Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/hAUEVxf5JXCjD8zlcYTk-dUlBS0.roa
File:                     hAUEVxf5JXCjD8zlcYTk-dUlBS0.roa (raw, json)
Hash identifier:          3KyG4mTOUOEN1syMVJWS+WFJpsLs7yfEfhM8XQ1aWMw=
Subject key identifier:   84:05:04:57:17:F9:25:70:A3:0F:CC:E5:71:84:E4:F9:D5:25:05:2D
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019422FC0E366C2076142CB652CD4B8874F7
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/hAUEVxf5JXCjD8zlcYTk-dUlBS0.roa
Signing time:             Wed 01 Jan 2025 17:48:51 +0000
ROA not before:           Wed 01 Jan 2025 17:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57033
IP address blocks:        5.56.24.0/23 maxlen: 23
                          5.56.26.0/23 maxlen: 23
                          5.56.28.0/23 maxlen: 23
                          5.56.30.0/23 maxlen: 23
                          89.185.4.0/22 maxlen: 22
                          89.185.8.0/21 maxlen: 21
                          89.185.16.0/22 maxlen: 22
                          89.185.20.0/23 maxlen: 23
                          93.185.208.0/21 maxlen: 21
                          93.185.216.0/23 maxlen: 23
                          93.185.218.0/23 maxlen: 23
                          93.185.220.0/23 maxlen: 23
                          93.185.222.0/23 maxlen: 23
                          185.30.203.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:0e:36:6c:20:76:14:2c:b6:52:cd:4b:88:74:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 17:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8405045717f92570a30fcce57184e4f9d525052d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ed:09:d4:40:77:76:c2:6c:b5:66:cd:46:ad:
                    d0:60:b0:d0:5b:45:fe:f0:09:69:62:04:f5:58:91:
                    d5:86:d9:de:25:78:1d:92:fa:a6:44:f9:c1:fb:94:
                    c3:bb:cd:cf:b3:f0:9a:a5:c2:2d:ea:dd:48:06:04:
                    43:50:f5:6e:4b:d2:2b:e1:e7:bb:f1:b0:9c:d4:25:
                    d9:df:39:2c:67:ed:37:de:30:f1:76:28:be:c9:a7:
                    35:c4:43:dc:48:13:b4:1d:4a:14:3d:55:42:6e:4b:
                    1e:11:a4:5e:16:8a:c6:40:d7:01:19:4c:2a:4c:a1:
                    1b:22:84:12:31:04:68:6c:4f:4c:d8:88:38:c0:d4:
                    a0:e7:b6:55:ce:38:87:d4:aa:f4:3a:b9:c7:54:e8:
                    0f:14:d7:62:07:ac:b7:b4:3c:c1:ac:2c:13:2e:32:
                    55:76:dd:4d:b0:8a:17:ea:bd:b8:e0:60:8a:d3:18:
                    89:a5:94:f4:c1:95:de:ee:07:58:3f:ba:9d:67:18:
                    7b:c5:b0:dc:04:f4:a1:00:2e:d1:91:0f:45:04:65:
                    11:9b:af:71:c6:bd:46:03:48:a4:9d:9b:c2:19:7b:
                    f7:8b:4b:b3:06:81:18:2f:50:9a:4f:7a:38:1c:5f:
                    45:b0:17:73:36:e4:79:95:7e:da:81:e4:95:58:c8:
                    8a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:05:04:57:17:F9:25:70:A3:0F:CC:E5:71:84:E4:F9:D5:25:05:2D
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/hAUEVxf5JXCjD8zlcYTk-dUlBS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.24.0/21
                  89.185.4.0-89.185.21.255
                  93.185.208.0/20
                  185.30.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:38:da:77:b8:ae:19:f4:ef:19:25:4a:11:4f:dd:77:79:cf:
         5e:d4:71:46:4b:0b:91:48:d8:1e:b6:fc:7d:84:c5:5f:fe:4e:
         de:74:59:72:55:5e:ea:34:a2:d9:19:7e:3e:6e:14:05:0c:aa:
         a9:03:c9:05:a0:72:71:65:73:b7:cb:cc:cc:f1:49:97:3a:e2:
         17:61:71:0c:38:9f:59:ff:d4:88:51:15:e5:8b:ff:ec:67:b3:
         dc:38:6b:15:69:7c:b4:56:e0:a9:08:01:e1:88:d2:55:1f:87:
         f7:6d:96:72:f7:8a:c3:a3:fa:19:ab:4a:ff:16:6c:5c:03:ca:
         2d:66:e5:53:f5:59:a7:88:02:f2:b2:be:e0:43:9a:22:60:06:
         3d:fc:f6:ef:01:19:8d:73:65:50:6d:1f:77:8f:48:3f:2e:07:
         35:fd:90:fd:13:3c:c1:8f:de:e2:63:79:2c:a8:bc:51:a4:aa:
         40:9d:b0:d9:be:4e:eb:35:8b:3f:90:dd:ce:c2:9e:14:3b:76:
         ac:f1:ae:a6:fb:7a:d3:7c:b5:ac:08:52:9a:cf:0a:09:bc:80:
         2c:59:ff:52:b2:9a:dc:96:1f:3a:70:5c:a1:50:9f:62:c5:19:
         54:09:dd:19:32:b0:8f:4f:35:54:21:c4:db:e7:82:09:15:dd:
         b8:24:b5:cb
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQi/A42bCB2FCy2Us1LiHT3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwMTAxMTc0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDA1MDQ1NzE3ZjkyNTcwYTMwZmNjZTU3MTg0ZTRmOWQ1MjUwNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2e0J1EB3dsJstWbNRq3QYLDQW0X+
8AlpYgT1WJHVhtneJXgdkvqmRPnB+5TDu83Ps/CapcIt6t1IBgRDUPVuS9Ir4ee7
8bCc1CXZ3zksZ+033jDxdii+yac1xEPcSBO0HUoUPVVCbkseEaReForGQNcBGUwq
TKEbIoQSMQRobE9M2Ig4wNSg57ZVzjiH1Kr0OrnHVOgPFNdiB6y3tDzBrCwTLjJV
dt1NsIoX6r244GCK0xiJpZT0wZXe7gdYP7qdZxh7xbDcBPShAC7RkQ9FBGURm69x
xr1GA0iknZvCGXv3i0uzBoEYL1CaT3o4HF9FsBdzNuR5lX7ageSVWMiKCQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFIQFBFcX+SVwow/M5XGE5PnVJQUtMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvaEFVRVZ4ZjVKWENqRDh6bGNZVGstZFVsQlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQDBTgYMAwD
BAJZuQQDBAFZuRQDBARdudADBAC5HsswDQYJKoZIhvcNAQELBQADggEBAIE42ne4
rhn07xklShFP3Xd5z17UcUZLC5FI2B62/H2ExV/+Tt50WXJVXuo0otkZfj5uFAUM
qqkDyQWgcnFlc7fLzMzxSZc64hdhcQw4n1n/1IhRFeWL/+xns9w4axVpfLRW4KkI
AeGI0lUfh/dtlnL3isOj+hmrSv8WbFwDyi1m5VP1WaeIAvKyvuBDmiJgBj389u8B
GY1zZVBtH3ePSD8uBzX9kP0TPMGP3uJjeSyovFGkqkCdsNm+Tus1iz+Q3c7CnhQ7
dqzxrqb7etN8tawIUprPCgm8gCxZ/1KymtyWHzpwXKFQn2LFGVQJ3RkysI9PNVQh
xNvnggkV3bgktcs=
-----END CERTIFICATE-----