Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/lAXyIRoH7Sz3Wi_MPu6IT3inSPQ.roa
File:                     lAXyIRoH7Sz3Wi_MPu6IT3inSPQ.roa (raw, json)
Hash identifier:          p12TDp5tMCIAQIaONgaK94P+4gYm/hnG/a37FKAjj50=
Subject key identifier:   94:05:F2:21:1A:07:ED:2C:F7:5A:2F:CC:3E:EE:88:4F:78:A7:48:F4
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       0181F46C588BD310F930D61733A4F9C70744
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/lAXyIRoH7Sz3Wi_MPu6IT3inSPQ.roa
Signing time:             Tue 12 Jul 2022 21:59:10 +0000
ROA not before:           Tue 12 Jul 2022 21:59:10 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     58061
IP address blocks:        2.59.51.0/24 maxlen: 24
                          92.119.130.0/24 maxlen: 24
                          92.119.128.0/24 maxlen: 24
                          5.183.128.0/24 maxlen: 24
                          194.169.162.0/24 maxlen: 24
                          194.169.161.0/24 maxlen: 24
                          2.56.112.0/24 maxlen: 24
                          77.83.95.0/24 maxlen: 24
                          2.56.113.0/24 maxlen: 24
                          45.14.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f4:6c:58:8b:d3:10:f9:30:d6:17:33:a4:f9:c7:07:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jul 12 21:59:10 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9405f2211a07ed2cf75a2fcc3eee884f78a748f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:b0:30:34:b9:53:2d:ee:64:fe:d0:c8:e2:0c:
                    7b:3e:d8:c4:26:62:6a:78:0a:b8:59:86:dd:48:b9:
                    17:ff:06:f3:62:cd:d2:1b:69:ca:55:c9:ac:a9:6d:
                    c1:20:ad:a5:28:44:78:31:06:a7:60:94:94:49:88:
                    a3:f7:d4:d7:d8:67:35:f0:18:c7:0b:8f:be:4d:69:
                    05:60:17:ef:e2:3c:b9:06:df:65:b8:dd:98:10:f1:
                    68:a6:a9:31:2a:6c:21:bf:61:72:66:6f:81:b0:c7:
                    47:d0:0c:a5:31:46:cc:55:dd:ad:8a:3a:fe:63:6a:
                    aa:73:b1:48:4f:96:ac:08:f5:9d:7a:43:dd:6d:aa:
                    47:3f:4f:ea:4f:68:2c:95:06:a0:96:b2:76:cc:8e:
                    be:49:43:dc:ae:3d:67:ec:64:c7:82:6d:80:fe:68:
                    1e:cb:7a:44:5d:91:2d:22:6e:19:31:8f:d6:57:4b:
                    71:04:e7:3d:58:2a:b7:b8:85:6f:6e:28:c2:fc:1d:
                    21:e4:0f:ac:d9:07:3d:66:12:61:96:68:45:9f:da:
                    08:8b:f7:05:95:9d:77:e3:3b:07:c4:1b:fe:eb:03:
                    ec:7f:9f:b0:7c:a1:63:ba:cb:e6:cd:d0:a0:fc:e0:
                    43:1a:94:d8:c5:d3:f5:04:be:40:46:c0:3b:07:8c:
                    b5:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:05:F2:21:1A:07:ED:2C:F7:5A:2F:CC:3E:EE:88:4F:78:A7:48:F4
