Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/nkEOLzokdt118cbpEe_rqxTlR4c.roa
File:                     nkEOLzokdt118cbpEe_rqxTlR4c.roa (raw, json)
Hash identifier:          vQZAyaVU2a+jm3FhFNDohxGJs+21z7sYtBieaZtvHwg=
Subject key identifier:   9E:41:0E:2F:3A:24:76:DD:75:F1:C6:E9:11:EF:EB:AB:14:E5:47:87
Certificate issuer:       /CN=11dd0ebff5ba38a8758b794d04d62905194a3266
Certificate serial:       0183329998EF8FA594B7D53D529A4019C234
Authority key identifier: 11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/nkEOLzokdt118cbpEe_rqxTlR4c.roa
Signing time:             Mon 12 Sep 2022 16:47:50 +0000
ROA not before:           Mon 12 Sep 2022 16:47:50 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     34458
IP address blocks:        46.20.107.0/24 maxlen: 24
                          46.20.108.0/24 maxlen: 24
                          46.20.106.0/24 maxlen: 24
                          46.20.111.0/24 maxlen: 24
                          46.20.110.0/24 maxlen: 24
                          46.20.97.0/24 maxlen: 24
                          46.20.104.0/24 maxlen: 24
                          46.20.105.0/24 maxlen: 24
                          46.20.100.0/24 maxlen: 24
                          46.20.101.0/24 maxlen: 24
                          185.160.194.0/24 maxlen: 24
                          185.100.170.0/24 maxlen: 24
                          185.100.171.0/24 maxlen: 24
                          185.100.168.0/24 maxlen: 24
                          185.100.169.0/24 maxlen: 24
                          185.169.222.0/24 maxlen: 24
                          185.169.221.0/24 maxlen: 24
                          185.169.223.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:32:99:98:ef:8f:a5:94:b7:d5:3d:52:9a:40:19:c2:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11dd0ebff5ba38a8758b794d04d62905194a3266
        Validity
            Not Before: Sep 12 16:47:50 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9e410e2f3a2476dd75f1c6e911efebab14e54787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:45:9f:a4:84:08:41:9c:7e:c3:c7:9b:fb:34:
                    ff:80:1e:b5:95:a2:23:02:ea:9b:a2:45:15:02:89:
                    52:97:81:4c:02:0e:f7:f3:c6:4e:7d:d2:2b:37:a4:
                    be:21:9f:95:98:b6:27:29:ce:42:19:4d:2f:b4:c7:
                    5a:bc:50:30:99:a0:7b:c7:33:e2:db:ae:44:4b:56:
                    b9:74:b6:33:5a:f0:7f:bc:eb:8e:1d:13:1a:bb:fa:
                    bf:fd:8f:85:e9:d6:a8:c9:a5:e7:6e:91:25:96:c9:
                    61:79:2a:fe:28:03:77:4f:af:b4:09:9e:59:7d:28:
                    f3:d2:30:aa:32:11:d6:c2:d4:28:d5:84:93:0f:fb:
                    24:da:77:a6:2b:d4:3b:dd:13:10:2e:bb:8d:df:99:
                    cb:a2:60:37:73:e4:ce:a1:24:5d:0e:6b:61:12:aa:
                    b1:56:26:f6:e7:f9:c8:57:8f:f2:33:8d:90:4b:6a:
                    a6:88:dd:ec:41:f1:6b:d7:95:71:4d:19:9a:24:fc:
                    eb:84:00:04:2c:56:43:d0:a7:46:20:99:62:33:c5:
                    5b:ac:5f:d7:de:ec:6a:99:b1:e7:2d:d9:ce:ea:15:
                    6c:1c:4e:27:fa:43:a0:ed:51:68:4c:01:e4:c7:6e:
                    cc:d6:bd:af:58:ac:c9:93:b4:e4:74:3f:0d:dd:09:
                    1f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:41:0E:2F:3A:24:76:DD:75:F1:C6:E9:11:EF:EB:AB:14:E5:47:87
