Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/1o4DGKtNik71x6uoDc_gLTfcHz0.roa
File:                     1o4DGKtNik71x6uoDc_gLTfcHz0.roa (raw, json)
Hash identifier:          vcl6g+6scbk2Eg0XEFmprtmHlC24lCpb0WOsZaNVppA=
Subject key identifier:   D6:8E:03:18:AB:4D:8A:4E:F5:C7:AB:A8:0D:CF:E0:2D:37:DC:1F:3D
Certificate issuer:       /CN=c11c58337cd4d74cd9219d8778dee5b29f08a461
Certificate serial:       018572C385A784F53D82354A68E40A07E148
Authority key identifier: C1:1C:58:33:7C:D4:D7:4C:D9:21:9D:87:78:DE:E5:B2:9F:08:A4:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wRxYM3zU10zZIZ2HeN7lsp8IpGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/1o4DGKtNik71x6uoDc_gLTfcHz0.roa
Signing time:             Mon 02 Jan 2023 13:54:54 +0000
ROA not before:           Mon 02 Jan 2023 13:54:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50821
IP address blocks:        209.221.192.0/19 maxlen: 19
                          185.54.196.0/22 maxlen: 22
                          145.14.96.0/19 maxlen: 19
                          212.100.96.0/19 maxlen: 19
                          109.238.128.0/20 maxlen: 20
                          79.142.240.0/20 maxlen: 20
                          46.39.96.0/19 maxlen: 19
                          89.255.224.0/20 maxlen: 20
                          178.16.208.0/20 maxlen: 20
                          147.28.64.0/19 maxlen: 19
                          145.40.16.0/20 maxlen: 20
                          217.69.144.0/20 maxlen: 20
                          178.251.128.0/21 maxlen: 21
                          185.81.108.0/22 maxlen: 22
                          2001:1ba8::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:c3:85:a7:84:f5:3d:82:35:4a:68:e4:0a:07:e1:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c11c58337cd4d74cd9219d8778dee5b29f08a461
        Validity
            Not Before: Jan  2 13:54:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d68e0318ab4d8a4ef5c7aba80dcfe02d37dc1f3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7d:29:ba:92:c3:18:76:f0:b4:34:1a:1a:f6:
                    4f:05:fd:9f:6c:1d:de:7f:4a:13:65:f1:c1:ed:33:
                    bd:79:8c:6d:e8:35:6c:c7:5f:ac:c0:dd:96:39:03:
                    e2:0e:87:34:27:2d:73:3a:3a:b9:8e:5c:c7:6f:e3:
                    8d:55:1f:94:ac:14:f8:97:f2:ef:0e:41:8f:61:d1:
                    c3:71:c1:0a:41:b8:43:ae:d1:9c:e6:f8:34:2b:a8:
                    8f:d9:67:41:0f:13:51:1e:df:76:f8:cc:30:5a:37:
                    a1:19:42:bd:0c:c8:e7:c8:ac:34:3b:76:d5:3b:c9:
                    8e:c1:45:64:d9:b7:c3:42:88:27:17:72:0b:12:b2:
                    50:b4:4c:cf:11:a4:7d:84:61:b4:96:34:ab:7c:17:
                    90:c9:36:80:b8:c0:d5:d4:63:6e:73:c4:dd:5b:bc:
                    8d:5b:56:bf:4a:3a:a1:a7:84:83:41:94:b9:dc:8b:
                    d0:22:93:94:9c:e4:b4:5e:e0:7d:1e:a0:5e:1e:83:
                    94:1b:79:a0:de:22:1d:51:4a:4d:2d:ae:06:9c:ce:
                    c2:36:28:fa:98:2c:0b:45:84:d8:80:20:1e:99:a2:
                    ee:9c:df:f7:8f:d7:53:8e:9a:c1:6f:27:22:5d:11:
                    32:b0:e5:ff:5c:6c:a8:8a:b6:09:aa:1d:07:02:20:
                    29:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:8E:03:18:AB:4D:8A:4E:F5:C7:AB:A8:0D:CF:E0:2D:37:DC:1F:3D
            X509v3 Authority Key Identifier:
                keyid:C1:1C:58:33:7C:D4:D7:4C:D9:21:9D:87:78:DE:E5:B2:9F:08:A4:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wRxYM3zU10zZIZ2HeN7lsp8IpGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/1o4DGKtNik71x6uoDc_gLTfcHz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/0bdca3-283a-4942-8592-c394541f770e/1/wRxYM3zU10zZIZ2HeN7lsp8IpGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.39.96.0/19
                  79.142.240.0/20
                  89.255.224.0/20
                  109.238.128.0/20
                  145.14.96.0/19
                  145.40.16.0/20
                  147.28.64.0/19
                  178.16.208.0/20
                  178.251.128.0/21
                  185.54.196.0/22
                  185.81.108.0/22
                  209.221.192.0/19
                  212.100.96.0/19
                  217.69.144.0/20
                IPv6:
                  2001:1ba8::/29

    Signature Algorithm: sha256WithRSAEncryption
         b9:82:ef:6e:84:7f:d3:34:eb:08:1a:0d:79:02:fd:f8:f6:be:
         a1:1c:3c:fa:b3:cf:9c:f2:26:f2:9a:1d:15:92:b1:39:83:aa:
         e6:38:0f:1a:dc:2d:d6:6e:1e:ee:86:66:14:e7:b8:54:ff:64:
         4d:82:0d:95:5d:91:18:31:c1:b0:aa:b7:7a:ab:c5:17:ec:bd:
         ab:49:15:2d:1e:23:69:41:f8:49:b0:d9:79:88:cd:97:a0:90:
         84:e5:89:aa:9d:37:fe:8f:ad:2c:95:c0:8d:24:c4:bc:ea:2d:
         2a:60:9a:6e:32:d7:66:a3:6f:44:49:c5:cc:c9:49:45:c9:9b:
         ea:29:d7:84:65:0d:57:4b:be:9d:73:32:d0:b0:38:ed:ca:a8:
         c3:51:15:ef:cc:02:6c:75:83:e2:56:97:e0:81:4f:9f:4f:c9:
         ad:9c:70:ff:12:8b:87:c0:a4:ba:43:a0:4b:d7:52:c3:b5:6b:
         ff:c9:c7:ea:9e:bf:49:08:1a:d7:15:01:0f:68:ee:08:5f:2c:
         b4:1d:3e:35:fb:85:c1:81:ec:06:83:6d:d8:57:fa:36:d7:13:
         fb:a8:9c:43:99:28:09:b2:93:cf:2b:12:25:81:6c:b9:74:d5:
         1e:66:9c:bf:68:9e:ba:9f:12:c8:d5:c4:89:e4:4d:4c:8d:d7:
         70:62:57:d3
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAYVyw4WnhPU9gjVKaOQKB+FIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMWM1ODMzN2NkNGQ3NGNkOTIxOWQ4Nzc4ZGVlNWIyOWYw
OGE0NjEwHhcNMjMwMTAyMTM1NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjhlMDMxOGFiNGQ4YTRlZjVjN2FiYTgwZGNmZTAyZDM3ZGMxZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApX0pupLDGHbwtDQaGvZPBf2fbB3e
f0oTZfHB7TO9eYxt6DVsx1+swN2WOQPiDoc0Jy1zOjq5jlzHb+ONVR+UrBT4l/Lv
DkGPYdHDccEKQbhDrtGc5vg0K6iP2WdBDxNRHt92+MwwWjehGUK9DMjnyKw0O3bV
O8mOwUVk2bfDQognF3ILErJQtEzPEaR9hGG0ljSrfBeQyTaAuMDV1GNuc8TdW7yN
W1a/Sjqhp4SDQZS53IvQIpOUnOS0XuB9HqBeHoOUG3mg3iIdUUpNLa4GnM7CNij6
mCwLRYTYgCAemaLunN/3j9dTjprBbyciXREysOX/XGyoirYJqh0HAiApYQIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFNaOAxirTYpO9cerqA3P4C033B89MB8GA1UdIwQY
MBaAFMEcWDN81NdM2SGdh3je5bKfCKRhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1J4WU0zelUxMHpaSVoySGVON2xzcDhJcEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wYmRjYTMtMjgzYS00OTQyLTg1OTIt
YzM5NDU0MWY3NzBlLzEvMW80REdLdE5pazcxeDZ1b0RjX2dMVGZjSHowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wYmRjYTMtMjgzYS00OTQyLTg1OTItYzM5NDU0MWY3NzBl
LzEvd1J4WU0zelUxMHpaSVoySGVON2xzcDhJcEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUAwQFLidgAwQE
T47wAwQEWf/gAwQEbe6AAwQFkQ5gAwQEkSgQAwQFkxxAAwQEshDQAwQDsvuAAwQC
uTbEAwQCuVFsAwQF0d3AAwQF1GRgAwQE2UWQMA0EAgACMAcDBQMgARuoMA0GCSqG
SIb3DQEBCwUAA4IBAQC5gu9uhH/TNOsIGg15Av349r6hHDz6s8+c8ibymh0VkrE5
g6rmOA8a3C3Wbh7uhmYU57hU/2RNgg2VXZEYMcGwqrd6q8UX7L2rSRUtHiNpQfhJ
sNl5iM2XoJCE5YmqnTf+j60slcCNJMS86i0qYJpuMtdmo29EScXMyUlFyZvqKdeE
ZQ1XS76dczLQsDjtyqjDURXvzAJsdYPiVpfggU+fT8mtnHD/EouHwKS6Q6BL11LD
tWv/ycfqnr9JCBrXFQEPaO4IXyy0HT41+4XBgewGg23YV/o21xP7qJxDmSgJspPP
KxIlgWy5dNUeZpy/aJ66nxLI1cSJ5E1MjddwYlfT
-----END CERTIFICATE-----