Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/leyZFH89V3IlT-0cyjYa3wrh0h4.roa
File:                     leyZFH89V3IlT-0cyjYa3wrh0h4.roa (raw, json)
Hash identifier:          G0WUJsNgCcZUnn0epX09PniH0S3MqOCVuxNkqZjX/JE=
Subject key identifier:   95:EC:99:14:7F:3D:57:72:25:4F:ED:1C:CA:36:1A:DF:0A:E1:D2:1E
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018AA7253E73EDF721A9E6D20AD0700F80B8
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/leyZFH89V3IlT-0cyjYa3wrh0h4.roa
Signing time:             Mon 18 Sep 2023 07:15:50 +0000
ROA not before:           Mon 18 Sep 2023 07:15:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204084
IP address blocks:        2a0f:7c80::/29 maxlen: 29
                          2a0c:7440::/29 maxlen: 29
                          2a0f:5580::/29 maxlen: 29
                          2a0f:2380::/29 maxlen: 29
                          2a0b:a300::/29 maxlen: 29
                          2a0f:a700::/29 maxlen: 29
                          2a0d:88c0::/29 maxlen: 29
                          2a0f:7300::/29 maxlen: 29
                          2a0c:7540::/29 maxlen: 29
                          2a0f:7100::/29 maxlen: 29
                          2a0f:c780::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:a7:25:3e:73:ed:f7:21:a9:e6:d2:0a:d0:70:0f:80:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Sep 18 07:15:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=95ec99147f3d5772254fed1cca361adf0ae1d21e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:de:cb:f3:b5:41:e1:12:03:69:c2:77:ec:94:
                    00:65:61:f6:1d:9a:95:62:3e:92:f4:09:47:5c:3b:
                    02:28:48:e0:f3:58:d4:36:8d:d3:4c:55:bf:2a:b9:
                    41:a5:05:98:12:a9:c9:0b:92:13:7a:9d:cf:aa:05:
                    6d:92:8c:33:73:f6:95:98:9b:73:ba:d6:b4:d9:65:
                    6c:c4:c4:fe:db:dc:7e:10:2a:72:63:2d:7d:ad:31:
                    39:1d:8d:ef:ee:1b:2f:05:49:af:d3:09:5f:b0:0e:
                    2e:f0:ba:55:92:2a:b7:aa:e9:02:a1:94:b9:44:5d:
                    ba:f9:89:e5:09:71:82:02:43:db:be:07:c7:a9:86:
                    14:f5:f5:5a:e2:20:01:a1:1c:1d:2b:17:34:c0:01:
                    87:c9:ee:09:12:99:b7:c4:29:2a:2e:ab:57:97:b4:
                    b4:e7:44:a8:d5:0e:f9:22:84:08:b4:2b:cd:63:5f:
                    7e:a1:16:c6:b4:f9:3a:a4:6d:4a:bb:7f:9e:26:e7:
                    82:0d:42:7d:d2:39:e1:9a:35:f3:29:3e:df:2a:92:
                    3b:fe:1b:65:59:f0:55:0b:b3:cf:d5:ab:fb:bd:31:
                    9b:53:2d:e1:27:98:63:e0:d1:80:fd:0a:4b:fc:9e:
                    3b:07:cf:ea:2e:6c:9d:50:31:3d:d0:11:d1:9e:0e:
                    43:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:EC:99:14:7F:3D:57:72:25:4F:ED:1C:CA:36:1A:DF:0A:E1:D2:1E
