Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/XbNa60wI6xWZj57LWwkdHNrYBxA.roa
File:                     XbNa60wI6xWZj57LWwkdHNrYBxA.roa (raw, json)
Hash identifier:          40JgXaLamd8DSKUsxYfaFhRV6HQW3SrCC7I4LOzM7ZY=
Subject key identifier:   5D:B3:5A:EB:4C:08:EB:15:99:8F:9E:CB:5B:09:1D:1C:DA:D8:07:10
Certificate issuer:       /CN=2c96946c501ddf48696da2cf110fdceb286fac98
Certificate serial:       018CC86F2F3A7BDDA4895FEB9304167FE39A
Authority key identifier: 2C:96:94:6C:50:1D:DF:48:69:6D:A2:CF:11:0F:DC:EB:28:6F:AC:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/XbNa60wI6xWZj57LWwkdHNrYBxA.roa
Signing time:             Tue 02 Jan 2024 04:29:38 +0000
ROA not before:           Tue 02 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47543
IP address blocks:        185.234.97.0/24 maxlen: 24
                          185.234.96.0/24 maxlen: 24
                          185.234.98.0/24 maxlen: 24
                          185.234.99.0/24 maxlen: 24
                          95.142.101.0/24 maxlen: 24
                          95.142.100.0/24 maxlen: 24
                          185.27.18.0/24 maxlen: 24
                          178.237.38.0/24 maxlen: 24
                          178.237.37.0/24 maxlen: 24
                          178.237.35.0/24 maxlen: 24
                          178.237.36.0/24 maxlen: 24
                          2a00:1188:10::/48 maxlen: 64
                          2a00:1188:12::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:2f:3a:7b:dd:a4:89:5f:eb:93:04:16:7f:e3:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c96946c501ddf48696da2cf110fdceb286fac98
        Validity
            Not Before: Jan  2 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5db35aeb4c08eb15998f9ecb5b091d1cdad80710
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b0:bf:09:bd:56:29:6d:32:a3:d7:68:4a:a7:
                    30:f6:b1:f5:0c:ed:ec:10:de:e1:fa:51:5d:9b:ea:
                    09:a2:37:9e:2d:1e:36:cf:bd:76:f6:48:b2:22:b1:
                    0a:09:c6:d1:09:4a:25:fa:e4:8d:56:f1:00:ca:1b:
                    e0:a0:6d:e3:d4:1b:e1:56:29:f3:86:75:8e:7a:94:
                    46:97:99:0f:89:c9:77:71:c8:79:46:c9:d1:fd:d8:
                    47:0f:42:20:f1:3b:59:fe:7f:66:92:82:da:b5:80:
                    6e:f7:78:f0:3f:d4:08:80:bb:56:4e:1b:45:17:82:
                    c8:88:5a:5d:59:cd:63:e0:5d:3c:40:7b:34:b3:cc:
                    2c:58:70:04:1e:ee:40:4e:87:96:7b:da:2a:78:e4:
                    1c:88:af:cf:42:dd:8a:c2:7c:c6:b9:1b:b0:ae:77:
                    51:63:f6:df:c7:88:5e:f9:f5:bd:5d:76:af:dc:45:
                    1c:36:47:e7:f9:38:b9:fd:7d:e0:65:cd:e7:3a:3b:
                    e2:09:5f:c5:fd:22:2d:e2:fa:cb:f6:d7:2e:32:a0:
                    92:b2:c0:b9:23:28:9a:48:a3:71:fc:c1:df:8a:02:
                    a3:9f:b3:cc:35:76:af:1f:5d:9e:00:a2:fc:60:36:
                    b9:26:b0:d1:4a:d0:c1:7e:3f:60:8c:30:a8:22:b1:
                    62:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B3:5A:EB:4C:08:EB:15:99:8F:9E:CB:5B:09:1D:1C:DA:D8:07:10
            X509v3 Authority Key Identifier:
                keyid:2C:96:94:6C:50:1D:DF:48:69:6D:A2:CF:11:0F:DC:EB:28:6F:AC:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/XbNa60wI6xWZj57LWwkdHNrYBxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/LJaUbFAd30hpbaLPEQ_c6yhvrJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.142.100.0/23
                  178.237.35.0-178.237.38.255
                  185.27.18.0/24
                  185.234.96.0/22
                IPv6:
                  2a00:1188:10::/48
                  2a00:1188:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:2f:fb:db:3c:93:f5:74:80:95:e0:ec:fa:66:16:18:2d:a7:
         24:32:cc:70:bd:a6:5b:60:0f:30:42:81:77:43:43:89:b2:61:
         17:7f:41:d5:1e:0e:f9:fc:79:1d:be:97:48:00:3e:45:fb:f2:
         63:d6:24:f5:2b:b4:ed:ac:00:2f:ba:39:a2:77:fa:1d:0e:c9:
         5e:e0:85:20:d9:63:16:80:28:7d:86:08:b5:aa:bd:aa:48:72:
         d3:44:54:d9:11:c4:68:28:48:ad:bb:c0:b2:5a:75:25:a3:aa:
         22:87:4d:20:89:98:9b:63:db:5f:09:4a:ae:bf:67:12:1e:8f:
         49:9e:c5:ea:b3:70:5c:3c:ef:f3:7c:49:fe:d2:7e:e2:e0:9a:
         28:cd:9f:d2:0f:ee:4d:ae:a0:0a:18:ba:45:42:0a:78:9e:cb:
         99:7f:6c:a0:c4:c9:05:24:4e:af:21:ed:f9:66:14:3f:83:91:
         66:a0:dd:de:1e:6f:19:0f:e6:da:44:df:aa:e2:24:79:90:20:
         f6:3b:06:76:77:43:90:ea:8a:93:65:38:37:75:91:8e:eb:1e:
         86:3b:06:50:8d:d6:e4:37:9e:50:31:54:6c:b3:fd:1b:dc:9c:
         af:a6:b1:36:61:1e:de:6b:26:95:1a:d2:3d:0c:ca:f0:ae:72:
         77:8f:b1:e7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYzIby86e92kiV/rkwQWf+OaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOTY5NDZjNTAxZGRmNDg2OTZkYTJjZjExMGZkY2ViMjg2
ZmFjOTgwHhcNMjQwMTAyMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGIzNWFlYjRjMDhlYjE1OTk4ZjllY2I1YjA5MWQxY2RhZDgwNzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLC/Cb1WKW0yo9doSqcw9rH1DO3s
EN7h+lFdm+oJojeeLR42z7129kiyIrEKCcbRCUol+uSNVvEAyhvgoG3j1BvhVinz
hnWOepRGl5kPicl3cch5RsnR/dhHD0Ig8TtZ/n9mkoLatYBu93jwP9QIgLtWThtF
F4LIiFpdWc1j4F08QHs0s8wsWHAEHu5AToeWe9oqeOQciK/PQt2KwnzGuRuwrndR
Y/bfx4he+fW9XXav3EUcNkfn+Ti5/X3gZc3nOjviCV/F/SIt4vrL9tcuMqCSssC5
IyiaSKNx/MHfigKjn7PMNXavH12eAKL8YDa5JrDRStDBfj9gjDCoIrFizwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFF2zWutMCOsVmY+ey1sJHRza2AcQMB8GA1UdIwQY
MBaAFCyWlGxQHd9IaW2izxEP3Osob6yYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEphVWJGQWQzMGhwYmFMUEVRX2M2eWh2ckpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wNGZlZjgtZDJkZi00ZjdhLTkyYjQt
N2Y5NzBhM2FmOWNkLzEvWGJOYTYwd0k2eFdaajU3TFd3a2RITnJZQnhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wNGZlZjgtZDJkZi00ZjdhLTkyYjQtN2Y5NzBhM2FmOWNk
LzEvTEphVWJGQWQzMGhwYmFMUEVRX2M2eWh2ckpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAmBAIAATAgAwQBX45kMAwD
BACy7SMDBACy7SYDBAC5GxIDBAK56mAwGAQCAAIwEgMHACoAEYgAEAMHACoAEYgA
EjANBgkqhkiG9w0BAQsFAAOCAQEAbC/72zyT9XSAleDs+mYWGC2nJDLMcL2mW2AP
MEKBd0NDibJhF39B1R4O+fx5Hb6XSAA+RfvyY9Yk9Su07awAL7o5onf6HQ7JXuCF
INljFoAofYYItaq9qkhy00RU2RHEaChIrbvAslp1JaOqIodNIImYm2PbXwlKrr9n
Eh6PSZ7F6rNwXDzv83xJ/tJ+4uCaKM2f0g/uTa6gChi6RUIKeJ7LmX9soMTJBSRO
ryHt+WYUP4ORZqDd3h5vGQ/m2kTfquIkeZAg9jsGdndDkOqKk2U4N3WRjusehjsG
UI3W5DeeUDFUbLP9G9ycr6axNmEe3msmlRrSPQzK8K5yd4+x5w==
-----END CERTIFICATE-----