Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/aH9Z1J8GhsMijE1yVKkrmPIfRnw.roa
File:                     aH9Z1J8GhsMijE1yVKkrmPIfRnw.roa (raw, json)
Hash identifier:          XHSBLCuqM9qgjVvOyzTyOdLhEbOWgOx2zKOzi1Z92kU=
Subject key identifier:   68:7F:59:D4:9F:06:86:C3:22:8C:4D:72:54:A9:2B:98:F2:1F:46:7C
Certificate issuer:       /CN=b869ee66164d3cb41dbd2df5417817c32f4cea05
Certificate serial:       018CC3496706FCC0DCA9B11D57E8247B039E
Authority key identifier: B8:69:EE:66:16:4D:3C:B4:1D:BD:2D:F5:41:78:17:C3:2F:4C:EA:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uGnuZhZNPLQdvS31QXgXwy9M6gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/aH9Z1J8GhsMijE1yVKkrmPIfRnw.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199366
IP address blocks:        185.114.192.0/24 maxlen: 24
                          185.114.194.0/24 maxlen: 24
                          185.114.193.0/24 maxlen: 24
                          185.114.195.0/24 maxlen: 24
                          185.19.94.0/24 maxlen: 24
                          185.19.93.0/24 maxlen: 24
                          185.19.95.0/24 maxlen: 24
                          185.19.92.0/24 maxlen: 24
                          185.59.31.0/24 maxlen: 24
                          185.59.28.0/24 maxlen: 24
                          185.59.30.0/24 maxlen: 24
                          185.59.29.0/24 maxlen: 24
                          2.56.62.0/24 maxlen: 24
                          2.56.63.0/24 maxlen: 24
                          2.56.61.0/24 maxlen: 24
                          2.56.60.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:67:06:fc:c0:dc:a9:b1:1d:57:e8:24:7b:03:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b869ee66164d3cb41dbd2df5417817c32f4cea05
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=687f59d49f0686c3228c4d7254a92b98f21f467c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:9e:9a:39:82:a5:86:e7:60:86:9c:83:b1:bb:
                    77:49:ed:8a:b1:f8:2e:35:8b:21:c6:4d:ab:78:1d:
                    24:30:54:5b:15:c5:61:ab:ae:d6:d4:07:6d:6c:3b:
                    ec:2b:7c:37:01:38:62:d6:4f:85:e9:22:59:7e:2e:
                    0b:44:1e:c8:71:bf:56:14:be:53:ea:ed:9f:3c:ed:
                    9b:eb:92:8f:ed:25:74:3e:ef:6c:1e:1f:d3:f1:fa:
                    8e:78:42:ce:82:ce:68:72:3f:f9:97:67:5a:05:23:
                    dd:b8:4f:0b:56:c7:74:c9:20:ef:9e:40:93:23:0d:
                    7a:d7:51:19:27:09:95:b5:ab:3e:03:27:30:da:77:
                    39:07:f2:22:6a:1a:56:6d:e5:e1:19:d8:08:14:69:
                    ca:df:51:f4:d4:da:13:6d:e2:27:0e:1a:58:c9:2e:
                    2d:d5:8c:f4:01:43:82:99:35:eb:d6:12:d5:4c:d9:
                    93:f4:08:27:05:68:b1:64:54:15:0d:ce:1e:54:40:
                    3e:e1:fa:bf:49:75:2b:51:6d:e4:0b:cb:0f:f0:13:
                    7d:4a:53:5e:20:24:ab:a8:3b:a0:94:c1:a2:e6:18:
                    33:e5:bc:1c:f7:e2:6d:0d:c3:89:19:9a:c8:d1:1d:
                    bb:62:83:29:10:8f:20:56:13:9c:40:7c:a7:7e:d8:
                    4f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:7F:59:D4:9F:06:86:C3:22:8C:4D:72:54:A9:2B:98:F2:1F:46:7C
