Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/D3o2SAmp7ZMtZVcCQ9yF0lOZ9Z8.roa
File:                     D3o2SAmp7ZMtZVcCQ9yF0lOZ9Z8.roa (raw, json)
Hash identifier:          X6sDA51TYTTqDQLLtSTNwhK+wf5WNnXc1eD25KVfQxw=
Subject key identifier:   0F:7A:36:48:09:A9:ED:93:2D:65:57:02:43:DC:85:D2:53:99:F5:9F
Certificate issuer:       /CN=d5620cec70974d037d7769758c74668305b32cf2
Certificate serial:       018CC9BA811699D4ED2A2FF628AE9DAEDDA1
Authority key identifier: D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/D3o2SAmp7ZMtZVcCQ9yF0lOZ9Z8.roa
Signing time:             Tue 02 Jan 2024 10:31:32 +0000
ROA not before:           Tue 02 Jan 2024 10:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56694
IP address blocks:        94.198.50.0/23 maxlen: 24
                          185.9.144.0/22 maxlen: 24
                          188.127.224.0/20 maxlen: 24
                          94.198.52.0/22 maxlen: 24
                          188.127.240.0/21 maxlen: 24
                          188.127.248.0/22 maxlen: 24
                          188.127.253.0/24 maxlen: 24
                          188.127.254.0/23 maxlen: 24
                          185.130.248.0/22 maxlen: 24
                          152.89.216.0/22 maxlen: 24
                          2a06:dd00::/29 maxlen: 48
                          2a06:dd00::/32 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:81:16:99:d4:ed:2a:2f:f6:28:ae:9d:ae:dd:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5620cec70974d037d7769758c74668305b32cf2
        Validity
            Not Before: Jan  2 10:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f7a364809a9ed932d65570243dc85d25399f59f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:96:c6:31:9e:df:8e:9f:0a:87:be:4a:98:7d:
                    63:f9:59:cb:6e:8b:f6:25:58:4e:17:a6:e1:f8:e8:
                    9c:c5:80:49:36:31:94:0c:35:09:e5:9a:fc:11:b7:
                    6d:2f:a9:4f:10:ac:a3:40:f6:6d:43:fc:31:27:d5:
                    75:e9:bf:41:81:9f:20:d0:b4:f4:ac:ff:b3:3a:74:
                    d9:a1:cc:f2:7a:f7:32:d7:d2:a0:02:37:47:fb:f8:
                    33:2e:3d:50:7c:8d:bc:28:97:71:72:23:20:77:5f:
                    77:c5:a5:26:16:b3:c9:ba:e1:b5:36:83:33:5e:b2:
                    4a:2c:01:14:d3:24:97:97:fe:a6:2d:07:74:0d:34:
                    e8:d1:84:4f:bc:6d:8a:87:f4:99:3c:0c:ef:ee:8a:
                    70:9b:5d:ae:23:b0:3a:eb:e9:16:5e:3d:36:2c:d5:
                    9d:4c:64:14:18:40:08:a7:ef:10:b2:09:4e:4e:b3:
                    12:68:24:ea:83:ee:b2:3c:17:31:ea:bb:29:20:ce:
                    bb:cc:5c:29:06:61:f3:da:0b:3f:fb:7b:96:38:5b:
                    49:27:19:55:46:da:1c:93:94:59:ec:6b:f7:c5:3a:
                    e5:a1:05:96:76:7f:54:e8:cf:de:ef:30:2e:1b:71:
                    0e:b4:75:17:05:fe:7a:38:48:9d:27:a1:94:19:ac:
                    8c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:7A:36:48:09:A9:ED:93:2D:65:57:02:43:DC:85:D2:53:99:F5:9F
            X509v3 Authority Key Identifier:
                keyid:D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/D3o2SAmp7ZMtZVcCQ9yF0lOZ9Z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.198.50.0-94.198.55.255
                  152.89.216.0/22
                  185.9.144.0/22
                  185.130.248.0/22
                  188.127.224.0-188.127.251.255
                  188.127.253.0-188.127.255.255
                IPv6:
                  2a06:dd00::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:d7:6d:b2:a1:d6:08:b0:c2:d6:e7:55:b9:14:90:a6:12:ac:
         a3:82:58:be:7e:7f:f2:fc:63:bb:95:a2:59:00:86:58:45:61:
         00:a7:ab:a8:8a:d0:bd:80:5e:24:95:c3:26:f6:7f:e9:7d:69:
         84:8c:0f:3d:ca:e2:ca:7d:52:88:4e:7c:7a:92:25:43:99:44:
         2e:f3:21:d7:53:f2:53:b0:f5:9e:08:81:1f:39:80:59:2d:86:
         d7:80:0d:80:75:f9:6a:79:5e:e8:fa:49:2f:49:fb:83:fa:ed:
         9f:46:a5:47:15:92:61:be:13:44:72:e6:d6:32:75:ad:2d:52:
         26:fe:c4:67:11:7a:ef:dc:a0:d8:86:46:a2:2d:e5:2b:48:e0:
         24:08:ea:66:5f:e2:7b:59:a7:eb:91:d5:9e:22:b8:65:85:16:
         6c:56:a2:71:3e:2c:10:cf:71:9b:8b:9c:5f:14:dd:c3:24:02:
         84:70:f0:15:7c:44:b7:c5:93:8d:59:9e:49:35:85:c6:91:e3:
         48:de:71:94:6f:c9:a5:74:71:e8:d1:55:9e:48:76:75:2d:31:
         ba:25:3e:9d:4e:1c:b0:75:fe:49:82:21:06:62:26:ce:7d:df:
         e1:47:f3:56:9a:12:63:72:4c:91:7e:13:e6:63:fd:bf:4d:e7:
         e9:ff:7a:5b
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYzJuoEWmdTtKi/2KK6drt2hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjIwY2VjNzA5NzRkMDM3ZDc3Njk3NThjNzQ2NjgzMDVi
MzJjZjIwHhcNMjQwMTAyMTAzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjdhMzY0ODA5YTllZDkzMmQ2NTU3MDI0M2RjODVkMjUzOTlmNTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZbGMZ7fjp8Kh75KmH1j+VnLbov2
JVhOF6bh+OicxYBJNjGUDDUJ5Zr8EbdtL6lPEKyjQPZtQ/wxJ9V16b9BgZ8g0LT0
rP+zOnTZoczyevcy19KgAjdH+/gzLj1QfI28KJdxciMgd193xaUmFrPJuuG1NoMz
XrJKLAEU0ySXl/6mLQd0DTTo0YRPvG2Kh/SZPAzv7opwm12uI7A66+kWXj02LNWd
TGQUGEAIp+8QsglOTrMSaCTqg+6yPBcx6rspIM67zFwpBmHz2gs/+3uWOFtJJxlV
Rtock5RZ7Gv3xTrloQWWdn9U6M/e7zAuG3EOtHUXBf56OEidJ6GUGayMPwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFA96NkgJqe2TLWVXAkPchdJTmfWfMB8GA1UdIwQY
MBaAFNViDOxwl00DfXdpdYx0ZoMFsyzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTkt
YmU0MzRjYjlmOGY4LzEvRDNvMlNBbXA3Wk10WlZjQ1E5eUYwbE9aOVo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTktYmU0MzRjYjlmOGY4
LzEvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBBBAIAATA7MAwDBAFexjID
BANexjADBAKYWdgDBAK5CZADBAK5gvgwDAMEBbx/4AMEArx/+DALAwQAvH/9AwMH
vAAwDQQCAAIwBwMFAyoG3QAwDQYJKoZIhvcNAQELBQADggEBAFnXbbKh1giwwtbn
VbkUkKYSrKOCWL5+f/L8Y7uVolkAhlhFYQCnq6iK0L2AXiSVwyb2f+l9aYSMDz3K
4sp9UohOfHqSJUOZRC7zIddT8lOw9Z4IgR85gFkthteADYB1+Wp5Xuj6SS9J+4P6
7Z9GpUcVkmG+E0Ry5tYyda0tUib+xGcReu/coNiGRqIt5StI4CQI6mZf4ntZp+uR
1Z4iuGWFFmxWonE+LBDPcZuLnF8U3cMkAoRw8BV8RLfFk41Znkk1hcaR40jecZRv
yaV0cejRVZ5IdnUtMbolPp1OHLB1/kmCIQZiJs593+FH81aaEmNyTJF+E+Zj/b9N
5+n/els=
-----END CERTIFICATE-----