Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/E5NpLOzsopJjc2W9N-tzxi5Gt_c.roa
File:                     E5NpLOzsopJjc2W9N-tzxi5Gt_c.roa (raw, json)
Hash identifier:          FYIuhfPUSFUvUzWocnaBcszXZmz+k/rRiz36mFlDsCI=
Subject key identifier:   13:93:69:2C:EC:EC:A2:92:63:73:65:BD:37:EB:73:C6:2E:46:B7:F7
Certificate issuer:       /CN=c11c58337cd4d74cd9219d8778dee5b29f08a461
Certificate serial:       018CC9BCD53D560548616A3828A556C8E13E
Authority key identifier: C1:1C:58:33:7C:D4:D7:4C:D9:21:9D:87:78:DE:E5:B2:9F:08:A4:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wRxYM3zU10zZIZ2HeN7lsp8IpGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/E5NpLOzsopJjc2W9N-tzxi5Gt_c.roa
Signing time:             Tue 02 Jan 2024 10:34:04 +0000
ROA not before:           Tue 02 Jan 2024 10:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50821
IP address blocks:        209.221.192.0/19 maxlen: 19
                          185.54.196.0/22 maxlen: 22
                          145.14.96.0/19 maxlen: 19
                          212.100.96.0/19 maxlen: 19
                          109.238.128.0/20 maxlen: 20
                          79.142.240.0/20 maxlen: 20
                          46.39.96.0/19 maxlen: 19
                          89.255.224.0/20 maxlen: 20
                          178.16.208.0/20 maxlen: 20
                          147.28.64.0/19 maxlen: 19
                          145.40.16.0/20 maxlen: 20
                          217.69.144.0/20 maxlen: 20
                          178.251.128.0/21 maxlen: 21
                          185.81.108.0/22 maxlen: 22
                          2001:1ba8::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d5:3d:56:05:48:61:6a:38:28:a5:56:c8:e1:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c11c58337cd4d74cd9219d8778dee5b29f08a461
        Validity
            Not Before: Jan  2 10:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1393692cececa292637365bd37eb73c62e46b7f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:73:93:45:df:1f:34:ab:68:d5:be:ad:d0:ee:
                    82:d4:11:17:dd:90:21:a4:6f:ea:f9:4d:d0:25:d8:
                    3c:cb:48:df:1e:6c:ab:d4:4c:ff:77:ed:19:0b:01:
                    24:1d:6b:48:e1:b8:55:83:d6:96:c0:81:1f:51:90:
                    96:a3:82:89:7e:b3:b4:73:c6:e8:b4:e2:e9:53:2e:
                    ce:30:8e:84:be:59:78:4c:09:9f:19:c5:ea:1f:79:
                    e8:6f:8d:5d:5e:a0:14:54:4e:80:c2:70:ee:7f:3d:
                    6f:00:3d:d1:d0:ff:b3:f3:84:ef:bd:69:91:4d:21:
                    4c:04:25:cc:48:ab:3f:62:7a:7e:2e:5f:b8:0f:39:
                    56:c6:51:ea:22:9c:26:4f:18:04:05:38:f0:bb:d2:
                    4f:74:74:ea:14:9d:8c:f6:7b:0e:f9:72:19:e4:52:
                    1d:c0:48:02:62:0f:94:ea:8e:7b:55:d9:cd:a0:18:
                    be:2e:a5:80:07:d0:25:38:55:dd:fc:bc:b9:32:58:
                    9a:2d:1a:84:f1:8b:5a:5c:3b:2a:cb:ec:40:b3:61:
                    fa:5b:8c:c1:da:79:5d:44:83:3b:56:58:92:ca:67:
                    a1:e5:bd:5f:b5:a0:bc:3b:b0:5d:57:e7:93:f2:d9:
                    c4:53:cf:82:74:77:24:d7:e1:a2:e3:3f:a7:d3:05:
                    3a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:93:69:2C:EC:EC:A2:92:63:73:65:BD:37:EB:73:C6:2E:46:B7:F7
            X509v3 Authority Key Identifier:
