Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/sl0kbuLpYol90pMWDCfIz9HxeRA.roa
File:                     sl0kbuLpYol90pMWDCfIz9HxeRA.roa (raw, json)
Hash identifier:          W5U50cW/oV43YRquIBjo87qg6yBQh8EdTnD8RO8rRW4=
Subject key identifier:   B2:5D:24:6E:E2:E9:62:89:7D:D2:93:16:0C:27:C8:CF:D1:F1:79:10
Certificate issuer:       /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial:       018DC5FABC91DE165C7B0D97A1A34B0DF2BF
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/sl0kbuLpYol90pMWDCfIz9HxeRA.roa
Signing time:             Tue 20 Feb 2024 10:06:00 +0000
ROA not before:           Tue 20 Feb 2024 10:06:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206509
IP address blocks:        62.164.128.0/18 maxlen: 18
                          62.164.144.0/21 maxlen: 21
                          62.164.192.0/21 maxlen: 21
                          86.54.0.0/16 maxlen: 16
                          193.108.169.0/24 maxlen: 24
                          194.62.44.0/22 maxlen: 22
                          194.164.97.0/24 maxlen: 24
                          194.164.114.0/24 maxlen: 24
                          194.164.181.0/24 maxlen: 24
                          195.200.0.0/19 maxlen: 19
                          213.254.171.0/24 maxlen: 24
                          213.254.178.0/24 maxlen: 24
                          213.254.185.0/24 maxlen: 24
                          217.154.0.0/16 maxlen: 16
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c5:fa:bc:91:de:16:5c:7b:0d:97:a1:a3:4b:0d:f2:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
        Validity
            Not Before: Feb 20 10:06:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b25d246ee2e962897dd293160c27c8cfd1f17910
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0c:82:f3:60:30:b9:c2:02:3f:70:d0:d2:c8:
                    9a:0b:53:13:1c:d8:6d:0a:47:32:7e:77:c0:84:1e:
                    bc:8b:82:68:23:d4:85:ed:65:cc:3d:d3:39:8d:ae:
                    a5:16:b8:77:03:db:0a:49:f7:38:54:25:fb:3d:0b:
                    61:23:0d:4e:74:ea:54:9f:dc:39:76:57:a6:42:aa:
                    5d:4a:44:77:34:7c:07:43:2b:34:4b:86:81:8a:94:
                    c5:16:39:fa:c0:d1:e7:f6:32:bd:f7:be:44:1b:aa:
                    c9:2d:14:e8:db:ba:3f:c6:a3:93:6e:2d:09:8b:f2:
                    84:ef:a5:34:df:45:3b:ba:b3:15:5f:93:6e:26:23:
                    35:81:27:52:16:c2:85:85:65:32:23:21:63:bd:ad:
                    43:38:2d:18:28:0b:08:f1:af:ff:3f:f0:0f:b5:b9:
                    9e:99:fc:e1:76:05:75:c8:c1:27:3f:0f:d6:b9:9c:
                    a3:1f:28:2d:6c:89:dd:ad:68:f4:f7:32:15:b5:7a:
                    2d:11:e4:21:15:93:ff:5d:21:7c:c4:69:62:d4:5e:
                    06:61:db:cb:4b:ca:10:ec:26:b1:60:1e:b6:c8:7f:
                    61:a3:c1:21:5e:89:15:2d:88:ed:32:bf:eb:d9:70:
                    5f:58:ba:34:0a:83:16:1a:e2:cf:21:57:25:ef:1b:
                    a4:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:5D:24:6E:E2:E9:62:89:7D:D2:93:16:0C:27:C8:CF:D1:F1:79:10
