Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/qa_fvnzUZCSxDfYA4IOh3Zth48w.roa
File:                     qa_fvnzUZCSxDfYA4IOh3Zth48w.roa (raw, json)
Hash identifier:          VMhIesG2Ep/TeGDYMq/DnJNh9iJOsMXkFDxi7ZVHWaQ=
Subject key identifier:   A9:AF:DF:BE:7C:D4:64:24:B1:0D:F6:00:E0:83:A1:DD:9B:61:E3:CC
Certificate issuer:       /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial:       120407B1
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/qa_fvnzUZCSxDfYA4IOh3Zth48w.roa
Signing time:             Thu 10 Mar 2022 07:35:27 +0000
ROA not before:           Thu 10 Mar 2022 07:35:27 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41789
IP address blocks:        31.129.17.0/24 maxlen: 24
                          31.129.16.0/24 maxlen: 24
                          31.129.18.0/24 maxlen: 24
                          31.129.22.0/24 maxlen: 24
                          31.129.21.0/24 maxlen: 24
                          31.129.20.0/24 maxlen: 24
                          31.129.19.0/24 maxlen: 24
                          31.129.24.0/24 maxlen: 24
                          31.129.23.0/24 maxlen: 24
                          31.129.29.0/24 maxlen: 24
                          31.129.28.0/24 maxlen: 24
                          31.129.27.0/24 maxlen: 24
                          31.129.26.0/24 maxlen: 24
                          31.129.31.0/24 maxlen: 24
                          31.129.25.0/24 maxlen: 24
                          31.129.0.0/20 maxlen: 24
                          109.236.56.0/23 maxlen: 23
                          109.236.58.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 302254001 (0x120407b1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
        Validity
            Not Before: Mar 10 07:35:27 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a9afdfbe7cd46424b10df600e083a1dd9b61e3cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:07:a6:66:06:d2:a5:1d:33:cb:ba:57:c1:b3:
                    cc:71:43:d5:15:24:0f:f0:b2:a9:e5:f3:e1:03:35:
                    a9:78:de:ff:7e:4b:f1:99:fd:94:d4:08:be:19:60:
                    dd:c1:6f:40:5c:a4:68:db:c5:9e:d4:8e:43:92:81:
                    11:2d:b6:1f:e1:f8:2d:82:70:e1:a7:e5:c0:80:12:
                    8d:3a:de:f7:31:0c:fe:ce:31:b8:c6:84:7c:19:a8:
                    d1:26:86:e2:45:ae:3f:1f:3b:5c:43:41:37:1f:27:
                    f0:a0:36:99:50:86:10:80:6c:b1:44:6a:01:53:bc:
                    e9:ed:75:be:4f:be:d8:f3:19:a8:c8:b1:06:99:26:
                    86:1e:2f:2b:5d:55:0f:b0:09:09:37:f1:80:f7:b5:
                    34:f5:3b:6f:75:2c:56:5f:e9:d4:b7:a6:ac:9e:dc:
                    7d:ae:ed:63:ba:91:79:ab:5c:1f:d3:34:ba:31:58:
                    d7:f9:3e:96:e4:12:fe:c3:38:6c:6e:63:f3:47:49:
                    b6:28:44:cd:5a:a2:26:2b:5e:06:e4:2d:9e:ce:d6:
                    24:04:cf:8a:dc:10:aa:b0:b0:79:b0:35:70:a0:29:
                    25:e5:72:67:af:af:14:96:c9:41:bd:f6:90:56:f9:
                    71:79:85:3f:5b:ce:f1:89:a4:62:c3:6a:9b:5b:db:
