Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/0tKiPT_1m-_R2PYamWDIDqm5jCE.roa
File:                     0tKiPT_1m-_R2PYamWDIDqm5jCE.roa (raw, json)
Hash identifier:          xnZnftRyfqWBA9pOMyQyLZkI0cG84bkbT1psmvvW5QQ=
Subject key identifier:   D2:D2:A2:3D:3F:F5:9B:EF:D1:D8:F6:1A:99:60:C8:0E:A9:B9:8C:21
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       01856F94B96BF2D495D893D9ACFF413AA1E4
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/0tKiPT_1m-_R2PYamWDIDqm5jCE.roa
Signing time:             Sun 01 Jan 2023 23:04:55 +0000
ROA not before:           Sun 01 Jan 2023 23:04:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203622
IP address blocks:        46.32.166.0/24 maxlen: 24
                          46.32.165.0/24 maxlen: 24
                          46.32.164.0/24 maxlen: 24
                          46.32.160.0/24 maxlen: 24
                          46.32.162.0/24 maxlen: 24
                          46.32.161.0/24 maxlen: 24
                          46.32.167.0/24 maxlen: 24
                          46.32.170.0/24 maxlen: 24
                          46.32.171.0/24 maxlen: 24
                          46.32.177.0/24 maxlen: 24
                          46.32.179.0/24 maxlen: 24
                          46.32.178.0/24 maxlen: 24
                          46.32.191.0/24 maxlen: 24
                          46.32.188.0/24 maxlen: 24
                          46.32.190.0/24 maxlen: 24
                          46.32.189.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:94:b9:6b:f2:d4:95:d8:93:d9:ac:ff:41:3a:a1:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: Jan  1 23:04:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d2d2a23d3ff59befd1d8f61a9960c80ea9b98c21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:61:27:b6:39:42:de:95:3f:9f:0a:43:33:22:
                    b5:02:44:89:1f:c3:3c:1b:00:f3:3d:d1:a7:c4:ce:
                    f1:48:6c:4a:87:98:2a:19:b3:a7:c0:7a:82:34:b2:
                    34:77:58:4e:5b:95:a1:20:02:84:a2:93:3b:18:5f:
                    50:33:0a:af:cb:ff:a3:f1:8e:3e:b1:fa:f9:34:ff:
                    0c:89:6a:5b:f8:55:3e:1c:8b:c1:2d:63:f9:29:06:
                    8c:47:e9:d0:4b:d8:a3:ea:9a:06:67:72:94:e4:8e:
                    56:7e:06:f7:db:34:1d:c3:b2:a7:80:15:05:41:74:
                    2d:9f:c0:1a:24:fa:94:a0:8f:d2:47:2e:0d:b0:fc:
                    0f:7d:04:11:1e:84:3b:05:62:58:05:7c:38:96:39:
                    4c:af:ae:95:6c:3b:29:75:60:40:77:5e:20:f7:4b:
                    21:49:b9:2e:95:9d:de:1c:38:ee:0c:df:ae:a7:68:
                    1a:11:44:18:c8:e3:c1:45:39:43:3d:22:34:65:23:
                    7d:d7:86:e2:be:53:c2:36:4a:ff:76:be:be:fc:b0:
                    67:33:29:e3:1c:e3:24:b4:6f:6a:b9:4e:f8:c0:5b:
                    9a:4c:a1:3a:e1:21:0f:f9:f1:23:43:79:3e:cf:09:
                    d7:7b:30:34:e5:85:c1:ea:6b:fa:ae:06:6e:bf:90:
                    a2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:D2:A2:3D:3F:F5:9B:EF:D1:D8:F6:1A:99:60:C8:0E:A9:B9:8C:21
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/0tKiPT_1m-_R2PYamWDIDqm5jCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.160.0-46.32.162.255
                  46.32.164.0/22
                  46.32.170.0/23
                  46.32.177.0-46.32.179.255
                  46.32.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:dc:4d:f3:3d:0e:18:18:c8:f3:bd:27:3e:ab:02:21:b3:13:
         18:73:05:0f:49:d9:f8:a9:2b:45:e8:32:7f:85:47:3e:72:f5:
         03:cb:1a:c7:42:04:dd:f1:45:6e:ee:47:4d:c6:2a:ad:4a:c7:
         67:1c:e6:12:74:ca:5b:1f:72:f3:f6:be:ce:07:af:40:17:25:
         ab:b0:78:37:95:6a:b8:13:57:d8:f9:ad:80:ac:5d:1f:88:d4:
         61:72:8e:6c:54:37:a6:53:31:5b:de:7b:f3:e4:a8:e3:11:f3:
         d7:41:4d:09:91:f4:ae:01:85:ee:83:06:be:50:72:d6:5b:2a:
         32:aa:1e:0e:9e:85:35:1c:5a:df:14:6c:ff:1b:2e:10:82:29:
         a0:3e:9d:07:a3:f2:96:c3:cd:46:f2:8a:69:24:dc:e6:7f:f3:
         0b:f5:d2:09:f0:28:91:51:11:ba:39:86:b9:71:f4:b3:0c:1c:
         b1:d9:a5:14:4a:6a:38:0f:83:43:70:ec:c8:e1:aa:c4:8a:cd:
         3c:d3:3e:4b:bf:3e:e4:4a:c7:dc:85:94:82:bd:75:15:47:a7:
         eb:49:ff:77:8f:ad:83:21:55:1b:d7:7d:ba:6e:33:db:ed:d5:
         e3:a0:bb:ad:46:a2:3b:84:1d:a4:1b:ca:03:97:7e:35:82:83:
         5a:1e:40:14
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYVvlLlr8tSV2JPZrP9BOqHkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjMwMTAxMjMwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmQyYTIzZDNmZjU5YmVmZDFkOGY2MWE5OTYwYzgwZWE5Yjk4YzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymEntjlC3pU/nwpDMyK1AkSJH8M8
GwDzPdGnxM7xSGxKh5gqGbOnwHqCNLI0d1hOW5WhIAKEopM7GF9QMwqvy/+j8Y4+
sfr5NP8MiWpb+FU+HIvBLWP5KQaMR+nQS9ij6poGZ3KU5I5Wfgb32zQdw7KngBUF
QXQtn8AaJPqUoI/SRy4NsPwPfQQRHoQ7BWJYBXw4ljlMr66VbDspdWBAd14g90sh
SbkulZ3eHDjuDN+up2gaEUQYyOPBRTlDPSI0ZSN914bivlPCNkr/dr6+/LBnMynj
HOMktG9quU74wFuaTKE64SEP+fEjQ3k+zwnXezA05YXB6mv6rgZuv5Ci4wIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFNLSoj0/9Zvv0dj2GplgyA6puYwhMB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvMHRLaVBUXzFtLV9SMlBZYW1XRElEcW01akNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAUuIKAD
BAAuIKIDBAIuIKQDBAEuIKowDAMEAC4gsQMEAi4gsAMEAi4gvDANBgkqhkiG9w0B
AQsFAAOCAQEAT9xN8z0OGBjI870nPqsCIbMTGHMFD0nZ+KkrRegyf4VHPnL1A8sa
x0IE3fFFbu5HTcYqrUrHZxzmEnTKWx9y8/a+zgevQBclq7B4N5VquBNX2PmtgKxd
H4jUYXKObFQ3plMxW9578+So4xHz10FNCZH0rgGF7oMGvlBy1lsqMqoeDp6FNRxa
3xRs/xsuEIIpoD6dB6PylsPNRvKKaSTc5n/zC/XSCfAokVERujmGuXH0swwcsdml
FEpqOA+DQ3DsyOGqxIrNPNM+S78+5ErH3IWUgr11FUen60n/d4+tgyFVG9d9um4z
2+3V46C7rUaiO4QdpBvKA5d+NYKDWh5AFA==
-----END CERTIFICATE-----