Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/MYZuT0xnvitZp_562WgyhokI8_s.roa
File:                     MYZuT0xnvitZp_562WgyhokI8_s.roa (raw, json)
Hash identifier:          uNZP1lTM0TE3n/UNv98BqKsv6Q4b20SqVcMgSVV/CEc=
Subject key identifier:   31:86:6E:4F:4C:67:BE:2B:59:A7:FE:7A:D9:68:32:86:89:08:F3:FB
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       0188542E10EB8DA01DB4B439242BF6A6CB28
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/MYZuT0xnvitZp_562WgyhokI8_s.roa
Signing time:             Thu 25 May 2023 18:31:24 +0000
ROA not before:           Thu 25 May 2023 18:31:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202656
IP address blocks:        194.107.200.0/24 maxlen: 24
                          45.152.118.0/24 maxlen: 24
                          45.152.119.0/24 maxlen: 24
                          45.131.44.0/24 maxlen: 24
                          45.138.212.0/24 maxlen: 24
                          45.138.215.0/24 maxlen: 24
                          91.237.105.0/24 maxlen: 24
                          91.237.104.0/24 maxlen: 24
                          45.138.7.0/24 maxlen: 24
                          91.206.69.0/24 maxlen: 24
                          213.166.83.0/24 maxlen: 24
                          45.149.131.0/24 maxlen: 24
                          45.149.130.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:54:2e:10:eb:8d:a0:1d:b4:b4:39:24:2b:f6:a6:cb:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: May 25 18:31:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=31866e4f4c67be2b59a7fe7ad96832868908f3fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:5e:6a:55:11:c5:ed:5b:1f:59:3c:ca:44:67:
                    89:b5:5a:a2:85:72:86:0f:f7:f8:f2:ce:8d:df:e5:
                    9d:7c:d7:9e:74:41:16:a9:db:b7:72:9b:e3:43:0e:
                    84:be:69:ea:4c:41:69:e3:03:99:5f:8b:57:63:09:
                    6d:78:b4:a1:e3:37:ac:22:64:ec:69:e7:76:62:d2:
                    a2:1b:53:36:57:b0:06:25:28:22:4b:e1:d7:80:52:
                    5b:76:a7:11:9b:72:c7:2d:1f:b7:f6:21:21:be:16:
                    bf:21:81:a2:f9:a1:88:07:cd:7a:f9:69:93:fe:0c:
                    f4:f8:6c:01:e2:b4:6e:73:15:cb:af:7a:84:c5:56:
                    00:fb:f9:93:a3:34:96:52:e2:32:0e:27:c2:ca:e3:
                    04:fd:13:75:d6:97:3a:5c:9b:22:5b:52:4d:9e:61:
                    ad:3c:a9:43:5f:b2:ca:86:54:8c:b6:b7:53:fb:a2:
                    dd:e7:6f:43:e8:a2:db:7b:cc:87:43:f1:e5:01:93:
                    3e:4d:e1:88:98:ed:4d:b7:be:73:48:a4:d5:1a:cd:
                    e2:1d:4f:85:d7:d1:59:7b:20:06:ba:64:d4:bf:aa:
                    91:f4:ae:86:aa:fe:ae:d6:46:90:9a:bb:06:3f:b6:
                    ab:f4:de:8b:38:89:33:6e:2d:81:87:e3:81:87:ad:
                    c8:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:86:6E:4F:4C:67:BE:2B:59:A7:FE:7A:D9:68:32:86:89:08:F3:FB
