Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/nu5tosMv_biow1yY9GtdiGKYftw.roa
File:                     nu5tosMv_biow1yY9GtdiGKYftw.roa (raw, json)
Hash identifier:          jUZu33HdBEghb2Y35ryIh/me3A48ZuNbU5tLjzgMemg=
Subject key identifier:   9E:EE:6D:A2:C3:2F:FD:B8:A8:C3:5C:98:F4:6B:5D:88:62:98:7E:DC
Certificate issuer:       /CN=c11c58337cd4d74cd9219d8778dee5b29f08a461
Certificate serial:       073CCC87
Authority key identifier: C1:1C:58:33:7C:D4:D7:4C:D9:21:9D:87:78:DE:E5:B2:9F:08:A4:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wRxYM3zU10zZIZ2HeN7lsp8IpGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/nu5tosMv_biow1yY9GtdiGKYftw.roa
Signing time:             Sat 01 Jan 2022 09:06:24 +0000
ROA not before:           Sat 01 Jan 2022 09:06:24 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50821
IP address blocks:        185.54.196.0/22 maxlen: 22
                          145.14.96.0/19 maxlen: 19
                          212.100.96.0/19 maxlen: 19
                          109.238.128.0/20 maxlen: 20
                          79.142.240.0/20 maxlen: 20
                          46.39.96.0/19 maxlen: 19
                          89.255.224.0/20 maxlen: 20
                          178.16.208.0/20 maxlen: 20
                          147.28.64.0/19 maxlen: 19
                          145.40.16.0/20 maxlen: 20
                          217.69.144.0/20 maxlen: 20
                          178.251.128.0/21 maxlen: 21
                          185.81.108.0/22 maxlen: 22
                          2001:1ba8::/29 maxlen: 29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 121425031 (0x73ccc87)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c11c58337cd4d74cd9219d8778dee5b29f08a461
        Validity
            Not Before: Jan  1 09:06:24 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9eee6da2c32ffdb8a8c35c98f46b5d8862987edc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:41:02:4d:20:fc:04:b4:15:21:a7:fc:0e:6b:
                    7d:81:21:d0:e8:e0:8f:e4:db:17:5b:12:d4:71:de:
                    5e:a3:9d:d8:fa:56:b6:1a:b6:ce:fd:30:fb:3a:08:
                    d0:e9:df:6e:f6:ba:a1:a2:55:12:86:fb:10:eb:0d:
                    3f:6a:98:e2:eb:0a:31:09:de:c7:ad:44:9f:01:1f:
                    00:2e:19:a9:8f:81:62:fb:22:e4:67:df:44:66:b4:
                    3d:bd:1b:85:f2:96:fb:58:fb:5d:c9:9b:e6:35:dd:
                    f1:bd:07:f2:8c:20:17:e2:36:3c:ff:f2:ef:20:32:
                    3c:99:14:35:47:04:a7:19:b0:9e:72:8d:55:55:01:
                    5b:cf:ba:fb:58:de:92:d8:a0:34:3e:5f:e2:12:74:
                    fd:db:f3:7d:a9:e3:6a:54:76:db:b0:e0:3b:40:70:
                    3f:62:35:70:3c:f3:e5:b1:4a:ad:5b:0f:a4:34:bd:
                    ce:19:83:ef:3c:b8:76:f5:28:11:97:6b:f7:cd:19:
                    60:48:41:0e:bb:60:84:a6:32:ea:b2:ce:86:fc:97:
                    58:b2:0e:87:72:2a:3e:ea:b8:cb:be:c8:6f:35:80:
                    cc:f7:a1:a4:bd:b4:73:8b:17:ba:b3:c6:a8:ad:8e:
                    c2:36:16:3f:bc:80:87:0f:15:64:ff:28:87:3b:9d:
                    75:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:EE:6D:A2:C3:2F:FD:B8:A8:C3:5C:98:F4:6B:5D:88:62:98:7E:DC
            X509v3 Authority Key Identifier:
