Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/b8a454-a699-4269-b676-63ae2eace298/1/Guf5im8WDUeKeV6Hw_j7F0NAZH8.roa
File:                     Guf5im8WDUeKeV6Hw_j7F0NAZH8.roa (raw, json)
Hash identifier:          NO0dAlaXcYwVr9dDVQhIKttar5Ar51xURI+xbQhGVXM=
Subject key identifier:   1A:E7:F9:8A:6F:16:0D:47:8A:79:5E:87:C3:F8:FB:17:43:40:64:7F
Certificate issuer:       /CN=ee9887ba5f457d797afdac2c5551defb453d88f3
Certificate serial:       01907832E07A9D1EEB751BE5387FB9517E76
Authority key identifier: EE:98:87:BA:5F:45:7D:79:7A:FD:AC:2C:55:51:DE:FB:45:3D:88:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7piHul9FfXl6_awsVVHe-0U9iPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/b8a454-a699-4269-b676-63ae2eace298/1/Guf5im8WDUeKeV6Hw_j7F0NAZH8.roa
Signing time:             Wed 03 Jul 2024 10:45:18 +0000
ROA not before:           Wed 03 Jul 2024 10:45:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35362
IP address blocks:        5.83.16.0/21 maxlen: 21
                          37.17.240.0/22 maxlen: 22
                          62.84.248.0/21 maxlen: 21
                          95.158.0.0/18 maxlen: 18
                          146.0.80.0/21 maxlen: 21
                          176.113.160.0/22 maxlen: 22
                          176.113.168.0/21 maxlen: 21
                          185.11.28.0/22 maxlen: 22
                          2a01:b480::/32 maxlen: 32
                          2a07:1080::/29 maxlen: 29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:78:32:e0:7a:9d:1e:eb:75:1b:e5:38:7f:b9:51:7e:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee9887ba5f457d797afdac2c5551defb453d88f3
        Validity
            Not Before: Jul  3 10:45:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ae7f98a6f160d478a795e87c3f8fb174340647f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:82:67:ce:99:25:ee:73:1e:7f:3a:e2:cc:06:
                    0c:9a:80:21:4b:27:de:1b:cd:1d:91:fe:e1:93:ca:
                    ee:4c:1f:1f:65:1e:46:ce:0e:16:15:b4:15:6a:c8:
                    e9:5b:1c:4d:37:f0:35:7c:fd:36:22:ea:56:7d:25:
                    4e:3d:b4:7c:ba:0f:1f:35:02:93:9e:dc:8d:50:a0:
                    7d:9b:b9:3d:82:3b:4c:8f:48:35:4b:7d:51:73:78:
                    f4:13:8b:4c:f4:91:8d:19:09:e5:53:3f:05:f4:75:
                    0c:5d:a4:e5:3b:28:c6:2f:d6:d5:ee:a4:3b:a2:38:
                    d7:5e:68:21:bb:e0:45:41:7e:fd:29:77:f7:9c:42:
                    b8:95:7c:bd:ad:cb:5a:f7:20:29:3c:94:ed:4e:7b:
                    25:9b:d8:eb:77:76:fa:0c:c3:d4:94:b8:b2:53:b6:
                    ea:f9:cc:a9:8b:dc:8c:6a:ba:84:e8:43:c2:ff:36:
                    14:3a:ef:60:76:aa:10:ec:2d:4e:e2:56:74:df:d9:
                    0e:f7:4f:f6:ab:24:76:a4:da:a8:43:09:4e:bc:87:
                    e0:a7:f7:96:55:27:25:7a:60:09:4b:ab:a0:90:7b:
                    fe:72:9c:5d:e4:23:db:cd:13:56:96:4b:0d:cb:19:
                    ea:93:89:be:df:e2:0d:d4:5f:f9:1e:db:93:91:fa:
                    59:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:E7:F9:8A:6F:16:0D:47:8A:79:5E:87:C3:F8:FB:17:43:40:64:7F
            X509v3 Authority Key Identifier:
