Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/zBuFShT_dhy6EkO7szwmj5xnHH0.roa
File:                     zBuFShT_dhy6EkO7szwmj5xnHH0.roa (raw, json)
Hash identifier:          bNAnZgHasCGXUJaRUZcNrYvt3EcUoWHxF6BPkWNXfU4=
Subject key identifier:   CC:1B:85:4A:14:FF:76:1C:BA:12:43:BB:B3:3C:26:8F:9C:67:1C:7D
Certificate issuer:       /CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
Certificate serial:       01877F5511D237786C665FBBD7844D8A9D6C
Authority key identifier: AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/zBuFShT_dhy6EkO7szwmj5xnHH0.roa
Signing time:             Fri 14 Apr 2023 10:34:54 +0000
ROA not before:           Fri 14 Apr 2023 10:34:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59674
IP address blocks:        5.250.241.0/24 maxlen: 24
                          5.250.243.0/24 maxlen: 24
                          5.250.244.0/24 maxlen: 24
                          5.250.242.0/24 maxlen: 24
                          5.250.245.0/24 maxlen: 24
                          5.250.246.0/24 maxlen: 24
                          5.250.252.0/24 maxlen: 24
                          5.250.253.0/24 maxlen: 24
                          5.250.247.0/24 maxlen: 24
                          5.250.248.0/24 maxlen: 24
                          5.250.250.0/24 maxlen: 24
                          5.250.251.0/24 maxlen: 24
                          5.250.249.0/24 maxlen: 24
                          5.250.254.0/24 maxlen: 24
                          185.67.120.0/24 maxlen: 24
                          185.67.123.0/24 maxlen: 24
                          185.67.121.0/24 maxlen: 24
                          185.67.122.0/24 maxlen: 24
                          5.250.240.0/24 maxlen: 24
                          2a05:e80::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:7f:55:11:d2:37:78:6c:66:5f:bb:d7:84:4d:8a:9d:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab1d0e7e818baf9a7afb9866124292a61aafb8ca
        Validity
            Not Before: Apr 14 10:34:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cc1b854a14ff761cba1243bbb33c268f9c671c7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:90:0b:b4:8b:22:78:ac:99:33:e1:6e:70:8b:
                    b1:f4:cb:54:2b:0e:7f:12:90:2b:3e:a2:51:0f:ff:
                    2c:9b:c4:5c:98:7f:e1:bf:c3:01:03:93:80:31:20:
                    ec:34:dc:1c:11:6f:ae:d5:40:35:77:fa:c1:46:40:
                    0f:da:1d:e5:4c:d3:c8:54:25:ed:51:48:c6:d3:61:
                    99:d7:ce:5a:78:5a:f0:ea:00:68:e5:17:23:3e:fb:
                    43:b9:bb:d7:18:1d:bb:f6:3e:2a:57:8e:97:82:b8:
                    8f:e5:77:84:83:3e:e5:e6:88:ef:e2:2d:60:b7:b1:
                    e6:02:99:e1:6e:d7:f5:2b:54:21:a0:a8:23:df:8d:
                    c7:d2:ec:83:a6:35:88:91:99:22:f7:3b:12:7f:99:
                    26:23:f6:d0:33:36:0f:42:e3:a9:35:55:5f:f7:88:
                    7c:c4:ec:81:3e:82:92:e2:13:05:65:b3:fd:da:ea:
                    d9:ae:50:d3:dc:f6:d3:ef:6d:67:13:ca:ff:73:56:
                    25:dc:63:e0:6e:3a:31:f4:00:93:8c:0f:8b:29:96:
                    13:33:fc:83:b2:ff:dc:7e:13:51:8f:21:6f:03:70:
                    47:49:c7:9d:9a:ff:f8:7e:9b:a5:5a:4c:ec:3f:40:
                    db:6b:7e:0c:a6:5a:33:85:3e:52:94:ed:5c:8e:ea:
                    bf:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:1B:85:4A:14:FF:76:1C:BA:12:43:BB:B3:3C:26:8F:9C:67:1C:7D
            X509v3 Authority Key Identifier:
                keyid:AB:1D:0E:7E:81:8B:AF:9A:7A:FB:98:66:12:42:92:A6:1A:AF:B8:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qx0OfoGLr5p6-5hmEkKSphqvuMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/zBuFShT_dhy6EkO7szwmj5xnHH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/124c35-9523-43b7-b7eb-ea59264f9083/1/qx0OfoGLr5p6-5hmEkKSphqvuMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.250.240.0-5.250.254.255
                  185.67.120.0/22
                IPv6:
                  2a05:e80::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:ba:13:e3:59:9b:cf:64:d7:8f:12:37:62:03:c4:d9:88:d9:
         23:6d:48:bd:fe:ba:a2:d1:b9:c8:d8:a2:c0:b7:78:84:dd:52:
         d8:da:42:14:59:c8:a8:95:94:3c:c3:f7:63:a1:78:e3:5f:0a:
         90:1f:94:ac:56:fe:27:93:97:5a:8c:53:a6:d1:91:c7:74:1c:
         63:94:c8:52:82:37:be:1d:97:9f:32:6c:f3:3c:ec:d2:c6:84:
         18:3f:58:dc:4e:ab:55:ff:e7:47:65:01:6e:39:26:f5:f9:a0:
         62:af:e4:c0:87:53:c1:d0:61:0d:bd:04:e8:1d:13:91:f8:8f:
         7f:2f:fe:f0:cd:58:9f:eb:eb:c3:d2:91:f9:8d:58:c7:19:2c:
         ec:f4:c2:a1:bd:74:60:b5:a0:d4:2c:d2:40:20:85:81:7e:d2:
         4a:1e:26:c1:66:d0:47:5b:de:6b:a8:9f:99:29:fa:ef:e4:32:
         ad:5a:3c:5f:04:9d:d8:b6:09:3e:f2:9b:c0:d8:22:9a:84:4d:
         74:c8:28:a9:b7:92:63:a6:43:68:2b:7e:bf:79:c2:4b:e4:dc:
         2d:65:32:4e:76:68:43:1a:66:bd:61:05:f2:9e:2f:75:ce:89:
         cc:a3:f5:e0:09:c9:0a:49:7e:73:2c:de:93:1f:38:8e:ee:88:
         e7:5a:df:15
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYd/VRHSN3hsZl+714RNip1sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMWQwZTdlODE4YmFmOWE3YWZiOTg2NjEyNDI5MmE2MWFh
ZmI4Y2EwHhcNMjMwNDE0MTAzNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzFiODU0YTE0ZmY3NjFjYmExMjQzYmJiMzNjMjY4ZjljNjcxYzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZALtIsieKyZM+FucIux9MtUKw5/
EpArPqJRD/8sm8RcmH/hv8MBA5OAMSDsNNwcEW+u1UA1d/rBRkAP2h3lTNPIVCXt
UUjG02GZ185aeFrw6gBo5RcjPvtDubvXGB279j4qV46XgriP5XeEgz7l5ojv4i1g
t7HmApnhbtf1K1QhoKgj343H0uyDpjWIkZki9zsSf5kmI/bQMzYPQuOpNVVf94h8
xOyBPoKS4hMFZbP92urZrlDT3PbT721nE8r/c1Yl3GPgbjox9ACTjA+LKZYTM/yD
sv/cfhNRjyFvA3BHScedmv/4fpulWkzsP0Dba34MplozhT5SlO1cjuq/dwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFMwbhUoU/3YcuhJDu7M8Jo+cZxx9MB8GA1UdIwQY
MBaAFKsdDn6Bi6+aevuYZhJCkqYar7jKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWIt
ZWE1OTI2NGY5MDgzLzEvekJ1RlNoVF9kaHk2RWtPN3N6d21qNXhuSEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMjRjMzUtOTUyMy00M2I3LWI3ZWItZWE1OTI2NGY5MDgz
LzEvcXgwT2ZvR0xyNXA2LTVobUVrS1NwaHF2dU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBAQF+vAD
BAAF+v4DBAK5Q3gwDQQCAAIwBwMFACoFDoAwDQYJKoZIhvcNAQELBQADggEBAFO6
E+NZm89k148SN2IDxNmI2SNtSL3+uqLRucjYosC3eITdUtjaQhRZyKiVlDzD92Oh
eONfCpAflKxW/ieTl1qMU6bRkcd0HGOUyFKCN74dl58ybPM87NLGhBg/WNxOq1X/
50dlAW45JvX5oGKv5MCHU8HQYQ29BOgdE5H4j38v/vDNWJ/r68PSkfmNWMcZLOz0
wqG9dGC1oNQs0kAghYF+0koeJsFm0Edb3muon5kp+u/kMq1aPF8Endi2CT7ym8DY
IpqETXTIKKm3kmOmQ2grfr95wkvk3C1lMk52aEMaZr1hBfKeL3XOicyj9eAJyQpJ
fnMs3pMfOI7uiOda3xU=
-----END CERTIFICATE-----