOWlktWUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAVczBAwQA
VmjnAwQBVmnMAwQAVmniAwQAVmobAwQBWSP6AwQBWSp2AwQBWSvOAwQBWSzuAwQA
W/YmMA0GCSqGSIb3DQEBCwUAA4IBAQCn2MZ7t2BddqCWd493urULN5iLLNp4d70P
1P2mQOj9/dlFv5Chc4tooEbLJEYckMbpoSb715nqLV3yC/GZxDONzl2ryYe1l/Qq
yKoRL1rBzWo7JaMF45KlaoBKp3ufFRbDLyGTw2VH9EDVL4uz86kAc4JstATQ02aH
20CyIfvJ8JFGFux6TMqvc6YytbbKjancCQapwOEwz4Rc8FQa7uIr78aQDtPAEUCo
rkDW2OZtptsBoudy1dTTuTWapMjHjrhfvPttVSAtVU0YPgCyjV9rU2hJ7CQbhmn6
+EIAvBHr1oqI5jLu/UjWOeigiJCRun9ioQNIbT/PaPB8hksK2sTs
-----END CERTIFICATE-----