Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/Am_5Giqd3xcyUM8rb1q4F6O4240.roa
File:                     Am_5Giqd3xcyUM8rb1q4F6O4240.roa (raw, json)
Hash identifier:          OjI7n2uwiTq7sx+i7Q4UI/+GQBiD3/Z5jTHGYRwXHfU=
Subject key identifier:   02:6F:F9:1A:2A:9D:DF:17:32:50:CF:2B:6F:5A:B8:17:A3:B8:DB:8D
Certificate issuer:       /CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
Certificate serial:       01856BD374798DE1A2E6FDC1C498BD0594B6
Authority key identifier: 4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/Am_5Giqd3xcyUM8rb1q4F6O4240.roa
Signing time:             Sun 01 Jan 2023 05:34:58 +0000
ROA not before:           Sun 01 Jan 2023 05:34:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204084
IP address blocks:        2a0b:8040::/29 maxlen: 29
                          2a0b:e9c0::/29 maxlen: 29
                          2a0c:5d00::/29 maxlen: 29
                          2a13:3301::/32 maxlen: 32
                          2a13:3302::/32 maxlen: 32
                          2a03:f7c0::/29 maxlen: 29
                          2a0c:65c0::/29 maxlen: 29
                          2a0b:d900::/29 maxlen: 29
                          2a13:3300::/32 maxlen: 32
                          2a0c:6980::/29 maxlen: 29
                          2a0c:5c0::/29 maxlen: 29
                          2a13:3303::/32 maxlen: 32
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:d3:74:79:8d:e1:a2:e6:fd:c1:c4:98:bd:05:94:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
        Validity
            Not Before: Jan  1 05:34:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=026ff91a2a9ddf173250cf2b6f5ab817a3b8db8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8d:92:da:da:da:42:6f:fe:15:3d:fa:e1:c5:
                    01:97:af:b6:d0:fd:8c:a8:34:33:3f:73:4f:d5:9b:
                    24:8e:cb:77:21:7f:54:e7:74:f7:21:88:3b:25:33:
                    67:f7:31:d4:b2:39:ef:33:00:b6:b6:4c:26:00:45:
                    85:47:f7:d3:7a:b1:1f:a6:7f:4d:5d:87:a0:d5:c8:
                    a4:fe:82:77:a6:2b:c9:4f:30:cd:de:51:02:f2:aa:
                    89:bd:bc:65:3f:0f:d7:a5:d7:14:d8:e4:d3:ae:3d:
                    ea:20:a2:29:fb:d3:8a:e6:e8:71:e1:cb:b2:91:1f:
                    68:a1:b9:31:06:77:78:17:cd:ba:2e:6e:46:57:00:
                    2b:9d:92:5b:95:6a:13:29:ec:d4:cd:ac:e9:1d:1e:
                    8c:17:00:5e:9c:9e:7a:d9:57:20:f1:92:89:52:df:
                    ca:e3:26:a1:ca:bd:d9:15:0a:a8:1f:cf:6f:43:a7:
                    1a:16:27:ba:83:39:6a:27:d5:cc:4d:d7:6d:73:c7:
                    aa:1e:db:55:b7:2a:18:99:87:29:a2:09:7b:f6:f2:
                    68:96:f7:c1:04:77:b5:e3:87:98:25:6a:42:4c:86:
                    49:be:c6:60:93:d4:a1:60:6a:3f:1d:4c:39:98:a1:
                    87:95:7c:de:0d:1e:6a:ed:8e:d5:b0:1a:33:b7:f7:
                    34:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:6F:F9:1A:2A:9D:DF:17:32:50:CF:2B:6F:5A:B8:17:A3:B8:DB:8D
            X509v3 Authority Key Identifier:
