Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/HImAf4mJnnUEEUauhqoQnCUsoXs.roa
File:                     HImAf4mJnnUEEUauhqoQnCUsoXs.roa (raw, json)
Hash identifier:          8njVcDk1tGAQdRZFMks3hooz4RJnJAIthDbLkavlvCc=
Subject key identifier:   1C:89:80:7F:89:89:9E:75:04:11:46:AE:86:AA:10:9C:25:2C:A1:7B
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018C73068A124820F83B7F2E37225640C9EA
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/HImAf4mJnnUEEUauhqoQnCUsoXs.roa
Signing time:             Sat 16 Dec 2023 14:27:37 +0000
ROA not before:           Sat 16 Dec 2023 14:27:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209641
IP address blocks:        185.5.248.0/23 maxlen: 23
                          185.5.250.0/23 maxlen: 23
                          185.5.248.0/22 maxlen: 22
                          185.5.250.0/24 maxlen: 24
                          185.87.48.0/22 maxlen: 22
                          185.87.50.0/24 maxlen: 24
                          185.87.48.0/24 maxlen: 24
                          185.87.51.0/24 maxlen: 24
                          185.87.49.0/24 maxlen: 24
                          185.117.152.0/22 maxlen: 22
                          185.114.75.0/24 maxlen: 24
                          185.200.188.0/24 maxlen: 24
                          45.89.67.0/24 maxlen: 24
                          45.89.66.0/24 maxlen: 24
                          91.217.80.0/24 maxlen: 24
                          94.142.136.0/21 maxlen: 21
                          94.142.139.0/24 maxlen: 24
                          94.142.143.0/24 maxlen: 24
                          94.142.141.0/24 maxlen: 24
                          94.142.140.0/24 maxlen: 24
                          94.142.142.0/24 maxlen: 24
                          185.125.218.0/23 maxlen: 23
                          185.125.216.0/22 maxlen: 22
                          185.105.116.0/24 maxlen: 24
                          185.105.117.0/24 maxlen: 24
                          193.109.85.0/24 maxlen: 24
                          185.58.206.0/24 maxlen: 24
                          185.58.204.0/24 maxlen: 24
                          185.58.204.0/22 maxlen: 22
                          185.58.207.0/24 maxlen: 24
                          45.132.252.0/24 maxlen: 24
                          185.125.231.0/24 maxlen: 24
                          185.125.229.0/24 maxlen: 24
                          185.125.228.0/22 maxlen: 22
                          185.125.230.0/24 maxlen: 24
                          185.125.228.0/24 maxlen: 24
                          194.67.192.0/19 maxlen: 19
                          194.67.196.0/22 maxlen: 22
                          194.67.194.0/23 maxlen: 23
                          194.67.193.0/24 maxlen: 24
                          193.124.176.0/20 maxlen: 20
                          193.124.176.0/21 maxlen: 21
                          193.124.184.0/21 maxlen: 21
                          45.128.176.0/24 maxlen: 24
                          45.128.178.0/24 maxlen: 24
                          45.128.176.0/22 maxlen: 22
                          45.128.177.0/24 maxlen: 24
                          45.128.179.0/24 maxlen: 24
                          195.47.250.0/24 maxlen: 24
                          194.67.203.0/24 maxlen: 24
