Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/TbV7DIImrVdgiDofS6EhmgFHiao.roa
File:                     TbV7DIImrVdgiDofS6EhmgFHiao.roa (raw, json)
Hash identifier:          9se4XvniR1JEpSkq1KJw/HGjjjDWMtvdW+L8QJpBk28=
Subject key identifier:   4D:B5:7B:0C:82:26:AD:57:60:88:3A:1F:4B:A1:21:9A:01:47:89:AA
Certificate issuer:       /CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Certificate serial:       0188F87049E21FB41A92B87B58E0F0A3508D
Authority key identifier: AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/TbV7DIImrVdgiDofS6EhmgFHiao.roa
Signing time:             Mon 26 Jun 2023 16:01:28 +0000
ROA not before:           Mon 26 Jun 2023 16:01:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59674
IP address blocks:        5.250.241.0/24 maxlen: 24
                          5.250.243.0/24 maxlen: 24
                          5.250.244.0/24 maxlen: 24
                          5.250.242.0/24 maxlen: 24
                          5.250.245.0/24 maxlen: 24
                          5.250.246.0/24 maxlen: 24
                          5.250.252.0/24 maxlen: 24
                          5.250.253.0/24 maxlen: 24
                          5.250.247.0/24 maxlen: 24
                          5.250.248.0/24 maxlen: 24
                          5.250.250.0/24 maxlen: 24
                          5.250.251.0/24 maxlen: 24
                          5.250.249.0/24 maxlen: 24
                          185.67.120.0/24 maxlen: 24
                          185.67.123.0/24 maxlen: 24
                          185.67.121.0/24 maxlen: 24
                          185.67.122.0/24 maxlen: 24
                          5.250.240.0/24 maxlen: 24
                          2a05:e80::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:f8:70:49:e2:1f:b4:1a:92:b8:7b:58:e0:f0:a3:50:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
        Validity
            Not Before: Jun 26 16:01:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4db57b0c8226ad5760883a1f4ba1219a014789aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:70:00:2a:ea:c9:31:5a:f9:c2:8a:58:c8:9a:
                    ed:c6:fc:33:ec:26:23:c4:1c:2a:9f:4d:ee:47:68:
                    6f:47:ce:bd:4b:6e:06:49:7c:f0:a5:f8:a3:0c:3f:
                    6c:e1:5e:50:23:b1:8c:b5:99:b2:dc:4c:8b:0a:2f:
                    7e:a8:8f:74:31:31:37:fe:f3:37:8b:87:05:8c:4e:
                    ee:dc:09:c4:3b:ae:f7:06:cb:3e:32:06:41:ea:05:
                    ce:a9:3f:94:7a:b2:e5:85:79:05:67:b7:e0:5e:eb:
                    4a:61:9d:27:03:0c:84:f1:01:72:b7:bd:af:1a:ed:
                    e3:6d:13:71:09:78:4a:bd:75:83:ea:4b:20:da:6d:
                    3a:97:51:02:66:00:d0:1c:52:a5:fb:36:2c:03:95:
                    93:2d:b0:45:bb:d2:7b:cb:09:6e:cf:f4:d0:00:9e:
                    24:8c:fb:39:23:27:80:18:15:8d:39:91:89:3f:05:
                    11:66:e7:68:88:2b:89:dd:99:da:14:8d:f2:e3:c0:
                    c3:13:04:3c:cb:59:eb:e1:65:da:6e:b5:da:d0:58:
                    a4:04:c3:d7:7c:d9:67:03:d6:3f:f6:59:46:25:5b:
                    af:00:75:ba:53:39:5f:74:78:47:f7:cc:cc:fd:9a:
                    2e:b1:55:77:ea:8b:88:95:31:85:7e:66:79:a3:74:
                    6f:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:B5:7B:0C:82:26:AD:57:60:88:3A:1F:4B:A1:21:9A:01:47:89:AA
            X509v3 Authority Key Identifier:
                keyid:AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/TbV7DIImrVdgiDofS6EhmgFHiao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/qx0OfoGLr5p6-5hmEkKSphqvuMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.250.240.0-5.250.253.255
                  185.67.120.0/22
                IPv6:
                  2a05:e80::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:ab:56:4b:8e:d1:5b:c0:13:36:c8:cc:76:4a:58:82:4f:67:
         37:c6:f3:0e:86:ce:f0:f0:d0:0d:a8:66:ed:4a:6a:fe:b7:ea:
         a2:7c:3f:c4:26:16:f7:a1:d6:5c:14:45:07:f7:4f:13:98:21:
         ae:77:38:97:bf:06:cf:f2:51:13:74:67:bb:e2:e4:1c:d6:3b:
         46:64:40:81:f5:e4:a1:ab:b5:90:d7:e1:1e:78:1f:c5:b0:59:
         00:bf:36:80:70:25:d3:30:97:6b:b0:05:dd:77:19:a3:89:3d:
         f5:32:d9:78:a2:5d:6f:15:56:f6:47:3f:d5:8e:55:d0:19:fc:
         ef:68:93:85:4a:78:d5:e8:e2:0d:28:89:48:08:0e:a1:df:4e:
         c7:03:7c:f2:df:e7:26:d7:f0:70:5a:21:74:04:1b:b9:ef:2c:
         98:26:52:81:d7:3e:53:b8:8c:cf:ac:09:11:9e:7a:2f:8e:c2:
         49:4f:fc:3b:44:37:a8:ac:b9:61:f4:f3:47:88:ab:45:af:3f:
         84:fb:7a:4c:56:00:45:9b:4a:24:e6:3e:3e:9e:70:f7:aa:4f:
         19:ab:f0:01:78:97:a9:f5:61:e4:aa:8a:e4:56:61:c0:e8:c4:
         10:98:28:1a:d7:e6:dc:ef:dc:a3:82:8c:79:0a:6d:39:4b:b9:
         18:18:48:d9
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYj4cEniH7Qakrh7WODwo1CNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMWQwZTdlODE4YmFmOWE3YWZiOTg2NjEyNDI5MmE2MWFh
ZmI4Y2EwHhcNMjMwNjI2MTYwMTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGI1N2IwYzgyMjZhZDU3NjA4ODNhMWY0YmExMjE5YTAxNDc4OWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHAAKurJMVr5wopYyJrtxvwz7CYj
xBwqn03uR2hvR869S24GSXzwpfijDD9s4V5QI7GMtZmy3EyLCi9+qI90MTE3/vM3
i4cFjE7u3AnEO673Bss+MgZB6gXOqT+UerLlhXkFZ7fgXutKYZ0nAwyE8QFyt72v
Gu3jbRNxCXhKvXWD6ksg2m06l1ECZgDQHFKl+zYsA5WTLbBFu9J7ywluz/TQAJ4k
jPs5IyeAGBWNOZGJPwURZudoiCuJ3ZnaFI3y48DDEwQ8y1nr4WXabrXa0FikBMPX
fNlnA9Y/9llGJVuvAHW6UzlfdHhH98zM/ZousVV36ouIlTGFfmZ5o3Rv5wIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFE21ewyCJq1XYIg6H0uhIZoBR4mqMB8GA1UdIwQY
MBaAFKsdDn6Bi6+aevuYZhJCkqYar7jKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWIt
ZWE1OTI2NGY5MDgzLzEvVGJWN0RJSW1yVmRnaURvZlM2RWhtZ0ZIaWFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWItZWE1OTI2NGY5MDgz
LzEvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBAQF+vAD
BAEF+vwDBAK5Q3gwDQQCAAIwBwMFACoFDoAwDQYJKoZIhvcNAQELBQADggEBAJSr
VkuO0VvAEzbIzHZKWIJPZzfG8w6GzvDw0A2oZu1Kav636qJ8P8QmFveh1lwURQf3
TxOYIa53OJe/Bs/yURN0Z7vi5BzWO0ZkQIH15KGrtZDX4R54H8WwWQC/NoBwJdMw
l2uwBd13GaOJPfUy2XiiXW8VVvZHP9WOVdAZ/O9ok4VKeNXo4g0oiUgIDqHfTscD
fPLf5ybX8HBaIXQEG7nvLJgmUoHXPlO4jM+sCRGeei+OwklP/DtEN6isuWH080eI
q0WvP4T7ekxWAEWbSiTmPj6ecPeqTxmr8AF4l6n1YeSqiuRWYcDoxBCYKBrX5tzv
3KOCjHkKbTlLuRgYSNk=
-----END CERTIFICATE-----