Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/BhH1CSdnOpD8lKbEXgts_ljIGRo.roa
File:                     BhH1CSdnOpD8lKbEXgts_ljIGRo.roa (raw, json)
Hash identifier:          Ryd4G9rub14m1yp3lnWmhRhwSLYL7qNemdUSHQVcds8=
Subject key identifier:   06:11:F5:09:27:67:3A:90:FC:94:A6:C4:5E:0B:6C:FE:58:C8:19:1A
Certificate issuer:       /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial:       05414613
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/BhH1CSdnOpD8lKbEXgts_ljIGRo.roa
Signing time:             Sat 01 Jan 2022 11:58:46 +0000
ROA not before:           Sat 01 Jan 2022 11:58:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     26636
IP address blocks:        45.91.65.0/24 maxlen: 24
                          45.82.15.0/24 maxlen: 24
                          45.82.14.0/24 maxlen: 24
                          193.111.250.0/24 maxlen: 24
                          185.244.50.0/24 maxlen: 24
                          185.244.48.0/24 maxlen: 24
                          193.39.170.0/24 maxlen: 24
                          193.39.168.0/24 maxlen: 24
                          194.187.120.0/24 maxlen: 24
                          91.200.151.0/24 maxlen: 24
                          91.200.148.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 88163859 (0x5414613)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
        Validity
            Not Before: Jan  1 11:58:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0611f50927673a90fc94a6c45e0b6cfe58c8191a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:4c:c7:13:42:ec:76:59:fa:2b:bb:82:17:5f:
                    b1:76:d1:3d:a4:b1:58:8e:ea:72:5e:75:6f:51:58:
                    61:63:fc:2d:e5:19:50:d0:a2:d3:43:8b:1d:e1:a4:
                    30:9b:b9:70:6e:ad:7d:34:e4:96:60:7f:81:5e:56:
                    f4:40:d7:e6:df:5e:82:73:c7:03:da:4f:bf:fa:9f:
                    77:dc:8b:9f:94:90:43:63:c5:02:a9:fd:38:da:b2:
                    82:d5:73:e3:08:75:9a:d9:6a:44:5e:f9:a3:03:ea:
                    d6:aa:fe:ab:61:2e:d5:18:61:a0:b9:29:82:01:2a:
                    e1:ad:1c:31:4a:bf:35:dd:0c:c8:e6:52:bf:4b:ba:
                    f0:d6:ac:75:3a:41:0d:3c:d6:87:d6:1f:0c:fc:95:
                    36:62:8a:bb:84:1b:70:1d:d1:22:42:88:d9:0c:c0:
                    52:fc:6f:16:b3:9b:88:db:93:7b:be:78:8b:0f:36:
                    34:44:96:76:89:38:bf:03:32:ad:ed:b3:da:74:8e:
                    99:c5:a3:24:d5:97:79:90:ec:eb:ae:7f:d7:60:ef:
                    f7:07:35:7c:86:6d:cf:df:97:99:6b:a1:03:59:0a:
                    53:50:c8:cc:73:5d:9f:35:41:b8:90:63:5b:f1:ef:
                    81:f8:b3:06:f2:b5:06:c8:3b:9c:d6:5f:2c:de:4e:
                    3d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:11:F5:09:27:67:3A:90:FC:94:A6:C4:5E:0B:6C:FE:58:C8:19:1A
            X509v3 Authority Key Identifier:
                keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/BhH1CSdnOpD8lKbEXgts_ljIGRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.14.0/23
