Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/gaRHHpOwIzb4VxGEtIE2qFy_axE.roa
File:                     gaRHHpOwIzb4VxGEtIE2qFy_axE.roa (raw, json)
Hash identifier:          1P/OoQyiSVYg3Ww8WwS5vn5A/nwsH8xBI+tUJj+zk6M=
Subject key identifier:   81:A4:47:1E:93:B0:23:36:F8:57:11:84:B4:81:36:A8:5C:BF:6B:11
Certificate issuer:       /CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
Certificate serial:       018E12DDAD28AFC789E864A8EB4A6026CA13
Authority key identifier: 11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/gaRHHpOwIzb4VxGEtIE2qFy_axE.roa
Signing time:             Wed 06 Mar 2024 08:25:01 +0000
ROA not before:           Wed 06 Mar 2024 08:25:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60695
IP address blocks:        45.88.4.0/24 maxlen: 24
                          155.133.33.0/24 maxlen: 24
                          155.133.60.0/23 maxlen: 23
                          185.225.100.0/22 maxlen: 22
                          185.228.108.0/22 maxlen: 22
                          2a06:1e00::/29 maxlen: 48
                          2a0d:a00::/29 maxlen: 29
                          2a0d:b400::/29 maxlen: 48
                          2a0e:4d00::/29 maxlen: 29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:12:dd:ad:28:af:c7:89:e8:64:a8:eb:4a:60:26:ca:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
        Validity
            Not Before: Mar  6 08:25:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81a4471e93b02336f8571184b48136a85cbf6b11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:76:fb:cd:4d:8f:ec:6f:a4:64:33:d3:56:f1:
                    4b:8a:48:4f:4f:8a:b1:6a:2e:0e:56:70:b9:0c:d0:
                    ba:68:c0:70:f5:c8:5d:56:47:42:44:18:a7:9c:0b:
                    c3:fc:fa:f1:53:ea:c7:6d:39:ca:a0:6e:30:e0:6b:
                    4d:d9:7d:91:f1:5f:61:ec:bf:b6:5d:eb:95:b1:fe:
                    a0:0a:e5:c7:0a:32:77:4f:b8:6c:4c:89:4c:60:97:
                    d5:5d:7b:91:14:0c:cc:92:5f:73:2e:8c:c1:41:d1:
                    2c:41:12:ba:c0:9e:88:37:a4:fb:93:c6:3d:ca:a8:
                    5e:6c:dc:4a:f4:7c:22:5a:23:be:19:41:74:d3:d9:
                    42:61:83:93:c0:b4:12:14:cb:66:3a:77:6d:52:d7:
                    c7:0f:18:1d:fe:09:87:75:b9:72:d8:a6:95:56:00:
                    a4:2b:78:d3:ca:87:1c:30:d5:7c:c4:75:fb:49:f9:
                    6d:e6:4e:af:02:4b:ca:b9:57:1e:3f:85:9a:e1:95:
                    5f:af:d8:74:35:f7:cb:79:91:ff:e3:00:34:25:ac:
                    20:7c:ca:d9:fb:3f:6c:a4:c9:af:0e:11:ac:20:f2:
                    9b:8e:e2:66:ff:26:21:41:9d:3f:fc:8e:74:17:76:
                    bc:67:1e:42:2b:1e:96:00:5e:97:5f:cb:01:c2:a8:
                    2a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:A4:47:1E:93:B0:23:36:F8:57:11:84:B4:81:36:A8:5C:BF:6B:11
            X509v3 Authority Key Identifier:
                keyid:11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/gaRHHpOwIzb4VxGEtIE2qFy_axE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.4.0/24
                  155.133.33.0/24
                  155.133.60.0/23
                  185.225.100.0/22
                  185.228.108.0/22
                IPv6:
                  2a06:1e00::/29
                  2a0d:a00::/29
                  2a0d:b400::/29
                  2a0e:4d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         b4:a8:bc:4e:6a:64:ea:8c:c6:d4:a6:d0:06:80:c7:60:b8:4e:
         c1:79:33:e6:b2:d7:cb:4e:77:92:ae:8e:b9:6f:79:b9:56:bb:
         c7:8c:1b:e3:70:eb:b5:25:28:29:da:87:ff:75:36:c7:fa:3e:
         26:18:17:cc:e5:c9:c8:a2:89:ad:21:db:2c:ef:39:04:a5:f4:
         bd:60:c6:3c:38:22:20:f8:13:88:d4:7b:25:7c:f5:44:ea:84:
         a1:82:b6:02:9c:f4:a4:94:66:43:b0:77:10:2c:0c:c9:e9:c5:
         ef:03:53:a5:15:94:ce:a5:69:18:62:73:ba:46:da:0f:28:45:
         51:59:17:68:d6:97:57:fd:b1:36:a6:3c:6d:d2:f5:8e:96:91:
         7b:b6:b1:dd:ef:b6:2b:40:f7:f9:de:35:2e:3b:5f:0a:50:b4:
         d2:d8:06:12:f5:76:ee:0b:21:ed:33:c8:2d:33:36:68:39:de:
         d0:cd:96:88:70:e9:08:5e:7b:cc:3b:9a:b7:43:31:56:5f:4e:
         53:8a:4f:6b:2c:49:f3:73:c8:fb:53:49:35:83:6b:18:d8:4c:
         bd:a3:83:72:69:d7:b2:f3:6c:ef:b9:30:c3:21:f0:d4:14:79:
         82:a8:38:e5:9f:81:63:ab:d7:69:be:21:5b:fd:00:ef:41:dc:
         4b:82:7c:62
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAY4S3a0or8eJ6GSo60pgJsoTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWQ2ODE0Mzc1MjcxZDFhM2NiZDEyMTU1ZGIxMWQyYmQ0
MWE4ZDMwHhcNMjQwMzA2MDgyNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWE0NDcxZTkzYjAyMzM2Zjg1NzExODRiNDgxMzZhODVjYmY2YjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33b7zU2P7G+kZDPTVvFLikhPT4qx
ai4OVnC5DNC6aMBw9chdVkdCRBinnAvD/PrxU+rHbTnKoG4w4GtN2X2R8V9h7L+2
XeuVsf6gCuXHCjJ3T7hsTIlMYJfVXXuRFAzMkl9zLozBQdEsQRK6wJ6IN6T7k8Y9
yqhebNxK9HwiWiO+GUF009lCYYOTwLQSFMtmOndtUtfHDxgd/gmHdbly2KaVVgCk
K3jTyoccMNV8xHX7Sflt5k6vAkvKuVceP4Wa4ZVfr9h0NffLeZH/4wA0JawgfMrZ
+z9spMmvDhGsIPKbjuJm/yYhQZ0//I50F3a8Zx5CKx6WAF6XX8sBwqgqSwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFIGkRx6TsCM2+FcRhLSBNqhcv2sRMB8GA1UdIwQY
MBaAFBEdaBQ3UnHRo8vRIVXbEdK9QajTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQt
MjcxZDI1ZTIwNTc0LzEvZ2FSSEhwT3dJemI0VnhHRXRJRTJxRnlfYXhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQtMjcxZDI1ZTIwNTc0
LzEvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjAkBAIAATAeAwQALVgEAwQA
m4UhAwQBm4U8AwQCueFkAwQCueRsMCIEAgACMBwDBQMqBh4AAwUDKg0KAAMFAyoN
tAADBQMqDk0AMA0GCSqGSIb3DQEBCwUAA4IBAQC0qLxOamTqjMbUptAGgMdguE7B
eTPmstfLTneSro65b3m5VrvHjBvjcOu1JSgp2of/dTbH+j4mGBfM5cnIoomtIdss
7zkEpfS9YMY8OCIg+BOI1HslfPVE6oShgrYCnPSklGZDsHcQLAzJ6cXvA1OlFZTO
pWkYYnO6RtoPKEVRWRdo1pdX/bE2pjxt0vWOlpF7trHd77YrQPf53jUuO18KULTS
2AYS9XbuCyHtM8gtMzZoOd7QzZaIcOkIXnvMO5q3QzFWX05Tik9rLEnzc8j7U0k1
g2sY2Ey9o4Nyadey82zvuTDDIfDUFHmCqDjln4Fjq9dpviFb/QDvQdxLgnxi
-----END CERTIFICATE-----