Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/lt-yf97n2ELE0-dRiUcjrW5_0W8.roa
File:                     lt-yf97n2ELE0-dRiUcjrW5_0W8.roa (raw, json)
Hash identifier:          7eDopi/9x6G/MupmwPxkiKVGjic139lkkPl1aS08Jqk=
Subject key identifier:   96:DF:B2:7F:DE:E7:D8:42:C4:D3:E7:51:89:47:23:AD:6E:7F:D1:6F
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       018BCF078172540BACB219008CDB24FF2496
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/lt-yf97n2ELE0-dRiUcjrW5_0W8.roa
Signing time:             Tue 14 Nov 2023 18:10:57 +0000
ROA not before:           Tue 14 Nov 2023 18:10:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9121
IP address blocks:        185.33.63.0/24 maxlen: 24
                          31.169.69.0/24 maxlen: 24
                          31.169.70.0/24 maxlen: 24
                          31.169.65.0/24 maxlen: 24
                          31.169.66.0/24 maxlen: 24
                          31.169.67.0/24 maxlen: 24
                          31.169.71.0/24 maxlen: 24
                          31.169.78.0/24 maxlen: 24
                          31.169.77.0/24 maxlen: 24
                          31.169.72.0/24 maxlen: 24
                          31.169.81.0/24 maxlen: 24
                          31.169.88.0/24 maxlen: 24
                          31.169.91.0/24 maxlen: 24
                          31.169.92.0/24 maxlen: 24
                          31.169.93.0/24 maxlen: 24
                          31.169.94.0/24 maxlen: 24
                          31.169.64.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:cf:07:81:72:54:0b:ac:b2:19:00:8c:db:24:ff:24:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Nov 14 18:10:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=96dfb27fdee7d842c4d3e751894723ad6e7fd16f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c3:ee:83:54:dd:b2:51:11:94:c7:26:19:8b:
                    f0:f6:e1:f2:6b:45:d7:01:39:c6:86:b4:43:ac:8b:
                    64:d7:0c:b7:85:b4:37:32:cd:7d:82:1e:fd:08:bf:
                    4b:96:90:a2:55:00:47:e6:3f:21:cc:a5:e9:c3:b1:
                    cb:f0:8d:e6:48:19:06:7b:83:9a:3b:a0:b3:38:8c:
                    07:43:2e:49:1b:88:b0:52:11:1e:03:44:29:63:d3:
                    12:2e:df:f8:f4:78:20:9e:28:62:46:07:6c:22:33:
                    a4:7b:0b:ef:f8:07:3b:a6:27:52:b7:d0:54:e2:3c:
                    dc:b4:5c:99:a6:83:5d:58:17:36:f7:c4:7b:0f:0c:
                    13:30:43:ee:f7:4d:ad:da:76:43:3a:73:d3:50:53:
                    24:8d:92:38:eb:27:18:31:7e:9d:07:3f:2d:db:e9:
                    22:b7:15:cf:ec:5b:9c:83:fb:01:b4:95:fa:fc:1e:
                    1a:8f:02:8a:69:7b:82:c1:28:c4:af:0f:7c:f0:e0:
                    02:01:16:80:56:3d:7a:81:e5:db:18:d4:03:20:8d:
                    f9:56:40:18:7c:0e:0a:cb:96:cb:71:01:39:57:5a:
                    7c:79:fa:18:45:2a:d6:56:8a:89:b0:ae:51:b5:d4:
                    cb:80:8c:39:79:0d:b0:7c:1e:42:f4:06:93:eb:5c:
                    ac:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:DF:B2:7F:DE:E7:D8:42:C4:D3:E7:51:89:47:23:AD:6E:7F:D1:6F
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/lt-yf97n2ELE0-dRiUcjrW5_0W8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.64.0/22
                  31.169.69.0-31.169.72.255
                  31.169.77.0-31.169.78.255
                  31.169.81.0/24
                  31.169.88.0/24
                  31.169.91.0-31.169.94.255
                  185.33.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:92:f0:48:fb:c3:28:67:d9:de:84:30:3e:e1:56:83:c8:c6:
         9b:d5:96:4f:d2:f2:01:3b:5c:12:b8:8b:73:e7:43:a7:82:37:
         76:5a:e7:0c:c6:5f:ca:cc:72:ce:17:10:cf:4a:8c:87:77:98:
         36:cd:8f:cc:73:54:07:ce:13:77:72:a4:f6:d4:3b:28:65:4a:
         36:08:3f:44:16:09:14:1d:5d:95:4c:d5:b4:93:78:e5:ab:3b:
         4c:71:e9:8a:22:ca:29:3c:c6:f3:8b:5b:8c:93:64:b3:5f:3b:
         db:d8:be:25:1f:39:c8:3f:1a:6c:4c:63:9d:a0:e5:b6:dc:1a:
         26:f0:7e:7f:03:de:4b:06:23:11:c0:c2:44:93:ba:20:9f:17:
         5a:df:e7:02:80:0a:37:0b:8c:3c:b6:36:ad:82:2f:34:b9:8e:
         89:ec:10:bc:e7:98:8a:b2:f1:1f:d0:48:ac:fe:86:7e:ab:51:
         54:30:35:d7:31:03:ec:e7:4f:f1:62:89:03:70:f8:01:c8:d7:
         27:fc:ec:0a:0d:7b:16:ab:bf:57:8a:1a:9c:a5:f8:0b:48:3d:
         59:03:31:fa:27:71:83:72:42:4c:fb:a8:3c:5a:f2:a5:c7:39:
         e0:86:61:35:ae:90:d7:51:a1:7b:95:cc:af:71:77:36:82:42:
         9e:e7:81:13
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYvPB4FyVAusshkAjNsk/ySWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjMxMTE0MTgxMDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmRmYjI3ZmRlZTdkODQyYzRkM2U3NTE4OTQ3MjNhZDZlN2ZkMTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8Pug1TdslERlMcmGYvw9uHya0XX
ATnGhrRDrItk1wy3hbQ3Ms19gh79CL9LlpCiVQBH5j8hzKXpw7HL8I3mSBkGe4Oa
O6CzOIwHQy5JG4iwUhEeA0QpY9MSLt/49HggnihiRgdsIjOkewvv+Ac7pidSt9BU
4jzctFyZpoNdWBc298R7DwwTMEPu902t2nZDOnPTUFMkjZI46ycYMX6dBz8t2+ki
txXP7Fucg/sBtJX6/B4ajwKKaXuCwSjErw988OACARaAVj16geXbGNQDII35VkAY
fA4Ky5bLcQE5V1p8efoYRSrWVoqJsK5RtdTLgIw5eQ2wfB5C9AaT61yscQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFJbfsn/e59hCxNPnUYlHI61uf9FvMB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvbHQteWY5N24yRUxFMC1kUmlVY2pyVzVfMFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCH6lAMAwD
BAAfqUUDBAAfqUgwDAMEAB+pTQMEAB+pTgMEAB+pUQMEAB+pWDAMAwQAH6lbAwQA
H6leAwQAuSE/MA0GCSqGSIb3DQEBCwUAA4IBAQBlkvBI+8MoZ9nehDA+4VaDyMab
1ZZP0vIBO1wSuItz50Ongjd2WucMxl/KzHLOFxDPSoyHd5g2zY/Mc1QHzhN3cqT2
1DsoZUo2CD9EFgkUHV2VTNW0k3jlqztMcemKIsopPMbzi1uMk2SzXzvb2L4lHznI
PxpsTGOdoOW23Bom8H5/A95LBiMRwMJEk7ognxda3+cCgAo3C4w8tjatgi80uY6J
7BC855iKsvEf0Eis/oZ+q1FUMDXXMQPs50/xYokDcPgByNcn/OwKDXsWq79Xihqc
pfgLSD1ZAzH6J3GDckJM+6g8WvKlxznghmE1rpDXUaF7lcyvcXc2gkKe54ET
-----END CERTIFICATE-----