Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DyHR3LgsnSswZsi9lBT9uk4yOXE.roa
File:                     DyHR3LgsnSswZsi9lBT9uk4yOXE.roa (raw, json)
Hash identifier:          1ltft7ZD6620whv7jGL24smg74DmByq3LaklERyKurg=
Subject key identifier:   0F:21:D1:DC:B8:2C:9D:2B:30:66:C8:BD:94:14:FD:BA:4E:32:39:71
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018D3B2BA1D3459881499F26FD65040DC29F
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DyHR3LgsnSswZsi9lBT9uk4yOXE.roa
Signing time:             Wed 24 Jan 2024 11:12:11 +0000
ROA not before:           Wed 24 Jan 2024 11:12:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        88.151.56.0/23 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.232.0/22 maxlen: 24
                          178.210.226.0/24 maxlen: 24
                          178.210.227.0/24 maxlen: 24
                          178.210.228.0/24 maxlen: 24
                          178.210.230.0/24 maxlen: 24
                          178.210.231.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          178.210.252.0/24 maxlen: 24
                          178.210.253.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:2b:a1:d3:45:98:81:49:9f:26:fd:65:04:0d:c2:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan 24 11:12:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f21d1dcb82c9d2b3066c8bd9414fdba4e323971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:53:61:4f:80:0f:3e:6a:df:21:7c:b5:86:8b:
                    06:f1:cb:45:e1:e3:2c:f8:8c:50:20:2e:c3:95:61:
                    d1:1c:ef:55:7b:e7:7b:08:ae:67:1f:2f:0a:dc:56:
                    9e:f6:e5:b1:7a:11:fc:87:ab:f4:21:b0:b0:d9:7c:
                    38:a0:62:21:4a:dc:75:2f:ea:d1:20:ea:07:dc:31:
                    14:fb:6c:3c:74:cd:b4:02:75:20:d0:71:a2:4f:1b:
                    51:13:7a:88:18:16:e2:be:6d:02:ff:f8:ee:33:ad:
                    e7:12:6e:42:26:ba:7a:e9:ea:cd:53:f9:5a:ca:39:
                    7c:6c:92:ae:85:df:f2:30:ff:6e:74:c9:f0:22:7f:
                    5b:c1:f4:65:67:ae:56:5f:51:90:ff:01:bf:2a:79:
                    58:fe:9f:d4:78:4f:02:9a:f2:fe:b0:5b:2a:c3:e7:
                    03:2b:d6:c5:93:4f:ba:22:b4:d1:77:06:24:24:8d:
                    1f:8c:36:79:a3:25:79:b4:42:7c:32:9d:77:03:29:
                    4d:a1:2a:79:54:db:50:31:04:e6:a2:51:5c:8c:c6:
                    86:ad:9c:70:8f:24:9b:0e:f5:0e:dc:6e:10:cb:c4:
                    e6:77:25:04:32:0e:35:7a:79:99:d6:fd:2f:8e:35:
                    c7:1f:e6:73:6f:c6:15:1f:56:55:78:30:19:a8:ea:
                    d5:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:21:D1:DC:B8:2C:9D:2B:30:66:C8:BD:94:14:FD:BA:4E:32:39:71
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/DyHR3LgsnSswZsi9lBT9uk4yOXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.56.0/23
                  88.209.211.0/24
                  88.209.232.0/22
                  178.210.226.0-178.210.228.255
                  178.210.230.0/23
                  178.210.236.0/24
                  178.210.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:bb:a7:19:f9:bb:47:58:0c:38:e1:0a:ec:6b:e0:b1:d6:04:
         e7:a8:8e:09:1e:db:f4:f8:33:df:23:41:78:db:86:c0:a6:49:
         65:c9:83:9f:36:70:28:96:2f:d5:d4:fd:eb:9a:0d:16:1d:d0:
         bb:5e:bd:46:23:8e:4c:d9:51:63:6a:2a:36:64:02:0a:11:34:
         98:f5:ba:2d:3d:ce:2a:a7:4f:67:96:4f:e2:4b:35:4a:a5:41:
         c7:8b:f4:b7:8f:d5:6a:0d:43:32:d5:8a:83:c4:87:8c:8a:5c:
         e4:02:b5:e4:ba:95:fd:07:0a:48:ad:45:6e:72:e2:c1:6a:33:
         5f:7d:d6:65:fb:10:b1:fd:f3:8f:35:a9:b1:31:0a:3f:5c:86:
         38:9c:f6:16:0b:9d:6e:9e:51:7f:4c:90:28:ef:4d:90:73:08:
         43:40:a1:84:e7:65:50:85:3d:55:e3:1a:81:7d:8a:da:49:32:
         05:d9:a8:f8:b2:d3:37:13:41:db:c6:64:fc:7d:59:16:bd:89:
         be:30:eb:4c:10:27:87:ce:5c:b4:f6:8b:07:0c:bd:69:a5:f7:
         d6:b8:da:75:ec:7c:61:39:5d:66:83:64:14:43:7f:ab:38:ef:
         d2:ad:a0:18:09:35:b6:e4:df:fc:ff:3a:fd:67:77:fa:50:ff:
         6f:a2:3e:6d
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY07K6HTRZiBSZ8m/WUEDcKfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTI0MTExMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjIxZDFkY2I4MmM5ZDJiMzA2NmM4YmQ5NDE0ZmRiYTRlMzIzOTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1NhT4APPmrfIXy1hosG8ctF4eMs
+IxQIC7DlWHRHO9Ve+d7CK5nHy8K3Fae9uWxehH8h6v0IbCw2Xw4oGIhStx1L+rR
IOoH3DEU+2w8dM20AnUg0HGiTxtRE3qIGBbivm0C//juM63nEm5CJrp66erNU/la
yjl8bJKuhd/yMP9udMnwIn9bwfRlZ65WX1GQ/wG/KnlY/p/UeE8CmvL+sFsqw+cD
K9bFk0+6IrTRdwYkJI0fjDZ5oyV5tEJ8Mp13AylNoSp5VNtQMQTmolFcjMaGrZxw
jySbDvUO3G4Qy8TmdyUEMg41enmZ1v0vjjXHH+Zzb8YVH1ZVeDAZqOrV1QIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFA8h0dy4LJ0rMGbIvZQU/bpOMjlxMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvRHlIUjNMZ3NuU3N3WnNpOWxCVDl1azR5T1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBWJc4AwQA
WNHTAwQCWNHoMAwDBAGy0uIDBACy0uQDBAGy0uYDBACy0uwDBAGy0vwwDQYJKoZI
hvcNAQELBQADggEBAD+7pxn5u0dYDDjhCuxr4LHWBOeojgke2/T4M98jQXjbhsCm
SWXJg582cCiWL9XU/euaDRYd0LtevUYjjkzZUWNqKjZkAgoRNJj1ui09ziqnT2eW
T+JLNUqlQceL9LeP1WoNQzLVioPEh4yKXOQCteS6lf0HCkitRW5y4sFqM1991mX7
ELH98481qbExCj9chjic9hYLnW6eUX9MkCjvTZBzCENAoYTnZVCFPVXjGoF9itpJ
MgXZqPiy0zcTQdvGZPx9WRa9ib4w60wQJ4fOXLT2iwcMvWml99a42nXsfGE5XWaD
ZBRDf6s479KtoBgJNbbk3/z/Ov1nd/pQ/2+iPm0=
-----END CERTIFICATE-----