                keyid:4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/Am_5Giqd3xcyUM8rb1q4F6O4240.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f7c0::/29
                  2a0b:8040::/29
                  2a0b:d900::/29
                  2a0b:e9c0::/29
                  2a0c:5c0::/29
                  2a0c:5d00::/29
                  2a0c:65c0::/29
                  2a0c:6980::/29
                  2a13:3300::/30

    Signature Algorithm: sha256WithRSAEncryption
         70:21:7b:3d:89:07:24:99:65:15:79:4f:77:f7:b6:e6:87:7e:
         25:26:88:e7:47:62:6a:ec:86:3d:2a:fb:37:89:53:05:3e:b5:
         38:08:37:74:03:e8:e0:cd:1d:ff:8e:1f:df:b7:18:29:d9:6a:
         cc:23:bc:2d:84:9e:fa:03:2f:b8:6e:bb:4b:94:a9:91:a5:a1:
         0d:cb:e3:28:c6:ab:a1:4e:f0:c7:83:80:ba:8f:cd:b8:74:64:
         82:c9:53:21:51:39:d6:22:65:3d:0a:6a:08:25:67:88:d9:7c:
         55:51:fa:3d:c6:db:51:51:43:62:bd:fa:52:cb:7a:c4:85:2e:
         b6:0d:72:45:e0:f9:5c:d4:1a:ba:61:71:f1:fc:5e:0f:ef:8e:
         fd:e7:20:9c:75:a2:2d:b4:dc:ec:6f:d0:e5:db:9b:c7:85:9c:
         ee:44:d6:9b:e3:4d:37:ee:81:54:56:4b:37:5c:7c:fb:b1:6e:
         64:87:a2:5c:95:84:3f:ed:0c:59:a5:f8:aa:84:e7:9f:4c:07:
         ae:b3:9a:4f:f2:64:45:5d:56:73:e2:ec:f6:2d:4d:2a:77:b4:
         0f:a7:cf:4b:59:35:65:eb:80:aa:88:0b:07:dc:2b:9b:94:04:
         65:a1:cb:af:d6:9b:7e:72:0c:29:3e:32:ea:b2:09:88:72:e0:
         85:16:71:76
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYVr03R5jeGi5v3BxJi9BZS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZTFiYmJlNTQwMDc5ZDJiN2YyNzBiOTJjZWFmM2IyYTgx
NmU4ZmEwHhcNMjMwMTAxMDUzNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjZmZjkxYTJhOWRkZjE3MzI1MGNmMmI2ZjVhYjgxN2EzYjhkYjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArI2S2traQm/+FT364cUBl6+20P2M
qDQzP3NP1Zskjst3IX9U53T3IYg7JTNn9zHUsjnvMwC2tkwmAEWFR/fTerEfpn9N
XYeg1cik/oJ3pivJTzDN3lEC8qqJvbxlPw/XpdcU2OTTrj3qIKIp+9OK5uhx4cuy
kR9oobkxBnd4F826Lm5GVwArnZJblWoTKezUzazpHR6MFwBenJ562Vcg8ZKJUt/K
4yahyr3ZFQqoH89vQ6caFie6gzlqJ9XMTddtc8eqHttVtyoYmYcpogl79vJolvfB
BHe144eYJWpCTIZJvsZgk9ShYGo/HUw5mKGHlXzeDR5q7Y7VsBozt/c0PQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFAJv+Roqnd8XMlDPK29auBejuNuNMB8GA1UdIwQY
MBaAFEvhu75UAHnSt/JwuSzq87KoFuj6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMt
MWVmMWNlZTY2MWNhLzEvQW1fNUdpcWQzeGN5VU04cmIxcTRGNk80MjQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMtMWVmMWNlZTY2MWNh
LzEvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwUDKgP3wAMF
AyoLgEADBQMqC9kAAwUDKgvpwAMFAyoMBcADBQMqDF0AAwUDKgxlwAMFAyoMaYAD
BQIqEzMAMA0GCSqGSIb3DQEBCwUAA4IBAQBwIXs9iQckmWUVeU9397bmh34lJojn
R2Jq7IY9Kvs3iVMFPrU4CDd0A+jgzR3/jh/ftxgp2WrMI7wthJ76Ay+4brtLlKmR
paENy+MoxquhTvDHg4C6j824dGSCyVMhUTnWImU9CmoIJWeI2XxVUfo9xttRUUNi
vfpSy3rEhS62DXJF4Plc1Bq6YXHx/F4P74795yCcdaIttNzsb9Dl25vHhZzuRNab
40037oFUVks3XHz7sW5kh6JclYQ/7QxZpfiqhOefTAeus5pP8mRFXVZz4uz2LU0q
d7QPp89LWTVl64CqiAsH3CublARlocuv1pt+cgwpPjLqsgmIcuCFFnF2
-----END CERTIFICATE-----