Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/DW1Q2J9ZJ1NuZBb69LNjRIfdHpQ.roa
File:                     DW1Q2J9ZJ1NuZBb69LNjRIfdHpQ.roa (raw, json)
Hash identifier:          xk+qw9V73o/e7GqpgtsSEOJOlDny0ekG03wrOpLLblg=
Subject key identifier:   0D:6D:50:D8:9F:59:27:53:6E:64:16:FA:F4:B3:63:44:87:DD:1E:94
Certificate issuer:       /CN=73189d26bae7f85cb4e06ab5ab536de5a80c16a1
Certificate serial:       018CC8DED1AD66F42C368EC1E590CEB525C3
Authority key identifier: 73:18:9D:26:BA:E7:F8:5C:B4:E0:6A:B5:AB:53:6D:E5:A8:0C:16:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cxidJrrn-Fy04Gq1q1Nt5agMFqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/DW1Q2J9ZJ1NuZBb69LNjRIfdHpQ.roa
Signing time:             Tue 02 Jan 2024 06:31:35 +0000
ROA not before:           Tue 02 Jan 2024 06:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60876
IP address blocks:        185.24.168.0/22 maxlen: 24
                          85.204.120.0/23 maxlen: 24
                          85.204.132.0/23 maxlen: 24
                          85.204.136.0/23 maxlen: 24
                          212.237.96.0/20 maxlen: 24
                          85.204.194.0/23 maxlen: 24
                          195.192.248.0/23 maxlen: 24
                          185.166.120.0/22 maxlen: 24
                          2a00:7660::/29 maxlen: 48
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d1:ad:66:f4:2c:36:8e:c1:e5:90:ce:b5:25:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73189d26bae7f85cb4e06ab5ab536de5a80c16a1
        Validity
            Not Before: Jan  2 06:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d6d50d89f5927536e6416faf4b3634487dd1e94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:bf:42:32:57:94:e2:e9:34:76:1c:ca:39:bf:
                    29:11:9c:5c:b5:1a:2e:8c:26:0f:8c:1d:56:cb:70:
                    36:8b:02:48:30:87:e7:b3:d1:45:aa:9f:99:84:74:
                    c9:e1:13:ea:ae:d7:51:13:1c:b1:a1:3a:22:3a:15:
                    5b:d7:c7:92:fe:59:7f:87:5e:be:17:94:da:f9:50:
                    40:66:e4:d8:73:a2:59:a7:f3:7f:af:ef:71:ab:dc:
                    78:22:45:cc:b3:53:4f:a7:22:60:9b:7b:2e:8c:3e:
                    b3:35:ea:db:2c:1c:5a:fc:dd:5c:6f:40:db:70:35:
                    36:a9:31:aa:ac:12:cc:da:f1:f4:a9:30:66:2d:26:
                    3a:7b:16:42:f0:49:4d:c5:07:6f:a9:2b:0a:ef:85:
                    6a:ae:c5:f6:4f:bc:9a:c3:2d:90:05:e7:5f:af:b2:
                    53:b3:43:b9:26:26:a3:f3:25:3a:ab:64:df:d1:f4:
                    69:b2:e9:9c:c3:a3:d7:4d:60:1c:95:0e:64:08:cf:
                    8b:68:79:8c:4f:13:ea:f5:b5:71:93:1f:e5:bc:e0:
                    8a:e8:21:a7:7d:5d:a8:5c:3e:30:b9:47:5b:bd:c2:
                    09:9e:59:92:37:40:d8:b9:48:cf:bf:8d:fb:3e:5b:
                    92:a0:de:da:a0:32:84:db:5c:9d:c4:57:e9:53:f0:
                    d1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:6D:50:D8:9F:59:27:53:6E:64:16:FA:F4:B3:63:44:87:DD:1E:94
            X509v3 Authority Key Identifier:
                keyid:73:18:9D:26:BA:E7:F8:5C:B4:E0:6A:B5:AB:53:6D:E5:A8:0C:16:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cxidJrrn-Fy04Gq1q1Nt5agMFqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/DW1Q2J9ZJ1NuZBb69LNjRIfdHpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/cxidJrrn-Fy04Gq1q1Nt5agMFqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.120.0/23
                  85.204.132.0/23
                  85.204.136.0/23
                  85.204.194.0/23
                  185.24.168.0/22
                  185.166.120.0/22
                  195.192.248.0/23
                  212.237.96.0/20
                IPv6:
                  2a00:7660::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:7c:f1:75:59:90:ce:ef:d4:92:a7:95:fb:0e:cc:79:f0:af:
         d3:e3:6f:16:06:fb:78:19:a7:ae:dd:54:41:8a:19:b2:fd:cb:
         d7:3c:61:99:89:96:d5:af:17:79:e3:54:12:3e:e2:b2:16:82:
         f5:1d:fc:89:1a:9a:73:30:8a:5c:a3:d8:54:ba:5d:39:1c:40:
         9e:71:7f:b3:74:9a:3d:3a:18:d1:19:53:57:89:66:08:25:2f:
         52:f9:cc:ea:98:7b:36:67:eb:34:7e:a8:7f:55:63:96:36:21:
         d5:40:d4:b5:6b:8f:44:17:8a:3c:52:9b:18:97:40:e4:25:30:
         c8:e5:b0:1c:75:71:c6:b6:ae:08:05:bd:32:07:dc:21:77:be:
         2f:10:0e:a8:af:be:59:e9:9e:5a:d8:6b:e3:05:ae:53:a8:f9:
         9d:e1:8d:d7:a7:d3:92:e2:a6:3f:3e:09:88:de:67:b1:9c:2b:
         35:3e:d0:97:65:e7:76:51:d3:61:93:db:a1:ec:c4:dc:3e:28:
         44:12:6e:a9:9c:6b:c6:08:37:44:ab:f2:fa:11:83:43:ae:57:
         ad:b4:ed:b2:dc:de:99:47:9c:a6:ef:ac:6a:64:7e:b5:98:a3:
         55:9e:aa:dd:a0:1f:ed:ef:69:ba:56:e0:dc:e7:04:de:f7:1e:
         5d:a3:a3:7d
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzI3tGtZvQsNo7B5ZDOtSXDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMTg5ZDI2YmFlN2Y4NWNiNGUwNmFiNWFiNTM2ZGU1YTgw
YzE2YTEwHhcNMjQwMTAyMDYzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDZkNTBkODlmNTkyNzUzNmU2NDE2ZmFmNGIzNjM0NDg3ZGQxZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx79CMleU4uk0dhzKOb8pEZxctRou
jCYPjB1Wy3A2iwJIMIfns9FFqp+ZhHTJ4RPqrtdRExyxoToiOhVb18eS/ll/h16+
F5Ta+VBAZuTYc6JZp/N/r+9xq9x4IkXMs1NPpyJgm3sujD6zNerbLBxa/N1cb0Db
cDU2qTGqrBLM2vH0qTBmLSY6exZC8ElNxQdvqSsK74VqrsX2T7yawy2QBedfr7JT
s0O5Jiaj8yU6q2Tf0fRpsumcw6PXTWAclQ5kCM+LaHmMTxPq9bVxkx/lvOCK6CGn
fV2oXD4wuUdbvcIJnlmSN0DYuUjPv437PluSoN7aoDKE21ydxFfpU/DREQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFA1tUNifWSdTbmQW+vSzY0SH3R6UMB8GA1UdIwQY
MBaAFHMYnSa65/hctOBqtatTbeWoDBahMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3hpZEpycm4tRnkwNEdxMXExTnQ1YWdNRnFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zNjBhOWQtYjEyMS00NWFlLTgzMGQt
MDY2YjYzMjM3ZDg1LzEvRFcxUTJKOVpKMU51WkJiNjlMTmpSSWZkSHBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zNjBhOWQtYjEyMS00NWFlLTgzMGQtMDY2YjYzMjM3ZDg1
LzEvY3hpZEpycm4tRnkwNEdxMXExTnQ1YWdNRnFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQBVcx4AwQB
VcyEAwQBVcyIAwQBVczCAwQCuRioAwQCuaZ4AwQBw8D4AwQE1O1gMA0EAgACMAcD
BQMqAHZgMA0GCSqGSIb3DQEBCwUAA4IBAQBDfPF1WZDO79SSp5X7Dsx58K/T428W
Bvt4Gaeu3VRBihmy/cvXPGGZiZbVrxd541QSPuKyFoL1HfyJGppzMIpco9hUul05
HECecX+zdJo9OhjRGVNXiWYIJS9S+czqmHs2Z+s0fqh/VWOWNiHVQNS1a49EF4o8
UpsYl0DkJTDI5bAcdXHGtq4IBb0yB9whd74vEA6or75Z6Z5a2GvjBa5TqPmd4Y3X
p9OS4qY/PgmI3mexnCs1PtCXZed2UdNhk9uh7MTcPihEEm6pnGvGCDdEq/L6EYND
rlettO2y3N6ZR5ym76xqZH61mKNVnqrdoB/t72m6VuDc5wTe9x5do6N9
-----END CERTIFICATE-----