Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/jHOBaI14zzjm289HUiXxRcrqVZE.roa
File:                     jHOBaI14zzjm289HUiXxRcrqVZE.roa (raw, json)
Hash identifier:          SeabHUjxeJ3K0XOL1jRZ8TRQvJ6+Hfbz8dloU+Cefuo=
Subject key identifier:   8C:73:81:68:8D:78:CF:38:E6:DB:CF:47:52:25:F1:45:CA:EA:55:91
Certificate issuer:       /CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
Certificate serial:       01920565E7DC75DAEFC3F070B714B0B2A7D3
Authority key identifier: AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/jHOBaI14zzjm289HUiXxRcrqVZE.roa
Signing time:             Wed 18 Sep 2024 13:50:17 +0000
ROA not before:           Wed 18 Sep 2024 13:50:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397563
IP address blocks:        80.253.252.0/23 maxlen: 24
                          91.151.80.0/24 maxlen: 24
                          91.151.81.0/24 maxlen: 24
                          91.151.82.0/24 maxlen: 24
                          91.151.91.0/24 maxlen: 24
                          213.142.128.0/24 maxlen: 24
                          213.142.129.0/24 maxlen: 24
                          213.142.130.0/24 maxlen: 24
                          213.142.131.0/24 maxlen: 24
                          213.142.136.0/24 maxlen: 24
                          213.142.137.0/24 maxlen: 24
                          213.142.142.0/24 maxlen: 32
                          213.142.152.0/23 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:05:65:e7:dc:75:da:ef:c3:f0:70:b7:14:b0:b2:a7:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab71e9b13f5c339a58692eeabe72eaa406bbbd7d
        Validity
            Not Before: Sep 18 13:50:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c7381688d78cf38e6dbcf475225f145caea5591
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:77:97:cb:b2:7d:49:bf:79:8c:9f:3e:04:1b:
                    eb:7f:06:00:14:96:1f:a1:15:51:80:4a:1a:02:3b:
                    56:90:db:e5:72:a0:66:e7:ce:d2:e1:5b:b1:4f:d1:
                    33:d8:d4:c2:07:8e:80:90:4e:69:72:4d:02:89:81:
                    88:70:82:4f:52:fa:41:60:87:61:cb:11:c4:9f:60:
                    11:91:69:d1:10:37:37:9e:80:a9:ab:e2:ac:c3:32:
                    46:d7:72:1a:3c:f3:78:34:5e:3d:cf:58:c8:34:a2:
                    1a:3b:c2:32:3e:5c:c8:b4:96:28:a4:d5:02:3b:a4:
                    fe:76:64:3e:6d:cb:e5:e3:23:0d:6c:14:43:c7:a1:
                    a5:f2:d1:2a:95:14:f4:41:25:13:fb:a6:57:28:c8:
                    eb:bb:34:69:e2:f0:01:3e:42:f5:2f:bc:be:6f:39:
                    9e:ed:8e:25:cc:39:4e:32:b3:f8:ae:6f:23:d7:9c:
                    bf:f0:39:24:9f:ab:15:b7:ac:f9:75:70:0f:d5:0d:
                    94:80:aa:35:57:a3:23:84:09:8b:ac:51:b1:d3:44:
                    f5:87:03:04:d1:0e:44:a1:a5:79:89:4e:d6:3a:cf:
                    b1:a0:2f:5f:ab:b3:23:0d:6c:5f:76:92:41:fe:9a:
                    87:46:1d:07:ed:5a:e4:d6:99:7a:8e:a7:9b:18:da:
                    b4:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:73:81:68:8D:78:CF:38:E6:DB:CF:47:52:25:F1:45:CA:EA:55:91
            X509v3 Authority Key Identifier:
                keyid:AB:71:E9:B1:3F:5C:33:9A:58:69:2E:EA:BE:72:EA:A4:06:BB:BD:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q3HpsT9cM5pYaS7qvnLqpAa7vX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/jHOBaI14zzjm289HUiXxRcrqVZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/6ba39c-ef1d-4d48-982b-cf4b900997a0/1/q3HpsT9cM5pYaS7qvnLqpAa7vX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.252.0/23
                  91.151.80.0-91.151.82.255
                  91.151.91.0/24
                  213.142.128.0/22
                  213.142.136.0/23
                  213.142.142.0/24
                  213.142.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:67:13:2d:59:f3:e8:a5:2e:cf:43:e7:fb:02:fc:c6:01:d1:
         8b:3f:77:a1:38:25:24:31:33:a0:5b:e3:bb:2e:38:02:0b:9d:
         12:bf:85:66:f9:41:c2:fe:1b:66:15:8d:72:fc:bb:01:ba:14:
         c7:70:96:63:4e:19:ed:ee:09:5b:49:e1:03:57:1f:9b:ba:8f:
         c8:a0:c3:c0:6a:75:14:6a:3f:40:9f:3a:22:4b:38:a3:49:8a:
         53:17:43:a7:56:61:19:ce:fa:80:00:ce:6e:9e:bb:22:b3:87:
         d3:50:a1:a5:15:54:67:23:25:fd:5f:e0:a8:34:8f:07:6b:5e:
         38:67:c2:4b:68:19:ca:de:22:ef:bc:87:d7:77:3e:16:f8:90:
         8a:aa:d1:61:02:96:5a:b0:06:f0:85:57:f4:07:9f:3c:2e:31:
         cf:c2:74:0a:a5:d4:53:6b:5b:5c:f4:e6:d0:19:6d:e9:40:61:
         77:50:89:70:76:c6:3f:fd:45:c8:e1:04:68:9f:4d:9b:60:74:
         d5:10:58:12:4c:7c:4e:e2:22:15:78:59:2a:06:ab:4d:12:fd:
         c9:d3:85:83:4a:70:33:f3:e7:0c:cc:54:fd:7c:ba:4d:1c:08:
         ca:7e:18:88:af:96:d3:72:4e:c0:90:f5:1c:0d:ff:65:a5:f4:
         cc:16:cf:97
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZIFZefcddrvw/BwtxSwsqfTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNzFlOWIxM2Y1YzMzOWE1ODY5MmVlYWJlNzJlYWE0MDZi
YmJkN2QwHhcNMjQwOTE4MTM1MDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzczODE2ODhkNzhjZjM4ZTZkYmNmNDc1MjI1ZjE0NWNhZWE1NTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHeXy7J9Sb95jJ8+BBvrfwYAFJYf
oRVRgEoaAjtWkNvlcqBm587S4VuxT9Ez2NTCB46AkE5pck0CiYGIcIJPUvpBYIdh
yxHEn2ARkWnREDc3noCpq+KswzJG13IaPPN4NF49z1jINKIaO8IyPlzItJYopNUC
O6T+dmQ+bcvl4yMNbBRDx6Gl8tEqlRT0QSUT+6ZXKMjruzRp4vABPkL1L7y+bzme
7Y4lzDlOMrP4rm8j15y/8Dkkn6sVt6z5dXAP1Q2UgKo1V6MjhAmLrFGx00T1hwME
0Q5EoaV5iU7WOs+xoC9fq7MjDWxfdpJB/pqHRh0H7Vrk1pl6jqebGNq0SwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFIxzgWiNeM845tvPR1Il8UXK6lWRMB8GA1UdIwQY
MBaAFKtx6bE/XDOaWGku6r5y6qQGu719MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmIt
Y2Y0YjkwMDk5N2EwLzEvakhPQmFJMTR6emptMjg5SFVpWHhSY3JxVlpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82YmEzOWMtZWYxZC00ZDQ4LTk4MmItY2Y0YjkwMDk5N2Ew
LzEvcTNIcHNUOWNNNXBZYVM3cXZuTHFwQWE3dlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBUP38MAwD
BARbl1ADBABbl1IDBABbl1sDBALVjoADBAHVjogDBADVjo4DBAHVjpgwDQYJKoZI
hvcNAQELBQADggEBAJFnEy1Z8+ilLs9D5/sC/MYB0Ys/d6E4JSQxM6Bb47suOAIL
nRK/hWb5QcL+G2YVjXL8uwG6FMdwlmNOGe3uCVtJ4QNXH5u6j8igw8BqdRRqP0Cf
OiJLOKNJilMXQ6dWYRnO+oAAzm6euyKzh9NQoaUVVGcjJf1f4Kg0jwdrXjhnwkto
GcreIu+8h9d3Phb4kIqq0WECllqwBvCFV/QHnzwuMc/CdAql1FNrW1z05tAZbelA
YXdQiXB2xj/9RcjhBGifTZtgdNUQWBJMfE7iIhV4WSoGq00S/cnThYNKcDPz5wzM
VP18uk0cCMp+GIivltNyTsCQ9RwN/2Wl9MwWz5c=
-----END CERTIFICATE-----