Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/0F5ConCqHdfrGKlsaxwQXaRdU3w.roa
File:                     0F5ConCqHdfrGKlsaxwQXaRdU3w.roa (raw, json)
Hash identifier:          uTYFUtKjCQz1qtkKY4hBc47Uxk/XD2+B5ITkY35D4ow=
Subject key identifier:   D0:5E:42:A2:70:AA:1D:D7:EB:18:A9:6C:6B:1C:10:5D:A4:5D:53:7C
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0184619150DC590C376C762483860A85A99C
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/0F5ConCqHdfrGKlsaxwQXaRdU3w.roa
Signing time:             Thu 10 Nov 2022 12:43:44 +0000
ROA not before:           Thu 10 Nov 2022 12:43:44 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.231.0/24 maxlen: 24
                          88.209.232.0/22 maxlen: 22
                          88.209.227.0/24 maxlen: 24
                          83.137.152.0/24 maxlen: 24
                          83.137.154.0/23 maxlen: 24
                          88.209.204.0/22 maxlen: 24
                          88.209.200.0/22 maxlen: 32
                          88.209.205.0/24 maxlen: 24
                          88.209.206.0/24 maxlen: 24
                          88.209.226.0/24 maxlen: 24
                          178.210.252.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          88.151.63.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:61:91:50:dc:59:0c:37:6c:76:24:83:86:0a:85:a9:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Nov 10 12:43:44 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d05e42a270aa1dd7eb18a96c6b1c105da45d537c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:79:ee:df:69:8d:b1:9b:6d:6e:95:9b:24:58:
                    f6:ed:41:6d:c6:77:da:c5:73:42:65:39:12:9f:be:
                    f3:b2:76:0e:e3:ce:40:09:2d:70:7b:bd:7d:74:08:
                    7b:60:74:a9:21:88:0b:13:0c:c7:ba:b3:5f:57:cd:
                    dd:1d:07:88:8c:96:ef:97:da:55:62:6b:73:a2:0d:
                    ee:f9:fd:b1:89:dd:14:79:eb:d4:b0:66:99:73:9d:
                    13:38:fa:88:81:51:ef:27:0a:fb:d1:0e:8c:16:8b:
                    0d:8c:e0:3a:c1:be:77:4c:4c:9a:94:d5:d9:d2:86:
                    21:59:21:d4:7d:d8:20:67:d1:40:e9:10:e2:19:07:
                    33:c6:45:2b:ca:82:41:fe:f9:f4:1e:37:85:8d:a9:
                    65:a5:02:3f:b7:2d:3a:0d:2e:63:4b:47:af:be:8e:
                    54:db:86:cb:9a:17:6c:f6:2e:2d:82:57:09:01:db:
                    0f:63:d0:1f:e9:5d:e4:a6:0b:c5:d9:a8:62:97:70:
                    5b:e7:d0:f5:be:0a:00:4a:06:34:be:63:5d:97:ae:
                    1d:b5:91:e2:82:47:aa:61:6a:b9:56:b2:5f:80:80:
                    0a:71:9c:4e:68:79:e6:65:44:8a:96:26:1d:ba:f8:
                    75:70:a2:b9:88:6c:2b:85:65:fd:b5:18:d3:0b:09:
                    20:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:5E:42:A2:70:AA:1D:D7:EB:18:A9:6C:6B:1C:10:5D:A4:5D:53:7C