                    99:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:AF:DF:BE:7C:D4:64:24:B1:0D:F6:00:E0:83:A1:DD:9B:61:E3:CC
            X509v3 Authority Key Identifier:
                keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/qa_fvnzUZCSxDfYA4IOh3Zth48w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.129.0.0-31.129.29.255
                  31.129.31.0/24
                  109.236.56.0-109.236.58.255

    Signature Algorithm: sha256WithRSAEncryption
         40:a3:be:d9:8b:48:78:47:5a:c0:6f:58:48:da:57:7d:82:8f:
         26:c2:f2:10:ce:34:42:37:41:11:4b:d2:ff:0a:5c:26:03:c6:
         b1:f4:2f:db:ec:b9:36:7e:63:e0:c2:41:6e:b5:f4:05:08:29:
         a4:6a:4f:4f:6a:be:83:5c:43:e8:7f:40:8a:1b:54:1d:7e:c6:
         a8:4a:9f:da:cb:bb:d7:8a:5f:ba:74:da:e8:0e:f4:8b:fe:05:
         49:6a:ea:6e:ab:3e:7b:8a:c4:2d:a7:c6:c6:44:b8:ba:8e:7a:
         72:17:f2:b0:d8:df:23:b2:5d:63:e7:72:7e:5d:29:e1:57:1b:
         b7:9f:47:be:1e:0f:00:90:8d:57:c1:f2:c7:8b:bf:a9:43:9a:
         83:d2:15:9e:cb:88:bb:96:57:2e:47:15:5d:a1:72:21:6d:b7:
         84:92:13:5c:41:2f:28:a5:42:43:a3:d6:ac:25:b3:f6:9c:aa:
         ad:50:30:0a:a7:21:d7:26:40:4f:e4:0a:c4:6b:1f:b3:1e:67:
         46:19:a2:7c:83:10:05:4a:58:2c:e4:d9:34:66:7b:a7:a7:80:
         c3:c1:85:87:5a:4f:0b:4d:d4:e3:de:1a:9c:ab:8a:7b:f5:19:
         7e:bf:60:ff:c8:b2:2b:73:57:c9:5b:a9:cd:38:ea:d4:e0:17:
         55:63:ba:79
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIEEgQHsTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NWIxZDEzYzJlMjZlMTI3ODYyNDZhNWVjNGM1YmVhNjk4NjRiMjBmMB4XDTIyMDMx
MDA3MzUyN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTlhZmRmYmU3Y2Q0
NjQyNGIxMGRmNjAwZTA4M2ExZGQ5YjYxZTNjYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAO8HpmYG0qUdM8u6V8GzzHFD1RUkD/CyqeXz4QM1qXje/35L
8Zn9lNQIvhlg3cFvQFykaNvFntSOQ5KBES22H+H4LYJw4aflwIASjTre9zEM/s4x
uMaEfBmo0SaG4kWuPx87XENBNx8n8KA2mVCGEIBssURqAVO86e11vk++2PMZqMix
Bpkmhh4vK11VD7AJCTfxgPe1NPU7b3UsVl/p1LemrJ7cfa7tY7qReatcH9M0ujFY
1/k+luQS/sM4bG5j80dJtihEzVqiJiteBuQtns7WJATPitwQqrCwebA1cKApJeVy
Z6+vFJbJQb32kFb5cXmFP1vO8YmkYsNqm1vbmRMCAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBSpr9++fNRkJLEN9gDgg6Hdm2HjzDAfBgNVHSMEGDAWgBQFsdE8LibhJ4Yk
al7Exb6mmGSyDzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JiSFJQQzRtNFNlR0pHcGV4TVctcHBoa3NnOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTgvYzYxMDkyLTczNGEtNGVlZi05ZDY3LTQ5MDUyNDNiYzgyOC8x
L3FhX2Z2bnpVWkNTeERmWUE0SU9oM1p0aDQ4dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTgv
YzYxMDkyLTczNGEtNGVlZi05ZDY3LTQ5MDUyNDNiYzgyOC8xL0JiSFJQQzRtNFNl
R0pHcGV4TVctcHBoa3NnOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwJwQCAAEwITALAwMAH4EDBAEfgRwDBAAfgR8wDAME
A23sOAMEAG3sOjANBgkqhkiG9w0BAQsFAAOCAQEAQKO+2YtIeEdawG9YSNpXfYKP
JsLyEM40QjdBEUvS/wpcJgPGsfQv2+y5Nn5j4MJBbrX0BQgppGpPT2q+g1xD6H9A
ihtUHX7GqEqf2su714pfunTa6A70i/4FSWrqbqs+e4rELafGxkS4uo56chfysNjf
I7JdY+dyfl0p4Vcbt59Hvh4PAJCNV8Hyx4u/qUOag9IVnsuIu5ZXLkcVXaFyIW23
hJITXEEvKKVCQ6PWrCWz9pyqrVAwCqch1yZAT+QKxGsfsx5nRhmifIMQBUpYLOTZ
NGZ7p6eAw8GFh1pPC03U494anKuKe/UZfr9g/8iyK3NXyVupzTjq1OAXVWO6eQ==
-----END CERTIFICATE-----