Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/ynxh1BSujliijCyAIDRmkgWhYXs.roa
File:                     ynxh1BSujliijCyAIDRmkgWhYXs.roa (raw, json)
Hash identifier:          GFIlIyKo84ebJZEdOyxE/wRaDx6lC760byzflrhaNG8=
Subject key identifier:   CA:7C:61:D4:14:AE:8E:58:A2:8C:2C:80:20:34:66:92:05:A1:61:7B
Certificate issuer:       /CN=5c6b0c001a99ab6296e242173bf7e7fdcf03c019
Certificate serial:       01856E8B1FC24CE70BB0584787C98E7DF626
Authority key identifier: 5C:6B:0C:00:1A:99:AB:62:96:E2:42:17:3B:F7:E7:FD:CF:03:C0:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/ynxh1BSujliijCyAIDRmkgWhYXs.roa
Signing time:             Sun 01 Jan 2023 18:14:49 +0000
ROA not before:           Sun 01 Jan 2023 18:14:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44600
IP address blocks:        185.46.148.0/22 maxlen: 22
                          185.128.232.0/22 maxlen: 22
                          185.128.235.0/24 maxlen: 24
                          91.202.72.0/22 maxlen: 22
                          94.131.254.0/24 maxlen: 24
                          194.42.200.0/22 maxlen: 24
                          185.41.248.0/22 maxlen: 22
                          46.182.80.0/22 maxlen: 22
                          46.182.84.0/22 maxlen: 22
                          185.156.52.0/24 maxlen: 24
                          94.131.245.0/24 maxlen: 24
                          94.131.244.0/24 maxlen: 24
                          94.131.248.0/24 maxlen: 24
                          94.131.250.0/23 maxlen: 23
                          94.131.250.0/24 maxlen: 24
                          94.131.249.0/24 maxlen: 24
                          94.131.252.0/24 maxlen: 24
                          94.131.253.0/24 maxlen: 24
                          2a03:a600::/29 maxlen: 29
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:8b:1f:c2:4c:e7:0b:b0:58:47:87:c9:8e:7d:f6:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c6b0c001a99ab6296e242173bf7e7fdcf03c019
        Validity
            Not Before: Jan  1 18:14:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ca7c61d414ae8e58a28c2c802034669205a1617b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:3c:76:88:ee:c4:33:88:6d:bb:1f:90:bf:8e:
                    6f:6f:0e:64:fa:a9:e6:df:31:45:43:0f:c8:2f:82:
                    59:27:e5:4d:01:e8:36:b8:fe:69:05:75:17:2c:1e:
                    b5:c1:64:8d:9c:dc:00:a6:b9:a3:2c:64:71:b7:e6:
                    78:df:97:3b:74:d8:4c:41:77:ac:a3:b6:8c:2f:27:
                    38:62:49:1a:5d:f9:75:da:4b:a8:85:1b:e3:6d:84:
                    25:cc:39:fb:6c:68:be:98:b9:e4:b4:3f:17:a4:1a:
                    f2:b0:12:cc:51:4a:39:da:09:7d:ef:dd:60:d0:f3:
                    2a:ac:2e:a9:17:08:3f:e9:71:08:bb:11:7d:b7:3a:
                    3d:bf:21:12:23:ec:f6:81:b0:24:3c:4e:0d:54:87:
                    fe:41:4a:cc:f9:83:c8:64:ac:9f:28:e7:02:13:a8:
                    c5:18:cf:91:0b:ab:84:eb:88:af:db:32:e9:28:02:
                    ec:97:56:d0:fc:38:13:56:11:65:6d:0c:0a:a9:27:
                    51:a1:97:6b:a4:88:fb:c2:2e:79:7a:fe:37:84:a3:
                    1f:05:2f:cf:2e:50:78:bb:95:ba:c0:a2:06:81:91:
                    a5:9e:15:83:86:83:2a:51:aa:c4:42:d3:d8:aa:c3:
                    9f:03:fa:16:f5:cc:aa:62:59:95:f1:e8:ce:43:df:
                    ae:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:7C:61:D4:14:AE:8E:58:A2:8C:2C:80:20:34:66:92:05:A1:61:7B
