Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/SQYgZ8J6-xzxzS9h5yfaml4FYTo.roa
File:                     SQYgZ8J6-xzxzS9h5yfaml4FYTo.roa (raw, json)
Hash identifier:          A/egGMKLhIda7j3Tq7TyS4Hi2C1xjALXR7H6+dUuRmI=
Subject key identifier:   49:06:20:67:C2:7A:FB:1C:F1:CD:2F:61:E7:27:DA:9A:5E:05:61:3A
Certificate issuer:       /CN=79e24b47f8943cad6e04c9f646cb1077c140fdfb
Certificate serial:       0195B310126A6431236920D547F0BC28DACD
Authority key identifier: 79:E2:4B:47:F8:94:3C:AD:6E:04:C9:F6:46:CB:10:77:C1:40:FD:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eeJLR_iUPK1uBMn2RssQd8FA_fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/SQYgZ8J6-xzxzS9h5yfaml4FYTo.roa
Signing time:             Thu 20 Mar 2025 10:18:49 +0000
ROA not before:           Thu 20 Mar 2025 10:18:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42532
IP address blocks:        77.73.64.0/23 maxlen: 23
                          77.73.71.0/24 maxlen: 24
                          91.197.0.0/22 maxlen: 22
                          94.242.48.0/24 maxlen: 24
                          94.242.49.0/24 maxlen: 24
                          94.242.58.0/23 maxlen: 23
                          185.22.172.0/22 maxlen: 22
                          185.145.245.0/24 maxlen: 24
                          185.155.119.0/24 maxlen: 24
                          185.242.104.0/22 maxlen: 22
                          185.242.106.0/23 maxlen: 23
                          212.6.44.0/24 maxlen: 24
                          2a0c:16c0::/32 maxlen: 32
                          2a0c:16c1::/32 maxlen: 32
                          2a0c:16c2::/32 maxlen: 32
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b3:10:12:6a:64:31:23:69:20:d5:47:f0:bc:28:da:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79e24b47f8943cad6e04c9f646cb1077c140fdfb
        Validity
            Not Before: Mar 20 10:18:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=49062067c27afb1cf1cd2f61e727da9a5e05613a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2a:d7:f9:ad:f6:c3:40:c3:f3:c8:94:77:19:
                    65:35:94:bf:91:94:53:54:82:b6:04:3e:2d:f6:67:
                    0d:61:78:f1:3b:ad:ca:91:6e:18:80:d8:bc:4c:c6:
                    c2:60:96:00:1b:97:5c:37:cb:7d:b1:44:fd:84:95:
                    c6:94:0c:a1:e2:5c:4d:af:67:59:a2:3e:25:92:11:
                    75:4b:e9:7a:1c:61:7e:78:d6:40:72:b2:f7:b6:84:
                    a4:80:07:7f:e1:96:26:da:85:0b:f7:87:6a:dc:65:
                    85:9f:fd:4a:81:10:69:cc:13:e4:a8:d4:fb:d0:51:
                    b9:62:a2:c6:7d:64:f2:4e:e3:b2:4c:9f:bb:60:e2:
                    44:3a:6c:6a:14:a6:36:22:88:ac:6b:ac:65:f8:65:
                    18:0f:53:d9:13:6a:35:66:72:fe:75:c9:63:f6:7f:
                    5b:b5:70:58:ad:dd:ec:75:89:ab:5c:fa:66:cd:0c:
                    cc:9e:13:ea:fc:ec:99:04:de:1d:7f:53:d6:31:e4:
                    ed:e8:f6:f5:a8:e2:6b:8e:94:f0:f2:ab:88:f6:0e:
                    9f:bd:9b:dc:00:d6:e3:7e:6a:31:06:eb:75:4d:d3:
                    15:0d:5d:0a:22:98:02:d2:a8:71:f8:61:48:59:8c:
                    52:75:31:30:78:1d:31:43:5e:9b:0e:5a:ae:fd:6e:
                    c5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:06:20:67:C2:7A:FB:1C:F1:CD:2F:61:E7:27:DA:9A:5E:05:61:3A
            X509v3 Authority Key Identifier:
                keyid:79:E2:4B:47:F8:94:3C:AD:6E:04:C9:F6:46:CB:10:77:C1:40:FD:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eeJLR_iUPK1uBMn2RssQd8FA_fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/SQYgZ8J6-xzxzS9h5yfaml4FYTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/eeJLR_iUPK1uBMn2RssQd8FA_fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.64.0/23
                  77.73.71.0/24
                  91.197.0.0/22
                  94.242.48.0/23
                  94.242.58.0/23
                  185.22.172.0/22
                  185.145.245.0/24
                  185.155.119.0/24
                  185.242.104.0/22
                  212.6.44.0/24
                IPv6:
                  2a0c:16c0::-2a0c:16c2:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         5d:a4:b8:e6:e5:ea:f8:57:87:69:5e:b0:b1:1c:9c:9a:08:49:
         4d:a2:db:97:21:95:62:f8:c9:29:0f:c0:d3:f5:ac:d8:26:d7:
         67:5e:6e:b7:2b:60:45:fa:64:eb:da:3c:1a:61:2d:69:b8:0b:
         1d:3c:73:9f:c8:b5:0c:65:af:9b:32:6f:71:e5:80:59:92:30:
         54:df:42:e8:51:95:06:54:0b:c3:6f:66:6e:64:32:55:4e:41:
         0d:fd:fa:00:75:6a:65:1c:a7:90:5f:e8:93:40:08:84:1b:5d:
         84:77:20:9f:10:70:3d:93:ad:d8:7e:27:e5:5b:0e:de:df:2f:
         aa:6b:53:23:8d:bf:03:82:c3:48:24:45:8d:80:4d:48:fe:b8:
         d1:f5:15:9c:a6:30:58:cb:14:84:55:40:1a:97:4f:7b:e7:f6:
         8a:d3:32:db:19:9e:a9:77:5f:33:19:7c:27:da:52:cb:21:63:
         40:9a:ba:2c:25:21:8a:af:8b:4c:f4:f7:5c:89:02:2c:b1:5a:
         d1:ab:a2:fd:0e:ca:b4:bb:4c:65:54:61:2e:7a:6f:95:0a:b4:
         45:3c:ac:ad:5e:86:35:63:1f:a5:6e:52:a8:6e:fb:aa:0e:82:
         f5:6f:71:0e:67:df:5b:a5:1c:84:55:9e:50:1f:bf:e4:7b:ff:
         47:67:49:5c
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZWzEBJqZDEjaSDVR/C8KNrNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZTI0YjQ3Zjg5NDNjYWQ2ZTA0YzlmNjQ2Y2IxMDc3YzE0
MGZkZmIwHhcNMjUwMzIwMTAxODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTA2MjA2N2MyN2FmYjFjZjFjZDJmNjFlNzI3ZGE5YTVlMDU2MTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCrX+a32w0DD88iUdxllNZS/kZRT
VIK2BD4t9mcNYXjxO63KkW4YgNi8TMbCYJYAG5dcN8t9sUT9hJXGlAyh4lxNr2dZ
oj4lkhF1S+l6HGF+eNZAcrL3toSkgAd/4ZYm2oUL94dq3GWFn/1KgRBpzBPkqNT7
0FG5YqLGfWTyTuOyTJ+7YOJEOmxqFKY2Ioisa6xl+GUYD1PZE2o1ZnL+dclj9n9b
tXBYrd3sdYmrXPpmzQzMnhPq/OyZBN4df1PWMeTt6Pb1qOJrjpTw8quI9g6fvZvc
ANbjfmoxBut1TdMVDV0KIpgC0qhx+GFIWYxSdTEweB0xQ16bDlqu/W7FWQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFEkGIGfCevsc8c0vYecn2ppeBWE6MB8GA1UdIwQY
MBaAFHniS0f4lDytbgTJ9kbLEHfBQP37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWVKTFJfaVVQSzF1Qk1uMlJzc1FkOEZBX2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi81NGE2NWItY2YwYi00OThmLTgwZDQt
YmM1ODRiMzZjYmVmLzEvU1FZZ1o4SjYteHp4elM5aDV5ZmFtbDRGWVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi81NGE2NWItY2YwYi00OThmLTgwZDQtYmM1ODRiMzZjYmVm
LzEvZWVKTFJfaVVQSzF1Qk1uMlJzc1FkOEZBX2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBCBAIAATA8AwQBTUlAAwQA
TUlHAwQCW8UAAwQBXvIwAwQBXvI6AwQCuRasAwQAuZH1AwQAuZt3AwQCufJoAwQA
1AYsMBYEAgACMBAwDgMFBioMFsADBQAqDBbCMA0GCSqGSIb3DQEBCwUAA4IBAQBd
pLjm5er4V4dpXrCxHJyaCElNotuXIZVi+MkpD8DT9azYJtdnXm63K2BF+mTr2jwa
YS1puAsdPHOfyLUMZa+bMm9x5YBZkjBU30LoUZUGVAvDb2ZuZDJVTkEN/foAdWpl
HKeQX+iTQAiEG12EdyCfEHA9k63YfiflWw7e3y+qa1Mjjb8DgsNIJEWNgE1I/rjR
9RWcpjBYyxSEVUAal0975/aK0zLbGZ6pd18zGXwn2lLLIWNAmrosJSGKr4tM9Pdc
iQIssVrRq6L9Dsq0u0xlVGEuem+VCrRFPKytXoY1Yx+lblKobvuqDoL1b3EOZ99b
pRyEVZ5QH7/ke/9HZ0lc
-----END CERTIFICATE-----