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/0F5ConCqHdfrGKlsaxwQXaRdU3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.152.0/24
                  83.137.154.0/23
                  88.151.61.0/24
                  88.151.63.0/24
                  88.209.200.0/21
                  88.209.226.0/23
                  88.209.231.0-88.209.235.255
                  178.210.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:26:ec:75:3f:74:b4:36:54:dd:ce:06:f3:ee:f6:68:38:7b:
         37:f1:3a:4a:23:e8:a0:cd:3c:d8:49:e5:b2:c2:c0:a3:da:51:
         73:69:dd:c8:fd:c3:ef:2e:2f:39:0e:6e:01:96:93:b9:4f:03:
         39:c5:bd:69:14:f0:87:87:77:7d:63:1e:e3:06:57:21:25:9a:
         35:0b:3e:cc:5b:5a:b8:ec:1d:72:0e:d2:1f:17:83:ac:98:03:
         1a:7b:c8:8e:1b:6f:23:61:b8:ce:6d:df:68:3a:74:16:e3:9e:
         5d:2a:8f:4b:d6:00:7e:53:ff:76:5b:e5:cc:e6:3d:01:4b:db:
         b2:31:7e:b2:6a:c8:f8:71:ec:b0:d2:fa:d0:32:1a:fe:2b:3e:
         66:f9:f8:7b:71:81:50:89:76:94:8f:dd:61:a8:90:c7:e1:59:
         6a:fb:c1:74:84:29:0a:bf:db:f6:dc:a3:61:61:85:b9:a7:d6:
         ab:bc:83:1c:fa:81:00:ae:ec:32:4c:c6:aa:73:48:d2:a2:04:
         ab:c9:4e:4c:c0:ec:fd:3d:f9:bd:7a:9a:ec:67:b4:7f:d9:04:
         df:88:af:bf:ea:b8:d1:75:24:78:ad:a9:d5:81:69:3e:94:32:
         b9:62:f2:4c:aa:c1:cf:e3:e7:02:d0:4f:97:4e:52:d3:39:ef:
         ba:c1:4b:80
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYRhkVDcWQw3bHYkg4YKhamcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIxMTEwMTI0MzQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDVlNDJhMjcwYWExZGQ3ZWIxOGE5NmM2YjFjMTA1ZGE0NWQ1MzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHnu32mNsZttbpWbJFj27UFtxnfa
xXNCZTkSn77zsnYO485ACS1we719dAh7YHSpIYgLEwzHurNfV83dHQeIjJbvl9pV
Ymtzog3u+f2xid0UeevUsGaZc50TOPqIgVHvJwr70Q6MFosNjOA6wb53TEyalNXZ
0oYhWSHUfdggZ9FA6RDiGQczxkUryoJB/vn0HjeFjallpQI/ty06DS5jS0evvo5U
24bLmhds9i4tglcJAdsPY9Af6V3kpgvF2ahil3Bb59D1vgoASgY0vmNdl64dtZHi
gkeqYWq5VrJfgIAKcZxOaHnmZUSKliYduvh1cKK5iGwrhWX9tRjTCwkgDwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFNBeQqJwqh3X6xipbGscEF2kXVN8MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvMEY1Q29uQ3FIZGZyR0tsc2F4d1FYYVJkVTN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAU4mYAwQB
U4maAwQAWJc9AwQAWJc/AwQDWNHIAwQBWNHiMAwDBABY0ecDBAJY0egDBACy0vww
DQYJKoZIhvcNAQELBQADggEBADwm7HU/dLQ2VN3OBvPu9mg4ezfxOkoj6KDNPNhJ
5bLCwKPaUXNp3cj9w+8uLzkObgGWk7lPAznFvWkU8IeHd31jHuMGVyElmjULPsxb
WrjsHXIO0h8Xg6yYAxp7yI4bbyNhuM5t32g6dBbjnl0qj0vWAH5T/3Zb5czmPQFL
27IxfrJqyPhx7LDS+tAyGv4rPmb5+HtxgVCJdpSP3WGokMfhWWr7wXSEKQq/2/bc
o2Fhhbmn1qu8gxz6gQCu7DJMxqpzSNKiBKvJTkzA7P09+b16muxntH/ZBN+Ir7/q
uNF1JHitqdWBaT6UMrli8kyqwc/j5wLQT5dOUtM577rBS4A=
-----END CERTIFICATE-----