Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/RNTH0HTVRk__hxcQxHdxeyafiN4.roa
File:                     RNTH0HTVRk__hxcQxHdxeyafiN4.roa (raw, json)
Hash identifier:          kAPlLIODa0D+IX+OmiCBDZ66STlP+isfbaoGKrQ/N8o=
Subject key identifier:   44:D4:C7:D0:74:D5:46:4F:FF:87:17:10:C4:77:71:7B:26:9F:88:DE
Certificate issuer:       /CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
Certificate serial:       0187B77099A9D94A5130E9A5235310CB7A5F
Authority key identifier: 42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/RNTH0HTVRk__hxcQxHdxeyafiN4.roa
Signing time:             Tue 25 Apr 2023 08:03:42 +0000
ROA not before:           Tue 25 Apr 2023 08:03:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48146
IP address blocks:        185.198.48.0/24 maxlen: 24
                          45.10.112.0/24 maxlen: 24
                          94.103.245.0/24 maxlen: 24
                          45.138.245.0/24 maxlen: 24
                          45.138.246.0/24 maxlen: 24
                          45.138.247.0/24 maxlen: 24
                          185.195.111.0/24 maxlen: 24
                          185.25.52.0/24 maxlen: 24
                          194.59.196.0/24 maxlen: 24
                          185.192.117.0/24 maxlen: 24
                          185.192.119.0/24 maxlen: 24
                          193.8.244.0/24 maxlen: 24
                          185.194.63.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b7:70:99:a9:d9:4a:51:30:e9:a5:23:53:10:cb:7a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
        Validity
            Not Before: Apr 25 08:03:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=44d4c7d074d5464fff871710c477717b269f88de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:2d:0b:a9:99:3f:6d:f0:5b:59:71:75:4f:85:
                    c8:4f:62:76:0e:74:94:40:7f:e6:73:04:86:82:f5:
                    83:e9:32:a1:d4:83:d6:32:ea:f5:34:8d:d0:e1:54:
                    39:8a:35:31:e1:34:8e:fc:0c:60:5a:7c:a1:32:3a:
                    68:25:6d:84:8e:28:fb:35:9f:63:e8:41:89:60:d2:
                    19:a1:82:ad:4e:1e:89:36:23:61:2c:f2:7f:fc:99:
                    cb:0e:bf:68:0b:1e:fc:90:10:40:f2:21:df:3d:42:
                    72:32:1e:14:3a:06:ac:9a:50:f3:7d:e8:4e:dd:bb:
                    c0:de:7e:91:ac:43:03:49:97:78:08:ba:20:1c:57:
                    bc:2a:2d:ad:2f:c9:8b:a0:67:66:bd:69:11:98:35:
                    88:a4:1e:14:86:96:6d:f8:4f:8f:da:39:52:dd:19:
                    87:4a:cd:2c:df:f0:e5:0e:e5:07:58:61:df:eb:2c:
                    5c:8c:70:1f:7d:cf:38:0d:dd:65:c0:50:fa:38:05:
                    1b:d2:bf:1d:a0:d8:69:ed:d7:e2:32:e9:4d:8d:2c:
                    dc:36:91:21:1e:ab:7e:e6:cc:37:6b:b1:4b:62:35:
                    47:24:d1:8f:41:1e:cb:4e:3c:3c:1a:62:31:bb:a5:
                    ee:7e:85:fe:f2:03:26:55:c7:bf:6d:8e:3d:e2:7d:
                    e6:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:D4:C7:D0:74:D5:46:4F:FF:87:17:10:C4:77:71:7B:26:9F:88:DE
            X509v3 Authority Key Identifier:
                keyid:42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/RNTH0HTVRk__hxcQxHdxeyafiN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/QpNhzRgdhu9U6-L8kagOxTTOrHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.112.0/24
                  45.138.245.0-45.138.247.255
                  94.103.245.0/24
                  185.25.52.0/24
                  185.192.117.0/24
                  185.192.119.0/24
                  185.194.63.0/24
                  185.195.111.0/24
                  185.198.48.0/24
                  193.8.244.0/24
                  194.59.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:91:85:f7:e0:26:b3:c7:3e:cc:25:57:91:64:c7:6e:39:88:
         41:c4:bd:6a:19:46:55:c5:d1:5c:27:90:34:74:cc:31:30:b8:
         1f:6e:1c:96:2b:1c:9b:77:c5:68:4b:e8:cb:ee:ad:53:0e:f2:
         1e:02:2a:6f:a4:79:7e:ed:38:d4:3a:92:15:57:29:b9:ee:9c:
         0d:72:fa:d4:ce:7c:13:e1:fc:45:55:8b:b2:89:f5:5a:4f:e0:
         9b:2b:35:e8:1c:de:02:8c:68:6c:a0:15:60:90:02:85:9f:0a:
         78:4a:b2:13:ec:3c:7b:29:ce:f3:57:ec:9f:a7:dd:91:43:e4:
         07:94:84:ed:d4:bf:cd:28:8e:fa:9d:ab:4f:b9:3a:b1:54:fd:
         2f:82:07:4a:2e:a1:82:34:96:de:95:09:f8:f0:b6:34:4d:66:
         35:58:c3:19:8c:36:c5:8c:47:8f:2a:27:1d:5d:72:e7:63:21:
         51:bb:78:0b:b5:90:7d:e5:2b:e7:f4:71:2a:bc:d7:79:11:36:
         61:74:e9:14:21:e3:41:bc:d3:40:07:36:eb:97:01:e2:ad:ce:
         97:5f:67:80:31:e5:de:a2:70:68:ee:32:29:82:23:94:b7:81:
         37:c6:2b:b4:34:14:6f:99:27:62:1b:a0:ae:75:93:11:1b:ed:
         dc:6c:94:b0
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYe3cJmp2UpRMOmlI1MQy3pfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTM2MWNkMTgxZDg2ZWY1NGViZTJmYzkxYTgwZWM1MzRj
ZWFjNzgwHhcNMjMwNDI1MDgwMzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGQ0YzdkMDc0ZDU0NjRmZmY4NzE3MTBjNDc3NzE3YjI2OWY4OGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnC0LqZk/bfBbWXF1T4XIT2J2DnSU
QH/mcwSGgvWD6TKh1IPWMur1NI3Q4VQ5ijUx4TSO/AxgWnyhMjpoJW2Ejij7NZ9j
6EGJYNIZoYKtTh6JNiNhLPJ//JnLDr9oCx78kBBA8iHfPUJyMh4UOgasmlDzfehO
3bvA3n6RrEMDSZd4CLogHFe8Ki2tL8mLoGdmvWkRmDWIpB4UhpZt+E+P2jlS3RmH
Ss0s3/DlDuUHWGHf6yxcjHAffc84Dd1lwFD6OAUb0r8doNhp7dfiMulNjSzcNpEh
Hqt+5sw3a7FLYjVHJNGPQR7LTjw8GmIxu6XufoX+8gMmVce/bY494n3mrwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFETUx9B01UZP/4cXEMR3cXsmn4jeMB8GA1UdIwQY
MBaAFEKTYc0YHYbvVOvi/JGoDsU0zqx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjkt
OWJiYjQyZmE4Y2VkLzEvUk5USDBIVFZSa19faHhjUXhIZHhleWFmaU40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjktOWJiYjQyZmE4Y2Vk
LzEvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQALQpwMAwD
BAAtivUDBAMtivADBABeZ/UDBAC5GTQDBAC5wHUDBAC5wHcDBAC5wj8DBAC5w28D
BAC5xjADBADBCPQDBADCO8QwDQYJKoZIhvcNAQELBQADggEBAFeRhffgJrPHPswl
V5Fkx245iEHEvWoZRlXF0VwnkDR0zDEwuB9uHJYrHJt3xWhL6MvurVMO8h4CKm+k
eX7tONQ6khVXKbnunA1y+tTOfBPh/EVVi7KJ9VpP4JsrNegc3gKMaGygFWCQAoWf
CnhKshPsPHspzvNX7J+n3ZFD5AeUhO3Uv80ojvqdq0+5OrFU/S+CB0ouoYI0lt6V
CfjwtjRNZjVYwxmMNsWMR48qJx1dcudjIVG7eAu1kH3lK+f0cSq813kRNmF06RQh
40G800AHNuuXAeKtzpdfZ4Ax5d6icGjuMimCI5S3gTfGK7Q0FG+ZJ2IboK51kxEb
7dxslLA=
-----END CERTIFICATE-----