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/MYZuT0xnvitZp_562WgyhokI8_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.44.0/24
                  45.138.7.0/24
                  45.138.212.0/24
                  45.138.215.0/24
                  45.149.130.0/23
                  45.152.118.0/23
                  91.206.69.0/24
                  91.237.104.0/23
                  194.107.200.0/24
                  213.166.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:56:f0:1d:f2:31:e8:23:67:fb:33:ac:64:84:35:0e:60:1a:
         40:c7:e4:6b:12:bc:a2:ab:d3:b9:98:74:18:1a:68:2a:d1:bf:
         41:8c:a2:6f:aa:ab:61:5c:6f:ef:99:dd:dd:63:a1:a9:c5:02:
         b4:cc:64:2d:d4:ba:8b:90:ce:32:64:1a:3f:3f:f0:8c:36:d8:
         85:b4:51:58:00:64:b5:10:89:7c:b9:4d:21:c6:b1:74:85:79:
         f2:2c:76:aa:31:a8:7b:7f:3f:80:12:4a:a9:ae:f1:a4:ec:ea:
         23:7f:3c:57:5b:36:5b:8f:d1:04:eb:c5:d8:85:aa:24:cd:1e:
         8b:e1:7b:fe:4f:3f:dc:bc:4b:62:8b:ed:88:c6:30:5e:74:a3:
         62:82:f9:84:39:a2:ee:c0:9c:42:6b:02:fe:49:b1:1f:0f:6c:
         00:68:dd:f3:ab:c4:75:f2:b7:49:72:ea:12:4a:59:ee:56:67:
         02:41:a0:7a:e2:1a:b3:80:48:0e:e6:e8:63:66:94:8e:9a:92:
         a8:eb:7a:85:ce:88:f8:fe:d0:ac:a6:2b:4f:8b:bc:6a:d7:d7:
         60:7b:e7:e1:53:1e:05:d3:9d:4a:a9:6c:f5:08:a3:5c:14:ec:
         7d:04:9e:ed:01:f9:1f:27:86:fc:5b:d0:a1:b8:9a:40:66:5a:
         6f:62:4d:a8
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYhULhDrjaAdtLQ5JCv2pssoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwNTI1MTgzMTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTg2NmU0ZjRjNjdiZTJiNTlhN2ZlN2FkOTY4MzI4Njg5MDhmM2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi15qVRHF7VsfWTzKRGeJtVqihXKG
D/f48s6N3+WdfNeedEEWqdu3cpvjQw6EvmnqTEFp4wOZX4tXYwlteLSh4zesImTs
aed2YtKiG1M2V7AGJSgiS+HXgFJbdqcRm3LHLR+39iEhvha/IYGi+aGIB816+WmT
/gz0+GwB4rRucxXLr3qExVYA+/mTozSWUuIyDifCyuME/RN11pc6XJsiW1JNnmGt
PKlDX7LKhlSMtrdT+6Ld529D6KLbe8yHQ/HlAZM+TeGImO1Nt75zSKTVGs3iHU+F
19FZeyAGumTUv6qR9K6Gqv6u1kaQmrsGP7ar9N6LOIkzbi2Bh+OBh63IrQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFDGGbk9MZ74rWaf+etloMoaJCPP7MB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvTVladVQweG52aXRacF81NjJXZ3lob2tJOF9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALYMsAwQA
LYoHAwQALYrUAwQALYrXAwQBLZWCAwQBLZh2AwQAW85FAwQBW+1oAwQAwmvIAwQA
1aZTMA0GCSqGSIb3DQEBCwUAA4IBAQB4VvAd8jHoI2f7M6xkhDUOYBpAx+RrEryi
q9O5mHQYGmgq0b9BjKJvqqthXG/vmd3dY6GpxQK0zGQt1LqLkM4yZBo/P/CMNtiF
tFFYAGS1EIl8uU0hxrF0hXnyLHaqMah7fz+AEkqprvGk7OojfzxXWzZbj9EE68XY
haokzR6L4Xv+Tz/cvEtii+2IxjBedKNigvmEOaLuwJxCawL+SbEfD2wAaN3zq8R1
8rdJcuoSSlnuVmcCQaB64hqzgEgO5uhjZpSOmpKo63qFzoj4/tCspitPi7xq19dg
e+fhUx4F051KqWz1CKNcFOx9BJ7tAfkfJ4b8W9ChuJpAZlpvYk2o
-----END CERTIFICATE-----