Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/qnmSZdoc1_kolwaPWh_YLH-r0kQ.roa
File:                     qnmSZdoc1_kolwaPWh_YLH-r0kQ.roa (raw, json)
Hash identifier:          3X4ta9REFKEnG/nwEGfUMLhKUE9Kp5buNBXOnGi0L5c=
Subject key identifier:   AA:79:92:65:DA:1C:D7:F9:28:97:06:8F:5A:1F:D8:2C:7F:AB:D2:44
Certificate issuer:       /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial:       018BD2638A3996F52FDC008C635CDECA4FFA
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/qnmSZdoc1_kolwaPWh_YLH-r0kQ.roa
Signing time:             Wed 15 Nov 2023 09:50:20 +0000
ROA not before:           Wed 15 Nov 2023 09:50:20 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59729
IP address blocks:        88.204.41.0/24 maxlen: 24
                          88.204.42.0/24 maxlen: 24
                          88.204.43.0/24 maxlen: 24
                          88.204.44.0/24 maxlen: 24
                          88.204.45.0/24 maxlen: 24
                          88.204.46.0/24 maxlen: 24
                          88.204.47.0/24 maxlen: 24
                          78.136.248.0/24 maxlen: 24
                          78.136.249.0/24 maxlen: 24
                          78.136.250.0/24 maxlen: 24
                          78.136.251.0/24 maxlen: 24
                          78.136.252.0/24 maxlen: 24
                          78.136.253.0/24 maxlen: 24
                          78.136.254.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d2:63:8a:39:96:f5:2f:dc:00:8c:63:5c:de:ca:4f:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
        Validity
            Not Before: Nov 15 09:50:20 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aa799265da1cd7f92897068f5a1fd82c7fabd244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e5:bf:c1:0b:5f:02:cb:c5:7e:f7:21:9f:5b:
                    b0:39:33:18:ad:8e:1f:f6:86:fe:f2:31:74:99:3c:
                    29:33:d2:cf:9d:2c:21:b2:23:5a:3a:1e:52:fb:7b:
                    8b:f8:f9:b6:20:8e:37:69:73:29:47:62:f6:3d:ba:
                    b3:e2:c7:2b:8b:6c:25:b1:5c:cf:26:4d:63:f2:60:
                    37:8c:e7:9b:1a:a8:57:af:9d:2c:e6:60:5a:72:09:
                    55:73:44:34:ed:cf:cb:ce:3e:0d:d4:56:e8:37:73:
                    e5:c1:b1:17:0e:11:37:96:17:a2:a9:5b:cb:26:00:
                    f6:a2:0b:19:43:56:c3:be:2c:30:97:41:c1:4a:d4:
                    a7:cb:f8:9e:57:53:89:fe:44:be:4f:1a:c2:35:b4:
                    d0:8b:11:b5:2f:05:32:02:ca:b8:33:67:b1:99:59:
                    c1:7e:8e:f8:fc:e9:db:d0:d2:80:a3:7c:9c:45:db:
                    01:69:2e:a0:2f:62:7a:38:e1:1a:22:5d:8d:7b:be:
                    0c:17:60:58:e7:92:95:8f:1c:61:04:f3:40:b5:b4:
                    94:b8:6a:e7:b0:f2:21:b2:19:1a:11:cf:c8:44:8a:
                    92:45:54:71:62:2f:d1:f2:e4:11:6b:0d:84:97:43:
