Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/HryxOr77s4NyndCgPWDD3tUEoJU.roa
File:                     HryxOr77s4NyndCgPWDD3tUEoJU.roa (raw, json)
Hash identifier:          cPjySW4ulC5rLssxQHCMeVVpWtwgaASk2Xavn37xFrA=
Subject key identifier:   1E:BC:B1:3A:BE:FB:B3:83:72:9D:D0:A0:3D:60:C3:DE:D5:04:A0:95
Certificate issuer:       /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial:       01857270F76253C8A1D9E2C94A020C986F8D
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/HryxOr77s4NyndCgPWDD3tUEoJU.roa
Signing time:             Mon 02 Jan 2023 12:24:44 +0000
ROA not before:           Mon 02 Jan 2023 12:24:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5398
IP address blocks:        31.44.32.0/20 maxlen: 20
                          193.221.216.0/23 maxlen: 23
                          31.44.46.0/23 maxlen: 23
                          46.21.16.0/23 maxlen: 23
                          46.21.18.0/23 maxlen: 23
                          46.21.20.0/23 maxlen: 23
                          46.21.29.0/24 maxlen: 24
                          46.21.31.0/24 maxlen: 24
                          193.222.104.0/23 maxlen: 23
                          185.155.176.0/22 maxlen: 22
                          185.155.184.0/23 maxlen: 23
                          77.220.64.0/19 maxlen: 19
                          2a00:bd00::/32 maxlen: 32
                          2a0f:e880::/29 maxlen: 29
                          2a02:210::/32 maxlen: 32
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:70:f7:62:53:c8:a1:d9:e2:c9:4a:02:0c:98:6f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
        Validity
            Not Before: Jan  2 12:24:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1ebcb13abefbb383729dd0a03d60c3ded504a095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9b:97:35:21:92:77:58:fe:49:88:9b:3a:e9:
                    fb:27:7d:45:5b:12:b1:8d:2c:98:6c:54:b2:8c:3a:
                    5a:dd:3b:16:e8:b2:c5:98:0f:c0:c5:8b:c7:cc:f6:
                    7c:d7:7b:7f:db:a0:ed:d1:0f:ea:71:41:33:c0:bf:
                    44:37:38:c9:6d:87:c4:b9:a3:61:46:49:72:77:dd:
                    83:ee:f6:22:f0:41:5b:70:18:e2:da:00:d6:3a:f0:
                    f2:43:b7:01:e7:64:74:d7:df:b6:8b:73:ec:e7:98:
                    f2:58:4a:3b:df:72:03:14:ba:d9:27:c4:9a:6e:d2:
                    71:8b:18:60:23:fa:96:59:11:f2:c8:9d:9f:de:17:
                    84:d0:98:23:5c:20:df:92:15:64:ff:50:4e:ca:67:
                    5f:27:43:5d:e8:93:f5:01:9a:d9:8b:90:3b:19:0b:
                    bb:8c:2f:36:21:e3:31:c5:c7:3e:03:8f:8d:09:dd:
                    4a:5e:66:aa:fa:a3:aa:d5:fb:c5:a7:f6:46:0f:5d:
                    2b:57:9f:47:19:7e:15:35:73:be:d2:cf:85:3c:87:
                    ec:a1:21:42:bb:02:67:ca:9b:ce:b3:35:1d:27:21:
                    a9:06:27:e5:bd:f4:a3:76:3c:21:d2:90:4f:53:49:
                    47:0d:b9:06:f0:61:e8:78:b4:6a:46:e0:10:a0:36:
                    29:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:BC:B1:3A:BE:FB:B3:83:72:9D:D0:A0:3D:60:C3:DE:D5:04:A0:95