            X509v3 Authority Key Identifier:
                keyid:5C:6B:0C:00:1A:99:AB:62:96:E2:42:17:3B:F7:E7:FD:CF:03:C0:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/ynxh1BSujliijCyAIDRmkgWhYXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.80.0/21
                  91.202.72.0/22
                  94.131.244.0/23
                  94.131.248.0-94.131.254.255
                  185.41.248.0/22
                  185.46.148.0/22
                  185.128.232.0/22
                  185.156.52.0/24
                  194.42.200.0/22
                IPv6:
                  2a03:a600::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:40:1d:8d:af:65:b1:54:20:80:11:ff:b0:a5:92:c5:e2:80:
         60:74:af:1b:75:ef:4e:47:3f:3d:64:18:04:a0:25:15:a6:2f:
         d1:77:7e:96:75:9e:7e:fb:11:90:6a:b7:f5:dd:c5:ec:59:25:
         27:6e:8a:d8:a7:e4:d6:00:24:40:9c:71:25:d2:e2:1c:9f:14:
         f3:2f:5b:5f:5c:37:98:ae:33:72:0c:10:06:52:20:9c:c4:02:
         60:7c:30:d9:85:68:d1:89:4b:f6:a8:90:35:f6:d7:b8:c8:0b:
         ec:be:e3:dc:3e:b5:74:11:3f:80:8e:d9:82:1b:a1:35:a3:c4:
         00:ce:d4:98:c2:d5:9e:b7:8b:93:75:ff:f2:8c:97:9f:4b:a7:
         2b:23:9e:eb:9b:0b:0d:e3:c5:4e:a9:0e:ff:13:c5:31:2f:c6:
         46:c7:82:81:43:76:5d:64:92:3d:3e:15:72:7f:f8:1b:6a:33:
         df:bd:58:a6:94:4d:63:96:f6:1e:fa:4b:1b:3b:d0:80:3c:d5:
         1b:e6:a9:03:35:5d:a3:e8:24:7b:dc:9f:91:06:a1:37:a2:2f:
         73:b7:69:35:02:82:36:58:cd:66:79:4b:cd:27:ee:9f:f3:ff:
         46:ca:ee:a3:24:6b:69:b7:30:f3:d0:64:d6:be:3e:eb:b7:53:
         8c:4d:16:88
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYVuix/CTOcLsFhHh8mOffYmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNmIwYzAwMWE5OWFiNjI5NmUyNDIxNzNiZjdlN2ZkY2Yw
M2MwMTkwHhcNMjMwMTAxMTgxNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTdjNjFkNDE0YWU4ZTU4YTI4YzJjODAyMDM0NjY5MjA1YTE2MTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDx2iO7EM4htux+Qv45vbw5k+qnm
3zFFQw/IL4JZJ+VNAeg2uP5pBXUXLB61wWSNnNwAprmjLGRxt+Z435c7dNhMQXes
o7aMLyc4YkkaXfl12kuohRvjbYQlzDn7bGi+mLnktD8XpBrysBLMUUo52gl9791g
0PMqrC6pFwg/6XEIuxF9tzo9vyESI+z2gbAkPE4NVIf+QUrM+YPIZKyfKOcCE6jF
GM+RC6uE64iv2zLpKALsl1bQ/DgTVhFlbQwKqSdRoZdrpIj7wi55ev43hKMfBS/P
LlB4u5W6wKIGgZGlnhWDhoMqUarEQtPYqsOfA/oW9cyqYlmV8ejOQ9+uuwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFMp8YdQUro5YoowsgCA0ZpIFoWF7MB8GA1UdIwQY
MBaAFFxrDAAamatiluJCFzv35/3PA8AZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdzTUFCcVpxMktXNGtJWE9fZm5fYzhEd0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jODk2NzctMWQ5YS00MThkLTg1OTMt
YzE4ZTNjY2M3NDJiLzEveW54aDFCU3VqbGlpakN5QUlEUm1rZ1doWVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jODk2NzctMWQ5YS00MThkLTg1OTMtYzE4ZTNjY2M3NDJi
LzEvWEdzTUFCcVpxMktXNGtJWE9fZm5fYzhEd0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQDLrZQAwQC
W8pIAwQBXoP0MAwDBANeg/gDBABeg/4DBAK5KfgDBAK5LpQDBAK5gOgDBAC5nDQD
BALCKsgwDQQCAAIwBwMFAyoDpgAwDQYJKoZIhvcNAQELBQADggEBAF5AHY2vZbFU
IIAR/7ClksXigGB0rxt1705HPz1kGASgJRWmL9F3fpZ1nn77EZBqt/XdxexZJSdu
itin5NYAJECccSXS4hyfFPMvW19cN5iuM3IMEAZSIJzEAmB8MNmFaNGJS/aokDX2
17jIC+y+49w+tXQRP4CO2YIboTWjxADO1JjC1Z63i5N1//KMl59LpysjnuubCw3j
xU6pDv8TxTEvxkbHgoFDdl1kkj0+FXJ/+BtqM9+9WKaUTWOW9h76Sxs70IA81Rvm
qQM1XaPoJHvcn5EGoTeiL3O3aTUCgjZYzWZ5S80n7p/z/0bK7qMka2m3MPPQZNa+
Puu3U4xNFog=
-----END CERTIFICATE-----