Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Gn67RBKMCJ3CALgWRjIZmDJNRLg.roa
File:                     Gn67RBKMCJ3CALgWRjIZmDJNRLg.roa (raw, json)
Hash identifier:          efzbu00/CaQS8AQ/bwAmji50tR0licKyCV41T3jHsGw=
Subject key identifier:   1A:7E:BB:44:12:8C:08:9D:C2:00:B8:16:46:32:19:98:32:4D:44:B8
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018DD110B0BCBEB5BEEB770277FC4D0B1DB6
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Gn67RBKMCJ3CALgWRjIZmDJNRLg.roa
Signing time:             Thu 22 Feb 2024 13:45:48 +0000
ROA not before:           Thu 22 Feb 2024 13:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        88.151.56.0/23 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.232.0/22 maxlen: 24
                          178.210.226.0/24 maxlen: 24
                          178.210.227.0/24 maxlen: 24
                          178.210.228.0/24 maxlen: 24
                          178.210.230.0/24 maxlen: 24
                          178.210.231.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          178.210.252.0/24 maxlen: 24
                          178.210.253.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:10:b0:bc:be:b5:be:eb:77:02:77:fc:4d:0b:1d:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Feb 22 13:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a7ebb44128c089dc200b81646321998324d44b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d9:ee:8e:83:e2:51:26:9e:85:c0:67:1b:67:
                    6c:ad:61:20:59:5e:56:e2:e7:1c:ce:6a:1a:80:dc:
                    8d:01:af:dd:81:7a:af:1b:74:6a:4f:b8:a7:db:69:
                    cf:2a:ff:c6:8e:13:3b:24:42:54:c1:2c:04:ff:73:
                    a9:6d:89:53:dd:2a:e1:34:39:50:7c:23:4a:d7:c4:
                    8d:86:85:e6:0c:4b:73:60:d7:ca:c3:31:30:21:99:
                    43:ca:75:3a:7b:e2:f9:be:89:51:d3:83:cc:5c:9f:
                    01:86:78:ed:17:6b:1f:e4:bc:eb:78:ff:25:bd:9b:
                    92:5b:49:bc:8e:d9:b4:79:e9:23:45:32:34:3c:a7:
                    8e:31:42:bf:5c:26:e7:d9:f6:eb:4c:41:98:4e:87:
                    ee:b1:02:bc:5d:f2:4e:b1:71:a3:0b:cd:56:d2:90:
                    bc:cd:00:bf:14:6a:47:50:4b:dd:82:5c:33:b4:19:
                    1a:82:8b:0d:2c:d6:9f:61:87:d6:3c:c8:a1:d3:82:
                    da:ed:af:c9:46:9e:cb:ca:6d:49:15:04:fa:86:27:
                    63:86:32:e3:18:81:82:c1:b6:45:05:75:a7:f1:04:
                    2d:3e:b2:c5:28:73:39:92:52:ee:b2:08:73:19:dd:
                    b6:07:bf:47:45:f9:a6:d9:fe:99:8f:96:ce:b5:cf:
                    2a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:7E:BB:44:12:8C:08:9D:C2:00:B8:16:46:32:19:98:32:4D:44:B8
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Gn67RBKMCJ3CALgWRjIZmDJNRLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.56.0/23
                  88.209.211.0/24
                  88.209.232.0/22
                  178.210.226.0-178.210.228.255
                  178.210.230.0/23
                  178.210.236.0/24
                  178.210.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:67:5f:04:65:5a:58:5f:d4:05:7f:2c:41:3a:da:fc:96:23:
         d5:a2:f1:ea:eb:16:6f:5e:8e:a8:c6:10:24:40:63:f9:9f:7b:
         88:6c:99:eb:05:6b:54:77:bf:96:96:41:eb:1b:85:98:8d:81:
         0a:a8:d3:7d:68:1f:e1:7e:ca:2e:0e:9d:e1:ee:4c:9e:94:d1:
         5b:ee:99:4b:68:e7:40:39:ee:cf:5e:e9:87:a5:bd:4a:ad:d6:
         49:e1:8c:42:0e:d6:a0:26:c2:59:5b:cd:e3:7f:f8:79:3a:46:
         d7:87:47:0a:2b:3e:62:2c:cc:a9:08:10:25:3b:8e:b3:bd:2c:
         88:b3:6b:97:73:ea:f3:85:f8:83:12:50:62:b3:be:ed:54:66:
         ce:93:15:18:00:2d:fa:63:65:c4:57:04:2d:dc:05:cb:f4:18:
         25:01:d4:c8:97:fd:e9:61:0d:b8:21:f0:4e:50:64:b8:70:90:
         96:2f:11:05:aa:b8:d0:69:ca:db:be:ce:d2:aa:a1:dd:75:02:
         34:48:73:17:68:cb:c3:23:c2:29:f1:93:c0:44:4a:27:29:2e:
         3c:8f:2c:f9:90:a3:11:32:23:82:a1:26:34:78:8b:6e:2f:c4:
         d7:18:88:be:a2:e0:85:ac:bb:82:b9:44:92:f9:91:11:b5:6e:
         73:c7:a9:24
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY3RELC8vrW+63cCd/xNCx22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMjIyMTM0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTdlYmI0NDEyOGMwODlkYzIwMGI4MTY0NjMyMTk5ODMyNGQ0NGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdnujoPiUSaehcBnG2dsrWEgWV5W
4ucczmoagNyNAa/dgXqvG3RqT7in22nPKv/GjhM7JEJUwSwE/3OpbYlT3SrhNDlQ
fCNK18SNhoXmDEtzYNfKwzEwIZlDynU6e+L5volR04PMXJ8BhnjtF2sf5LzreP8l
vZuSW0m8jtm0eekjRTI0PKeOMUK/XCbn2fbrTEGYTofusQK8XfJOsXGjC81W0pC8
zQC/FGpHUEvdglwztBkagosNLNafYYfWPMih04La7a/JRp7Lym1JFQT6hidjhjLj
GIGCwbZFBXWn8QQtPrLFKHM5klLusghzGd22B79HRfmm2f6Zj5bOtc8qxQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFBp+u0QSjAidwgC4FkYyGZgyTUS4MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvR242N1JCS01DSjNDQUxnV1JqSVptREpOUkxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBWJc4AwQA
WNHTAwQCWNHoMAwDBAGy0uIDBACy0uQDBAGy0uYDBACy0uwDBAGy0vwwDQYJKoZI
hvcNAQELBQADggEBAKZnXwRlWlhf1AV/LEE62vyWI9Wi8errFm9ejqjGECRAY/mf
e4hsmesFa1R3v5aWQesbhZiNgQqo031oH+F+yi4OneHuTJ6U0VvumUto50A57s9e
6YelvUqt1knhjEIO1qAmwllbzeN/+Hk6RteHRworPmIszKkIECU7jrO9LIiza5dz
6vOF+IMSUGKzvu1UZs6TFRgALfpjZcRXBC3cBcv0GCUB1MiX/elhDbgh8E5QZLhw
kJYvEQWquNBpytu+ztKqod11AjRIcxdoy8Mjwinxk8BESicpLjyPLPmQoxEyI4Kh
JjR4i24vxNcYiL6i4IWsu4K5RJL5kRG1bnPHqSQ=
-----END CERTIFICATE-----