            X509v3 Authority Key Identifier:
                keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/sl0kbuLpYol90pMWDCfIz9HxeRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.128.0-62.164.199.255
                  86.54.0.0/16
                  193.108.169.0/24
                  194.62.44.0/22
                  194.164.97.0/24
                  194.164.114.0/24
                  194.164.181.0/24
                  195.200.0.0/19
                  213.254.171.0/24
                  213.254.178.0/24
                  213.254.185.0/24
                  217.154.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9c:e7:6d:e0:a3:87:92:87:7f:e8:5c:7a:e7:6a:fd:77:33:e3:
         aa:6f:55:36:d0:8a:4d:ee:dc:8d:62:86:db:f8:1c:8e:46:95:
         7f:c3:a4:98:e7:98:be:9b:0a:1e:d6:78:14:68:7a:5c:a8:42:
         38:f2:b5:24:c3:c9:36:c9:eb:72:43:64:be:c1:ba:e4:11:d1:
         32:03:ed:62:5f:94:74:e1:8d:d4:9b:d2:3e:d4:9f:c0:95:cc:
         af:46:7a:4e:93:47:67:ea:01:27:06:4a:8c:66:9e:63:2c:b2:
         3f:02:58:8b:1a:49:dc:82:a5:29:d1:8f:ea:aa:96:5f:96:f8:
         b1:08:55:96:a4:5b:de:10:16:e4:ca:54:6d:c6:5f:a3:1c:6f:
         97:8c:fe:79:c3:27:00:e5:56:d6:59:c8:8e:0b:8d:4e:d8:d4:
         f8:48:6f:eb:44:fd:27:f6:d4:22:fe:35:25:8c:9b:06:93:ba:
         8c:45:cc:55:7a:4f:e4:f0:a2:c4:0d:96:63:0d:49:12:a6:d8:
         ec:16:36:e6:93:57:69:e1:3b:d8:0f:d8:24:48:3e:db:c0:86:
         ab:4c:13:1e:d7:5c:38:14:bf:38:2e:6a:e4:e3:74:e7:cf:58:
         47:c4:e1:8b:8e:74:70:e8:2e:a5:d9:39:94:ed:32:b1:28:a4:
         f6:10:7a:2b
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAY3F+ryR3hZcew2XoaNLDfK/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMjIwMTAwNjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjVkMjQ2ZWUyZTk2Mjg5N2RkMjkzMTYwYzI3YzhjZmQxZjE3OTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQyC82AwucICP3DQ0siaC1MTHNht
CkcyfnfAhB68i4JoI9SF7WXMPdM5ja6lFrh3A9sKSfc4VCX7PQthIw1OdOpUn9w5
dlemQqpdSkR3NHwHQys0S4aBipTFFjn6wNHn9jK9975EG6rJLRTo27o/xqOTbi0J
i/KE76U030U7urMVX5NuJiM1gSdSFsKFhWUyIyFjva1DOC0YKAsI8a//P/APtbme
mfzhdgV1yMEnPw/WuZyjHygtbIndrWj09zIVtXotEeQhFZP/XSF8xGli1F4GYdvL
S8oQ7CaxYB62yH9ho8EhXokVLYjtMr/r2XBfWLo0CoMWGuLPIVcl7xukwwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFLJdJG7i6WKJfdKTFgwnyM/R8XkQMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvc2wwa2J1THBZb2w5MHBNV0RDZkl6OUh4ZVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOMAwDBAc+pIAD
BAM+pMADAwBWNgMEAMFsqQMEAsI+LAMEAMKkYQMEAMKkcgMEAMKktQMEBcPIAAME
ANX+qwMEANX+sgMEANX+uQMDANmaMA0GCSqGSIb3DQEBCwUAA4IBAQCc523go4eS
h3/oXHrnav13M+Oqb1U20IpN7tyNYobb+ByORpV/w6SY55i+mwoe1ngUaHpcqEI4
8rUkw8k2yetyQ2S+wbrkEdEyA+1iX5R04Y3Um9I+1J/AlcyvRnpOk0dn6gEnBkqM
Zp5jLLI/AliLGkncgqUp0Y/qqpZflvixCFWWpFveEBbkylRtxl+jHG+XjP55wycA
5VbWWciOC41O2NT4SG/rRP0n9tQi/jUljJsGk7qMRcxVek/k8KLEDZZjDUkSptjs
Fjbmk1dp4TvYD9gkSD7bwIarTBMe11w4FL84Lmrk43Tnz1hHxOGLjnRw6C6l2TmU
7TKxKKT2EHor
-----END CERTIFICATE-----