Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DLIYB8Xi4mbL4mEWBlXK9NMfGZA.roa
File:                     DLIYB8Xi4mbL4mEWBlXK9NMfGZA.roa (raw, json)
Hash identifier:          Fzim9lpWgGTCVBO2TVpUDG5cj0WA8ng7FlY7WrES88A=
Subject key identifier:   0C:B2:18:07:C5:E2:E2:66:CB:E2:61:16:06:55:CA:F4:D3:1F:19:90
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01896CFE36A5B91F3507A340696C48DAB127
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DLIYB8Xi4mbL4mEWBlXK9NMfGZA.roa
Signing time:             Wed 19 Jul 2023 07:12:26 +0000
ROA not before:           Wed 19 Jul 2023 07:12:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        178.210.231.0/24 maxlen: 24
                          178.210.230.0/24 maxlen: 24
                          178.210.250.0/24 maxlen: 24
                          77.242.150.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          2.58.168.0/24 maxlen: 24
                          5.182.113.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6c:fe:36:a5:b9:1f:35:07:a3:40:69:6c:48:da:b1:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jul 19 07:12:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0cb21807c5e2e266cbe261160655caf4d31f1990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:21:85:5d:52:84:5c:50:95:0b:c5:4f:68:52:
                    4d:8a:d7:e3:41:d0:98:3c:df:ed:dd:b3:17:26:18:
                    66:4b:da:74:67:f8:f7:45:26:15:bc:4e:71:d5:9d:
                    5e:aa:18:01:4e:6d:e7:9e:45:7e:74:b4:3d:e5:c4:
                    32:b1:de:63:ef:78:c2:af:fd:8a:fa:c4:e2:21:67:
                    ad:ac:a4:56:86:42:fa:93:ea:6e:e6:d4:7b:ea:d9:
                    a2:e5:cf:5f:69:15:b3:c5:cd:cb:4f:c8:82:2e:e8:
                    52:e6:8f:ae:68:0e:3c:be:5d:c4:ae:b3:ab:54:db:
                    26:bd:e5:8a:9b:b2:75:e4:70:31:69:75:9c:10:b9:
                    f4:15:dd:87:99:b2:b6:17:58:5a:dc:93:e5:89:ac:
                    63:31:e0:05:e3:58:6f:53:f6:0b:0f:ed:3e:88:d9:
                    be:72:67:f1:6e:e1:41:6e:24:ae:96:f8:cb:2a:2d:
                    94:48:6b:5d:be:dd:be:f7:fb:29:6e:09:b4:35:7d:
                    b1:17:12:7b:c2:20:1e:90:a2:59:d0:bc:27:f8:3f:
                    b3:f1:a8:90:38:96:7b:fc:4b:5d:1e:49:14:a0:1d:
                    13:e0:58:3b:68:3c:96:a6:67:80:06:27:58:5e:92:
                    0d:f5:71:e1:d2:7d:73:81:95:f5:c7:33:1d:ab:c2:
                    7c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:B2:18:07:C5:E2:E2:66:CB:E2:61:16:06:55:CA:F4:D3:1F:19:90
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DLIYB8Xi4mbL4mEWBlXK9NMfGZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.168.0/24
                  5.182.113.0/24
                  77.242.150.0/24
                  88.151.56.0-88.151.58.255
                  88.209.195.0/24
                  88.209.211.0/24
                  88.209.217.0/24
                  88.209.221.0/24
                  178.210.230.0/23
                  178.210.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:f6:aa:43:25:5c:6b:8e:8f:b7:ae:fb:3b:df:91:1c:4d:b5:
         fe:2e:e7:3f:5c:b3:cc:e1:08:37:46:1a:d4:3f:54:18:ba:91:
         db:0d:35:f1:51:40:8b:3a:c4:63:a4:c6:2e:75:98:64:7a:f7:
         67:d7:05:a6:e7:1a:b4:e2:e8:6c:02:58:79:43:58:1d:a4:1e:
         45:f1:2b:c6:09:89:63:2f:d7:f4:90:a7:82:59:48:ea:04:87:
         85:79:67:c5:c1:62:c3:c3:27:de:d6:76:32:38:15:9c:31:78:
         c3:7c:63:71:b4:dc:ef:dd:16:80:ca:3d:2b:e7:3e:14:6a:e8:
         4b:14:bd:f8:cc:29:c1:35:aa:b4:35:38:cd:e6:11:31:ee:c8:
         d0:d2:c4:36:21:82:b6:bf:25:6e:6a:2a:68:1f:c8:fb:6f:db:
         d8:23:07:c4:46:90:2e:0e:96:dc:23:12:60:e7:72:71:5a:8a:
         c8:02:3f:e9:63:13:b0:2f:b4:aa:7d:a7:54:e7:d9:ec:e6:4b:
         49:81:8f:76:0a:f0:d8:9e:98:8e:0d:9c:27:e4:1f:48:5d:51:
         4e:a4:8a:5f:4b:ce:bf:d6:e6:04:6a:25:92:82:0a:61:6c:bb:
         18:bd:6b:74:cd:ac:4a:7d:37:dc:7d:cd:ed:ab:1e:44:87:47:
         a8:bd:9e:8a
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYls/jaluR81B6NAaWxI2rEnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNzE5MDcxMjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2IyMTgwN2M1ZTJlMjY2Y2JlMjYxMTYwNjU1Y2FmNGQzMWYxOTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCGFXVKEXFCVC8VPaFJNitfjQdCY
PN/t3bMXJhhmS9p0Z/j3RSYVvE5x1Z1eqhgBTm3nnkV+dLQ95cQysd5j73jCr/2K
+sTiIWetrKRWhkL6k+pu5tR76tmi5c9faRWzxc3LT8iCLuhS5o+uaA48vl3ErrOr
VNsmveWKm7J15HAxaXWcELn0Fd2HmbK2F1ha3JPliaxjMeAF41hvU/YLD+0+iNm+
cmfxbuFBbiSulvjLKi2USGtdvt2+9/spbgm0NX2xFxJ7wiAekKJZ0Lwn+D+z8aiQ
OJZ7/EtdHkkUoB0T4Fg7aDyWpmeABidYXpIN9XHh0n1zgZX1xzMdq8J8DwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFAyyGAfF4uJmy+JhFgZVyvTTHxmQMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvRExJWUI4WGk0bWJMNG1FV0JsWEs5Tk1mR1pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAAjqoAwQA
BbZxAwQATfKWMAwDBANYlzgDBABYlzoDBABY0cMDBABY0dMDBABY0dkDBABY0d0D
BAGy0uYDBACy0vowDQYJKoZIhvcNAQELBQADggEBAEX2qkMlXGuOj7eu+zvfkRxN
tf4u5z9cs8zhCDdGGtQ/VBi6kdsNNfFRQIs6xGOkxi51mGR692fXBabnGrTi6GwC
WHlDWB2kHkXxK8YJiWMv1/SQp4JZSOoEh4V5Z8XBYsPDJ97WdjI4FZwxeMN8Y3G0
3O/dFoDKPSvnPhRq6EsUvfjMKcE1qrQ1OM3mETHuyNDSxDYhgra/JW5qKmgfyPtv
29gjB8RGkC4OltwjEmDncnFaisgCP+ljE7AvtKp9p1Tn2ezmS0mBj3YK8NiemI4N
nCfkH0hdUU6kil9Lzr/W5gRqJZKCCmFsuxi9a3TNrEp9N9x9ze2rHkSHR6i9noo=
-----END CERTIFICATE-----