Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/kJnQhYyWBlAm6gZu9VDuZYTXhrg.roa
File:                     kJnQhYyWBlAm6gZu9VDuZYTXhrg.roa (raw, json)
Hash identifier:          RulBNNlOpOSIveWuYO38Oio7VmIV0jOAhdWbpgjazJw=
Subject key identifier:   90:99:D0:85:8C:96:06:50:26:EA:06:6E:F5:50:EE:65:84:D7:86:B8
Certificate issuer:       /CN=421bae989898d9402424aadafbb47c3a6d4c25b3
Certificate serial:       01956B481094E26FE8014473C57D08826CB9
Authority key identifier: 42:1B:AE:98:98:98:D9:40:24:24:AA:DA:FB:B4:7C:3A:6D:4C:25:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/kJnQhYyWBlAm6gZu9VDuZYTXhrg.roa
Signing time:             Thu 06 Mar 2025 11:47:19 +0000
ROA not before:           Thu 06 Mar 2025 11:47:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197580
IP address blocks:        46.245.136.0/21 maxlen: 21
                          83.174.148.0/22 maxlen: 22
                          83.174.148.0/23 maxlen: 23
                          83.174.151.0/24 maxlen: 24
                          83.174.152.0/21 maxlen: 21
                          83.174.152.0/23 maxlen: 23
                          83.174.154.0/24 maxlen: 24
                          83.174.156.0/22 maxlen: 22
                          185.42.208.0/22 maxlen: 22
                          185.42.208.0/24 maxlen: 24
                          185.42.211.0/24 maxlen: 24
                          185.254.216.0/22 maxlen: 22
                          185.254.216.0/23 maxlen: 23
                          185.254.219.0/24 maxlen: 24
                          2a01:6320::/32 maxlen: 32
                          2a05:dec0::/29 maxlen: 29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6b:48:10:94:e2:6f:e8:01:44:73:c5:7d:08:82:6c:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=421bae989898d9402424aadafbb47c3a6d4c25b3
        Validity
            Not Before: Mar  6 11:47:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9099d0858c96065026ea066ef550ee6584d786b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:09:68:0e:95:af:e2:41:21:51:0c:c6:ef:cc:
                    38:e6:70:84:3f:86:62:1f:1b:2e:db:ec:21:bb:1c:
                    dc:b3:db:4e:88:5b:91:3f:b6:f5:ca:ab:83:f7:51:
                    3c:d2:55:89:ad:e5:af:fc:1e:ae:b7:f9:99:48:5a:
                    5f:89:27:4a:a5:10:73:a1:92:c6:59:4b:4c:9a:01:
                    70:18:fb:29:4c:1c:49:b9:5f:e0:12:fd:ae:39:38:
                    18:f1:48:71:4d:77:6d:8f:62:3c:dc:09:7c:19:bf:
                    22:a8:f3:2f:de:d1:a2:2e:a0:dc:d3:6a:d4:3d:99:
                    67:92:91:4f:b2:f1:71:dd:74:5d:15:bb:68:a0:9d:
                    33:73:a6:77:14:d2:20:1c:cc:83:84:99:f7:00:d5:
                    03:af:e7:42:de:7a:59:69:64:fd:5a:0f:3f:8e:3b:
                    e6:63:ef:fe:ed:cb:7c:8e:33:8e:27:f7:87:07:9f:
                    8d:ce:58:96:b5:03:a3:91:30:92:13:e1:fc:9d:d8:
                    0a:58:8c:b1:8b:f8:5a:f1:fa:d6:68:8f:69:cd:d6:
                    4c:89:82:f9:d8:9c:66:54:8a:aa:78:fc:42:d1:e4:
                    b2:f8:67:38:36:12:af:9a:8c:6b:cb:6f:35:91:2c:
                    1b:b2:97:dd:06:81:9a:cc:56:50:ec:54:ac:0b:ad:
                    08:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:99:D0:85:8C:96:06:50:26:EA:06:6E:F5:50:EE:65:84:D7:86:B8
            X509v3 Authority Key Identifier:
                keyid:42:1B:AE:98:98:98:D9:40:24:24:AA:DA:FB:B4:7C:3A:6D:4C:25:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QhuumJiY2UAkJKra-7R8Om1MJbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/kJnQhYyWBlAm6gZu9VDuZYTXhrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/b34cb0-2f71-4f59-bd5e-67efcb3d86fe/1/QhuumJiY2UAkJKra-7R8Om1MJbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.245.136.0/21
                  83.174.148.0-83.174.159.255
                  185.42.208.0/22
                  185.254.216.0/22
                IPv6:
                  2a01:6320::/32
                  2a05:dec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:aa:5d:8c:49:73:ac:83:18:fd:48:7e:51:ba:fc:49:8c:0a:
         b4:f9:08:37:81:7e:51:dd:65:9f:9d:00:98:0f:7c:16:0a:d0:
         b5:6a:e3:ee:d4:4e:27:28:6e:8d:6b:79:42:f9:a0:75:02:76:
         85:55:1e:6a:e3:35:f8:1c:ed:03:4f:8c:3e:c8:c9:15:f7:61:
         3d:1a:39:a5:9e:80:28:1e:5d:e5:fa:f2:e6:15:01:7f:d1:9e:
         e0:6b:ed:ba:d9:c1:1d:74:31:78:0e:09:7a:6b:b3:1d:b8:b0:
         b2:9d:ea:d9:db:1a:de:4e:19:11:8f:06:34:c4:82:67:bf:20:
         57:34:24:12:9d:27:40:22:3f:e1:ec:97:4b:95:1b:4d:cb:cb:
         17:5a:8f:03:6b:ab:60:8a:b7:44:f7:86:5b:f0:9d:1b:56:ab:
         de:ed:d1:63:49:01:aa:60:ad:e2:6c:94:c6:ac:76:68:e0:85:
         66:ae:20:f9:d8:d2:ce:47:89:9d:18:fb:4d:de:be:90:7e:5b:
         12:d5:0c:71:46:f5:89:38:06:c6:22:27:c1:16:3e:5c:44:0d:
         34:e8:14:04:37:75:4f:06:ad:31:8d:69:34:6c:ea:7b:db:8f:
         52:b2:3f:be:67:f1:1f:2b:1b:70:c6:19:bd:5e:2f:81:a8:d1:
         76:d6:65:23
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZVrSBCU4m/oAURzxX0Igmy5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMWJhZTk4OTg5OGQ5NDAyNDI0YWFkYWZiYjQ3YzNhNmQ0
YzI1YjMwHhcNMjUwMzA2MTE0NzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDk5ZDA4NThjOTYwNjUwMjZlYTA2NmVmNTUwZWU2NTg0ZDc4NmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0QloDpWv4kEhUQzG78w45nCEP4Zi
Hxsu2+whuxzcs9tOiFuRP7b1yquD91E80lWJreWv/B6ut/mZSFpfiSdKpRBzoZLG
WUtMmgFwGPspTBxJuV/gEv2uOTgY8UhxTXdtj2I83Al8Gb8iqPMv3tGiLqDc02rU
PZlnkpFPsvFx3XRdFbtooJ0zc6Z3FNIgHMyDhJn3ANUDr+dC3npZaWT9Wg8/jjvm
Y+/+7ct8jjOOJ/eHB5+NzliWtQOjkTCSE+H8ndgKWIyxi/ha8frWaI9pzdZMiYL5
2JxmVIqqePxC0eSy+Gc4NhKvmoxry281kSwbspfdBoGazFZQ7FSsC60IVQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJCZ0IWMlgZQJuoGbvVQ7mWE14a4MB8GA1UdIwQY
MBaAFEIbrpiYmNlAJCSq2vu0fDptTCWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWh1dW1KaVkyVUFrSktyYS03UjhPbTFNSmJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9iMzRjYjAtMmY3MS00ZjU5LWJkNWUt
NjdlZmNiM2Q4NmZlLzEva0puUWhZeVdCbEFtNmdadTlWRHVaWVRYaHJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9iMzRjYjAtMmY3MS00ZjU5LWJkNWUtNjdlZmNiM2Q4NmZl
LzEvUWh1dW1KaVkyVUFrSktyYS03UjhPbTFNSmJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAmBAIAATAgAwQDLvWIMAwD
BAJTrpQDBAVTroADBAK5KtADBAK5/tgwFAQCAAIwDgMFACoBYyADBQMqBd7AMA0G
CSqGSIb3DQEBCwUAA4IBAQAPql2MSXOsgxj9SH5RuvxJjAq0+Qg3gX5R3WWfnQCY
D3wWCtC1auPu1E4nKG6Na3lC+aB1AnaFVR5q4zX4HO0DT4w+yMkV92E9GjmlnoAo
Hl3l+vLmFQF/0Z7ga+262cEddDF4Dgl6a7MduLCynerZ2xreThkRjwY0xIJnvyBX
NCQSnSdAIj/h7JdLlRtNy8sXWo8Da6tgirdE94Zb8J0bVqve7dFjSQGqYK3ibJTG
rHZo4IVmriD52NLOR4mdGPtN3r6QflsS1QxxRvWJOAbGIifBFj5cRA006BQEN3VP
Bq0xjWk0bOp7249Ssj++Z/EfKxtwxhm9Xi+BqNF21mUj
-----END CERTIFICATE-----