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/leyZFH89V3IlT-0cyjYa3wrh0h4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:a300::/29
                  2a0c:7440::/29
                  2a0c:7540::/29
                  2a0d:88c0::/29
                  2a0f:2380::/29
                  2a0f:5580::/29
                  2a0f:7100::/29
                  2a0f:7300::/29
                  2a0f:7c80::/29
                  2a0f:a700::/29
                  2a0f:c780::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:f0:11:bb:6d:fa:a6:77:2f:c9:31:00:29:e2:59:0b:a0:48:
         2f:a3:f9:c2:0c:b2:d3:02:95:ce:6a:96:10:6c:f1:51:0e:0e:
         f0:fe:0d:2a:72:4f:f4:f2:e4:28:9d:00:6c:ef:a6:2f:8f:ab:
         f1:5f:16:26:f5:4a:bc:8f:b9:b0:8b:52:3d:56:19:5c:c8:88:
         5c:c1:2e:e0:55:78:36:57:2c:7f:f5:13:2d:fb:d2:f9:e0:db:
         50:19:f2:f1:94:79:e5:40:a8:bf:1a:f9:cd:b0:80:42:c8:9d:
         c7:42:d8:45:2f:06:f2:f7:aa:ea:24:5f:34:95:b8:68:ea:13:
         40:e4:87:2f:cd:79:28:dd:72:1c:e5:a6:db:35:6d:89:ac:28:
         81:9c:c4:8e:32:00:0a:f9:c6:05:96:35:cf:c0:9b:f8:97:a6:
         f1:38:09:a1:73:76:f4:94:4a:af:ad:21:9d:6e:66:d8:b7:b2:
         ba:39:fa:72:9a:f5:57:cb:be:14:38:f2:65:e2:2a:17:c2:4f:
         be:bb:05:90:e6:18:1a:32:b4:c1:5f:14:45:22:b8:28:8f:35:
         16:aa:9a:1e:e0:69:f2:a4:01:c7:27:e2:06:b1:24:1f:a5:76:
         18:3b:b5:d4:33:24:16:45:4a:fd:a5:29:60:be:9d:29:ba:64:
         b3:ed:67:e1
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYqnJT5z7fchqebSCtBwD4C4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwOTE4MDcxNTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWVjOTkxNDdmM2Q1NzcyMjU0ZmVkMWNjYTM2MWFkZjBhZTFkMjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjd7L87VB4RIDacJ37JQAZWH2HZqV
Yj6S9AlHXDsCKEjg81jUNo3TTFW/KrlBpQWYEqnJC5ITep3PqgVtkowzc/aVmJtz
uta02WVsxMT+29x+ECpyYy19rTE5HY3v7hsvBUmv0wlfsA4u8LpVkiq3qukCoZS5
RF26+YnlCXGCAkPbvgfHqYYU9fVa4iABoRwdKxc0wAGHye4JEpm3xCkqLqtXl7S0
50So1Q75IoQItCvNY19+oRbGtPk6pG1Ku3+eJueCDUJ90jnhmjXzKT7fKpI7/htl
WfBVC7PP1av7vTGbUy3hJ5hj4NGA/QpL/J47B8/qLmydUDE90BHRng5D0wIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFJXsmRR/PVdyJU/tHMo2Gt8K4dIeMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvbGV5WkZIODlWM0lsVC0wY3lqWWEzd3JoMGg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBTBAIAAjBNAwUDKgujAAMF
AyoMdEADBQMqDHVAAwUDKg2IwAMFAyoPI4ADBQMqD1WAAwUDKg9xAAMFAyoPcwAD
BQMqD3yAAwUDKg+nAAMFAyoPx4AwDQYJKoZIhvcNAQELBQADggEBAI/wEbtt+qZ3
L8kxACniWQugSC+j+cIMstMClc5qlhBs8VEODvD+DSpyT/Ty5CidAGzvpi+Pq/Ff
Fib1SryPubCLUj1WGVzIiFzBLuBVeDZXLH/1Ey370vng21AZ8vGUeeVAqL8a+c2w
gELIncdC2EUvBvL3quokXzSVuGjqE0Dkhy/NeSjdchzlpts1bYmsKIGcxI4yAAr5
xgWWNc/Am/iXpvE4CaFzdvSUSq+tIZ1uZti3sro5+nKa9VfLvhQ48mXiKhfCT767
BZDmGBoytMFfFEUiuCiPNRaqmh7gafKkAccn4gaxJB+ldhg7tdQzJBZFSv2lKWC+
nSm6ZLPtZ+E=
-----END CERTIFICATE-----