Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/5H6ezeNrXPndFZK9kMPmFE5ExyY.roa
File:                     5H6ezeNrXPndFZK9kMPmFE5ExyY.roa (raw, json)
Hash identifier:          EXkOZejJQAIE0jpu7zWIne2PAFQlRy/xFL/WHNcmE50=
Subject key identifier:   E4:7E:9E:CD:E3:6B:5C:F9:DD:15:92:BD:90:C3:E6:14:4E:44:C7:26
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0188BB736B1C144695CE20023D817DD7A881
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/5H6ezeNrXPndFZK9kMPmFE5ExyY.roa
Signing time:             Wed 14 Jun 2023 19:48:03 +0000
ROA not before:           Wed 14 Jun 2023 19:48:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        178.210.231.0/24 maxlen: 24
                          178.210.228.0/24 maxlen: 24
                          178.210.230.0/23 maxlen: 24
                          178.210.250.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          77.242.157.0/24 maxlen: 24
                          88.151.62.0/24 maxlen: 24
                          77.242.158.0/24 maxlen: 24
                          77.242.159.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          45.14.9.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:bb:73:6b:1c:14:46:95:ce:20:02:3d:81:7d:d7:a8:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jun 14 19:48:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e47e9ecde36b5cf9dd1592bd90c3e6144e44c726
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3c:f5:b7:6b:0d:63:59:f4:1c:94:f4:de:8f:
                    b8:46:e5:c2:2a:7b:66:1e:37:19:39:20:86:33:8f:
                    54:0c:e0:33:75:41:7a:b5:0a:6d:91:7f:ad:98:e5:
                    bc:33:79:3d:a3:0e:cd:95:18:2d:58:9f:3d:4b:90:
                    51:b9:68:22:2d:10:4f:db:6f:e1:3d:1e:27:fc:9b:
                    ae:58:ca:36:f1:eb:45:46:de:7f:20:e1:61:3b:8b:
                    6e:bc:18:8b:5e:4e:cd:85:fa:1b:f0:10:ad:a5:ea:
                    3a:94:fb:43:f9:9c:22:e6:f8:8e:34:3f:e0:01:54:
                    1f:85:7e:10:1e:9c:6b:9a:45:c4:4f:0b:b8:f3:b8:
                    bc:aa:16:78:41:71:96:ff:53:b0:e7:e0:4b:f4:3e:
                    bd:9f:9b:64:05:7f:df:c1:3f:f9:e7:a7:4b:60:16:
                    dc:8b:22:a4:e9:c0:57:e4:90:2c:0c:43:ea:2b:22:
                    01:30:c8:33:37:37:81:f0:63:c6:61:7f:a6:ef:20:
                    85:78:7f:f3:67:92:ca:27:40:88:51:f1:41:78:88:
                    96:53:a1:95:65:f7:aa:b5:ac:c2:c2:db:d9:dd:73:
                    14:d7:b8:eb:23:39:8c:d4:93:04:80:d6:02:cc:80:
                    ca:0a:ea:6e:86:5b:d6:10:4f:be:20:96:0b:77:89:
                    9a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:7E:9E:CD:E3:6B:5C:F9:DD:15:92:BD:90:C3:E6:14:4E:44:C7:26
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/5H6ezeNrXPndFZK9kMPmFE5ExyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.9.0/24
                  77.242.157.0-77.242.159.255
                  88.151.56.0/23
                  88.151.62.0/24
                  88.209.211.0/24
                  88.209.217.0/24
                  178.210.228.0/24
                  178.210.230.0/23
                  178.210.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:30:46:76:b4:e0:a1:b4:79:40:84:cb:c7:e3:86:20:fd:5c:
         1a:b5:a5:4a:65:b1:ef:84:99:e4:06:f6:7e:f7:3e:ae:c7:7c:
         23:a8:43:12:8d:b1:5f:49:df:3d:07:0e:75:9d:f4:48:1d:83:
         0e:32:57:94:c6:31:61:23:eb:7f:fe:da:65:db:7a:6f:49:a3:
         1b:a1:54:9f:22:3e:ba:eb:74:ea:07:16:0c:69:80:6c:0f:7e:
         9f:63:06:93:7d:f0:17:ef:cf:eb:90:7f:ce:d1:67:9c:91:bb:
         9d:58:26:4e:24:22:01:e7:51:8b:0d:ff:d1:09:52:0f:76:22:
         61:cb:0c:a4:7f:02:03:d3:67:6f:3a:88:32:13:b9:91:d8:54:
         a9:ee:71:23:38:32:50:f0:99:6e:2e:d9:2e:48:4c:fb:aa:b8:
         32:69:f5:93:9f:d1:71:67:e4:ca:6b:29:c9:89:74:a3:e3:07:
         7e:fc:0c:2f:de:1a:81:bd:17:b6:50:80:5a:97:83:98:fe:07:
         02:5c:1f:e2:a7:52:53:78:60:a1:88:e9:a9:ff:5a:95:ee:93:
         50:1f:b6:1d:0d:c2:4b:98:da:8e:99:2d:74:ac:0c:db:60:25:
         f5:23:34:b0:66:27:6d:a4:62:99:79:25:1a:b3:75:32:2a:95:
         53:e3:60:bb
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYi7c2scFEaVziACPYF916iBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNjE0MTk0ODAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDdlOWVjZGUzNmI1Y2Y5ZGQxNTkyYmQ5MGMzZTYxNDRlNDRjNzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTz1t2sNY1n0HJT03o+4RuXCKntm
HjcZOSCGM49UDOAzdUF6tQptkX+tmOW8M3k9ow7NlRgtWJ89S5BRuWgiLRBP22/h
PR4n/JuuWMo28etFRt5/IOFhO4tuvBiLXk7Nhfob8BCtpeo6lPtD+Zwi5viOND/g
AVQfhX4QHpxrmkXETwu487i8qhZ4QXGW/1Ow5+BL9D69n5tkBX/fwT/556dLYBbc
iyKk6cBX5JAsDEPqKyIBMMgzNzeB8GPGYX+m7yCFeH/zZ5LKJ0CIUfFBeIiWU6GV
ZfeqtazCwtvZ3XMU17jrIzmM1JMEgNYCzIDKCupuhlvWEE++IJYLd4magQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFOR+ns3ja1z53RWSvZDD5hRORMcmMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvNUg2ZXplTnJYUG5kRlpLOWtNUG1GRTVFeHlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQALQ4JMAwD
BABN8p0DBAVN8oADBAFYlzgDBABYlz4DBABY0dMDBABY0dkDBACy0uQDBAGy0uYD
BACy0vowDQYJKoZIhvcNAQELBQADggEBAEUwRna04KG0eUCEy8fjhiD9XBq1pUpl
se+EmeQG9n73Pq7HfCOoQxKNsV9J3z0HDnWd9Egdgw4yV5TGMWEj63/+2mXbem9J
oxuhVJ8iPrrrdOoHFgxpgGwPfp9jBpN98Bfvz+uQf87RZ5yRu51YJk4kIgHnUYsN
/9EJUg92ImHLDKR/AgPTZ286iDITuZHYVKnucSM4MlDwmW4u2S5ITPuquDJp9ZOf
0XFn5MprKcmJdKPjB378DC/eGoG9F7ZQgFqXg5j+BwJcH+KnUlN4YKGI6an/WpXu
k1Afth0NwkuY2o6ZLXSsDNtgJfUjNLBmJ22kYpl5JRqzdTIqlVPjYLs=
-----END CERTIFICATE-----