Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/LhtL7HQ1PTArJu5az8t8KgDLzn4.roa
File:                     LhtL7HQ1PTArJu5az8t8KgDLzn4.roa (raw, json)
Hash identifier:          qbgsUSw519R3VKQFr4EF4TpFsInA9GAA4NQaRuJexeU=
Subject key identifier:   2E:1B:4B:EC:74:35:3D:30:2B:26:EE:5A:CF:CB:7C:2A:00:CB:CE:7E
Certificate issuer:       /CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Certificate serial:       0192231AC042CE30A6A30A7270AEF9316C78
Authority key identifier: B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/LhtL7HQ1PTArJu5az8t8KgDLzn4.roa
Signing time:             Tue 24 Sep 2024 08:16:48 +0000
ROA not before:           Tue 24 Sep 2024 08:16:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15435
IP address blocks:        62.238.0.0/16 maxlen: 24
                          81.172.128.0/17 maxlen: 24
                          87.99.128.0/17 maxlen: 24
                          141.224.192.0/18 maxlen: 24
                          149.143.32.0/19 maxlen: 24
                          149.143.64.0/18 maxlen: 24
                          185.200.96.0/22 maxlen: 24
                          204.168.128.0/17 maxlen: 24
                          212.92.64.0/19 maxlen: 24
                          212.115.192.0/19 maxlen: 24
                          213.34.224.0/19 maxlen: 24
                          217.63.64.0/19 maxlen: 24
                          217.102.240.0/20 maxlen: 24
                          2a02:f68::/29 maxlen: 48
                          2a07:31c0::/29 maxlen: 48
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:23:1a:c0:42:ce:30:a6:a3:0a:72:70:ae:f9:31:6c:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
        Validity
            Not Before: Sep 24 08:16:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e1b4bec74353d302b26ee5acfcb7c2a00cbce7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:97:47:b4:9f:59:62:e8:be:fc:0e:1a:af:e3:
                    31:b7:de:d0:5b:d4:99:18:d0:b4:4c:87:ba:6f:f5:
                    81:1a:18:34:55:d6:26:93:0f:44:27:dd:6d:30:b6:
                    12:97:e4:f6:73:c6:16:92:7f:99:f7:db:6c:15:3c:
                    52:c1:d7:dc:81:e3:00:cc:00:37:7d:69:f7:db:c3:
                    95:66:12:9b:1a:cc:45:40:81:5b:02:24:09:23:49:
                    ec:15:be:40:87:c6:fc:7e:9d:19:56:71:16:46:0b:
                    f4:81:10:20:3a:31:73:fd:64:93:43:7d:5c:ea:56:
                    0c:b2:d4:f2:fa:35:9e:5c:c6:38:b8:a9:93:28:c5:
                    13:c1:45:0f:48:64:ac:42:09:3f:4c:32:4e:ec:1c:
                    d9:a6:c0:8e:3c:71:bd:d9:0d:ac:51:70:61:0c:db:
                    e1:e3:c7:89:f1:88:84:f2:25:73:54:82:19:4b:fb:
                    57:61:9e:8a:15:b8:de:12:ae:5f:3a:71:3a:a3:a8:
                    90:a1:e1:a8:9f:73:7a:db:98:3a:b0:61:66:c8:d4:
                    74:90:95:3a:9c:6c:69:f7:f9:5e:e3:ad:04:25:a4:
                    4d:48:8a:1b:f6:71:32:9e:81:28:7f:77:78:7b:11:
                    7e:6a:d5:03:2e:ea:03:ba:3f:cd:65:b3:0a:64:03:
                    d8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:1B:4B:EC:74:35:3D:30:2B:26:EE:5A:CF:CB:7C:2A:00:CB:CE:7E
            X509v3 Authority Key Identifier:
                keyid:B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/LhtL7HQ1PTArJu5az8t8KgDLzn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/saSmAco1xsg3a4mq9EO2PqQ5zbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.238.0.0/16
                  81.172.128.0/17
                  87.99.128.0/17
                  141.224.192.0/18
                  149.143.32.0-149.143.127.255
                  185.200.96.0/22
                  204.168.128.0/17
                  212.92.64.0/19
                  212.115.192.0/19
                  213.34.224.0/19
                  217.63.64.0/19
                  217.102.240.0/20
                IPv6:
                  2a02:f68::/29
                  2a07:31c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:ec:51:16:50:e6:31:c2:bc:90:99:7d:39:36:51:c4:c2:05:
         e1:6f:d7:0a:4f:04:7f:b2:cc:23:bf:b4:f3:a7:bb:30:7d:06:
         57:1a:30:89:e5:fb:f4:f5:50:95:4e:c4:9b:20:ad:d4:ee:62:
         72:29:3b:a4:a8:40:bf:61:7b:f5:46:3e:fb:d9:5b:47:ea:df:
         84:7e:e0:f8:9b:72:4d:a9:e8:06:32:10:a9:b0:57:b1:63:d4:
         3c:35:65:b1:27:2f:4d:83:bc:eb:4e:cc:69:6e:7e:48:ac:a0:
         6c:1d:5a:a3:69:9d:2d:e6:ad:91:89:6e:0c:44:63:3e:19:78:
         ff:64:eb:64:c8:45:be:bf:68:6e:22:de:1c:d7:1b:a1:b6:67:
         ec:7d:95:9e:6f:c9:66:97:c5:66:8d:94:eb:da:dd:a6:5f:4b:
         2b:a8:df:97:61:3f:60:71:72:21:e8:08:05:5c:72:fb:25:bc:
         26:aa:1e:16:2d:ab:1e:dc:25:08:3f:18:16:c0:a6:74:b8:2c:
         d0:10:81:fc:ae:44:ad:72:91:a4:61:17:d1:fd:08:da:1e:54:
         07:b5:73:d3:6d:9f:2c:20:7b:62:aa:85:72:05:ff:6b:7b:cd:
         30:91:ce:f2:84:b4:c8:25:62:df:4d:20:9f:5b:54:89:fd:24:
         24:84:4c:82
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAZIjGsBCzjCmowpycK75MWx4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTRhNjAxY2EzNWM2YzgzNzZiODlhYWY0NDNiNjNlYTQz
OWNkYjgwHhcNMjQwOTI0MDgxNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTFiNGJlYzc0MzUzZDMwMmIyNmVlNWFjZmNiN2MyYTAwY2JjZTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJdHtJ9ZYui+/A4ar+Mxt97QW9SZ
GNC0TIe6b/WBGhg0VdYmkw9EJ91tMLYSl+T2c8YWkn+Z99tsFTxSwdfcgeMAzAA3
fWn328OVZhKbGsxFQIFbAiQJI0nsFb5Ah8b8fp0ZVnEWRgv0gRAgOjFz/WSTQ31c
6lYMstTy+jWeXMY4uKmTKMUTwUUPSGSsQgk/TDJO7BzZpsCOPHG92Q2sUXBhDNvh
48eJ8YiE8iVzVIIZS/tXYZ6KFbjeEq5fOnE6o6iQoeGon3N625g6sGFmyNR0kJU6
nGxp9/le460EJaRNSIob9nEynoEof3d4exF+atUDLuoDuj/NZbMKZAPY4QIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFC4bS+x0NT0wKybuWs/LfCoAy85+MB8GA1UdIwQY
MBaAFLGkpgHKNcbIN2uJqvRDtj6kOc24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAt
M2E1NjI4Y2M4MWQ5LzEvTGh0TDdIUTFQVEFySnU1YXo4dDhLZ0RMem40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAtM2E1NjI4Y2M4MWQ5
LzEvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBVBAIAATBPAwMAPu4DBAdR
rIADBAdXY4ADBAaN4MAwDAMEBZWPIAMEB5WPAAMEArnIYAMEB8yogAMEBdRcQAME
BdRzwAMEBdUi4AMEBdk/QAMEBNlm8DAUBAIAAjAOAwUDKgIPaAMFAyoHMcAwDQYJ
KoZIhvcNAQELBQADggEBAHrsURZQ5jHCvJCZfTk2UcTCBeFv1wpPBH+yzCO/tPOn
uzB9BlcaMInl+/T1UJVOxJsgrdTuYnIpO6SoQL9he/VGPvvZW0fq34R+4Pibck2p
6AYyEKmwV7Fj1Dw1ZbEnL02DvOtOzGlufkisoGwdWqNpnS3mrZGJbgxEYz4ZeP9k
62TIRb6/aG4i3hzXG6G2Z+x9lZ5vyWaXxWaNlOva3aZfSyuo35dhP2BxciHoCAVc
cvslvCaqHhYtqx7cJQg/GBbApnS4LNAQgfyuRK1ykaRhF9H9CNoeVAe1c9Ntnywg
e2KqhXIF/2t7zTCRzvKEtMglYt9NIJ9bVIn9JCSETII=
-----END CERTIFICATE-----