Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/5y0UcbgE8MZXqcDY8fpBGqWEAx0.roa
File:                     5y0UcbgE8MZXqcDY8fpBGqWEAx0.roa (raw, json)
Hash identifier:          aeH2Ul2ZHYW44M5uvUwlc8BFKM0MHBf0oLx/Mg6YfcI=
Subject key identifier:   E7:2D:14:71:B8:04:F0:C6:57:A9:C0:D8:F1:FA:41:1A:A5:84:03:1D
Certificate issuer:       /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial:       0184BF20601B902E311FFD367EFAFF351646
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/5y0UcbgE8MZXqcDY8fpBGqWEAx0.roa
Signing time:             Mon 28 Nov 2022 16:44:40 +0000
ROA not before:           Mon 28 Nov 2022 16:44:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34458
IP address blocks:        46.20.108.0/24 maxlen: 24
                          46.20.106.0/24 maxlen: 24
                          46.20.111.0/24 maxlen: 24
                          46.20.110.0/24 maxlen: 24
                          46.20.97.0/24 maxlen: 24
                          46.20.104.0/24 maxlen: 24
                          46.20.105.0/24 maxlen: 24
                          46.20.101.0/24 maxlen: 24
                          185.160.194.0/24 maxlen: 24
                          185.100.170.0/24 maxlen: 24
                          185.100.171.0/24 maxlen: 24
                          185.100.168.0/24 maxlen: 24
                          185.100.169.0/24 maxlen: 24
                          185.169.222.0/24 maxlen: 24
                          185.169.221.0/24 maxlen: 24
                          185.169.223.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:bf:20:60:1b:90:2e:31:1f:fd:36:7e:fa:ff:35:16:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
        Validity
            Not Before: Nov 28 16:44:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e72d1471b804f0c657a9c0d8f1fa411aa584031d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d0:13:29:6d:e2:7e:06:40:e2:d2:6a:57:30:
                    ca:61:47:17:ae:e2:6d:03:d1:8f:cb:11:ed:06:c6:
                    c8:5f:21:86:ee:42:c6:9d:cf:c8:e1:44:6c:06:9b:
                    bb:b3:82:62:cb:e6:4e:16:51:8a:8b:33:7e:14:94:
                    90:59:71:a1:c8:23:da:55:7c:a2:ff:81:b9:c4:a9:
                    1e:a0:e4:bf:f7:ba:1d:65:b5:23:1e:c6:fb:35:cb:
                    b1:b8:50:75:2c:a7:4c:5c:47:f7:d1:ab:34:15:f9:
                    1e:64:73:2b:e3:01:89:e2:83:67:f8:c0:6c:e8:76:
                    7e:d4:e1:ea:28:7e:cb:c1:4f:2c:96:37:8c:01:f3:
                    c3:af:eb:21:60:0f:88:db:37:18:fc:51:8e:65:0b:
                    6e:8f:c9:0e:6a:2e:24:33:e7:15:a6:b8:10:a0:e3:
                    22:97:c3:d3:91:90:65:16:7a:22:00:4c:9f:db:71:
                    9e:6d:d8:43:24:6b:8c:e2:59:23:f5:c0:6f:7e:63:
                    a6:f9:bd:c5:02:10:d2:97:7c:f7:9e:36:80:b4:f0:
                    63:89:70:49:60:fb:d0:d1:2e:d5:9e:52:fe:0f:6f:
                    e2:6d:7d:02:32:8b:68:ef:76:a5:e4:7c:9a:97:2e:
                    bd:5e:6a:d7:ea:6a:6f:98:9d:73:89:a8:a1:88:dd:
                    7d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:2D:14:71:B8:04:F0:C6:57:A9:C0:D8:F1:FA:41:1A:A5:84:03:1D
            X509v3 Authority Key Identifier:
                keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/5y0UcbgE8MZXqcDY8fpBGqWEAx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.97.0/24
                  46.20.101.0/24
                  46.20.104.0-46.20.106.255
                  46.20.108.0/24
                  46.20.110.0/23
                  185.100.168.0/22
                  185.160.194.0/24
                  185.169.221.0-185.169.223.255

    Signature Algorithm: sha256WithRSAEncryption
         23:6f:37:8c:01:d0:e6:84:73:d8:83:7a:20:fe:66:bf:e5:0e:
         fe:3f:64:9c:31:35:66:87:65:37:41:4d:18:0a:7e:2c:fc:e8:
         61:99:a8:9a:da:43:f1:57:7b:8c:f8:5b:ca:89:f5:97:97:28:
         6a:09:c6:d0:6d:ed:6c:6b:8a:83:3e:41:14:4c:50:18:4f:cb:
         c0:19:c7:b9:24:df:fd:eb:c0:00:f6:c1:50:ca:fc:11:31:66:
         37:21:64:6d:4c:91:c2:96:2a:22:18:53:28:5f:1d:0e:22:f2:
         6e:46:d7:fe:fe:67:88:65:fc:93:af:9b:76:0f:13:02:3e:53:
         6e:85:0f:17:3c:6b:d3:bb:c9:94:20:8b:91:0d:72:76:38:37:
         35:73:02:82:86:48:b0:cf:0a:cf:15:aa:99:89:e7:bc:b5:db:
         46:4e:21:73:24:db:a5:94:97:fa:b9:d0:c7:94:a0:09:de:f4:
         11:5c:96:4c:6c:cd:b8:20:bd:1b:5c:07:f6:38:fe:80:9d:28:
         0e:1b:3d:90:d4:61:64:a7:15:5f:16:28:40:6f:25:77:c3:c2:
         e4:23:ab:0a:b9:11:55:1f:08:48:de:86:c8:fd:20:46:93:da:
         72:57:9f:2e:03:b2:80:06:88:3c:e2:5d:47:f9:fd:9f:6d:6e:
         16:9b:ec:12
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYS/IGAbkC4xH/02fvr/NRZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjIxMTI4MTY0NDQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzJkMTQ3MWI4MDRmMGM2NTdhOWMwZDhmMWZhNDExYWE1ODQwMzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtATKW3ifgZA4tJqVzDKYUcXruJt
A9GPyxHtBsbIXyGG7kLGnc/I4URsBpu7s4Jiy+ZOFlGKizN+FJSQWXGhyCPaVXyi
/4G5xKkeoOS/97odZbUjHsb7NcuxuFB1LKdMXEf30as0FfkeZHMr4wGJ4oNn+MBs
6HZ+1OHqKH7LwU8sljeMAfPDr+shYA+I2zcY/FGOZQtuj8kOai4kM+cVprgQoOMi
l8PTkZBlFnoiAEyf23GebdhDJGuM4lkj9cBvfmOm+b3FAhDSl3z3njaAtPBjiXBJ
YPvQ0S7VnlL+D2/ibX0CMoto73al5Hyaly69XmrX6mpvmJ1ziaihiN195wIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFOctFHG4BPDGV6nA2PH6QRqlhAMdMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvNXkwVWNiZ0U4TVpYcWNEWThmcEJHcVdFQXgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQALhRhAwQA
LhRlMAwDBAMuFGgDBAAuFGoDBAAuFGwDBAEuFG4DBAK5ZKgDBAC5oMIwDAMEALmp
3QMEBbmpwDANBgkqhkiG9w0BAQsFAAOCAQEAI283jAHQ5oRz2IN6IP5mv+UO/j9k
nDE1ZodlN0FNGAp+LPzoYZmomtpD8Vd7jPhbyon1l5coagnG0G3tbGuKgz5BFExQ
GE/LwBnHuSTf/evAAPbBUMr8ETFmNyFkbUyRwpYqIhhTKF8dDiLybkbX/v5niGX8
k6+bdg8TAj5TboUPFzxr07vJlCCLkQ1ydjg3NXMCgoZIsM8KzxWqmYnnvLXbRk4h
cyTbpZSX+rnQx5SgCd70EVyWTGzNuCC9G1wH9jj+gJ0oDhs9kNRhZKcVXxYoQG8l
d8PC5COrCrkRVR8ISN6GyP0gRpPaclefLgOygAaIPOJdR/n9n21uFpvsEg==
-----END CERTIFICATE-----