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/lAXyIRoH7Sz3Wi_MPu6IT3inSPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.112.0/23
                  2.59.51.0/24
                  5.183.128.0/24
                  45.14.220.0/24
                  77.83.95.0/24
                  92.119.128.0/24
                  92.119.130.0/24
                  194.169.161.0-194.169.162.255

    Signature Algorithm: sha256WithRSAEncryption
         a7:09:71:4c:96:d6:df:01:b8:29:4f:9e:3e:2f:e6:03:e4:ee:
         4e:4d:15:1b:9c:42:fa:71:ba:f9:7c:f4:f2:86:e3:d8:53:4f:
         bd:3f:dc:da:14:96:51:16:29:08:2d:88:40:ba:4e:9a:3c:eb:
         dd:8e:0c:d0:4c:18:7d:aa:86:c3:d4:0a:23:95:f5:0d:c3:76:
         2a:32:97:f8:c9:2b:a4:6b:8a:7a:7f:02:51:d9:86:c2:b5:a5:
         e9:fa:ee:2c:93:51:48:46:dd:17:44:bc:b0:56:09:53:0f:0e:
         36:3b:27:ec:26:07:82:65:da:a5:74:ea:90:3a:5b:ad:84:88:
         87:f7:8b:6c:01:7a:ad:ee:fb:66:6a:07:7f:d2:b0:ab:0e:eb:
         1a:e7:ec:ea:26:14:6a:c3:84:7b:cf:7a:db:d4:20:76:f4:20:
         35:ac:32:62:e9:fd:df:94:86:f2:a2:c3:1e:e4:34:67:f5:8d:
         d2:44:31:e3:bf:f4:f1:a0:56:36:60:7f:d6:d0:21:45:94:ee:
         8a:f7:57:20:4b:7c:a3:b8:7a:da:ad:49:47:97:42:77:d4:41:
         2b:11:06:0a:01:9e:97:53:b0:b6:39:a8:de:60:03:e6:1b:82:
         06:cc:63:0d:51:89:b7:7a:04:22:a2:7d:bd:72:aa:e0:2c:fe:
         af:34:12:47
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYH0bFiL0xD5MNYXM6T5xwdEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjIwNzEyMjE1OTEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDA1ZjIyMTFhMDdlZDJjZjc1YTJmY2MzZWVlODg0Zjc4YTc0OGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgbAwNLlTLe5k/tDI4gx7PtjEJmJq
eAq4WYbdSLkX/wbzYs3SG2nKVcmsqW3BIK2lKER4MQanYJSUSYij99TX2Gc18BjH
C4++TWkFYBfv4jy5Bt9luN2YEPFopqkxKmwhv2FyZm+BsMdH0AylMUbMVd2tijr+
Y2qqc7FIT5asCPWdekPdbapHP0/qT2gslQaglrJ2zI6+SUPcrj1n7GTHgm2A/mge
y3pEXZEtIm4ZMY/WV0txBOc9WCq3uIVvbijC/B0h5A+s2Qc9ZhJhlmhFn9oIi/cF
lZ134zsHxBv+6wPsf5+wfKFjusvmzdCg/OBDGpTYxdP1BL5ARsA7B4y1hwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFJQF8iEaB+0s91ovzD7uiE94p0j0MB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvbEFYeUlSb0g3U3ozV2lfTVB1NklUM2luU1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQBAjhwAwQA
AjszAwQABbeAAwQALQ7cAwQATVNfAwQAXHeAAwQAXHeCMAwDBADCqaEDBADCqaIw
DQYJKoZIhvcNAQELBQADggEBAKcJcUyW1t8BuClPnj4v5gPk7k5NFRucQvpxuvl8
9PKG49hTT70/3NoUllEWKQgtiEC6Tpo8692ODNBMGH2qhsPUCiOV9Q3Ddioyl/jJ
K6Rrinp/AlHZhsK1pen67iyTUUhG3RdEvLBWCVMPDjY7J+wmB4Jl2qV06pA6W62E
iIf3i2wBeq3u+2ZqB3/SsKsO6xrn7OomFGrDhHvPetvUIHb0IDWsMmLp/d+UhvKi
wx7kNGf1jdJEMeO/9PGgVjZgf9bQIUWU7or3VyBLfKO4etqtSUeXQnfUQSsRBgoB
npdTsLY5qN5gA+YbggbMYw1Ribd6BCKifb1yquAs/q80Ekc=
-----END CERTIFICATE-----