Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/ewk2INO0rN--V-GvTLRU0SrIiKY.roa
File:                     ewk2INO0rN--V-GvTLRU0SrIiKY.roa (raw, json)
Hash identifier:          9TUg8hHTDoInue5Zch6aJRKvV9Ie97N1Q/NSpLQ/P0M=
Subject key identifier:   7B:09:36:20:D3:B4:AC:DF:BE:57:E1:AF:4C:B4:54:D1:2A:C8:88:A6
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       0181F307D57BBA26886D3D8B02A3823F90CB
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/ewk2INO0rN--V-GvTLRU0SrIiKY.roa
Signing time:             Tue 12 Jul 2022 15:29:45 +0000
ROA not before:           Tue 12 Jul 2022 15:29:45 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203020
IP address blocks:        45.134.76.0/22 maxlen: 32
                          170.245.40.0/22 maxlen: 32
                          188.68.0.0/22 maxlen: 32
                          168.205.72.0/22 maxlen: 32
                          95.181.216.0/22 maxlen: 32
                          193.19.204.0/24 maxlen: 24
                          193.19.205.0/24 maxlen: 32
                          193.19.206.0/24 maxlen: 32
                          193.19.207.0/24 maxlen: 32
                          63.141.36.0/23 maxlen: 32
                          45.66.48.0/22 maxlen: 32
                          45.131.224.0/22 maxlen: 32
                          63.141.34.0/23 maxlen: 32
                          45.145.104.0/22 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:81:f3:07:d5:7b:ba:26:88:6d:3d:8b:02:a3:82:3f:90:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: Jul 12 15:29:45 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=7b093620d3b4acdfbe57e1af4cb454d12ac888a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:13:e3:02:50:45:17:a2:11:e3:eb:2d:17:05:
                    0a:65:17:f4:b8:94:8b:d8:e8:5e:d8:c7:17:45:24:
                    49:23:80:54:51:90:bb:48:38:4b:96:1f:48:f9:3a:
                    7d:83:0d:d3:87:b9:ca:7a:f8:e4:97:19:6d:5d:f2:
                    19:5f:a6:96:74:66:70:ac:cd:a8:d9:cb:fc:5a:e0:
                    49:30:9a:98:fd:88:6d:c8:d5:fd:79:49:4c:d7:f6:
                    2e:18:d5:62:62:bd:33:cd:74:77:d4:e2:db:f2:cb:
                    f5:33:8b:e1:d1:c6:a1:16:3d:7f:f8:ae:a5:57:14:
                    c5:aa:a2:94:82:14:e7:5c:06:55:42:0a:4d:bf:47:
                    ac:c1:9b:1d:09:45:5d:75:d1:0d:ca:21:4e:09:75:
                    53:78:16:59:39:06:32:4d:14:49:eb:57:c3:99:8c:
                    a5:a5:84:f6:e0:6c:d3:31:8e:9e:66:d1:65:72:1e:
                    26:7a:01:27:48:4e:bd:f1:c9:79:ad:12:57:ae:4f:
                    ed:50:8d:8f:6d:1b:e7:b3:a7:de:5b:29:24:1c:84:
                    b3:fa:06:0f:af:81:f0:50:59:c8:ae:52:27:15:42:
                    8d:ac:97:c0:3e:f7:fa:f4:3d:ee:45:67:1c:a1:0e:
                    46:5d:7e:47:8f:8a:0e:7d:e2:1e:ff:9e:52:7f:9a:
                    ba:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:09:36:20:D3:B4:AC:DF:BE:57:E1:AF:4C:B4:54:D1:2A:C8:88:A6
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/ewk2INO0rN--V-GvTLRU0SrIiKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.48.0/22
                  45.131.224.0/22
                  45.134.76.0/22
                  45.145.104.0/22
                  63.141.34.0-63.141.37.255
                  95.181.216.0/22
                  168.205.72.0/22
                  170.245.40.0/22
                  188.68.0.0/22
                  193.19.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:b9:bc:98:e9:20:cb:59:1c:b0:b2:26:11:eb:f3:36:2c:55:
         e2:23:96:7a:e9:06:5c:d3:ae:a9:ed:f2:50:28:61:14:3e:c0:
         1c:b4:ef:18:cc:97:f8:7f:cb:1e:f5:12:2f:84:ab:f4:33:b0:
         97:59:09:cc:5c:73:5c:a6:54:82:ea:42:e6:03:7e:e2:7d:e3:
         a6:ab:1f:c8:36:4e:05:1c:bf:ce:53:87:8b:94:13:23:af:fd:
         f6:e2:fe:51:ce:16:71:71:1d:f7:8f:6b:d7:85:c0:ec:d4:1b:
         e1:f9:c6:c4:26:0b:c8:a0:85:84:37:0a:4d:f3:d7:9c:82:fa:
         6d:de:51:b2:85:ce:ca:92:76:76:f5:73:fa:07:45:39:50:0b:
         6b:38:8d:53:52:39:c3:34:de:e8:c1:03:94:b1:a0:77:50:9d:
         d0:e7:07:74:68:dd:55:d3:a0:37:47:df:d5:c9:f5:58:7e:09:
         14:ff:65:e2:fc:04:0f:e6:f5:ac:35:34:c1:11:69:4d:90:9c:
         19:88:45:d2:a3:73:88:de:40:aa:df:5d:b4:5c:e6:24:9f:8c:
         fd:f4:2d:5f:c7:01:dc:2a:0b:d7:9b:07:56:36:62:6e:81:95:
         ad:c2:2a:64:0a:d4:04:ba:e2:c5:70:ae:36:57:e4:bd:7e:5e:
         b9:ca:66:7a
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYHzB9V7uiaIbT2LAqOCP5DLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjIwNzEyMTUyOTQ1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjA5MzYyMGQzYjRhY2RmYmU1N2UxYWY0Y2I0NTRkMTJhYzg4OGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxPjAlBFF6IR4+stFwUKZRf0uJSL
2Ohe2McXRSRJI4BUUZC7SDhLlh9I+Tp9gw3Th7nKevjklxltXfIZX6aWdGZwrM2o
2cv8WuBJMJqY/YhtyNX9eUlM1/YuGNViYr0zzXR31OLb8sv1M4vh0cahFj1/+K6l
VxTFqqKUghTnXAZVQgpNv0eswZsdCUVdddENyiFOCXVTeBZZOQYyTRRJ61fDmYyl
pYT24GzTMY6eZtFlch4megEnSE698cl5rRJXrk/tUI2PbRvns6feWykkHISz+gYP
r4HwUFnIrlInFUKNrJfAPvf69D3uRWccoQ5GXX5Hj4oOfeIe/55Sf5q60wIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFHsJNiDTtKzfvlfhr0y0VNEqyIimMB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvZXdrMklOTzByTi0tVi1HdlRMUlUwU3JJaUtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQCLUIwAwQC
LYPgAwQCLYZMAwQCLZFoMAwDBAE/jSIDBAE/jSQDBAJftdgDBAKozUgDBAKq9SgD
BAK8RAADBALBE8wwDQYJKoZIhvcNAQELBQADggEBABi5vJjpIMtZHLCyJhHr8zYs
VeIjlnrpBlzTrqnt8lAoYRQ+wBy07xjMl/h/yx71Ei+Eq/QzsJdZCcxcc1ymVILq
QuYDfuJ946arH8g2TgUcv85Th4uUEyOv/fbi/lHOFnFxHfePa9eFwOzUG+H5xsQm
C8ighYQ3Ck3z15yC+m3eUbKFzsqSdnb1c/oHRTlQC2s4jVNSOcM03ujBA5SxoHdQ
ndDnB3Ro3VXToDdH39XJ9Vh+CRT/ZeL8BA/m9aw1NMERaU2QnBmIRdKjc4jeQKrf
XbRc5iSfjP30LV/HAdwqC9ebB1Y2Ym6Bla3CKmQK1AS64sVwrjZX5L1+XrnKZno=
-----END CERTIFICATE-----