Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/jnp4B_e6YuWOhaBUw-xIyK4LWZM.roa
File:                     jnp4B_e6YuWOhaBUw-xIyK4LWZM.roa (raw, json)
Hash identifier:          Yi6uNUpCVYhlMeez99p9BDDPFD6zimOM45E9ZC0yLTU=
Subject key identifier:   8E:7A:78:07:F7:BA:62:E5:8E:85:A0:54:C3:EC:48:C8:AE:0B:59:93
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       018C91C8137C1A580FEA51A896E7632C2B5F
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/jnp4B_e6YuWOhaBUw-xIyK4LWZM.roa
Signing time:             Fri 22 Dec 2023 13:47:37 +0000
ROA not before:           Fri 22 Dec 2023 13:47:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44814
IP address blocks:        93.94.137.0/24 maxlen: 24
                          93.94.136.0/24 maxlen: 24
                          93.94.138.0/24 maxlen: 24
                          93.94.143.0/24 maxlen: 24
                          93.94.141.0/24 maxlen: 24
                          93.94.140.0/24 maxlen: 24
                          185.7.217.0/24 maxlen: 24
                          46.253.10.0/24 maxlen: 24
                          46.253.8.0/24 maxlen: 24
                          46.253.15.0/24 maxlen: 24
                          95.169.213.0/24 maxlen: 24
                          95.169.208.0/20 maxlen: 20
                          95.169.219.0/24 maxlen: 24
                          95.169.218.0/24 maxlen: 24
                          95.169.222.0/24 maxlen: 24
                          2a01:4a40::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:91:c8:13:7c:1a:58:0f:ea:51:a8:96:e7:63:2c:2b:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Dec 22 13:47:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8e7a7807f7ba62e58e85a054c3ec48c8ae0b5993
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9e:b8:6b:fd:f4:ee:d8:4d:e4:23:79:ec:22:
                    c3:6e:7b:4d:b8:f8:50:3f:40:f7:56:2b:53:da:f9:
                    a7:0c:45:86:fe:fc:55:36:8c:1b:c9:33:3f:7b:fd:
                    86:b9:0b:f2:ea:6d:83:5b:44:a7:10:1e:41:56:bb:
                    3b:cc:1a:53:82:54:42:ea:72:65:fb:90:1e:07:f8:
                    40:bb:aa:9e:f6:5c:24:78:f0:59:78:a2:dc:a9:40:
                    7e:19:99:43:ee:ba:23:25:7d:b4:83:a6:bf:51:02:
                    68:d5:e8:0c:6c:a5:21:4e:7b:3c:8d:75:22:ff:dc:
                    56:65:04:96:9c:2e:7e:47:35:88:f3:e6:e0:b2:0f:
                    2e:5f:6a:87:2f:3f:1b:b1:2f:9a:c1:0f:ea:05:a3:
                    ba:39:c1:15:3a:c4:87:11:dd:92:01:d0:fb:f1:47:
                    0f:95:2d:c4:ea:7d:2a:ba:be:ec:67:74:93:76:c8:
                    bb:86:81:bd:c6:e5:e1:33:eb:10:d8:32:92:e0:68:
                    13:29:bf:39:b4:1a:5a:32:15:8d:11:cd:9a:5c:d4:
                    c4:8b:ac:cb:7d:5a:0a:02:94:a3:3b:88:49:08:3b:
                    ca:d8:c1:bd:6d:c7:7e:99:73:82:bb:75:3e:94:7a:
                    24:b9:96:b3:ce:a6:c4:3f:fd:3e:a9:5a:a6:66:27:
                    ee:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:7A:78:07:F7:BA:62:E5:8E:85:A0:54:C3:EC:48:C8:AE:0B:59:93
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/jnp4B_e6YuWOhaBUw-xIyK4LWZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.8.0/24
                  46.253.10.0/24
                  46.253.15.0/24
                  93.94.136.0-93.94.138.255
                  93.94.140.0/23
                  93.94.143.0/24
                  95.169.208.0/20
                  185.7.217.0/24
                IPv6:
                  2a01:4a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:23:d0:55:5a:67:80:e5:6d:3e:7f:c3:16:d4:44:8e:f9:ab:
         a2:c2:f5:12:b8:c3:44:30:4c:ec:d4:49:21:92:5d:97:f0:80:
         bf:8f:26:be:e2:08:73:ec:25:26:cf:c3:61:4e:e1:56:c1:10:
         96:fb:70:e0:ec:15:c8:48:b8:86:43:9b:96:5c:41:8a:9f:7d:
         45:04:ac:cc:49:b9:79:f0:90:6d:e6:1a:33:9b:6a:90:58:b2:
         9d:33:c2:45:37:90:09:cb:85:ea:ec:e8:75:0e:ef:eb:a5:11:
         98:d8:ac:db:78:30:b9:4c:d6:21:23:98:02:c8:28:85:9d:6a:
         32:df:37:5f:aa:03:71:b7:d8:8f:1d:3b:4d:59:dc:e3:bb:eb:
         d5:bf:9d:0f:89:0f:2b:26:70:bb:0c:34:21:75:7d:20:a9:36:
         8d:15:99:8e:15:f4:3a:20:80:43:8d:d5:cd:3f:9a:83:86:61:
         10:c1:ff:ab:8c:f1:59:aa:b2:48:b6:c6:c6:45:84:9a:4f:07:
         d9:f8:f5:49:56:ca:94:64:f5:f0:25:fd:4d:b3:98:f6:cf:8b:
         b8:73:40:f5:37:2a:0d:2f:a6:19:0f:23:34:49:df:7c:2a:73:
         fd:f9:8f:fd:d2:d8:4c:71:ab:f3:e7:eb:72:2b:37:07:9d:23:
         7f:2b:23:44
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYyRyBN8GlgP6lGoludjLCtfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjMxMjIyMTM0NzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTdhNzgwN2Y3YmE2MmU1OGU4NWEwNTRjM2VjNDhjOGFlMGI1OTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsp64a/307thN5CN57CLDbntNuPhQ
P0D3VitT2vmnDEWG/vxVNowbyTM/e/2GuQvy6m2DW0SnEB5BVrs7zBpTglRC6nJl
+5AeB/hAu6qe9lwkePBZeKLcqUB+GZlD7rojJX20g6a/UQJo1egMbKUhTns8jXUi
/9xWZQSWnC5+RzWI8+bgsg8uX2qHLz8bsS+awQ/qBaO6OcEVOsSHEd2SAdD78UcP
lS3E6n0qur7sZ3STdsi7hoG9xuXhM+sQ2DKS4GgTKb85tBpaMhWNEc2aXNTEi6zL
fVoKApSjO4hJCDvK2MG9bcd+mXOCu3U+lHokuZazzqbEP/0+qVqmZifubwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFI56eAf3umLljoWgVMPsSMiuC1mTMB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvam5wNEJfZTZZdVdPaGFCVXcteEl5SzRMV1pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA+BAIAATA4AwQALv0IAwQA
Lv0KAwQALv0PMAwDBANdXogDBABdXooDBAFdXowDBABdXo8DBARfqdADBAC5B9kw
DQQCAAIwBwMFACoBSkAwDQYJKoZIhvcNAQELBQADggEBAA4j0FVaZ4DlbT5/wxbU
RI75q6LC9RK4w0QwTOzUSSGSXZfwgL+PJr7iCHPsJSbPw2FO4VbBEJb7cODsFchI
uIZDm5ZcQYqffUUErMxJuXnwkG3mGjObapBYsp0zwkU3kAnLhers6HUO7+ulEZjY
rNt4MLlM1iEjmALIKIWdajLfN1+qA3G32I8dO01Z3OO769W/nQ+JDysmcLsMNCF1
fSCpNo0VmY4V9DoggEON1c0/moOGYRDB/6uM8Vmqski2xsZFhJpPB9n49UlWypRk
9fAl/U2zmPbPi7hzQPU3Kg0vphkPIzRJ33wqc/35j/3S2Exxq/Pn63IrNwedI38r
I0Q=
-----END CERTIFICATE-----