            X509v3 Authority Key Identifier:
                keyid:11:DD:0E:BF:F5:BA:38:A8:75:8B:79:4D:04:D6:29:05:19:4A:32:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/nkEOLzokdt118cbpEe_rqxTlR4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/a66a29-51cc-4ba9-884f-f17613ea49e7/1/Ed0Ov_W6OKh1i3lNBNYpBRlKMmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.97.0/24
                  46.20.100.0/23
                  46.20.104.0-46.20.108.255
                  46.20.110.0/23
                  185.100.168.0/22
                  185.160.194.0/24
                  185.169.221.0-185.169.223.255

    Signature Algorithm: sha256WithRSAEncryption
         28:b8:5c:31:f6:82:f8:a6:91:16:33:23:2a:6c:15:95:01:50:
         8b:47:4d:10:88:ec:ab:07:a2:80:71:2b:a0:e8:2b:ad:db:81:
         16:65:58:7c:37:c3:3b:9b:a4:69:d9:9e:93:f5:fc:b8:2e:d1:
         67:5f:ca:76:ec:d7:74:33:79:63:23:89:57:c3:cf:d4:59:f0:
         ca:92:ba:14:1a:c1:c3:8c:40:9b:b9:b3:ee:13:8b:4e:ea:cd:
         bf:b0:3c:4c:43:cf:b5:51:bf:13:1f:52:76:52:59:ae:97:b6:
         5e:80:7e:97:2a:1b:b3:e8:80:aa:82:c7:2a:de:96:e9:c2:97:
         b1:3e:32:5e:c0:ca:03:85:50:6f:cb:7b:3f:4f:76:31:c9:0b:
         28:c3:28:9e:c2:19:a8:7d:c6:81:50:04:db:3c:20:7d:38:c6:
         39:17:8c:c2:4f:de:fb:33:17:1f:a4:be:3f:48:51:0d:b6:d7:
         ca:33:49:05:f5:8d:11:2c:62:18:1a:8a:d9:f2:66:66:bb:ef:
         ae:bb:06:b1:3d:d2:b7:00:c2:0c:d8:85:0b:4f:f9:ea:bd:a1:
         b2:ac:ef:79:e1:44:6b:fc:aa:f4:64:3b:a8:4a:0a:9c:89:70:
         90:58:03:25:c0:b4:24:31:da:89:fa:21:9e:83:fd:ca:a3:31:
         30:bc:46:bc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYMymZjvj6WUt9U9UppAGcI0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZGQwZWJmZjViYTM4YTg3NThiNzk0ZDA0ZDYyOTA1MTk0
YTMyNjYwHhcNMjIwOTEyMTY0NzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTQxMGUyZjNhMjQ3NmRkNzVmMWM2ZTkxMWVmZWJhYjE0ZTU0Nzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0WfpIQIQZx+w8eb+zT/gB61laIj
AuqbokUVAolSl4FMAg7388ZOfdIrN6S+IZ+VmLYnKc5CGU0vtMdavFAwmaB7xzPi
265ES1a5dLYzWvB/vOuOHRMau/q//Y+F6daoyaXnbpEllslheSr+KAN3T6+0CZ5Z
fSjz0jCqMhHWwtQo1YSTD/sk2nemK9Q73RMQLruN35nLomA3c+TOoSRdDmthEqqx
Vib25/nIV4/yM42QS2qmiN3sQfFr15VxTRmaJPzrhAAELFZD0KdGIJliM8VbrF/X
3uxqmbHnLdnO6hVsHE4n+kOg7VFoTAHkx27M1r2vWKzJk7TkdD8N3QkfNQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFJ5BDi86JHbddfHG6RHv66sU5UeHMB8GA1UdIwQY
MBaAFBHdDr/1ujiodYt5TQTWKQUZSjJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYt
ZjE3NjEzZWE0OWU3LzEvbmtFT0x6b2tkdDExOGNicEVlX3JxeFRsUjRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9hNjZhMjktNTFjYy00YmE5LTg4NGYtZjE3NjEzZWE0OWU3
LzEvRWQwT3ZfVzZPS2gxaTNsTkJOWXBCUmxLTW1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQALhRhAwQB
LhRkMAwDBAMuFGgDBAAuFGwDBAEuFG4DBAK5ZKgDBAC5oMIwDAMEALmp3QMEBbmp
wDANBgkqhkiG9w0BAQsFAAOCAQEAKLhcMfaC+KaRFjMjKmwVlQFQi0dNEIjsqwei
gHEroOgrrduBFmVYfDfDO5ukadmek/X8uC7RZ1/KduzXdDN5YyOJV8PP1FnwypK6
FBrBw4xAm7mz7hOLTurNv7A8TEPPtVG/Ex9SdlJZrpe2XoB+lyobs+iAqoLHKt6W
6cKXsT4yXsDKA4VQb8t7P092MckLKMMonsIZqH3GgVAE2zwgfTjGOReMwk/e+zMX
H6S+P0hRDbbXyjNJBfWNESxiGBqK2fJmZrvvrrsGsT3StwDCDNiFC0/56r2hsqzv
eeFEa/yq9GQ7qEoKnIlwkFgDJcC0JDHaifohnoP9yqMxMLxGvA==
-----END CERTIFICATE-----