Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/lAEDaKZZ5Xx_kzGW1YXxmdXjxeg.roa
File:                     lAEDaKZZ5Xx_kzGW1YXxmdXjxeg.roa (raw, json)
Hash identifier:          ahTA4fqgsD0uRAzK+23mCuXHPmlZLpoj7LOvs6k5Cp0=
Subject key identifier:   94:01:03:68:A6:59:E5:7C:7F:93:31:96:D5:85:F1:99:D5:E3:C5:E8
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       0187371840DF0B6EEA6DCFD5A158DADF87E8
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/lAEDaKZZ5Xx_kzGW1YXxmdXjxeg.roa
Signing time:             Fri 31 Mar 2023 09:55:49 +0000
ROA not before:           Fri 31 Mar 2023 09:55:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12325
IP address blocks:        94.177.28.0/24 maxlen: 24
                          86.105.144.0/22 maxlen: 24
                          185.18.224.0/23 maxlen: 24
                          86.106.26.0/24 maxlen: 24
                          89.35.124.0/23 maxlen: 24
                          93.114.176.0/23 maxlen: 24
                          89.46.128.0/22 maxlen: 24
                          89.39.94.0/23 maxlen: 24
                          94.177.144.0/24 maxlen: 24
                          89.39.123.0/24 maxlen: 24
                          89.45.228.0/24 maxlen: 24
                          188.215.40.0/22 maxlen: 24
                          89.40.222.0/23 maxlen: 24
                          31.14.228.0/22 maxlen: 24
                          89.46.232.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:37:18:40:df:0b:6e:ea:6d:cf:d5:a1:58:da:df:87:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Mar 31 09:55:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=94010368a659e57c7f933196d585f199d5e3c5e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:a8:d0:d0:c3:1d:df:be:31:b8:0b:a0:77:98:
                    9f:45:dd:ad:b8:a6:a3:31:7c:0f:0a:78:28:29:53:
                    2b:ab:47:a5:09:de:5d:cd:e3:c9:e4:28:7c:a6:db:
                    22:ca:52:b4:73:15:65:c3:82:96:f5:93:e2:10:ea:
                    cb:31:d3:f1:9d:75:1a:5c:9e:e3:eb:de:08:70:49:
                    0c:f7:7b:6e:1d:e0:d5:7f:b8:23:a8:1b:1c:fa:72:
                    a3:d7:18:ee:d9:18:f4:74:b3:ee:3d:bf:e6:01:1d:
                    64:af:b7:cf:80:b8:c3:54:e9:cd:6a:6a:a8:42:9b:
                    6b:9c:09:f8:c5:52:6b:6e:55:82:cc:9b:b1:a1:7a:
                    89:19:77:fb:a7:a0:07:d7:5f:b7:65:e6:19:4c:d9:
                    75:1a:86:26:06:03:bd:1b:17:66:bc:9f:fe:78:a0:
                    66:d2:f6:a2:f0:b4:ff:7c:3e:0d:8b:ef:e5:7c:68:
                    19:3a:fa:a3:f5:a8:95:dc:96:81:ef:34:a0:d2:b7:
                    24:b4:49:dc:13:44:9f:36:9f:4d:c9:39:6d:eb:fa:
                    c7:92:55:24:d3:5a:5d:27:e0:47:d0:f8:64:7c:b8:
                    0e:c9:9a:05:07:16:5b:5f:7d:ba:20:69:e5:1c:4a:
                    11:8d:12:67:e3:d7:2c:12:c5:5f:b3:49:00:17:d7:
                    71:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:01:03:68:A6:59:E5:7C:7F:93:31:96:D5:85:F1:99:D5:E3:C5:E8