                  45.91.65.0/24
                  91.200.148.0/24
                  91.200.151.0/24
                  185.244.48.0/24
                  185.244.50.0/24
                  193.39.168.0/24
                  193.39.170.0/24
                  193.111.250.0/24
                  194.187.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:9b:e2:f7:b3:cd:b4:a9:9b:e3:09:7a:4f:7a:d5:b2:e6:81:
         7d:d5:37:3a:ec:01:07:43:5b:6c:4d:2d:7a:fe:08:15:21:8f:
         f9:ca:49:58:8f:25:91:67:09:f8:c4:aa:5a:2d:09:e6:b3:ff:
         74:4b:03:70:33:b5:23:d7:82:ab:94:e8:ce:5e:44:2b:3d:76:
         56:bb:11:5b:e5:26:ca:e2:b0:29:a5:99:22:8c:78:d7:dc:c1:
         09:8f:9c:a6:54:4f:f2:38:7b:41:73:33:df:74:1d:81:09:49:
         37:79:1c:98:53:c7:f1:2b:e9:5c:90:e4:86:ba:0d:d7:08:22:
         77:f5:83:8a:7a:0a:b5:46:e0:d8:e5:c5:3e:91:27:69:ab:46:
         f0:b4:7b:1f:c6:58:ff:3f:8e:54:c3:af:ee:a7:a4:9b:9a:8d:
         10:92:54:2c:44:63:0c:89:b2:58:be:52:01:3a:65:45:f7:b5:
         2d:be:e9:b9:00:20:36:03:ea:59:5a:6e:c1:79:3a:76:19:0d:
         a5:a5:13:fd:3d:e0:ce:2d:6e:26:48:7f:eb:06:6d:40:c5:fd:
         ff:2a:ff:97:d5:39:9f:f7:51:20:56:f7:ca:41:fa:a1:f7:03:
         67:f0:fe:32:9a:24:07:bd:65:99:3f:6d:08:3b:85:65:51:3c:
         11:42:dd:a1
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEBUFGEzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
NjVlYmE1YzFhODBmODZhNDU4OTI3OGVkZDkzMDRiM2Y1MTY5ZjgzMB4XDTIyMDEw
MTExNTg0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDYxMWY1MDkyNzY3
M2E5MGZjOTRhNmM0NWUwYjZjZmU1OGM4MTkxYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOhMxxNC7HZZ+iu7ghdfsXbRPaSxWI7qcl51b1FYYWP8LeUZ
UNCi00OLHeGkMJu5cG6tfTTklmB/gV5W9EDX5t9egnPHA9pPv/qfd9yLn5SQQ2PF
Aqn9ONqygtVz4wh1mtlqRF75owPq1qr+q2Eu1RhhoLkpggEq4a0cMUq/Nd0MyOZS
v0u68NasdTpBDTzWh9YfDPyVNmKKu4QbcB3RIkKI2QzAUvxvFrObiNuTe754iw82
NESWdok4vwMyre2z2nSOmcWjJNWXeZDs665/12Dv9wc1fIZtz9+XmWuhA1kKU1DI
zHNdnzVBuJBjW/HvgfizBvK1Bsg7nNZfLN5OPYUCAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBQGEfUJJ2c6kPyUpsReC2z+WMgZGjAfBgNVHSMEGDAWgBRGXrpcGoD4akWJ
J47dkwSz9RafgzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1JsNjZYQnFBLUdwRmlTZU8zWk1Fc19VV240TS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTIvYzEyYTdiLTVjYWYtNGU3Yy05NzBkLTVjNDc2ZTMzMjVmNS8x
L0JoSDFDU2RuT3BEOGxLYkVYZ3RzX2xqSUdSby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTIv
YzEyYTdiLTVjYWYtNGU3Yy05NzBkLTVjNDc2ZTMzMjVmNS8xL1JsNjZYQnFBLUdw
RmlTZU8zWk1Fc19VV240TS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAS1SDgMEAC1bQQMEAFvIlAMEAFvI
lwMEALn0MAMEALn0MgMEAMEnqAMEAMEnqgMEAMFv+gMEAMK7eDANBgkqhkiG9w0B
AQsFAAOCAQEAT5vi97PNtKmb4wl6T3rVsuaBfdU3OuwBB0NbbE0tev4IFSGP+cpJ
WI8lkWcJ+MSqWi0J5rP/dEsDcDO1I9eCq5Tozl5EKz12VrsRW+UmyuKwKaWZIox4
19zBCY+cplRP8jh7QXMz33QdgQlJN3kcmFPH8SvpXJDkhroN1wgid/WDinoKtUbg
2OXFPpEnaatG8LR7H8ZY/z+OVMOv7qekm5qNEJJULERjDImyWL5SATplRfe1Lb7p
uQAgNgPqWVpuwXk6dhkNpaUT/T3gzi1uJkh/6wZtQMX9/yr/l9U5n/dRIFb3ykH6
ofcDZ/D+MpokB71lmT9tCDuFZVE8EULdoQ==
-----END CERTIFICATE-----