                          194.67.200.0/21 maxlen: 21
                          194.67.202.0/24 maxlen: 24
                          194.67.204.0/22 maxlen: 22
                          193.168.224.0/24 maxlen: 24
                          194.67.208.0/20 maxlen: 20
                          2a0a:9300:d1::/48 maxlen: 48
                          2a0a:9300::/48 maxlen: 48
                          2a0a:9301:1::/48 maxlen: 48
                          2a0a:9301::/48 maxlen: 48
                          2a0a:9300:d2::/48 maxlen: 48
                          2a0a:9301:2::/48 maxlen: 48
                          2a0c:77c0::/32 maxlen: 32
                          2a0c:74c0::/29 maxlen: 29
                          2a0a:9300:2::/48 maxlen: 48
                          2a0a:9302::/32 maxlen: 32
                          2a07:4a00::/29 maxlen: 29
                          2a0b:9800::/29 maxlen: 29
                          2a0c:77c0::/29 maxlen: 29
                          2a0a:9300:d0::/48 maxlen: 48
                          2a0d:3880::/29 maxlen: 29
                          2a0a:9302:1::/48 maxlen: 48
                          2a0d:2cc0::/29 maxlen: 29
                          2a0b:7780::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:73:06:8a:12:48:20:f8:3b:7f:2e:37:22:56:40:c9:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Dec 16 14:27:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1c89807f89899e75041146ae86aa109c252ca17b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e7:44:0e:0d:8a:20:1d:4b:5a:a3:8b:a0:b5:
                    9f:f0:1e:a9:16:93:40:65:85:1d:e4:4b:dc:6c:3a:
                    17:85:6b:bf:fa:5f:1a:a2:30:dd:4d:02:76:8a:27:
                    ed:0b:60:dc:cc:d5:5e:50:da:f1:5f:1a:c3:5a:36:
                    2f:e2:a1:ee:99:dd:11:52:bf:87:59:26:9a:8b:00:
                    77:4a:89:36:b6:e5:79:b8:e9:6e:60:b4:18:56:7c:
                    21:05:c7:36:96:cc:7c:c1:a2:ca:5c:8b:cb:10:ab:
                    a0:b4:d3:4b:a8:60:dd:b1:3f:05:98:79:23:0d:c6:
                    8e:2c:20:55:e6:a8:4f:b5:3d:b6:ed:2a:f2:9e:3a:
                    94:e7:7a:c9:35:5b:a5:9f:7c:35:52:2c:09:56:ec:
                    db:1c:e9:f0:a0:7f:3a:42:b6:85:65:8c:b4:2b:57:
                    69:a4:b0:b3:02:0c:7c:98:f1:dc:1d:80:b0:a9:80:
                    d3:9c:ca:f5:4e:72:2c:49:ad:d8:e5:70:48:21:72:
                    fa:ad:84:19:cf:ce:03:5d:14:ea:50:40:34:0c:f4:
                    fd:6c:20:eb:2a:25:9a:03:80:1b:25:08:7c:98:f6:
                    66:e7:d2:34:b1:9c:eb:7f:bf:e8:4f:32:4d:a1:fe:
                    56:5d:48:7a:70:47:61:5f:9b:24:6b:1e:db:32:f9:
                    17:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:89:80:7F:89:89:9E:75:04:11:46:AE:86:AA:10:9C:25:2C:A1:7B
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/HImAf4mJnnUEEUauhqoQnCUsoXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.66.0/23
                  45.128.176.0/22
                  45.132.252.0/24
                  91.217.80.0/24
                  94.142.136.0/21
                  185.5.248.0/22
                  185.58.204.0/22
                  185.87.48.0/22
                  185.105.116.0/23
                  185.114.75.0/24
                  185.117.152.0/22
                  185.125.216.0/22
