Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/HXb-Nff9XQdrzYzA4qzHvtgi-r0.roa
File:                     HXb-Nff9XQdrzYzA4qzHvtgi-r0.roa (raw, json)
Hash identifier:          QNa8NN0l69R7AlFsBGHn67jTbstqoyUeL7uNGK/iV0s=
Subject key identifier:   1D:76:FE:35:F7:FD:5D:07:6B:CD:8C:C0:E2:AC:C7:BE:D8:22:FA:BD
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01878E0F05593E01242C9E01AF888A871DD0
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/HXb-Nff9XQdrzYzA4qzHvtgi-r0.roa
Signing time:             Mon 17 Apr 2023 07:12:41 +0000
ROA not before:           Mon 17 Apr 2023 07:12:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.248.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          88.151.56.0/24 maxlen: 24
                          88.209.198.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          5.182.113.0/24 maxlen: 24
                          88.209.216.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8e:0f:05:59:3e:01:24:2c:9e:01:af:88:8a:87:1d:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Apr 17 07:12:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d76fe35f7fd5d076bcd8cc0e2acc7bed822fabd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:fc:cf:af:45:fc:a1:02:66:26:cb:72:ec:a3:
                    7a:9e:79:ea:cd:fe:26:e0:ce:c2:72:4b:28:fb:7d:
                    48:ac:88:7d:5e:f3:25:f4:75:15:bf:e0:d5:6a:2e:
                    f2:96:04:8f:0a:33:3d:6b:e9:da:de:88:d9:13:09:
                    44:ea:40:d8:85:55:3b:54:39:b9:2e:33:e6:01:f2:
                    c1:bc:95:4e:3e:fb:6a:04:2b:1c:02:07:ff:d4:9d:
                    16:54:39:c8:6d:32:89:41:f1:0d:2b:78:75:b5:b2:
                    76:2c:f9:ab:80:1f:91:93:2a:34:71:09:ed:ee:09:
                    23:cf:4a:b8:c2:0e:68:40:e3:4f:40:fe:79:12:ba:
                    52:7b:0f:0c:dd:e1:f6:13:21:12:29:7d:08:af:a8:
                    b2:e2:d3:1b:ac:25:ce:cd:35:11:da:29:e3:2c:60:
                    83:9f:27:e5:4c:d8:d3:48:7d:d3:ac:0b:cf:7b:44:
                    51:da:fe:f8:ac:11:78:77:d1:62:66:96:17:9a:da:
                    41:75:57:8b:28:1a:8c:7d:ec:b9:0a:06:ac:ee:8a:
                    d8:58:93:82:c8:ea:c1:49:aa:08:6b:ac:fb:6e:cb:
                    50:ed:2f:d5:96:26:71:2a:08:b8:68:6d:80:3c:5a:
                    13:3a:0c:25:a5:d9:b8:f0:c5:9a:75:bb:20:e7:26:
                    10:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:76:FE:35:F7:FD:5D:07:6B:CD:8C:C0:E2:AC:C7:BE:D8:22:FA:BD
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/HXb-Nff9XQdrzYzA4qzHvtgi-r0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.113.0/24
                  88.151.56.0/24
                  88.209.198.0/24
                  88.209.209.0/24
                  88.209.216.0/24
                  88.209.221.0/24
                  88.209.225.0/24
                  88.209.248.0/24
                  178.210.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:c2:5a:a4:83:40:91:f1:53:1b:24:07:7c:26:29:11:92:16:
         26:90:6a:21:53:a4:8e:cb:e3:08:ce:f7:63:c4:fd:69:92:e1:
         93:49:71:df:d1:8a:86:99:83:c5:7d:91:b8:19:93:2e:96:6a:
         a7:c3:99:06:23:2f:7c:9b:fb:d1:51:a3:eb:91:f7:ed:9d:62:
         0b:29:4e:0c:dd:43:52:ab:09:da:b0:f5:b8:e1:40:f2:3d:bc:
         78:d1:36:5d:89:6c:55:67:47:65:87:26:6e:1f:c7:de:7e:7f:
         b6:a1:d2:0a:aa:a9:ee:6c:c5:38:43:39:79:5a:c5:45:38:b5:
         50:8d:de:1b:59:a8:03:8d:18:43:f1:27:53:7a:27:f4:ab:65:
         3c:c8:76:29:1c:8f:9b:22:9f:93:b6:61:86:15:1d:8d:7e:c5:
         d5:62:b6:2f:db:15:c3:dc:4c:8d:17:83:ed:ef:a8:c7:c7:87:
         28:80:fd:b8:a5:88:ba:64:e4:0a:85:a5:1b:19:28:82:54:cd:
         bf:29:a3:3a:f3:3d:15:17:c8:4e:12:fe:13:c5:45:78:65:a4:
         94:5b:61:cc:8a:dd:ac:b9:b1:01:a7:89:24:3b:8c:1a:bb:98:
         43:81:9c:65:e7:ab:2c:b8:05:15:38:ff:83:c3:fb:61:f5:86:
         da:b0:f2:d0
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYeODwVZPgEkLJ4Br4iKhx3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNDE3MDcxMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDc2ZmUzNWY3ZmQ1ZDA3NmJjZDhjYzBlMmFjYzdiZWQ4MjJmYWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfzPr0X8oQJmJsty7KN6nnnqzf4m
4M7Cckso+31IrIh9XvMl9HUVv+DVai7ylgSPCjM9a+na3ojZEwlE6kDYhVU7VDm5
LjPmAfLBvJVOPvtqBCscAgf/1J0WVDnIbTKJQfENK3h1tbJ2LPmrgB+Rkyo0cQnt
7gkjz0q4wg5oQONPQP55ErpSew8M3eH2EyESKX0Ir6iy4tMbrCXOzTUR2injLGCD
nyflTNjTSH3TrAvPe0RR2v74rBF4d9FiZpYXmtpBdVeLKBqMfey5Cgas7orYWJOC
yOrBSaoIa6z7bstQ7S/VliZxKgi4aG2APFoTOgwlpdm48MWadbsg5yYQoQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFB12/jX3/V0Ha82MwOKsx77YIvq9MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvSFhiLU5mZjlYUWRyell6QTRxekh2dGdpLXIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQABbZxAwQA
WJc4AwQAWNHGAwQAWNHRAwQAWNHYAwQAWNHdAwQAWNHhAwQAWNH4AwQAstLsMA0G
CSqGSIb3DQEBCwUAA4IBAQCywlqkg0CR8VMbJAd8JikRkhYmkGohU6SOy+MIzvdj
xP1pkuGTSXHf0YqGmYPFfZG4GZMulmqnw5kGIy98m/vRUaPrkfftnWILKU4M3UNS
qwnasPW44UDyPbx40TZdiWxVZ0dlhyZuH8fefn+2odIKqqnubMU4Qzl5WsVFOLVQ
jd4bWagDjRhD8SdTeif0q2U8yHYpHI+bIp+TtmGGFR2NfsXVYrYv2xXD3EyNF4Pt
76jHx4cogP24pYi6ZOQKhaUbGSiCVM2/KaM68z0VF8hOEv4TxUV4ZaSUW2HMit2s
ubEBp4kkO4wau5hDgZxl56ssuAUVOP+Dw/th9YbasPLQ
-----END CERTIFICATE-----