Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/cSIWWeUB2WEI3CduJcBwsLabI9Y.roa
File:                     cSIWWeUB2WEI3CduJcBwsLabI9Y.roa (raw, json)
Hash identifier:          7Ihfotu3IkgqKha1G4Bk4sR+FIMbGwdCWHTm4WYMXcw=
Subject key identifier:   71:22:16:59:E5:01:D9:61:08:DC:27:6E:25:C0:70:B0:B6:9B:23:D6
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018CC86FC24588A76579860578904A066406
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/cSIWWeUB2WEI3CduJcBwsLabI9Y.roa
Signing time:             Tue 02 Jan 2024 04:30:16 +0000
ROA not before:           Tue 02 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        92.119.192.0/24 maxlen: 24
                          45.159.85.0/24 maxlen: 24
                          193.32.164.0/24 maxlen: 24
                          193.32.166.0/24 maxlen: 24
                          193.32.165.0/24 maxlen: 24
                          45.142.37.0/24 maxlen: 24
                          45.129.130.0/24 maxlen: 24
                          45.129.129.0/24 maxlen: 24
                          45.129.131.0/24 maxlen: 24
                          193.32.167.0/24 maxlen: 24
                          193.36.231.0/24 maxlen: 24
                          176.222.58.0/24 maxlen: 24
                          45.138.4.0/24 maxlen: 24
                          45.138.6.0/24 maxlen: 24
                          45.138.5.0/24 maxlen: 24
                          45.146.26.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:c2:45:88:a7:65:79:86:05:78:90:4a:06:64:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  2 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71221659e501d96108dc276e25c070b0b69b23d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:02:61:32:95:b8:ec:95:2b:ca:2f:16:eb:b5:
                    e5:1c:1c:95:55:e5:c5:28:86:f7:7a:61:93:e4:88:
                    ca:23:a3:7c:00:f0:cb:ff:67:70:84:03:4e:16:29:
                    e3:72:80:bb:1e:95:a4:6a:f8:8b:e7:f4:d2:59:9d:
                    62:0e:75:af:64:da:22:2c:bd:45:e8:47:8a:90:26:
                    59:f5:34:da:1c:06:5a:68:a2:fe:e5:a4:57:64:a6:
                    77:1b:dd:14:01:d6:5b:0b:44:bd:44:80:ea:88:f7:
                    fb:5f:eb:80:12:1c:9b:9b:14:f4:92:0b:20:95:d4:
                    47:5f:f4:23:8e:87:13:07:ad:a7:ec:1e:f4:9d:66:
                    02:ff:e6:71:d6:53:04:44:e4:56:ca:1b:4d:3a:91:
                    ed:44:1e:18:04:27:a7:3e:b8:34:52:e3:9b:6f:6f:
                    19:9a:0b:7e:8a:3a:9a:52:e7:b8:42:0a:02:23:43:
                    50:0e:f0:f8:50:00:42:a5:0d:cb:b0:60:1b:27:40:
                    9c:d9:32:f1:e0:3a:d1:69:98:1b:8d:97:cf:dc:ed:
                    45:e1:08:c7:9c:4c:24:10:89:53:44:b6:0a:f4:e7:
                    5e:46:65:54:f8:f5:fd:7a:de:64:3e:d7:d3:19:39:
                    f6:2b:2a:8c:05:e4:63:03:fa:e2:dd:0d:99:28:6b:
                    3a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:22:16:59:E5:01:D9:61:08:DC:27:6E:25:C0:70:B0:B6:9B:23:D6
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/cSIWWeUB2WEI3CduJcBwsLabI9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.129.0-45.129.131.255
                  45.138.4.0-45.138.6.255
                  45.142.37.0/24
                  45.146.26.0/24
                  45.159.85.0/24
                  92.119.192.0/24
                  176.222.58.0/24
                  193.32.164.0/22
                  193.36.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:4f:97:a4:47:f6:99:44:df:0c:16:8e:07:1e:5b:cc:50:7e:
         33:30:cd:b7:09:c5:ad:56:37:2f:7f:3d:86:16:1c:c4:1d:b9:
         29:26:2b:09:8f:22:c2:23:dc:21:16:bb:a4:d6:81:d4:a0:31:
         c5:7d:fe:fa:ca:5d:ab:07:0c:99:3b:f2:52:0b:5c:5e:8d:c1:
         5f:3f:f2:7c:5c:7a:ea:75:05:44:ae:9b:fe:ea:29:af:72:da:
         d9:36:31:89:ca:6b:14:4d:12:c8:d8:96:95:6b:c3:22:7d:33:
         9d:0d:dd:d9:a3:91:f6:20:b4:27:20:c0:65:59:f6:3d:d3:9c:
         33:6a:f8:27:f9:62:1d:28:25:1d:60:21:64:8c:be:20:c1:f1:
         78:ce:40:17:51:44:ce:6b:81:2b:23:89:05:fb:8c:78:71:86:
         5e:1c:e8:b9:34:2c:99:00:94:64:87:b2:e0:13:74:d5:4f:b9:
         fe:21:34:4b:a3:68:60:08:6b:38:3e:53:c9:57:74:17:a2:45:
         46:9b:d4:c7:fd:d3:63:5f:3d:f4:b8:d3:e2:c4:18:7b:31:56:
         b2:3b:5d:fa:33:c3:75:6a:74:cf:56:c7:0a:18:7c:5e:c1:ad:
         c0:69:06:37:b8:13:3c:ca:cb:d3:2c:e9:14:50:83:20:ee:e1:
         05:60:79:c9
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYzIb8JFiKdleYYFeJBKBmQGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwMTAyMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTIyMTY1OWU1MDFkOTYxMDhkYzI3NmUyNWMwNzBiMGI2OWIyM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgJhMpW47JUryi8W67XlHByVVeXF
KIb3emGT5IjKI6N8APDL/2dwhANOFinjcoC7HpWkaviL5/TSWZ1iDnWvZNoiLL1F
6EeKkCZZ9TTaHAZaaKL+5aRXZKZ3G90UAdZbC0S9RIDqiPf7X+uAEhybmxT0kgsg
ldRHX/QjjocTB62n7B70nWYC/+Zx1lMERORWyhtNOpHtRB4YBCenPrg0UuObb28Z
mgt+ijqaUue4QgoCI0NQDvD4UABCpQ3LsGAbJ0Cc2TLx4DrRaZgbjZfP3O1F4QjH
nEwkEIlTRLYK9OdeRmVU+PX9et5kPtfTGTn2KyqMBeRjA/ri3Q2ZKGs6tQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFHEiFlnlAdlhCNwnbiXAcLC2myPWMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvY1NJV1dlVUIyV0VJM0NkdUpjQndzTGFiSTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGMAwDBAAtgYED
BAItgYAwDAMEAi2KBAMEAC2KBgMEAC2OJQMEAC2SGgMEAC2fVQMEAFx3wAMEALDe
OgMEAsEgpAMEAMEk5zANBgkqhkiG9w0BAQsFAAOCAQEACk+XpEf2mUTfDBaOBx5b
zFB+MzDNtwnFrVY3L389hhYcxB25KSYrCY8iwiPcIRa7pNaB1KAxxX3++spdqwcM
mTvyUgtcXo3BXz/yfFx66nUFRK6b/uopr3La2TYxicprFE0SyNiWlWvDIn0znQ3d
2aOR9iC0JyDAZVn2PdOcM2r4J/liHSglHWAhZIy+IMHxeM5AF1FEzmuBKyOJBfuM
eHGGXhzouTQsmQCUZIey4BN01U+5/iE0S6NoYAhrOD5TyVd0F6JFRpvUx/3TY189
9LjT4sQYezFWsjtd+jPDdWp0z1bHChh8XsGtwGkGN7gTPMrL0yzpFFCDIO7hBWB5
yQ==
-----END CERTIFICATE-----