                  185.125.228.0/22
                  185.200.188.0/24
                  193.109.85.0/24
                  193.124.176.0/20
                  193.168.224.0/24
                  194.67.192.0/19
                  195.47.250.0/24
                IPv6:
                  2a07:4a00::/29
                  2a0a:9300::/48
                  2a0a:9300:2::/48
                  2a0a:9300:d0::-2a0a:9300:d2:ffff:ffff:ffff:ffff:ffff
                  2a0a:9301::-2a0a:9301:2:ffff:ffff:ffff:ffff:ffff
                  2a0a:9302::/32
                  2a0b:7780::/29
                  2a0b:9800::/29
                  2a0c:74c0::/29
                  2a0c:77c0::/29
                  2a0d:2cc0::/29
                  2a0d:3880::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:1d:f5:ae:01:60:10:50:bd:e8:c7:e0:2c:39:d9:80:ec:87:
         2b:d4:67:64:ed:06:a0:60:df:dc:6c:15:54:85:71:26:e7:73:
         99:20:87:b2:73:54:45:f7:72:ce:ba:de:fd:28:c0:a1:34:51:
         88:04:d1:42:39:dd:d2:22:c5:09:b1:c0:ac:b4:f2:fe:a4:b6:
         26:33:9c:77:8d:18:3a:f8:52:26:4a:7a:b1:11:6e:a0:04:06:
         f9:c4:34:0a:83:00:4c:8e:7a:de:bd:4c:51:7e:21:27:62:fe:
         fc:21:f2:23:ac:27:a0:b1:19:83:88:fe:43:65:f7:2d:67:8b:
         c2:e8:28:25:9a:a5:1b:8d:3e:ef:6a:12:99:82:ab:b6:15:e4:
         e3:98:8b:60:06:f8:c5:71:ab:be:1b:99:1c:48:e6:0d:6a:b0:
         01:80:91:7d:7b:e0:32:2f:b8:70:48:05:70:b8:f9:cd:12:4a:
         f7:d4:dd:31:7f:95:17:c1:b1:02:22:d2:e4:fa:72:ba:55:ae:
         07:8b:9a:c8:b0:03:1f:d3:66:70:e8:c7:df:81:54:64:9c:df:
         9a:35:eb:ff:0e:49:6d:dd:91:f9:4e:b4:2a:c3:17:3d:a7:26:
         99:52:4c:9a:b0:cd:b2:26:23:9d:4c:36:11:8d:86:7d:ce:a6:
         e3:08:a7:1f
-----BEGIN CERTIFICATE-----
MIIF5TCCBM2gAwIBAgISAYxzBooSSCD4O38uNyJWQMnqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMxMjE2MTQyNzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzg5ODA3Zjg5ODk5ZTc1MDQxMTQ2YWU4NmFhMTA5YzI1MmNhMTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgedEDg2KIB1LWqOLoLWf8B6pFpNA
ZYUd5EvcbDoXhWu/+l8aojDdTQJ2iiftC2DczNVeUNrxXxrDWjYv4qHumd0RUr+H
WSaaiwB3Sok2tuV5uOluYLQYVnwhBcc2lsx8waLKXIvLEKugtNNLqGDdsT8FmHkj
DcaOLCBV5qhPtT227SrynjqU53rJNVuln3w1UiwJVuzbHOnwoH86QraFZYy0K1dp
pLCzAgx8mPHcHYCwqYDTnMr1TnIsSa3Y5XBIIXL6rYQZz84DXRTqUEA0DPT9bCDr
KiWaA4AbJQh8mPZm59I0sZzrf7/oTzJNof5WXUh6cEdhX5skax7bMvkXXQIDAQAB
o4IC8TCCAu0wHQYDVR0OBBYEFByJgH+JiZ51BBFGroaqEJwlLKF7MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvSEltQWY0bUpublVFRVVhdWhxb1FuQ1Vzb1hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBBQYIKwYBBQUHAQcBAf8EgfUwgfIweAQCAAEwcgMEAS1Z
QgMEAi2AsAMEAC2E/AMEAFvZUAMEA16OiAMEArkF+AMEArk6zAMEArlXMAMEAblp
dAMEALlySwMEArl1mAMEArl92AMEArl95AMEALnIvAMEAMFtVQMEBMF8sAMEAMGo
4AMEBcJDwAMEAMMv+jB2BAIAAjBwAwUDKgdKAAMHACoKkwAAAAMHACoKkwAAAjAS
AwcEKgqTAADQAwcAKgqTAADSMBADBQAqCpMBAwcAKgqTAQACAwUAKgqTAgMFAyoL
d4ADBQMqC5gAAwUDKgx0wAMFAyoMd8ADBQMqDSzAAwUDKg04gDANBgkqhkiG9w0B
AQsFAAOCAQEAkR31rgFgEFC96MfgLDnZgOyHK9RnZO0GoGDf3GwVVIVxJudzmSCH
snNURfdyzrre/SjAoTRRiATRQjnd0iLFCbHArLTy/qS2JjOcd40YOvhSJkp6sRFu
oAQG+cQ0CoMATI563r1MUX4hJ2L+/CHyI6wnoLEZg4j+Q2X3LWeLwugoJZqlG40+
72oSmYKrthXk45iLYAb4xXGrvhuZHEjmDWqwAYCRfXvgMi+4cEgFcLj5zRJK99Td
MX+VF8GxAiLS5PpyulWuB4uayLADH9NmcOjH34FUZJzfmjXr/w5Jbd2R+U60KsMX
PacmmVJMmrDNsiYjnUw2EY2Gfc6m4winHw==
-----END CERTIFICATE-----