Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/3NjMryz1Ib-Fb5twa_To8HWHYSc.roa
File:                     3NjMryz1Ib-Fb5twa_To8HWHYSc.roa (raw, json)
Hash identifier:          Jxy6YA+R6P55x5a+hLxZDpXZGkYsQvgsK7oJ9Q+K1Ow=
Subject key identifier:   DC:D8:CC:AF:2C:F5:21:BF:85:6F:9B:70:6B:F4:E8:F0:75:87:61:27
Certificate issuer:       /CN=a14e499240cea588541a7dc74f321c9141744bb6
Certificate serial:       018DC19C4B7B421FDAC4C44BAB2C87C1AB27
Authority key identifier: A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/3NjMryz1Ib-Fb5twa_To8HWHYSc.roa
Signing time:             Mon 19 Feb 2024 13:44:22 +0000
ROA not before:           Mon 19 Feb 2024 13:44:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49603
IP address blocks:        46.19.152.0/21 maxlen: 24
                          89.207.248.0/21 maxlen: 24
                          185.88.60.0/22 maxlen: 24
                          185.92.152.0/22 maxlen: 24
                          185.92.160.0/22 maxlen: 24
                          185.92.168.0/22 maxlen: 24
                          185.92.180.0/22 maxlen: 24
                          185.92.188.0/22 maxlen: 24
                          2a05:ca80::/29 maxlen: 29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:9c:4b:7b:42:1f:da:c4:c4:4b:ab:2c:87:c1:ab:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a14e499240cea588541a7dc74f321c9141744bb6
        Validity
            Not Before: Feb 19 13:44:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcd8ccaf2cf521bf856f9b706bf4e8f075876127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:0e:05:59:a1:79:67:e1:31:f0:25:2f:62:2c:
                    d4:38:87:74:c8:9f:ff:2a:79:07:a0:af:4f:2d:9e:
                    3a:d7:64:85:8d:f0:45:29:db:95:be:a5:d2:3a:72:
                    20:d4:4b:95:e9:90:08:0b:90:4e:d5:3c:fe:81:ce:
                    06:f8:b8:c1:ba:df:1c:31:d5:d3:2f:34:18:22:f3:
                    07:06:d2:5b:fa:c9:52:b4:ba:2f:05:7b:b0:cb:13:
                    2e:a7:87:af:ec:5f:53:5e:0d:59:db:27:66:ed:dd:
                    4f:30:a2:a0:54:18:52:cb:ba:7a:d4:8a:7e:84:8b:
                    12:82:03:db:ff:72:5f:bc:aa:4c:a0:83:77:7e:73:
                    3a:84:dc:52:70:31:a0:39:4b:98:f9:7a:4b:2a:a0:
                    1c:e4:7a:83:e8:76:78:9a:37:bf:56:5d:6d:d0:32:
                    a4:9d:8e:1a:31:26:ce:94:03:f2:75:1e:1e:96:ff:
                    21:2e:cf:96:38:8e:90:7a:81:be:e3:0c:b0:aa:ca:
                    28:79:5e:f6:f9:56:16:66:9d:30:91:f1:7b:2f:31:
                    15:5a:1b:33:48:d7:fd:9e:14:13:9a:56:55:02:1a:
                    06:97:c4:1d:50:54:f9:d1:7c:f4:f0:40:c8:65:7f:
                    aa:34:90:b0:5c:f2:b9:3b:ea:0b:ed:6a:96:2e:7e:
                    e2:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:D8:CC:AF:2C:F5:21:BF:85:6F:9B:70:6B:F4:E8:F0:75:87:61:27
            X509v3 Authority Key Identifier:
                keyid:A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/3NjMryz1Ib-Fb5twa_To8HWHYSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.152.0/21
