Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/FZno-4uKiE-5IohCxaCB5D3h7Yo.roa
File:                     FZno-4uKiE-5IohCxaCB5D3h7Yo.roa (raw, json)
Hash identifier:          4jmpGOjiYJkd+Llt7qerUzHaixjMUL8ablzcWFNaQ90=
Subject key identifier:   15:99:E8:FB:8B:8A:88:4F:B9:22:88:42:C5:A0:81:E4:3D:E1:ED:8A
Certificate issuer:       /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial:       01848A9D818B4B4C9567F52376F7A987769D
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/FZno-4uKiE-5IohCxaCB5D3h7Yo.roa
Signing time:             Fri 18 Nov 2022 12:01:28 +0000
ROA not before:           Fri 18 Nov 2022 12:01:28 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34458
IP address blocks:        46.20.107.0/24 maxlen: 24
                          46.20.108.0/24 maxlen: 24
                          46.20.106.0/24 maxlen: 24
                          46.20.111.0/24 maxlen: 24
                          46.20.110.0/24 maxlen: 24
                          46.20.97.0/24 maxlen: 24
                          46.20.104.0/24 maxlen: 24
                          46.20.105.0/24 maxlen: 24
                          46.20.101.0/24 maxlen: 24
                          185.160.194.0/24 maxlen: 24
                          185.100.170.0/24 maxlen: 24
                          185.100.171.0/24 maxlen: 24
                          185.100.168.0/24 maxlen: 24
                          185.100.169.0/24 maxlen: 24
                          185.169.222.0/24 maxlen: 24
                          185.169.221.0/24 maxlen: 24
                          185.169.223.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:8a:9d:81:8b:4b:4c:95:67:f5:23:76:f7:a9:87:76:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
        Validity
            Not Before: Nov 18 12:01:28 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1599e8fb8b8a884fb9228842c5a081e43de1ed8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c5:68:cf:1f:20:1b:55:3c:df:a8:6b:03:72:
                    bc:c1:db:77:77:d8:60:c7:f0:f9:e6:c2:e7:75:08:
                    eb:81:22:b9:ba:46:88:2a:fd:49:95:ea:5d:1d:88:
                    4a:1d:63:52:df:6d:8a:13:9b:b8:18:0d:92:1a:fb:
                    d9:b3:a9:34:99:74:44:cc:82:ee:2e:e6:9b:91:25:
                    85:d8:c7:09:6f:fd:5f:9b:86:99:e6:8c:f8:03:d7:
                    90:79:8a:ae:7d:e7:42:50:07:bb:2b:98:53:93:89:
                    75:88:ed:18:23:4f:ae:aa:25:32:f6:1e:6f:67:06:
                    b2:94:8a:3e:6c:66:fd:a9:ec:21:23:9b:91:8c:9e:
                    84:e0:c7:25:17:d0:aa:f9:68:04:8d:1d:fd:61:0f:
                    82:39:0a:0f:39:02:ac:68:ef:7d:e9:8a:38:6d:02:
                    75:ae:e3:4c:68:dc:6b:31:ea:9e:34:6a:3e:06:1d:
                    27:92:df:0d:3a:3a:05:75:34:7a:62:4a:c4:42:4a:
                    5b:c3:18:31:c9:01:43:7d:0c:84:47:44:d8:13:98:
                    c5:cc:dc:f0:89:a8:78:e9:52:13:ea:49:74:4e:34:
                    dc:4c:7e:76:e0:d5:70:aa:b8:6a:4d:0d:dc:1f:fc:
                    5a:bd:8b:72:1a:af:aa:b2:a8:10:bc:30:e6:40:ef:
                    b8:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:99:E8:FB:8B:8A:88:4F:B9:22:88:42:C5:A0:81:E4:3D:E1:ED:8A
            X509v3 Authority Key Identifier:
                keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/FZno-4uKiE-5IohCxaCB5D3h7Yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.97.0/24
                  46.20.101.0/24
                  46.20.104.0-46.20.108.255
                  46.20.110.0/23
                  185.100.168.0/22
                  185.160.194.0/24
                  185.169.221.0-185.169.223.255

    Signature Algorithm: sha256WithRSAEncryption
         6d:50:25:be:b4:ad:8c:bb:df:90:c2:6f:e9:bd:b1:e5:8b:f3:
         e5:fc:76:cf:3c:41:df:cf:cd:91:3d:9e:c8:02:5c:4c:28:24:
         2e:c0:0e:ce:77:0e:c6:9a:90:d6:d0:0f:74:bb:d4:ad:06:5f:
         84:c4:ef:06:47:b0:7a:b0:0a:f6:f8:22:5f:45:16:57:7e:11:
         ab:0b:da:01:8d:63:7c:27:ba:04:c1:f7:50:d4:93:53:f4:da:
         b6:74:6b:ee:eb:8b:fb:88:87:cd:01:42:e2:e7:89:6c:ce:0c:
         f8:6a:c1:b5:4b:e6:02:09:04:32:ff:7c:42:f7:53:e0:f0:36:
         69:0c:b0:70:ce:32:c4:86:06:38:d7:2e:f7:58:e7:d7:22:b9:
         a9:ea:b3:c9:c6:09:91:b5:da:3c:f7:14:d9:55:db:c1:ed:7b:
         25:eb:9a:c6:6d:05:82:a9:11:fb:4c:c7:f8:18:a5:83:9b:25:
         e2:a3:ab:94:50:07:dd:b6:75:76:85:8b:b3:e3:a4:d7:f5:99:
         2d:82:3d:0b:e9:6c:23:8a:f7:7e:de:43:22:fa:74:86:2a:4a:
         92:e3:47:0b:0a:bf:2b:fc:87:fe:36:8a:03:bd:97:3a:01:e4:
         2f:67:86:22:49:51:b5:46:d7:95:9f:ad:95:7d:5c:58:45:1f:
         bc:b9:5a:d1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYSKnYGLS0yVZ/Ujdveph3adMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjIxMTE4MTIwMTI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTk5ZThmYjhiOGE4ODRmYjkyMjg4NDJjNWEwODFlNDNkZTFlZDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcVozx8gG1U836hrA3K8wdt3d9hg
x/D55sLndQjrgSK5ukaIKv1JlepdHYhKHWNS322KE5u4GA2SGvvZs6k0mXREzILu
LuabkSWF2McJb/1fm4aZ5oz4A9eQeYqufedCUAe7K5hTk4l1iO0YI0+uqiUy9h5v
ZwaylIo+bGb9qewhI5uRjJ6E4MclF9Cq+WgEjR39YQ+COQoPOQKsaO996Yo4bQJ1
ruNMaNxrMeqeNGo+Bh0nkt8NOjoFdTR6YkrEQkpbwxgxyQFDfQyER0TYE5jFzNzw
iah46VIT6kl0TjTcTH524NVwqrhqTQ3cH/xavYtyGq+qsqgQvDDmQO+41QIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFBWZ6PuLiohPuSKIQsWggeQ94e2KMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvRlpuby00dUtpRS01SW9oQ3hhQ0I1RDNoN1lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQALhRhAwQA
LhRlMAwDBAMuFGgDBAAuFGwDBAEuFG4DBAK5ZKgDBAC5oMIwDAMEALmp3QMEBbmp
wDANBgkqhkiG9w0BAQsFAAOCAQEAbVAlvrStjLvfkMJv6b2x5Yvz5fx2zzxB38/N
kT2eyAJcTCgkLsAOzncOxpqQ1tAPdLvUrQZfhMTvBkewerAK9vgiX0UWV34Rqwva
AY1jfCe6BMH3UNSTU/TatnRr7uuL+4iHzQFC4ueJbM4M+GrBtUvmAgkEMv98QvdT
4PA2aQywcM4yxIYGONcu91jn1yK5qeqzycYJkbXaPPcU2VXbwe17Jeuaxm0FgqkR
+0zH+Bilg5sl4qOrlFAH3bZ1doWLs+Ok1/WZLYI9C+lsI4r3ft5DIvp0hipKkuNH
Cwq/K/yH/jaKA72XOgHkL2eGIklRtUbXlZ+tlX1cWEUfvLla0Q==
-----END CERTIFICATE-----