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/lAEDaKZZ5Xx_kzGW1YXxmdXjxeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.228.0/22
                  86.105.144.0/22
                  86.106.26.0/24
                  89.35.124.0/23
                  89.39.94.0/23
                  89.39.123.0/24
                  89.40.222.0/23
                  89.45.228.0/24
                  89.46.128.0/22
                  89.46.232.0/21
                  93.114.176.0/23
                  94.177.28.0/24
                  94.177.144.0/24
                  185.18.224.0/23
                  188.215.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:87:a5:e9:ad:ef:38:4c:59:e3:91:51:44:2c:22:3f:23:d1:
         90:e0:da:9a:59:4b:cc:42:b1:9a:a9:9e:48:1f:48:02:1d:24:
         aa:d6:29:50:dc:54:f6:7d:b4:23:75:44:65:2f:13:2c:4d:cd:
         06:52:f2:68:78:3a:99:63:ed:d8:93:df:db:f0:5b:d3:3d:eb:
         fa:3d:43:9b:35:18:ef:2a:22:21:83:7f:88:52:61:76:2b:ea:
         9d:be:2a:8c:77:66:77:0f:17:3e:eb:c7:ac:b4:6e:16:1f:62:
         71:ff:cf:d9:44:59:9d:30:71:5c:0f:8f:e2:26:2d:15:aa:8b:
         dd:f1:36:20:08:f0:91:f3:58:ea:a2:37:bc:54:62:2f:dc:aa:
         e1:34:35:43:28:46:f3:ba:7a:41:30:e7:3b:08:86:bd:6c:de:
         0a:4d:6d:20:44:9b:90:e6:46:63:39:02:65:f8:0f:32:bd:bf:
         49:83:c6:20:46:f9:16:ed:6d:72:8e:d4:fc:98:84:6c:f3:59:
         04:2c:08:78:2e:c0:0f:bd:59:ee:5b:96:45:0d:2a:d7:91:ee:
         c0:33:6e:0e:ee:36:64:17:39:30:37:19:d6:b8:a3:e9:c4:af:
         ed:e2:6e:9c:3c:b9:4f:20:b6:0e:5b:1a:49:db:77:ab:9e:55:
         fe:4d:23:64
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYc3GEDfC27qbc/VoVja34foMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjMwMzMxMDk1NTQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDAxMDM2OGE2NTllNTdjN2Y5MzMxOTZkNTg1ZjE5OWQ1ZTNjNWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKjQ0MMd374xuAugd5ifRd2tuKaj
MXwPCngoKVMrq0elCd5dzePJ5Ch8ptsiylK0cxVlw4KW9ZPiEOrLMdPxnXUaXJ7j
694IcEkM93tuHeDVf7gjqBsc+nKj1xju2Rj0dLPuPb/mAR1kr7fPgLjDVOnNamqo
QptrnAn4xVJrblWCzJuxoXqJGXf7p6AH11+3ZeYZTNl1GoYmBgO9GxdmvJ/+eKBm
0vai8LT/fD4Ni+/lfGgZOvqj9aiV3JaB7zSg0rcktEncE0SfNp9NyTlt6/rHklUk
01pdJ+BH0PhkfLgOyZoFBxZbX326IGnlHEoRjRJn49csEsVfs0kAF9dxKQIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFJQBA2imWeV8f5MxltWF8ZnV48XoMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2xBRURhS1paNVh4X2t6R1cxWVh4bWRYanhlZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwcwYIKwYBBQUHAQcBAf8EZDBiMGAEAgABMFoDBAIfDuQD
BAJWaZADBABWahoDBAFZI3wDBAFZJ14DBABZJ3sDBAFZKN4DBABZLeQDBAJZLoAD
BANZLugDBAFdcrADBABesRwDBABesZADBAG5EuADBAK81ygwDQYJKoZIhvcNAQEL
BQADggEBALKHpemt7zhMWeORUUQsIj8j0ZDg2ppZS8xCsZqpnkgfSAIdJKrWKVDc
VPZ9tCN1RGUvEyxNzQZS8mh4Oplj7diT39vwW9M96/o9Q5s1GO8qIiGDf4hSYXYr
6p2+Kox3ZncPFz7rx6y0bhYfYnH/z9lEWZ0wcVwPj+ImLRWqi93xNiAI8JHzWOqi
N7xUYi/cquE0NUMoRvO6ekEw5zsIhr1s3gpNbSBEm5DmRmM5AmX4DzK9v0mDxiBG
+RbtbXKO1PyYhGzzWQQsCHguwA+9We5blkUNKteR7sAzbg7uNmQXOTA3Gda4o+nE
r+3ibpw8uU8gtg5bGknbd6ueVf5NI2Q=
-----END CERTIFICATE-----