Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/zuOP-yhRnnFDwUWwHlZF_yz2upo.roa
File:                     zuOP-yhRnnFDwUWwHlZF_yz2upo.roa (raw, json)
Hash identifier:          K1YOE40+SsZwNXzE/f+DaRdrQ4CDTrMpZuiB/vzRIsc=
Subject key identifier:   CE:E3:8F:FB:28:51:9E:71:43:C1:45:B0:1E:56:45:FF:2C:F6:BA:9A
Certificate issuer:       /CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
Certificate serial:       0187B935C46E22A07A8F94C12591229B5940
Authority key identifier: 42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/zuOP-yhRnnFDwUWwHlZF_yz2upo.roa
Signing time:             Tue 25 Apr 2023 16:18:41 +0000
ROA not before:           Tue 25 Apr 2023 16:18:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48146
IP address blocks:        185.198.48.0/24 maxlen: 24
                          45.10.112.0/24 maxlen: 24
                          94.103.245.0/24 maxlen: 24
                          45.138.244.0/24 maxlen: 24
                          45.138.245.0/24 maxlen: 24
                          45.138.246.0/24 maxlen: 24
                          45.138.247.0/24 maxlen: 24
                          185.195.111.0/24 maxlen: 24
                          185.25.52.0/24 maxlen: 24
                          194.59.196.0/24 maxlen: 24
                          185.192.117.0/24 maxlen: 24
                          185.192.119.0/24 maxlen: 24
                          193.8.244.0/24 maxlen: 24
                          185.194.63.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b9:35:c4:6e:22:a0:7a:8f:94:c1:25:91:22:9b:59:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
        Validity
            Not Before: Apr 25 16:18:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cee38ffb28519e7143c145b01e5645ff2cf6ba9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:81:ea:2e:37:33:b1:2f:f7:56:d4:3a:6f:9c:
                    66:b9:53:a9:70:6a:a1:b9:94:2b:ae:22:25:d8:eb:
                    f9:c6:ad:a7:db:2d:60:91:7e:6e:57:ec:22:51:75:
                    1f:e2:a3:a4:fb:c5:85:57:6d:60:5f:2d:b2:71:70:
                    52:5d:ee:53:c4:e4:bc:4a:76:c6:3b:4b:f8:46:b1:
                    bb:31:8d:5a:dd:ee:cc:9a:99:15:86:2a:43:07:70:
                    65:08:cb:f5:31:ab:6c:17:e5:4d:b5:3f:b4:fc:38:
                    86:2b:2a:75:15:9d:db:dc:4b:4f:4f:4f:f1:7f:1d:
                    1f:a2:6e:35:a2:bf:e8:d3:d9:ab:bb:13:c8:af:bd:
                    7d:b9:bd:83:f5:55:f4:ad:bb:d4:6e:0b:7b:02:23:
                    7f:42:ff:fe:59:4d:ee:60:5e:68:42:0b:65:de:4d:
                    e3:da:f0:38:f2:61:b6:24:6c:fd:08:c9:da:bc:cb:
                    c4:1c:d1:32:28:f6:0f:d8:88:04:7b:7e:ed:50:6a:
                    b7:51:87:18:d9:6a:39:12:db:bd:2f:cb:5f:3c:f7:
                    26:e1:9f:ec:e2:84:da:ab:14:b5:9f:fa:31:48:ed:
                    23:ee:ed:68:0d:e1:13:4c:40:27:62:6c:86:36:5a:
                    60:69:03:be:08:10:62:8f:85:d3:5b:19:14:03:c1:
                    d2:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:E3:8F:FB:28:51:9E:71:43:C1:45:B0:1E:56:45:FF:2C:F6:BA:9A
            X509v3 Authority Key Identifier:
                keyid:42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/zuOP-yhRnnFDwUWwHlZF_yz2upo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/QpNhzRgdhu9U6-L8kagOxTTOrHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.112.0/24
                  45.138.244.0/22
                  94.103.245.0/24
                  185.25.52.0/24
                  185.192.117.0/24
                  185.192.119.0/24
                  185.194.63.0/24
                  185.195.111.0/24
                  185.198.48.0/24
                  193.8.244.0/24
                  194.59.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:7e:af:3e:82:f4:ca:92:da:a0:72:61:3d:9a:55:96:ce:61:
         8a:1d:11:ba:f5:10:7c:3f:85:82:ff:18:a5:cf:2a:ad:aa:85:
         dc:bf:7b:3a:ba:4d:ee:98:8e:f2:00:96:b5:6f:ed:4e:04:b0:
         b7:2c:a7:52:46:52:a5:a0:14:31:70:cf:29:ad:2a:e4:9e:dd:
         3d:68:4b:ee:88:8a:41:03:f3:c0:08:5d:b4:1c:95:65:ab:b2:
         23:26:7d:6c:09:f6:33:69:5f:64:88:fc:d3:db:e7:40:3c:5f:
         6d:4e:7a:14:d8:7d:ef:16:9b:5c:48:d6:c6:54:44:00:3c:7c:
         0c:92:b2:e1:f6:42:17:9c:39:c9:a7:84:c9:77:39:d0:31:0f:
         d6:a7:57:05:d2:ce:80:ec:ca:00:cc:8d:e1:16:c2:7a:26:db:
         17:c5:93:51:85:ee:9f:6c:5d:c3:b5:c2:0b:1a:e5:fd:28:6a:
         76:2e:08:a4:45:11:99:2a:7f:41:69:3e:2b:fe:dd:06:b2:88:
         22:55:d6:b0:a2:e4:49:0c:17:59:df:a6:55:64:60:96:60:1c:
         95:c5:fa:8e:f8:b0:3e:04:d3:22:19:e7:3a:75:9d:9f:34:0a:
         55:e5:58:6e:5e:53:11:22:c3:f6:5f:3c:93:79:9e:3e:eb:5c:
         c6:e2:6d:09
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYe5NcRuIqB6j5TBJZEim1lAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTM2MWNkMTgxZDg2ZWY1NGViZTJmYzkxYTgwZWM1MzRj
ZWFjNzgwHhcNMjMwNDI1MTYxODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWUzOGZmYjI4NTE5ZTcxNDNjMTQ1YjAxZTU2NDVmZjJjZjZiYTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9YHqLjczsS/3VtQ6b5xmuVOpcGqh
uZQrriIl2Ov5xq2n2y1gkX5uV+wiUXUf4qOk+8WFV21gXy2ycXBSXe5TxOS8SnbG
O0v4RrG7MY1a3e7MmpkVhipDB3BlCMv1MatsF+VNtT+0/DiGKyp1FZ3b3EtPT0/x
fx0fom41or/o09mruxPIr719ub2D9VX0rbvUbgt7AiN/Qv/+WU3uYF5oQgtl3k3j
2vA48mG2JGz9CMnavMvEHNEyKPYP2IgEe37tUGq3UYcY2Wo5Etu9L8tfPPcm4Z/s
4oTaqxS1n/oxSO0j7u1oDeETTEAnYmyGNlpgaQO+CBBij4XTWxkUA8HSRwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFM7jj/soUZ5xQ8FFsB5WRf8s9rqaMB8GA1UdIwQY
MBaAFEKTYc0YHYbvVOvi/JGoDsU0zqx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjkt
OWJiYjQyZmE4Y2VkLzEvenVPUC15aFJubkZEd1VXd0hsWkZfeXoydXBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjktOWJiYjQyZmE4Y2Vk
LzEvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALQpwAwQC
LYr0AwQAXmf1AwQAuRk0AwQAucB1AwQAucB3AwQAucI/AwQAucNvAwQAucYwAwQA
wQj0AwQAwjvEMA0GCSqGSIb3DQEBCwUAA4IBAQCAfq8+gvTKktqgcmE9mlWWzmGK
HRG69RB8P4WC/xilzyqtqoXcv3s6uk3umI7yAJa1b+1OBLC3LKdSRlKloBQxcM8p
rSrknt09aEvuiIpBA/PACF20HJVlq7IjJn1sCfYzaV9kiPzT2+dAPF9tTnoU2H3v
FptcSNbGVEQAPHwMkrLh9kIXnDnJp4TJdznQMQ/Wp1cF0s6A7MoAzI3hFsJ6JtsX
xZNRhe6fbF3DtcILGuX9KGp2LgikRRGZKn9BaT4r/t0GsogiVdawouRJDBdZ36ZV
ZGCWYByVxfqO+LA+BNMiGec6dZ2fNApV5VhuXlMRIsP2XzyTeZ4+61zG4m0J
-----END CERTIFICATE-----