                keyid:EE:98:87:BA:5F:45:7D:79:7A:FD:AC:2C:55:51:DE:FB:45:3D:88:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7piHul9FfXl6_awsVVHe-0U9iPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/b8a454-a699-4269-b676-63ae2eace298/1/Guf5im8WDUeKeV6Hw_j7F0NAZH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/b8a454-a699-4269-b676-63ae2eace298/1/7piHul9FfXl6_awsVVHe-0U9iPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.16.0/21
                  37.17.240.0/22
                  62.84.248.0/21
                  95.158.0.0/18
                  146.0.80.0/21
                  176.113.160.0/22
                  176.113.168.0/21
                  185.11.28.0/22
                IPv6:
                  2a01:b480::/32
                  2a07:1080::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:5a:c7:83:fd:6f:e0:81:e3:6b:42:30:99:b2:dd:9a:e4:ec:
         a3:23:74:2f:59:99:53:b7:84:e8:02:19:f8:e9:c4:c4:4b:fe:
         b2:60:35:a7:03:58:f9:44:57:11:ed:6c:1f:fe:8e:d3:5a:fe:
         e3:ae:85:d4:16:cd:cd:52:4f:62:4e:36:d5:d1:89:d0:00:60:
         f1:57:81:de:b1:c5:f4:35:6b:81:7e:5f:ce:7e:b1:37:f8:24:
         d6:cd:80:59:ea:83:bb:a3:40:6d:13:77:17:fb:cf:cf:7f:a6:
         bd:d7:4c:1c:32:16:08:1f:d2:fd:a7:ab:4d:28:ff:a5:67:07:
         67:2e:7c:99:9c:55:e7:25:b5:54:00:a6:c3:d2:df:b1:44:71:
         e8:70:21:5d:18:5c:1f:3d:43:f5:d3:d5:c8:29:de:aa:5d:bd:
         5d:f1:c2:fa:1d:18:f8:67:72:09:2e:7d:d6:70:59:b4:3d:4d:
         47:58:97:4b:c8:4f:c5:c6:b2:77:4a:4b:dc:fd:fc:d3:19:99:
         a2:7d:0d:cb:e7:7b:f9:2e:86:19:68:47:67:8f:6e:c2:72:20:
         d9:b4:6c:61:0d:5a:54:e2:f4:fd:59:30:b5:89:e3:e2:e4:67:
         c9:8c:f5:8a:45:7e:1d:4b:68:7b:6e:86:f2:53:36:3c:72:b7:
         fb:41:a2:27
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZB4MuB6nR7rdRvlOH+5UX52MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlOTg4N2JhNWY0NTdkNzk3YWZkYWMyYzU1NTFkZWZiNDUz
ZDg4ZjMwHhcNMjQwNzAzMTA0NTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWU3Zjk4YTZmMTYwZDQ3OGE3OTVlODdjM2Y4ZmIxNzQzNDA2NDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IJnzpkl7nMefzrizAYMmoAhSyfe
G80dkf7hk8ruTB8fZR5Gzg4WFbQVasjpWxxNN/A1fP02IupWfSVOPbR8ug8fNQKT
ntyNUKB9m7k9gjtMj0g1S31Rc3j0E4tM9JGNGQnlUz8F9HUMXaTlOyjGL9bV7qQ7
ojjXXmghu+BFQX79KXf3nEK4lXy9rcta9yApPJTtTnslm9jrd3b6DMPUlLiyU7bq
+cypi9yMarqE6EPC/zYUOu9gdqoQ7C1O4lZ039kO90/2qyR2pNqoQwlOvIfgp/eW
VSclemAJS6ugkHv+cpxd5CPbzRNWlksNyxnqk4m+3+IN1F/5HtuTkfpZMwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFBrn+YpvFg1Hinleh8P4+xdDQGR/MB8GA1UdIwQY
MBaAFO6Yh7pfRX15ev2sLFVR3vtFPYjzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3BpSHVsOUZmWGw2X2F3c1ZWSGUtMFU5aVBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9iOGE0NTQtYTY5OS00MjY5LWI2NzYt
NjNhZTJlYWNlMjk4LzEvR3VmNWltOFdEVWVLZVY2SHdfajdGME5BWkg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9iOGE0NTQtYTY5OS00MjY5LWI2NzYtNjNhZTJlYWNlMjk4
LzEvN3BpSHVsOUZmWGw2X2F3c1ZWSGUtMFU5aVBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQDBVMQAwQC
JRHwAwQDPlT4AwQGX54AAwQDkgBQAwQCsHGgAwQDsHGoAwQCuQscMBQEAgACMA4D
BQAqAbSAAwUDKgcQgDANBgkqhkiG9w0BAQsFAAOCAQEAbVrHg/1v4IHja0IwmbLd
muTsoyN0L1mZU7eE6AIZ+OnExEv+smA1pwNY+URXEe1sH/6O01r+466F1BbNzVJP
Yk421dGJ0ABg8VeB3rHF9DVrgX5fzn6xN/gk1s2AWeqDu6NAbRN3F/vPz3+mvddM
HDIWCB/S/aerTSj/pWcHZy58mZxV5yW1VACmw9LfsURx6HAhXRhcHz1D9dPVyCne
ql29XfHC+h0Y+GdyCS591nBZtD1NR1iXS8hPxcayd0pL3P380xmZon0Ny+d7+S6G
GWhHZ49uwnIg2bRsYQ1aVOL0/VkwtYnj4uRnyYz1ikV+HUtoe26G8lM2PHK3+0Gi
Jw==
-----END CERTIFICATE-----