Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/WOKNndZGXdJWlr_3yIqNt79ETjE.roa
File:                     WOKNndZGXdJWlr_3yIqNt79ETjE.roa (raw, json)
Hash identifier:          v+dJtVztjA5+IKzTajWkweaNCoQhGAFt5q2zAtyQaO8=
Subject key identifier:   58:E2:8D:9D:D6:46:5D:D2:56:96:BF:F7:C8:8A:8D:B7:BF:44:4E:31
Certificate issuer:       /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial:       0183CA6E19C7753ADB3FCB0DCC9DB13A558B
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/WOKNndZGXdJWlr_3yIqNt79ETjE.roa
Signing time:             Wed 12 Oct 2022 04:22:36 +0000
ROA not before:           Wed 12 Oct 2022 04:22:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34458
IP address blocks:        46.20.108.0/24 maxlen: 24
                          46.20.106.0/24 maxlen: 24
                          46.20.111.0/24 maxlen: 24
                          46.20.110.0/24 maxlen: 24
                          46.20.97.0/24 maxlen: 24
                          46.20.104.0/24 maxlen: 24
                          46.20.105.0/24 maxlen: 24
                          46.20.101.0/24 maxlen: 24
                          185.160.194.0/24 maxlen: 24
                          185.100.170.0/24 maxlen: 24
                          185.100.171.0/24 maxlen: 24
                          185.100.168.0/24 maxlen: 24
                          185.100.169.0/24 maxlen: 24
                          185.169.222.0/24 maxlen: 24
                          185.169.221.0/24 maxlen: 24
                          185.169.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:ca:6e:19:c7:75:3a:db:3f:cb:0d:cc:9d:b1:3a:55:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
        Validity
            Not Before: Oct 12 04:22:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=58e28d9dd6465dd25696bff7c88a8db7bf444e31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:13:4d:0c:a3:3d:e8:db:10:29:17:24:4b:84:
                    e6:bb:a9:d5:32:08:33:87:c7:a9:6b:53:47:bb:f5:
                    0d:45:cd:74:34:d2:49:28:3b:61:03:85:84:be:88:
                    46:be:20:41:ae:f4:e8:1f:91:b2:62:98:c1:a8:9c:
                    72:51:46:cb:d8:7d:9d:6b:6a:1c:f2:df:6e:52:1c:
                    95:ec:00:75:1a:78:33:32:ef:b7:6c:9d:d1:10:ed:
                    d9:d4:70:85:f5:a6:ff:d0:2d:8b:27:d0:01:6d:3d:
                    89:46:a9:ff:70:4b:c6:d9:e2:04:66:e4:8a:3b:49:
                    dc:90:77:7c:95:43:3d:78:ea:70:09:ee:0f:4d:b2:
                    c3:32:15:0a:2d:dd:9d:a6:57:8a:e4:8a:d6:eb:15:
                    11:be:66:a7:08:0a:f3:05:cc:eb:1e:e2:32:ca:8f:
                    63:3b:bd:eb:73:e9:24:67:84:57:17:b2:54:75:f7:
                    ef:40:23:d3:64:74:16:71:0e:23:8d:ce:e2:7c:99:
                    83:e6:83:89:8f:56:3d:88:b1:24:c6:df:d1:5c:11:
                    74:7b:04:d8:fd:46:12:13:94:62:66:58:c3:dc:cf:
                    95:c3:08:72:26:0c:ac:f9:a1:e6:1f:e9:1b:1b:44:
                    3f:7d:26:b0:87:35:02:ab:0d:a3:28:48:c8:ea:bd:
                    43:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:E2:8D:9D:D6:46:5D:D2:56:96:BF:F7:C8:8A:8D:B7:BF:44:4E:31
            X509v3 Authority Key Identifier:
                keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/WOKNndZGXdJWlr_3yIqNt79ETjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.97.0/24
                  46.20.101.0/24
                  46.20.104.0-46.20.106.255
                  46.20.108.0/24
                  46.20.110.0/23
                  185.100.168.0/22
                  185.160.194.0/24
                  185.169.221.0-185.169.223.255

    Signature Algorithm: sha256WithRSAEncryption
         b0:3c:83:bb:61:0d:ea:24:af:31:75:ef:c3:fa:c5:ed:f4:14:
         11:d6:d4:16:af:af:4a:a3:07:7a:3a:11:af:b1:a2:68:cc:4f:
         bd:a1:da:f6:53:f5:8a:15:40:81:d2:42:e1:70:e3:26:19:f0:
         cd:81:50:53:1c:46:03:2e:7b:4b:15:63:23:50:f1:0f:ea:de:
         b6:9e:ca:ca:e8:66:0c:fc:06:26:30:96:07:55:4e:24:7f:68:
         20:5b:6d:65:07:8d:02:69:eb:fe:8c:81:e7:61:08:6b:be:51:
         fa:1b:e4:3a:d8:5c:e8:0b:c5:5a:94:cf:c8:0c:df:3b:a3:2f:
         1f:6e:c6:9d:f1:5c:c3:a7:cd:e9:56:ff:28:77:19:3c:ba:28:
         29:56:ed:92:d0:7c:a3:e6:06:4c:bc:ca:b7:e1:44:69:d6:98:
         ed:d7:f6:f5:4e:0a:6e:74:70:61:50:a0:93:2e:6c:36:49:c6:
         5e:01:45:05:a9:64:80:1b:f2:4d:7a:63:73:e5:99:0b:22:d7:
         90:be:0d:48:2a:e3:fd:b4:30:a9:a0:f9:47:94:d0:14:8f:9c:
         e4:6e:d5:49:a7:7e:dc:4a:0c:7b:ea:ad:c2:5d:fb:f7:d2:87:
         50:94:0a:97:d0:26:ae:a6:e2:7b:a8:77:fb:0b:5e:4e:bb:b0:
         7d:06:5b:e0
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYPKbhnHdTrbP8sNzJ2xOlWLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjIxMDEyMDQyMjM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGUyOGQ5ZGQ2NDY1ZGQyNTY5NmJmZjdjODhhOGRiN2JmNDQ0ZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRNNDKM96NsQKRckS4Tmu6nVMggz
h8epa1NHu/UNRc10NNJJKDthA4WEvohGviBBrvToH5GyYpjBqJxyUUbL2H2da2oc
8t9uUhyV7AB1GngzMu+3bJ3REO3Z1HCF9ab/0C2LJ9ABbT2JRqn/cEvG2eIEZuSK
O0nckHd8lUM9eOpwCe4PTbLDMhUKLd2dpleK5IrW6xURvmanCArzBczrHuIyyo9j
O73rc+kkZ4RXF7JUdffvQCPTZHQWcQ4jjc7ifJmD5oOJj1Y9iLEkxt/RXBF0ewTY
/UYSE5RiZljD3M+VwwhyJgys+aHmH+kbG0Q/fSawhzUCqw2jKEjI6r1D2QIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFFjijZ3WRl3SVpa/98iKjbe/RE4xMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvV09LTm5kWkdYZEpXbHJfM3lJcU50NzlFVGpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQALhRhAwQA
LhRlMAwDBAMuFGgDBAAuFGoDBAAuFGwDBAEuFG4DBAK5ZKgDBAC5oMIwDAMEALmp
3QMEBbmpwDANBgkqhkiG9w0BAQsFAAOCAQEAsDyDu2EN6iSvMXXvw/rF7fQUEdbU
Fq+vSqMHejoRr7GiaMxPvaHa9lP1ihVAgdJC4XDjJhnwzYFQUxxGAy57SxVjI1Dx
D+retp7KyuhmDPwGJjCWB1VOJH9oIFttZQeNAmnr/oyB52EIa75R+hvkOthc6AvF
WpTPyAzfO6MvH27GnfFcw6fN6Vb/KHcZPLooKVbtktB8o+YGTLzKt+FEadaY7df2
9U4KbnRwYVCgky5sNknGXgFFBalkgBvyTXpjc+WZCyLXkL4NSCrj/bQwqaD5R5TQ
FI+c5G7VSad+3EoMe+qtwl3799KHUJQKl9Amrqbie6h3+wteTruwfQZb4A==
-----END CERTIFICATE-----