Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/0Yv9Sw9xoM_-P8QoMwqaaCixp5A.roa
File:                     0Yv9Sw9xoM_-P8QoMwqaaCixp5A.roa (raw, json)
Hash identifier:          8xRz+ABnB9P3ckO3KMrze3vITX4S8kp1Afk9+wOww7E=
Subject key identifier:   D1:8B:FD:4B:0F:71:A0:CF:FE:3F:C4:28:33:0A:9A:68:28:B1:A7:90
Certificate issuer:       /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial:       0185B6581066C9B922542432FCA2F9BD6E76
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/0Yv9Sw9xoM_-P8QoMwqaaCixp5A.roa
Signing time:             Sun 15 Jan 2023 16:51:42 +0000
ROA not before:           Sun 15 Jan 2023 16:51:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34458
IP address blocks:        46.20.107.0/24 maxlen: 24
                          46.20.108.0/24 maxlen: 24
                          46.20.106.0/24 maxlen: 24
                          46.20.111.0/24 maxlen: 24
                          46.20.110.0/24 maxlen: 24
                          46.20.97.0/24 maxlen: 24
                          46.20.98.0/24 maxlen: 24
                          46.20.104.0/24 maxlen: 24
                          46.20.105.0/24 maxlen: 24
                          46.20.101.0/24 maxlen: 24
                          185.160.194.0/24 maxlen: 24
                          185.100.170.0/24 maxlen: 24
                          185.100.171.0/24 maxlen: 24
                          185.100.168.0/24 maxlen: 24
                          185.100.169.0/24 maxlen: 24
                          185.169.222.0/24 maxlen: 24
                          185.169.221.0/24 maxlen: 24
                          185.169.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:b6:58:10:66:c9:b9:22:54:24:32:fc:a2:f9:bd:6e:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
        Validity
            Not Before: Jan 15 16:51:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d18bfd4b0f71a0cffe3fc428330a9a6828b1a790
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ff:f0:2f:51:cd:29:93:53:5f:8e:33:ea:0e:
                    48:b3:78:af:af:d3:7b:cc:7d:67:f7:69:bf:fe:d9:
                    a0:0a:ee:dc:58:02:aa:0d:bd:ed:05:27:dc:d8:e9:
                    07:12:ce:f9:58:59:8e:4e:b9:ff:83:27:4d:35:1e:
                    5a:0c:4e:36:f8:93:6a:2c:83:9b:7d:9d:1c:e7:97:
                    95:a9:b6:14:92:b8:66:d6:6b:ed:1d:c4:c7:98:4f:
                    7d:fc:a8:25:1b:0b:af:b3:c6:03:c5:3e:ca:ea:67:
                    33:15:16:de:41:bd:41:0d:22:3f:c0:6c:29:9d:aa:
                    4f:0e:ec:a0:f8:55:94:55:c5:1d:e8:20:f8:ee:2b:
                    46:c6:e5:53:9e:f2:2d:d3:48:36:7b:5c:59:c7:29:
                    73:87:6d:ee:e4:d8:f7:99:b8:3a:35:8f:71:29:e1:
                    d5:dd:05:88:46:ca:9f:37:ae:63:39:b0:8f:04:1e:
                    cd:d8:ea:f3:c4:78:bd:8c:6f:91:40:5b:fa:2f:67:
                    35:00:8a:7e:a5:ed:eb:0d:bd:b7:11:87:4d:72:f1:
                    e6:a1:5c:68:b8:66:0d:4c:fa:ea:94:2f:4e:4e:84:
                    f2:32:66:58:13:82:96:40:3f:3f:9f:76:87:d0:93:
                    6f:a1:1b:7f:0f:93:7f:33:7b:3b:c3:db:bc:8f:a8:
                    95:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:8B:FD:4B:0F:71:A0:CF:FE:3F:C4:28:33:0A:9A:68:28:B1:A7:90
            X509v3 Authority Key Identifier:
                keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/0Yv9Sw9xoM_-P8QoMwqaaCixp5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.97.0-46.20.98.255
                  46.20.101.0/24
                  46.20.104.0-46.20.108.255
                  46.20.110.0/23
                  185.100.168.0/22
                  185.160.194.0/24
                  185.169.221.0-185.169.223.255

    Signature Algorithm: sha256WithRSAEncryption
         ce:f7:bd:30:a7:c5:76:a8:9f:d6:93:92:33:64:e4:5e:ce:0a:
         87:c6:5b:a3:c6:0a:78:60:05:04:a3:b9:ae:73:b1:83:d5:79:
         25:c3:c6:c7:a1:0c:30:af:0d:f1:49:94:20:d0:3a:75:e2:67:
         a1:4f:f7:8d:32:fa:3a:9a:db:a2:34:f1:a9:8f:25:58:14:7f:
         39:49:24:8a:15:1c:51:da:f2:6b:4d:cd:70:f2:bd:c7:6d:49:
         e2:9b:11:b3:cc:06:52:50:6f:ff:57:dd:7f:de:58:17:df:ea:
         a0:29:96:cc:6d:f8:6d:a9:ba:13:0d:0a:a0:49:75:97:d6:a8:
         29:69:fc:8a:b0:c3:01:a6:32:0c:03:28:42:b3:d8:67:61:0c:
         f4:6b:03:12:7d:86:d6:39:06:6a:f1:37:10:2f:d7:91:e8:80:
         69:7d:55:ef:79:3e:5f:00:7e:2f:9d:d8:06:e0:61:6b:72:25:
         1d:7f:64:cb:f2:27:e0:19:5a:3e:69:4f:52:53:ab:1f:38:89:
         ed:49:eb:62:77:68:39:f0:46:68:e9:d9:a4:73:b8:e9:91:53:
         a4:58:ec:86:02:0d:bf:5b:b4:91:c8:1d:10:5f:6b:be:5a:16:
         f3:e7:e4:f2:46:57:6c:f9:41:ab:5d:c0:ca:7e:95:18:39:0e:
         f3:72:5d:d2
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYW2WBBmybkiVCQy/KL5vW52MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjMwMTE1MTY1MTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMThiZmQ0YjBmNzFhMGNmZmUzZmM0MjgzMzBhOWE2ODI4YjFhNzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgf/wL1HNKZNTX44z6g5Is3ivr9N7
zH1n92m//tmgCu7cWAKqDb3tBSfc2OkHEs75WFmOTrn/gydNNR5aDE42+JNqLIOb
fZ0c55eVqbYUkrhm1mvtHcTHmE99/KglGwuvs8YDxT7K6mczFRbeQb1BDSI/wGwp
napPDuyg+FWUVcUd6CD47itGxuVTnvIt00g2e1xZxylzh23u5Nj3mbg6NY9xKeHV
3QWIRsqfN65jObCPBB7N2OrzxHi9jG+RQFv6L2c1AIp+pe3rDb23EYdNcvHmoVxo
uGYNTPrqlC9OToTyMmZYE4KWQD8/n3aH0JNvoRt/D5N/M3s7w9u8j6iVAwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFNGL/UsPcaDP/j/EKDMKmmgosaeQMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvMFl2OVN3OXhvTV8tUDhRb013cWFhQ2l4cDVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCMAwDBAAuFGED
BAAuFGIDBAAuFGUwDAMEAy4UaAMEAC4UbAMEAS4UbgMEArlkqAMEALmgwjAMAwQA
uandAwQFuanAMA0GCSqGSIb3DQEBCwUAA4IBAQDO970wp8V2qJ/Wk5IzZORezgqH
xlujxgp4YAUEo7muc7GD1Xklw8bHoQwwrw3xSZQg0Dp14mehT/eNMvo6mtuiNPGp
jyVYFH85SSSKFRxR2vJrTc1w8r3HbUnimxGzzAZSUG//V91/3lgX3+qgKZbMbfht
qboTDQqgSXWX1qgpafyKsMMBpjIMAyhCs9hnYQz0awMSfYbWOQZq8TcQL9eR6IBp
fVXveT5fAH4vndgG4GFrciUdf2TL8ifgGVo+aU9SU6sfOIntSetid2g58EZo6dmk
c7jpkVOkWOyGAg2/W7SRyB0QX2u+Whbz5+TyRlds+UGrXcDKfpUYOQ7zcl3S
-----END CERTIFICATE-----