                  89.207.248.0/21
                  185.88.60.0/22
                  185.92.152.0/22
                  185.92.160.0/22
                  185.92.168.0/22
                  185.92.180.0/22
                  185.92.188.0/22
                IPv6:
                  2a05:ca80::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:d2:a1:29:71:3b:40:e1:17:aa:94:e2:b1:2c:6b:10:e4:4a:
         91:21:7f:02:c5:ca:4e:ef:2e:9e:d1:cd:55:16:ba:a6:07:cf:
         a6:1a:2f:22:69:da:b0:e9:9a:50:98:4d:a9:e1:39:12:88:2b:
         2c:73:14:4d:45:a7:48:a3:5d:7b:19:c2:46:b9:75:05:e6:db:
         42:6c:b9:f4:a4:97:84:86:58:03:dd:d4:87:42:bc:3e:3f:0d:
         40:63:7f:fc:f4:1e:02:75:ee:1e:57:3d:7b:72:4b:ab:d8:49:
         e1:c9:34:39:6a:9f:2f:f5:2e:a4:27:9b:10:c2:45:c3:1a:e6:
         2e:35:ce:15:35:1d:66:2c:3f:d2:79:c9:7d:f1:7b:0c:11:9d:
         c9:b5:0d:a0:a7:25:1d:f1:da:11:62:4b:47:60:b7:8e:18:5f:
         8a:26:dd:3b:b7:de:20:4c:a9:45:89:c8:8e:83:da:3e:c6:95:
         b7:fb:dd:8c:2c:00:69:83:5d:ab:ef:29:8c:f6:59:f5:2d:68:
         99:10:a0:bd:7e:95:82:1d:75:55:b0:28:ba:cb:ca:dd:38:6a:
         e1:ff:bb:53:06:86:88:05:e8:f9:3a:41:3d:df:a9:1d:df:b5:
         c1:57:74:f3:18:81:0b:85:a1:5d:76:0b:bb:2f:06:af:51:e8:
         5f:b9:97:4b
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAY3BnEt7Qh/axMRLqyyHwasnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNGU0OTkyNDBjZWE1ODg1NDFhN2RjNzRmMzIxYzkxNDE3
NDRiYjYwHhcNMjQwMjE5MTM0NDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2Q4Y2NhZjJjZjUyMWJmODU2ZjliNzA2YmY0ZThmMDc1ODc2MTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhg4FWaF5Z+Ex8CUvYizUOId0yJ//
KnkHoK9PLZ4612SFjfBFKduVvqXSOnIg1EuV6ZAIC5BO1Tz+gc4G+LjBut8cMdXT
LzQYIvMHBtJb+slStLovBXuwyxMup4ev7F9TXg1Z2ydm7d1PMKKgVBhSy7p61Ip+
hIsSggPb/3JfvKpMoIN3fnM6hNxScDGgOUuY+XpLKqAc5HqD6HZ4mje/Vl1t0DKk
nY4aMSbOlAPydR4elv8hLs+WOI6QeoG+4wywqsooeV72+VYWZp0wkfF7LzEVWhsz
SNf9nhQTmlZVAhoGl8QdUFT50Xz08EDIZX+qNJCwXPK5O+oL7WqWLn7iyQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFNzYzK8s9SG/hW+bcGv06PB1h2EnMB8GA1UdIwQY
MBaAFKFOSZJAzqWIVBp9x08yHJFBdEu2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1U1SmtrRE9wWWhVR24zSFR6SWNrVUYwUzdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8wODI4ZTctMWU1Ny00NzQ3LThlYTEt
MzZhODA4ZjNkMTRkLzEvM05qTXJ5ejFJYi1GYjV0d2FfVG84SFdIWVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8wODI4ZTctMWU1Ny00NzQ3LThlYTEtMzZhODA4ZjNkMTRk
LzEvb1U1SmtrRE9wWWhVR24zSFR6SWNrVUYwUzdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDLhOYAwQD
Wc/4AwQCuVg8AwQCuVyYAwQCuVygAwQCuVyoAwQCuVy0AwQCuVy8MA0EAgACMAcD
BQMqBcqAMA0GCSqGSIb3DQEBCwUAA4IBAQCi0qEpcTtA4ReqlOKxLGsQ5EqRIX8C
xcpO7y6e0c1VFrqmB8+mGi8iadqw6ZpQmE2p4TkSiCsscxRNRadIo117GcJGuXUF
5ttCbLn0pJeEhlgD3dSHQrw+Pw1AY3/89B4Cde4eVz17ckur2EnhyTQ5ap8v9S6k
J5sQwkXDGuYuNc4VNR1mLD/Secl98XsMEZ3JtQ2gpyUd8doRYktHYLeOGF+KJt07
t94gTKlFiciOg9o+xpW3+92MLABpg12r7ymM9ln1LWiZEKC9fpWCHXVVsCi6y8rd
OGrh/7tTBoaIBej5OkE936kd37XBV3TzGIELhaFddgu7LwavUehfuZdL
-----END CERTIFICATE-----