Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/QH4-JzwZiOJgP8j4aRU3XUH8ODk.roa
File:                     QH4-JzwZiOJgP8j4aRU3XUH8ODk.roa (raw, json)
Hash identifier:          716saCbqVMtMkJlq049KxslvWxN3zsV7dO2z0Q+NnU0=
Subject key identifier:   40:7E:3E:27:3C:19:88:E2:60:3F:C8:F8:69:15:37:5D:41:FC:38:39
Certificate issuer:       /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial:       0185A5D9AD94311A70BF7F1EF26FC557E98F
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/QH4-JzwZiOJgP8j4aRU3XUH8ODk.roa
Signing time:             Thu 12 Jan 2023 11:59:44 +0000
ROA not before:           Thu 12 Jan 2023 11:59:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34458
IP address blocks:        46.20.107.0/24 maxlen: 24
                          46.20.108.0/24 maxlen: 24
                          46.20.106.0/24 maxlen: 24
                          46.20.111.0/24 maxlen: 24
                          46.20.109.0/24 maxlen: 24
                          46.20.110.0/24 maxlen: 24
                          46.20.97.0/24 maxlen: 24
                          46.20.104.0/24 maxlen: 24
                          46.20.105.0/24 maxlen: 24
                          46.20.101.0/24 maxlen: 24
                          46.20.99.0/24 maxlen: 24
                          185.160.194.0/24 maxlen: 24
                          185.100.170.0/24 maxlen: 24
                          185.100.171.0/24 maxlen: 24
                          185.100.168.0/24 maxlen: 24
                          185.100.169.0/24 maxlen: 24
                          185.169.222.0/24 maxlen: 24
                          185.169.221.0/24 maxlen: 24
                          185.169.223.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:a5:d9:ad:94:31:1a:70:bf:7f:1e:f2:6f:c5:57:e9:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
        Validity
            Not Before: Jan 12 11:59:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=407e3e273c1988e2603fc8f86915375d41fc3839
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:56:ee:c2:fd:2e:cf:1a:1d:ce:da:1b:de:9f:
                    d4:b8:60:c2:26:cb:67:53:bd:df:cd:24:30:f1:30:
                    f8:13:64:37:8c:9c:15:06:c5:08:88:cb:67:61:ab:
                    96:16:0b:9b:a6:29:2a:54:13:1e:60:c6:a5:75:5a:
                    9d:83:20:9c:d8:82:18:65:93:5e:ca:f6:2a:a4:1d:
                    ae:e7:d3:58:64:af:d8:22:3a:36:f2:d3:04:18:e3:
                    1a:67:fe:13:e5:f8:87:be:42:e7:6f:15:f0:9c:b3:
                    da:92:16:37:d1:4e:45:da:6e:e7:76:50:0f:6a:61:
                    a9:8e:1b:e8:6d:9a:09:78:9e:ac:da:d8:f2:c7:b5:
                    9b:e9:ea:d9:3b:e3:e7:70:66:89:35:de:fd:2a:39:
                    d1:7f:3e:f5:9c:89:0c:bb:bd:28:46:34:ed:6d:37:
                    67:26:e8:36:e6:52:b5:ec:93:27:c1:5a:e6:49:06:
                    57:5a:7a:d5:12:a3:25:34:a9:bd:80:5a:7e:1b:60:
                    60:7f:a6:b6:be:25:94:8a:e8:31:a1:90:5b:e3:60:
                    3d:58:38:86:6f:33:13:c9:0a:5d:4f:7b:6e:24:72:
                    aa:e0:09:12:d7:84:f4:bd:e3:cf:c9:f7:f0:9c:9c:
                    0c:d2:dc:e9:d4:68:ee:54:7f:2b:20:89:95:67:b0:
                    aa:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:7E:3E:27:3C:19:88:E2:60:3F:C8:F8:69:15:37:5D:41:FC:38:39
            X509v3 Authority Key Identifier:
                keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/QH4-JzwZiOJgP8j4aRU3XUH8ODk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.97.0/24
                  46.20.99.0/24
                  46.20.101.0/24
                  46.20.104.0/21
                  185.100.168.0/22
                  185.160.194.0/24
                  185.169.221.0-185.169.223.255

    Signature Algorithm: sha256WithRSAEncryption
         24:4b:47:07:82:ba:d2:b6:1a:0e:a3:a7:8f:99:e1:ee:2b:08:
         a5:92:69:57:cd:d9:c1:e3:71:4c:2d:fb:13:d2:a7:7f:9e:3b:
         e9:00:23:a5:a0:fe:52:f7:0c:fd:19:f6:48:db:d0:11:10:1f:
         5d:91:c1:a3:ff:8f:6a:2f:da:33:67:49:04:54:b2:b7:21:1a:
         a6:d7:9f:45:25:a0:8b:89:7c:3d:83:56:be:82:0b:51:de:9b:
         a8:f2:a4:a2:a2:ce:cf:71:e9:ee:eb:b4:90:64:8e:e9:80:6f:
         4d:51:67:7e:a7:aa:40:65:8f:50:72:05:d6:2a:09:c1:1f:55:
         cf:a1:42:74:19:51:8a:46:8f:7a:9f:8b:5f:f9:fb:08:67:25:
         ed:9c:0f:c5:0b:f1:e3:eb:a7:28:6a:70:84:06:30:d3:d0:09:
         2e:d4:ce:1c:67:7d:47:75:c6:cc:97:53:b0:dc:a3:77:73:3b:
         11:cc:a3:3e:37:c0:39:c6:c4:07:3b:a7:9c:e6:1b:d5:3b:15:
         49:23:4a:01:34:d1:df:1c:85:d0:5d:d5:44:db:5a:52:2a:2a:
         e7:9f:44:19:4b:72:ca:ec:7c:03:a4:a8:4d:5e:20:26:fd:f7:
         67:5e:4c:44:d9:01:46:ec:c7:87:28:7c:86:20:62:ed:58:db:
         2e:43:14:2a
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYWl2a2UMRpwv38e8m/FV+mPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjMwMTEyMTE1OTQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDdlM2UyNzNjMTk4OGUyNjAzZmM4Zjg2OTE1Mzc1ZDQxZmMzODM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVbuwv0uzxodztob3p/UuGDCJstn
U73fzSQw8TD4E2Q3jJwVBsUIiMtnYauWFgubpikqVBMeYMaldVqdgyCc2IIYZZNe
yvYqpB2u59NYZK/YIjo28tMEGOMaZ/4T5fiHvkLnbxXwnLPakhY30U5F2m7ndlAP
amGpjhvobZoJeJ6s2tjyx7Wb6erZO+PncGaJNd79KjnRfz71nIkMu70oRjTtbTdn
Jug25lK17JMnwVrmSQZXWnrVEqMlNKm9gFp+G2Bgf6a2viWUiugxoZBb42A9WDiG
bzMTyQpdT3tuJHKq4AkS14T0vePPyffwnJwM0tzp1GjuVH8rIImVZ7Cq7wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFEB+Pic8GYjiYD/I+GkVN11B/Dg5MB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvUUg0LUp6d1ppT0pnUDhqNGFSVTNYVUg4T0RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALhRhAwQA
LhRjAwQALhRlAwQDLhRoAwQCuWSoAwQAuaDCMAwDBAC5qd0DBAW5qcAwDQYJKoZI
hvcNAQELBQADggEBACRLRweCutK2Gg6jp4+Z4e4rCKWSaVfN2cHjcUwt+xPSp3+e
O+kAI6Wg/lL3DP0Z9kjb0BEQH12RwaP/j2ov2jNnSQRUsrchGqbXn0UloIuJfD2D
Vr6CC1Hem6jypKKizs9x6e7rtJBkjumAb01RZ36nqkBlj1ByBdYqCcEfVc+hQnQZ
UYpGj3qfi1/5+whnJe2cD8UL8ePrpyhqcIQGMNPQCS7UzhxnfUd1xsyXU7Dco3dz
OxHMoz43wDnGxAc7p5zmG9U7FUkjSgE00d8chdBd1UTbWlIqKuefRBlLcsrsfAOk
qE1eICb992deTETZAUbsx4cofIYgYu1Y2y5DFCo=
-----END CERTIFICATE-----