                keyid:C1:1C:58:33:7C:D4:D7:4C:D9:21:9D:87:78:DE:E5:B2:9F:08:A4:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wRxYM3zU10zZIZ2HeN7lsp8IpGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/E5NpLOzsopJjc2W9N-tzxi5Gt_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/wRxYM3zU10zZIZ2HeN7lsp8IpGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.39.96.0/19
                  79.142.240.0/20
                  89.255.224.0/20
                  109.238.128.0/20
                  145.14.96.0/19
                  145.40.16.0/20
                  147.28.64.0/19
                  178.16.208.0/20
                  178.251.128.0/21
                  185.54.196.0/22
                  185.81.108.0/22
                  209.221.192.0/19
                  212.100.96.0/19
                  217.69.144.0/20
                IPv6:
                  2001:1ba8::/29

    Signature Algorithm: sha256WithRSAEncryption
         c0:d9:6a:2c:21:c4:0e:4a:a5:93:5d:e3:dc:c3:4c:60:12:61:
         1c:66:3e:02:d6:a9:a0:00:0d:c4:ec:d7:d7:6d:34:7a:17:49:
         92:76:df:85:c8:5d:fb:ac:be:11:0e:9b:49:dd:a9:93:90:4b:
         56:a3:47:b1:e6:1d:76:9d:26:55:f5:cd:15:34:21:23:21:84:
         2e:67:9e:55:ee:4f:ce:13:c0:e3:71:44:71:85:1d:03:7c:f3:
         12:b4:4b:59:06:67:7a:d8:2b:e6:09:8c:fa:3d:c0:44:29:59:
         f6:2f:40:bf:a5:01:ed:fe:ec:e9:d5:04:f3:c4:82:aa:40:74:
         47:21:aa:8d:98:70:2c:7c:11:9c:da:7a:00:4b:cd:9d:aa:53:
         1d:68:ec:a6:1d:85:ef:91:e0:b6:d7:3b:ee:98:87:c7:96:31:
         75:5f:f7:6e:32:bf:49:de:4f:c2:ea:31:2a:8c:34:33:23:50:
         f3:46:14:8a:a7:e1:fa:34:ad:e9:c7:78:45:48:99:2c:00:7e:
         9f:aa:ca:3f:42:5d:b3:1c:dc:ee:b8:ea:35:d4:4f:fc:16:ba:
         07:7e:5d:34:2d:16:20:35:00:5f:fc:15:31:b0:dc:de:01:5a:
         bb:95:62:46:f3:f3:3f:4b:3b:e6:36:b2:b4:cd:cd:a8:53:26:
         ec:94:7f:ce
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAYzJvNU9VgVIYWo4KKVWyOE+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMWM1ODMzN2NkNGQ3NGNkOTIxOWQ4Nzc4ZGVlNWIyOWYw
OGE0NjEwHhcNMjQwMTAyMTAzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzkzNjkyY2VjZWNhMjkyNjM3MzY1YmQzN2ViNzNjNjJlNDZiN2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXOTRd8fNKto1b6t0O6C1BEX3ZAh
pG/q+U3QJdg8y0jfHmyr1Ez/d+0ZCwEkHWtI4bhVg9aWwIEfUZCWo4KJfrO0c8bo
tOLpUy7OMI6Evll4TAmfGcXqH3nob41dXqAUVE6AwnDufz1vAD3R0P+z84TvvWmR
TSFMBCXMSKs/Ynp+Ll+4DzlWxlHqIpwmTxgEBTjwu9JPdHTqFJ2M9nsO+XIZ5FId
wEgCYg+U6o57VdnNoBi+LqWAB9AlOFXd/Ly5MliaLRqE8YtaXDsqy+xAs2H6W4zB
2nldRIM7VliSymeh5b1ftaC8O7BdV+eT8tnEU8+CdHck1+Gi4z+n0wU60QIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFBOTaSzs7KKSY3NlvTfrc8YuRrf3MB8GA1UdIwQY
MBaAFMEcWDN81NdM2SGdh3je5bKfCKRhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1J4WU0zelUxMHpaSVoySGVON2xzcDhJcEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wYmRjYTMtMjgzYS00OTQyLTg1OTIt
YzM5NDU0MWY3NzBlLzEvRTVOcExPenNvcEpqYzJXOU4tdHp4aTVHdF9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wYmRjYTMtMjgzYS00OTQyLTg1OTItYzM5NDU0MWY3NzBl
LzEvd1J4WU0zelUxMHpaSVoySGVON2xzcDhJcEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUAwQFLidgAwQE
T47wAwQEWf/gAwQEbe6AAwQFkQ5gAwQEkSgQAwQFkxxAAwQEshDQAwQDsvuAAwQC
uTbEAwQCuVFsAwQF0d3AAwQF1GRgAwQE2UWQMA0EAgACMAcDBQMgARuoMA0GCSqG
SIb3DQEBCwUAA4IBAQDA2WosIcQOSqWTXePcw0xgEmEcZj4C1qmgAA3E7NfXbTR6
F0mSdt+FyF37rL4RDptJ3amTkEtWo0ex5h12nSZV9c0VNCEjIYQuZ55V7k/OE8Dj
cURxhR0DfPMStEtZBmd62CvmCYz6PcBEKVn2L0C/pQHt/uzp1QTzxIKqQHRHIaqN
mHAsfBGc2noAS82dqlMdaOymHYXvkeC21zvumIfHljF1X/duMr9J3k/C6jEqjDQz
I1DzRhSKp+H6NK3px3hFSJksAH6fqso/Ql2zHNzuuOo11E/8FroHfl00LRYgNQBf
/BUxsNzeAVq7lWJG8/M/SzvmNrK0zc2oUybslH/O
-----END CERTIFICATE-----