Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/Rfpqkh_BsSTs9O1ISI3zjPhg7rQ.roa
File:                     Rfpqkh_BsSTs9O1ISI3zjPhg7rQ.roa (raw, json)
Hash identifier:          GaY9JBRRkNfjlaWMGLcWio/oFX2lx9VVVa3LsTdA4Bw=
Subject key identifier:   45:FA:6A:92:1F:C1:B1:24:EC:F4:ED:48:48:8D:F3:8C:F8:60:EE:B4
Certificate issuer:       /CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
Certificate serial:       018D64F9794FBF60A72C757E432A689E1D14
Authority key identifier: 9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/Rfpqkh_BsSTs9O1ISI3zjPhg7rQ.roa
Signing time:             Thu 01 Feb 2024 14:01:27 +0000
ROA not before:           Thu 01 Feb 2024 14:01:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43060
IP address blocks:        91.196.76.0/23 maxlen: 24
                          94.158.48.0/20 maxlen: 20
                          94.158.48.0/21 maxlen: 21
                          94.158.56.0/24 maxlen: 24
                          94.158.57.0/24 maxlen: 24
                          94.158.58.0/24 maxlen: 24
                          94.158.59.0/24 maxlen: 24
                          94.158.60.0/24 maxlen: 24
                          94.158.61.0/24 maxlen: 24
                          94.158.62.0/24 maxlen: 24
                          94.158.63.0/24 maxlen: 24
                          109.207.242.0/23 maxlen: 24
                          109.207.244.0/22 maxlen: 24
                          109.207.248.0/22 maxlen: 24
                          109.207.252.0/23 maxlen: 24
                          185.196.216.0/22 maxlen: 22
                          2a04:1b80::/32 maxlen: 36

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:f9:79:4f:bf:60:a7:2c:75:7e:43:2a:68:9e:1d:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
        Validity
            Not Before: Feb  1 14:01:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45fa6a921fc1b124ecf4ed48488df38cf860eeb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:23:3e:38:95:9d:37:2f:1d:ef:84:3e:4d:d6:
                    6b:25:ca:09:d3:c0:d7:52:21:de:27:ec:5d:c8:60:
                    f8:5c:10:c7:75:fb:ba:3b:52:58:74:6b:fd:c0:23:
                    bd:2c:59:02:14:5c:d9:90:1c:fb:1b:ea:e8:e9:59:
                    22:1d:9f:9f:fe:2f:85:05:7f:0d:19:7f:6a:37:7b:
                    ae:d9:7e:28:7f:60:45:d4:94:ba:5e:26:fa:f4:5c:
                    c7:3c:ca:fc:60:f7:b1:91:1b:8a:a0:01:93:bd:7c:
                    ab:85:9c:c4:65:e8:9f:eb:ca:1d:a5:d6:3a:57:18:
                    49:3a:7a:cc:39:cd:57:7d:75:b3:30:c5:79:6e:ea:
                    e0:bd:f9:e2:1e:2b:80:3b:6e:ac:66:a2:c1:20:80:
                    b5:f6:fe:f2:43:e3:57:46:3f:5a:16:cc:69:53:13:
                    c4:23:9a:ec:b3:48:79:dd:19:80:55:dc:af:5c:aa:
                    dc:0d:b9:98:d1:13:72:de:de:29:0b:1a:45:eb:e8:
                    b9:77:a6:b0:0b:46:0b:bc:a9:f4:18:3e:96:fd:1a:
                    6a:b5:a2:d8:94:0e:89:c8:8e:bd:8e:3a:75:27:88:
                    44:dc:10:ff:11:32:bd:5c:e5:68:55:01:27:e7:3c:
                    05:12:e7:08:6e:a6:f6:41:e6:6a:48:de:de:cb:6f:
                    0f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:FA:6A:92:1F:C1:B1:24:EC:F4:ED:48:48:8D:F3:8C:F8:60:EE:B4
            X509v3 Authority Key Identifier:
                keyid:9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/Rfpqkh_BsSTs9O1ISI3zjPhg7rQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.76.0/23
                  94.158.48.0/20
                  109.207.242.0-109.207.253.255
                  185.196.216.0/22
                IPv6:
                  2a04:1b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:ee:11:49:2f:99:44:12:0f:7a:7a:05:89:c6:a0:5b:9e:e5:
         df:17:9a:b5:75:11:a8:39:c0:16:d6:10:c0:b4:b9:5d:3e:b4:
         12:fd:e5:87:ee:92:8c:10:7f:fe:b3:18:b3:58:11:c4:76:75:
         1d:65:21:1d:ef:93:54:5d:cc:9a:6c:5c:e6:78:96:05:72:22:
         d0:3b:41:11:ce:fd:f7:f7:12:c0:7b:47:fe:2e:1e:77:cd:b9:
         4c:b6:bb:47:9f:b7:b2:af:bf:97:2e:44:12:1b:c1:32:2b:bb:
         39:40:1b:39:1d:47:27:99:9c:e2:bf:bb:ed:30:2c:5c:73:dd:
         b9:4a:3f:91:59:31:3a:8a:c6:f9:c4:3a:ef:25:80:f6:94:e4:
         91:2e:c9:97:16:bd:d3:89:38:20:e9:4c:52:d2:9e:69:3b:67:
         1f:dd:b4:1d:30:2f:b6:42:61:42:34:14:64:1d:3d:75:74:1c:
         b3:cb:45:a7:12:56:ce:64:22:15:12:5f:01:97:f0:78:86:6f:
         78:52:53:e7:4f:a3:6b:81:a7:f0:a6:0c:89:b6:8e:ee:af:04:
         2a:c6:0b:b5:94:36:eb:7e:09:83:80:db:75:05:ac:1a:55:f6:
         63:df:7b:3f:1f:6c:06:25:2e:26:6b:4f:3a:82:63:48:0e:e3:
         50:c5:07:a6
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAY1k+XlPv2CnLHV+Qyponh0UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYjRhOGI5M2FmOWVhOWNmMThhYWNhNGU3M2YxMTZlYzI2
ZWIzNTcwHhcNMjQwMjAxMTQwMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWZhNmE5MjFmYzFiMTI0ZWNmNGVkNDg0ODhkZjM4Y2Y4NjBlZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiM+OJWdNy8d74Q+TdZrJcoJ08DX
UiHeJ+xdyGD4XBDHdfu6O1JYdGv9wCO9LFkCFFzZkBz7G+ro6VkiHZ+f/i+FBX8N
GX9qN3uu2X4of2BF1JS6Xib69FzHPMr8YPexkRuKoAGTvXyrhZzEZeif68odpdY6
VxhJOnrMOc1XfXWzMMV5burgvfniHiuAO26sZqLBIIC19v7yQ+NXRj9aFsxpUxPE
I5rss0h53RmAVdyvXKrcDbmY0RNy3t4pCxpF6+i5d6awC0YLvKn0GD6W/RpqtaLY
lA6JyI69jjp1J4hE3BD/ETK9XOVoVQEn5zwFEucIbqb2QeZqSN7ey28P8wIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFEX6apIfwbEk7PTtSEiN84z4YO60MB8GA1UdIwQY
MBaAFJ+0qLk6+eqc8YqspOc/EW7CbrNXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYt
OGQ2OGViMjBmYmRkLzEvUmZwcWtoX0JzU1RzOU8xSVNJM3pqUGhnN3JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYtOGQ2OGViMjBmYmRk
LzEvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQBW8RMAwQE
Xp4wMAwDBAFtz/IDBAFtz/wDBAK5xNgwDQQCAAIwBwMFACoEG4AwDQYJKoZIhvcN
AQELBQADggEBAGfuEUkvmUQSD3p6BYnGoFue5d8XmrV1Eag5wBbWEMC0uV0+tBL9
5YfukowQf/6zGLNYEcR2dR1lIR3vk1RdzJpsXOZ4lgVyItA7QRHO/ff3EsB7R/4u
HnfNuUy2u0eft7Kvv5cuRBIbwTIruzlAGzkdRyeZnOK/u+0wLFxz3blKP5FZMTqK
xvnEOu8lgPaU5JEuyZcWvdOJOCDpTFLSnmk7Zx/dtB0wL7ZCYUI0FGQdPXV0HLPL
RacSVs5kIhUSXwGX8HiGb3hSU+dPo2uBp/CmDIm2ju6vBCrGC7WUNut+CYOA23UF
rBpV9mPfez8fbAYlLiZrTzqCY0gO41DFB6Y=
-----END CERTIFICATE-----