            X509v3 Authority Key Identifier:
                keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/HryxOr77s4NyndCgPWDD3tUEoJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.32.0/20
                  46.21.16.0-46.21.21.255
                  46.21.29.0/24
                  46.21.31.0/24
                  77.220.64.0/19
                  185.155.176.0/22
                  185.155.184.0/23
                  193.221.216.0/23
                  193.222.104.0/23
                IPv6:
                  2a00:bd00::/32
                  2a02:210::/32
                  2a0f:e880::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:fe:e3:56:23:68:b6:75:e8:c0:44:29:bd:08:15:8a:d1:48:
         c4:ae:c1:cf:05:f1:26:9c:c0:bc:d5:99:03:12:3c:1e:18:58:
         33:e2:ee:05:99:d4:e7:93:44:ab:0c:89:aa:52:4d:e2:e3:83:
         3e:65:25:9e:4b:0f:7c:24:ea:f4:b1:9e:e2:57:dd:04:46:cf:
         e9:90:f7:7e:65:b4:0f:70:4e:b0:96:22:c4:64:c8:e5:32:2a:
         97:a2:4f:1d:51:ba:d6:08:66:44:4f:88:56:39:2d:30:0b:74:
         23:ed:6b:80:90:81:e3:cf:3e:f5:26:c6:ab:6a:e1:fa:65:1a:
         01:3f:f4:a7:ea:82:bb:2a:4b:97:3e:25:58:28:ca:1d:6d:7c:
         43:5b:bc:d7:99:c7:14:4b:ee:4d:f7:9d:e9:08:06:a4:48:d3:
         9f:89:25:d3:9c:cd:a7:63:ec:12:fe:9b:aa:bb:f4:00:a7:2f:
         3f:e5:4a:63:25:37:70:d7:d0:10:e7:7f:38:d7:59:b3:5b:02:
         12:d3:fb:33:c5:54:a8:7e:b5:4f:20:fa:dd:f6:cc:a8:07:42:
         be:b1:a2:43:75:ab:52:d2:ed:8b:07:96:ef:d2:38:39:bf:3e:
         89:d9:c1:f2:70:66:f3:10:26:91:ba:13:cc:c7:4b:36:c6:52:
         ea:61:04:ee
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYVycPdiU8ih2eLJSgIMmG+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjMwMTAyMTIyNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWJjYjEzYWJlZmJiMzgzNzI5ZGQwYTAzZDYwYzNkZWQ1MDRhMDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZuXNSGSd1j+SYibOun7J31FWxKx
jSyYbFSyjDpa3TsW6LLFmA/AxYvHzPZ813t/26Dt0Q/qcUEzwL9ENzjJbYfEuaNh
Rklyd92D7vYi8EFbcBji2gDWOvDyQ7cB52R019+2i3Ps55jyWEo733IDFLrZJ8Sa
btJxixhgI/qWWRHyyJ2f3heE0JgjXCDfkhVk/1BOymdfJ0Nd6JP1AZrZi5A7GQu7
jC82IeMxxcc+A4+NCd1KXmaq+qOq1fvFp/ZGD10rV59HGX4VNXO+0s+FPIfsoSFC
uwJnypvOszUdJyGpBiflvfSjdjwh0pBPU0lHDbkG8GHoeLRqRuAQoDYpGwIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFB68sTq++7ODcp3QoD1gw97VBKCVMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvSHJ5eE9yNzdzNE55bmRDZ1BXREQzdFVFb0pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBEBAIAATA+AwQEHywgMAwD
BAQuFRADBAEuFRQDBAAuFR0DBAAuFR8DBAVN3EADBAK5m7ADBAG5m7gDBAHB3dgD
BAHB3mgwGwQCAAIwFQMFACoAvQADBQAqAgIQAwUDKg/ogDANBgkqhkiG9w0BAQsF
AAOCAQEAQv7jViNotnXowEQpvQgVitFIxK7BzwXxJpzAvNWZAxI8HhhYM+LuBZnU
55NEqwyJqlJN4uODPmUlnksPfCTq9LGe4lfdBEbP6ZD3fmW0D3BOsJYixGTI5TIq
l6JPHVG61ghmRE+IVjktMAt0I+1rgJCB488+9SbGq2rh+mUaAT/0p+qCuypLlz4l
WCjKHW18Q1u815nHFEvuTfed6QgGpEjTn4kl05zNp2PsEv6bqrv0AKcvP+VKYyU3
cNfQEOd/ONdZs1sCEtP7M8VUqH61TyD63fbMqAdCvrGiQ3WrUtLtiweW79I4Ob8+
idnB8nBm8xAmkboTzMdLNsZS6mEE7g==
-----END CERTIFICATE-----