Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7bJgUbCBTQVbsmMjnOoaB98yyIo.roa
File:                     7bJgUbCBTQVbsmMjnOoaB98yyIo.roa (raw, json)
Hash identifier:          aBKcMKZNUdLg8+l87wobmD4W0ItN36Tigkv3wA4FUOE=
Subject key identifier:   ED:B2:60:51:B0:81:4D:05:5B:B2:63:23:9C:EA:1A:07:DF:32:C8:8A
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018875C9FEB620CDE09B1803B0F4FDF8CD9D
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7bJgUbCBTQVbsmMjnOoaB98yyIo.roa
Signing time:             Thu 01 Jun 2023 07:09:12 +0000
ROA not before:           Thu 01 Jun 2023 07:09:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        88.209.244.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          88.209.192.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.209.194.0/24 maxlen: 24
                          88.151.59.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          88.209.207.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:75:c9:fe:b6:20:cd:e0:9b:18:03:b0:f4:fd:f8:cd:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jun  1 07:09:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=edb26051b0814d055bb263239cea1a07df32c88a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:df:c9:b5:1e:34:6f:6f:a5:28:6e:24:5b:a0:
                    4d:4c:fb:0a:ae:07:13:59:3e:ae:2e:b4:2d:01:9c:
                    45:3a:fc:dd:64:a8:1a:49:2e:87:82:75:d7:cd:a4:
                    66:a2:c5:01:e2:9e:74:47:96:f5:44:c3:e4:32:cb:
                    7d:c5:ba:12:6d:3f:bd:27:7a:54:7d:96:53:df:8a:
                    0b:de:12:d9:c6:bb:0f:9d:82:f8:c1:ac:7e:e7:45:
                    b9:ac:d1:aa:f7:c9:a4:bf:4f:70:f8:7d:69:77:64:
                    90:5a:b7:4a:60:ac:4b:c8:cb:99:a1:8d:15:78:6c:
                    80:89:16:f0:4c:fa:98:6e:36:1b:5a:97:11:7f:ba:
                    e0:54:43:09:dc:f8:26:46:22:9d:9a:b6:ae:c1:b6:
                    86:af:d7:4e:c4:e8:e4:42:0c:ea:a9:91:d2:49:55:
                    33:75:8a:cf:ba:d2:71:8a:4d:7a:1d:f4:93:72:9f:
                    24:d2:57:72:d3:26:fe:fc:6d:96:a4:6d:4a:ee:64:
                    7e:cc:7e:42:28:0c:ee:b8:9c:92:cd:71:a8:7d:f5:
                    de:53:9a:e9:ca:72:92:9a:97:89:20:60:93:97:09:
                    d5:22:b3:4a:62:a9:3e:4a:5a:18:0a:55:46:5a:9c:
                    f1:39:62:20:5f:49:50:e9:20:3b:b2:e5:20:ac:28:
                    36:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:B2:60:51:B0:81:4D:05:5B:B2:63:23:9C:EA:1A:07:DF:32:C8:8A
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/7bJgUbCBTQVbsmMjnOoaB98yyIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.58.0/23
                  88.151.61.0/24
                  88.209.192.0/24
                  88.209.194.0/24
                  88.209.207.0/24
                  88.209.209.0/24
                  88.209.221.0/24
                  88.209.244.0/24
                  178.210.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:f6:c8:dc:5d:b5:a4:91:63:1b:4a:24:a4:0e:f7:ea:e6:5d:
         9d:60:5f:51:a8:24:99:1a:74:98:73:89:bc:13:25:12:70:c2:
         d0:5a:56:f5:72:4d:68:4a:75:a1:9f:4d:e3:0b:41:82:7b:64:
         ce:39:e6:63:1e:88:c2:a3:e9:68:35:09:6f:f3:11:9c:6e:f5:
         1f:39:1b:42:01:e9:1a:fe:e1:84:d9:cc:11:64:d5:08:d4:87:
         6c:57:c7:fa:1d:00:e8:9d:66:77:67:fd:1a:e0:d2:dd:ff:1c:
         df:38:53:63:e6:31:83:f1:59:30:9a:37:8c:68:67:a6:67:c2:
         a1:7a:51:b0:17:06:90:e9:de:a1:af:8e:c7:15:d3:3a:fd:54:
         05:16:a2:4b:ef:12:f7:fa:c3:c7:53:3f:aa:13:11:da:ff:0d:
         c1:78:fd:06:44:fb:dc:4a:ab:1e:da:ca:45:3d:58:26:07:e6:
         41:e7:2f:a3:c9:a9:5a:17:0f:0b:86:e9:8a:ae:df:a6:78:e7:
         98:8b:0a:72:4d:28:09:99:2e:e2:c5:43:2e:29:2d:96:33:9b:
         53:80:88:84:1f:5f:e5:27:07:3e:c2:7f:d6:9f:10:63:02:00:
         38:64:7b:23:13:05:b3:ed:de:b4:22:19:67:2f:89:f8:79:27:
         15:16:31:16
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYh1yf62IM3gmxgDsPT9+M2dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNjAxMDcwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGIyNjA1MWIwODE0ZDA1NWJiMjYzMjM5Y2VhMWEwN2RmMzJjODhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN/JtR40b2+lKG4kW6BNTPsKrgcT
WT6uLrQtAZxFOvzdZKgaSS6HgnXXzaRmosUB4p50R5b1RMPkMst9xboSbT+9J3pU
fZZT34oL3hLZxrsPnYL4wax+50W5rNGq98mkv09w+H1pd2SQWrdKYKxLyMuZoY0V
eGyAiRbwTPqYbjYbWpcRf7rgVEMJ3PgmRiKdmrauwbaGr9dOxOjkQgzqqZHSSVUz
dYrPutJxik16HfSTcp8k0ldy0yb+/G2WpG1K7mR+zH5CKAzuuJySzXGoffXeU5rp
ynKSmpeJIGCTlwnVIrNKYqk+SloYClVGWpzxOWIgX0lQ6SA7suUgrCg2lwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFO2yYFGwgU0FW7JjI5zqGgffMsiKMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvN2JKZ1ViQ0JUUVZic21Nam5Pb2FCOTh5eUlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBWJc6AwQA
WJc9AwQAWNHAAwQAWNHCAwQAWNHPAwQAWNHRAwQAWNHdAwQAWNH0AwQAstLsMA0G
CSqGSIb3DQEBCwUAA4IBAQC19sjcXbWkkWMbSiSkDvfq5l2dYF9RqCSZGnSYc4m8
EyUScMLQWlb1ck1oSnWhn03jC0GCe2TOOeZjHojCo+loNQlv8xGcbvUfORtCAeka
/uGE2cwRZNUI1IdsV8f6HQDonWZ3Z/0a4NLd/xzfOFNj5jGD8VkwmjeMaGemZ8Kh
elGwFwaQ6d6hr47HFdM6/VQFFqJL7xL3+sPHUz+qExHa/w3BeP0GRPvcSqse2spF
PVgmB+ZB5y+jyalaFw8LhumKrt+meOeYiwpyTSgJmS7ixUMuKS2WM5tTgIiEH1/l
Jwc+wn/WnxBjAgA4ZHsjEwWz7d60IhlnL4n4eScVFjEW
-----END CERTIFICATE-----