                keyid:C1:1C:58:33:7C:D4:D7:4C:D9:21:9D:87:78:DE:E5:B2:9F:08:A4:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wRxYM3zU10zZIZ2HeN7lsp8IpGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/nu5tosMv_biow1yY9GtdiGKYftw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/wRxYM3zU10zZIZ2HeN7lsp8IpGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.39.96.0/19
                  79.142.240.0/20
                  89.255.224.0/20
                  109.238.128.0/20
                  145.14.96.0/19
                  145.40.16.0/20
                  147.28.64.0/19
                  178.16.208.0/20
                  178.251.128.0/21
                  185.54.196.0/22
                  185.81.108.0/22
                  212.100.96.0/19
                  217.69.144.0/20
                IPv6:
                  2001:1ba8::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:4e:3c:43:85:4b:8c:c9:f0:96:1a:80:9c:c8:19:ef:cf:98:
         8d:f8:71:fa:4f:a0:d6:66:3d:c3:75:a3:95:0b:5a:4f:ed:29:
         74:5d:b1:b5:3a:92:9a:ed:64:66:d4:a0:b4:d8:86:93:6e:86:
         21:e5:bf:2e:b6:fb:ad:6d:6c:de:b9:0d:78:6e:43:ee:4e:0a:
         ae:d8:17:fa:59:f5:c8:bd:e2:4d:fd:99:e4:1b:b3:3c:41:86:
         e9:22:86:4e:ef:af:15:99:2a:39:4f:8b:ae:da:d4:9c:d4:d4:
         b3:4f:15:b7:aa:08:04:47:fb:c1:1f:1f:02:73:b0:94:48:c9:
         66:9c:41:03:7c:5d:69:bf:ec:a8:95:fc:c7:ee:a8:91:d7:7d:
         c2:8c:70:89:42:a1:02:78:01:2d:33:ff:41:71:a8:f8:dc:55:
         29:f3:c6:8e:b4:e4:ec:3b:bd:6b:4e:40:79:d8:7f:65:dc:6c:
         b6:a8:37:bb:88:32:0a:9c:c8:a7:fc:7f:4c:f4:71:e2:f6:e6:
         52:21:77:2b:01:d9:6c:4a:ff:ef:17:d0:16:03:dc:68:03:2c:
         d3:74:05:91:ce:3a:5a:9b:df:75:86:48:d2:b0:91:08:0e:67:
         13:82:c6:c0:03:1b:85:40:c6:13:68:da:c0:f5:70:47:02:66:
         ce:0e:57:4d
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgIEBzzMhzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
MTFjNTgzMzdjZDRkNzRjZDkyMTlkODc3OGRlZTViMjlmMDhhNDYxMB4XDTIyMDEw
MTA5MDYyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWVlZTZkYTJjMzJm
ZmRiOGE4YzM1Yzk4ZjQ2YjVkODg2Mjk4N2VkYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANJBAk0g/AS0FSGn/A5rfYEh0Ojgj+TbF1sS1HHeXqOd2PpW
thq2zv0w+zoI0Onfbva6oaJVEob7EOsNP2qY4usKMQnex61EnwEfAC4ZqY+BYvsi
5GffRGa0Pb0bhfKW+1j7Xcmb5jXd8b0H8owgF+I2PP/y7yAyPJkUNUcEpxmwnnKN
VVUBW8+6+1jektigND5f4hJ0/dvzfanjalR227DgO0BwP2I1cDzz5bFKrVsPpDS9
zhmD7zy4dvUoEZdr980ZYEhBDrtghKYy6rLOhvyXWLIOh3IqPuq4y77IbzWAzPeh
pL20c4sXurPGqK2OwjYWP7yAhw8VZP8ohzuddV0CAwEAAaOCAmAwggJcMB0GA1Ud
DgQWBBSe7m2iwy/9uKjDXJj0a12IYph+3DAfBgNVHSMEGDAWgBTBHFgzfNTXTNkh
nYd43uWynwikYTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3dSeFlNM3pVMTB6WklaMkhlTjdsc3A4SXBHRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTIvMGJkY2EzLTI4M2EtNDk0Mi04NTkyLWMzOTQ1NDFmNzcwZS8x
L251NXRvc012X2Jpb3cxeVk5R3RkaUdLWWZ0dy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTIv
MGJkY2EzLTI4M2EtNDk0Mi04NTkyLWMzOTQ1NDFmNzcwZS8xL3dSeFlNM3pVMTB6
WklaMkhlTjdsc3A4SXBHRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB2
BggrBgEFBQcBBwEB/wRnMGUwVAQCAAEwTgMEBS4nYAMEBE+O8AMEBFn/4AMEBG3u
gAMEBZEOYAMEBJEoEAMEBZMcQAMEBLIQ0AMEA7L7gAMEArk2xAMEArlRbAMEBdRk
YAMEBNlFkDANBAIAAjAHAwUDIAEbqDANBgkqhkiG9w0BAQsFAAOCAQEAE048Q4VL
jMnwlhqAnMgZ78+Yjfhx+k+g1mY9w3WjlQtaT+0pdF2xtTqSmu1kZtSgtNiGk26G
IeW/Lrb7rW1s3rkNeG5D7k4KrtgX+ln1yL3iTf2Z5BuzPEGG6SKGTu+vFZkqOU+L
rtrUnNTUs08Vt6oIBEf7wR8fAnOwlEjJZpxBA3xdab/sqJX8x+6okdd9woxwiUKh
AngBLTP/QXGo+NxVKfPGjrTk7Du9a05Aedh/Zdxstqg3u4gyCpzIp/x/TPRx4vbm
UiF3KwHZbEr/7xfQFgPcaAMs03QFkc46WpvfdYZI0rCRCA5nE4LGwAMbhUDGE2ja
wPVwRwJmzg5XTQ==
-----END CERTIFICATE-----