                    6b:b3:83:24:c5:52:7c:64:f0:10:24:44:59:a7:a9:
                    24:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:79:92:65:DA:1C:D7:F9:28:97:06:8F:5A:1F:D8:2C:7F:AB:D2:44
            X509v3 Authority Key Identifier:
                keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/qnmSZdoc1_kolwaPWh_YLH-r0kQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.136.248.0-78.136.254.255
                  88.204.41.0-88.204.47.255

    Signature Algorithm: sha256WithRSAEncryption
         3c:59:b4:ea:a1:5d:81:9b:22:97:e4:d1:c6:9d:20:b2:9e:2c:
         34:7a:bc:fe:05:04:c2:a8:c3:33:d4:cc:06:41:e7:ce:4d:ed:
         be:39:39:c4:5a:a1:44:cb:8d:21:9d:bf:c0:02:9a:ba:22:aa:
         b2:f4:25:fd:01:55:0a:ce:b3:d1:be:f2:36:ae:51:2c:fc:b9:
         65:e6:68:98:fc:80:2a:86:cf:24:12:24:32:85:9d:ca:a0:88:
         44:1e:74:66:2a:c3:65:92:40:72:8b:05:c7:c2:0d:c7:13:a5:
         d6:1f:b6:cb:72:26:8a:c8:65:c9:e4:a3:bd:bf:2a:bf:e4:11:
         83:10:ef:2e:b2:4d:b2:1b:cf:77:47:e0:bd:d0:51:36:d0:41:
         1b:6f:43:5c:35:b9:f5:10:30:21:2f:cc:72:20:3b:d4:4d:94:
         c5:aa:05:cd:ad:c1:71:64:d4:bf:46:d0:42:9a:b2:97:f6:54:
         b2:80:8a:b2:41:6a:99:38:1c:26:eb:78:82:ec:d5:97:95:53:
         aa:13:f8:5f:5a:05:9b:a8:ad:a5:f2:93:8b:23:91:3a:3f:b0:
         c5:5a:ce:7e:31:50:56:de:4c:b3:2b:80:2a:a7:6b:80:f4:c2:
         ae:47:44:03:6e:c5:7c:1e:b4:4e:d7:dc:58:c5:76:fc:85:d7:
         08:60:83:8b
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYvSY4o5lvUv3ACMY1zeyk/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjMxMTE1MDk1MDIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTc5OTI2NWRhMWNkN2Y5Mjg5NzA2OGY1YTFmZDgyYzdmYWJkMjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuW/wQtfAsvFfvchn1uwOTMYrY4f
9ob+8jF0mTwpM9LPnSwhsiNaOh5S+3uL+Pm2II43aXMpR2L2Pbqz4scri2wlsVzP
Jk1j8mA3jOebGqhXr50s5mBacglVc0Q07c/Lzj4N1FboN3PlwbEXDhE3lheiqVvL
JgD2ogsZQ1bDviwwl0HBStSny/ieV1OJ/kS+TxrCNbTQixG1LwUyAsq4M2exmVnB
fo74/Onb0NKAo3ycRdsBaS6gL2J6OOEaIl2Ne74MF2BY55KVjxxhBPNAtbSUuGrn
sPIhshkaEc/IRIqSRVRxYi/R8uQRaw2El0Nrs4MkxVJ8ZPAQJERZp6kkKwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFKp5kmXaHNf5KJcGj1of2Cx/q9JEMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvcW5tU1pkb2MxX2tvbHdhUFdoX1lMSC1yMGtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBANOiPgD
BABOiP4wDAMEAFjMKQMEBFjMIDANBgkqhkiG9w0BAQsFAAOCAQEAPFm06qFdgZsi
l+TRxp0gsp4sNHq8/gUEwqjDM9TMBkHnzk3tvjk5xFqhRMuNIZ2/wAKauiKqsvQl
/QFVCs6z0b7yNq5RLPy5ZeZomPyAKobPJBIkMoWdyqCIRB50ZirDZZJAcosFx8IN
xxOl1h+2y3ImishlyeSjvb8qv+QRgxDvLrJNshvPd0fgvdBRNtBBG29DXDW59RAw
IS/MciA71E2UxaoFza3BcWTUv0bQQpqyl/ZUsoCKskFqmTgcJut4guzVl5VTqhP4
X1oFm6itpfKTiyOROj+wxVrOfjFQVt5MsyuAKqdrgPTCrkdEA27FfB60TtfcWMV2
/IXXCGCDiw==
-----END CERTIFICATE-----