            X509v3 Authority Key Identifier:
                keyid:B8:69:EE:66:16:4D:3C:B4:1D:BD:2D:F5:41:78:17:C3:2F:4C:EA:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uGnuZhZNPLQdvS31QXgXwy9M6gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/aH9Z1J8GhsMijE1yVKkrmPIfRnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/1d5ee1-accf-474f-a589-cd1fa484411b/1/uGnuZhZNPLQdvS31QXgXwy9M6gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.60.0/22
                  185.19.92.0/22
                  185.59.28.0/22
                  185.114.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:d5:5f:79:5e:dd:b2:d4:98:d2:7a:bc:74:8e:13:1d:c9:0c:
         9f:7d:57:43:62:06:98:0f:8d:e3:be:14:65:60:71:69:23:72:
         36:39:58:e1:4e:97:79:db:5b:c9:23:17:f0:82:5c:c2:92:c0:
         41:66:7b:41:df:f6:fb:d5:5d:46:62:6a:0f:5a:d7:2e:88:2c:
         96:b3:2f:7d:4b:b3:8b:14:c3:f2:11:59:b9:98:c7:22:d5:59:
         83:9c:ed:84:8f:83:23:b7:83:9c:1f:2e:d4:c5:fb:11:74:0a:
         67:36:da:46:a5:58:08:3b:8e:27:f6:60:64:4c:36:d4:b1:8b:
         f4:f5:96:5a:d3:23:50:75:b6:33:82:98:23:27:15:1e:de:40:
         36:4e:62:b3:7e:f0:01:4e:ae:fa:d2:2e:0e:5c:3d:00:d4:dd:
         22:f7:14:e5:ff:37:75:ab:e2:8c:46:cf:a8:95:e3:86:9e:86:
         a5:f1:f4:c1:af:58:40:19:60:2e:d2:90:3a:e8:b2:e0:bd:c8:
         a3:1c:c7:19:82:6f:df:3c:4e:b0:14:f5:07:75:5c:96:4a:44:
         55:29:74:f3:68:c6:02:17:5f:59:8f:a1:c2:70:0d:52:0d:2f:
         87:06:ce:ff:43:69:d4:12:e2:a7:99:bd:e2:8c:ab:ef:57:e3:
         6e:dd:9b:20
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzDSWcG/MDcqbEdV+gkewOeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NjllZTY2MTY0ZDNjYjQxZGJkMmRmNTQxNzgxN2MzMmY0
Y2VhMDUwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODdmNTlkNDlmMDY4NmMzMjI4YzRkNzI1NGE5MmI5OGYyMWY0NjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA556aOYKlhudghpyDsbt3Se2Ksfgu
NYshxk2reB0kMFRbFcVhq67W1AdtbDvsK3w3AThi1k+F6SJZfi4LRB7Icb9WFL5T
6u2fPO2b65KP7SV0Pu9sHh/T8fqOeELOgs5ocj/5l2daBSPduE8LVsd0ySDvnkCT
Iw1611EZJwmVtas+Aycw2nc5B/IiahpWbeXhGdgIFGnK31H01NoTbeInDhpYyS4t
1Yz0AUOCmTXr1hLVTNmT9AgnBWixZFQVDc4eVEA+4fq/SXUrUW3kC8sP8BN9SlNe
ICSrqDuglMGi5hgz5bwc9+JtDcOJGZrI0R27YoMpEI8gVhOcQHynfthPzQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGh/WdSfBobDIoxNclSpK5jyH0Z8MB8GA1UdIwQY
MBaAFLhp7mYWTTy0Hb0t9UF4F8MvTOoFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUdudVpoWk5QTFFkdlMzMVFYZ1h3eTlNNmdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8xZDVlZTEtYWNjZi00NzRmLWE1ODkt
Y2QxZmE0ODQ0MTFiLzEvYUg5WjFKOEdoc01pakUxeVZLa3JtUElmUm53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8xZDVlZTEtYWNjZi00NzRmLWE1ODktY2QxZmE0ODQ0MTFi
LzEvdUdudVpoWk5QTFFkdlMzMVFYZ1h3eTlNNmdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCAjg8AwQC
uRNcAwQCuTscAwQCuXLAMA0GCSqGSIb3DQEBCwUAA4IBAQB+1V95Xt2y1JjSerx0
jhMdyQyffVdDYgaYD43jvhRlYHFpI3I2OVjhTpd521vJIxfwglzCksBBZntB3/b7
1V1GYmoPWtcuiCyWsy99S7OLFMPyEVm5mMci1VmDnO2Ej4Mjt4OcHy7UxfsRdApn
NtpGpVgIO44n9mBkTDbUsYv09ZZa0yNQdbYzgpgjJxUe3kA2TmKzfvABTq760i4O
XD0A1N0i9xTl/zd1q+KMRs+oleOGnoal8fTBr1hAGWAu0pA66LLgvcijHMcZgm/f
PE6wFPUHdVyWSkRVKXTzaMYCF19Zj6HCcA1SDS+HBs7/Q2nUEuKnmb3ijKvvV+Nu
3Zsg
-----END CERTIFICATE-----