Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ThmCIZzs4knnX4gEoYPdWyY4GU0.roa
File:                     ThmCIZzs4knnX4gEoYPdWyY4GU0.roa (raw, json)
Hash identifier:          Onr8Mh5QcIj0OARoyrW1NpB8lbBrsqwQTkdukEwYrPg=
Subject key identifier:   4E:19:82:21:9C:EC:E2:49:E7:5F:88:04:A1:83:DD:5B:26:38:19:4D
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0189642768E4A0049FFCD94A7731BB1079B2
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ThmCIZzs4knnX4gEoYPdWyY4GU0.roa
Signing time:             Mon 17 Jul 2023 14:00:51 +0000
ROA not before:           Mon 17 Jul 2023 14:00:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        178.210.230.0/24 maxlen: 24
                          77.242.150.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          2.58.168.0/24 maxlen: 24
                          5.182.113.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:64:27:68:e4:a0:04:9f:fc:d9:4a:77:31:bb:10:79:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jul 17 14:00:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4e1982219cece249e75f8804a183dd5b2638194d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:cc:ee:a2:82:28:01:d0:3b:96:2c:71:1f:f3:
                    2e:d1:66:5c:06:4c:ed:8c:dd:bd:41:cc:f8:3f:8e:
                    80:95:47:46:36:cb:fc:a2:e3:2d:70:f2:92:9b:69:
                    f5:c3:3f:80:d4:a5:22:e8:0a:0a:78:c7:a9:4d:8c:
                    2a:c9:48:60:a4:e1:cf:cf:da:4a:e9:ca:d9:e4:67:
                    42:3e:2b:1c:65:7f:5d:62:e3:79:f4:81:c2:05:70:
                    db:0c:6d:00:96:ca:6c:86:e2:80:28:90:8d:c8:c7:
                    18:de:a3:ad:26:2c:c7:ea:66:bb:87:ee:a1:4f:26:
                    78:2d:10:3e:39:db:0f:d2:a1:6c:9b:14:55:b6:56:
                    79:d7:a3:4f:67:2d:82:47:ad:a5:f4:a1:da:a9:1b:
                    92:c0:1d:cd:c8:d2:e4:9e:cf:ca:f0:6a:fa:75:c2:
                    9c:52:87:81:11:e4:78:0f:36:98:e8:60:69:89:7c:
                    68:ff:7e:16:49:e7:f7:94:1c:ec:3a:09:8b:bf:2e:
                    44:bf:ba:c6:66:9f:b8:e3:39:04:cd:a1:5e:8b:1d:
                    67:24:f0:d5:8c:28:f8:60:b8:d5:43:86:c0:57:b1:
                    68:bd:55:b3:c0:96:38:b7:76:04:df:6d:20:1c:cc:
                    6f:93:f7:c5:18:eb:af:4d:5e:58:e5:ac:2e:8b:5b:
                    dc:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:19:82:21:9C:EC:E2:49:E7:5F:88:04:A1:83:DD:5B:26:38:19:4D
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/ThmCIZzs4knnX4gEoYPdWyY4GU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.168.0/24
                  5.182.113.0/24
                  77.242.150.0/24
                  88.151.56.0-88.151.58.255
                  88.209.195.0/24
                  88.209.211.0/24
                  88.209.217.0/24
                  88.209.221.0/24
                  178.210.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:08:1d:84:16:f3:a6:b4:4b:b8:ff:03:a5:9a:1a:db:f7:61:
         d2:f9:34:f2:59:6d:90:ec:86:58:a2:31:81:de:80:17:94:38:
         f9:c6:a6:5d:c6:c6:e3:42:c3:39:2c:5f:b8:8e:af:3f:d3:d7:
         5c:80:4c:ea:88:83:34:48:c4:06:30:a3:7b:75:fd:60:fb:18:
         00:05:05:c8:e3:0b:41:be:94:4b:90:e0:4e:52:60:72:65:95:
         5f:30:3a:f2:57:3f:35:d9:48:8c:b7:d2:c1:77:c1:33:95:3b:
         5c:6f:86:2d:8c:fc:83:ca:6c:b6:0d:59:09:14:d7:a1:e4:1e:
         07:05:d5:bd:fc:f2:2b:80:0c:94:22:98:91:2b:d8:d4:55:3a:
         05:b3:b9:e2:e2:ea:cc:f2:c8:04:e8:0e:be:eb:5a:ac:d7:79:
         d2:30:8c:46:c7:97:a3:18:5e:c5:1a:6f:71:7f:92:33:37:a8:
         25:ba:a1:ff:70:f1:19:b6:5c:64:41:6b:bf:03:b8:07:6a:8c:
         4d:f4:09:0d:0a:3b:6c:3a:0a:f1:5b:68:ba:5d:7f:d9:97:80:
         78:c9:b5:24:21:e4:67:62:7b:2f:68:01:41:93:60:69:b7:fb:
         ca:1f:9a:43:4c:3d:26:0f:37:cd:33:99:3a:ef:e7:5b:f1:34:
         62:f1:4f:3f
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYlkJ2jkoASf/NlKdzG7EHmyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNzE3MTQwMDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTE5ODIyMTljZWNlMjQ5ZTc1Zjg4MDRhMTgzZGQ1YjI2MzgxOTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3czuooIoAdA7lixxH/Mu0WZcBkzt
jN29Qcz4P46AlUdGNsv8ouMtcPKSm2n1wz+A1KUi6AoKeMepTYwqyUhgpOHPz9pK
6crZ5GdCPiscZX9dYuN59IHCBXDbDG0AlspshuKAKJCNyMcY3qOtJizH6ma7h+6h
TyZ4LRA+OdsP0qFsmxRVtlZ516NPZy2CR62l9KHaqRuSwB3NyNLkns/K8Gr6dcKc
UoeBEeR4DzaY6GBpiXxo/34WSef3lBzsOgmLvy5Ev7rGZp+44zkEzaFeix1nJPDV
jCj4YLjVQ4bAV7FovVWzwJY4t3YE320gHMxvk/fFGOuvTV5Y5awui1vcUwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFE4ZgiGc7OJJ51+IBKGD3VsmOBlNMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvVGhtQ0laenM0a25uWDRnRW9ZUGRXeVk0R1UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAAjqoAwQA
BbZxAwQATfKWMAwDBANYlzgDBABYlzoDBABY0cMDBABY0dMDBABY0dkDBABY0d0D
BACy0uYwDQYJKoZIhvcNAQELBQADggEBAIcIHYQW86a0S7j/A6WaGtv3YdL5NPJZ
bZDshliiMYHegBeUOPnGpl3GxuNCwzksX7iOrz/T11yATOqIgzRIxAYwo3t1/WD7
GAAFBcjjC0G+lEuQ4E5SYHJllV8wOvJXPzXZSIy30sF3wTOVO1xvhi2M/IPKbLYN
WQkU16HkHgcF1b388iuADJQimJEr2NRVOgWzueLi6szyyAToDr7rWqzXedIwjEbH
l6MYXsUab3F/kjM3qCW6of9w8Rm2XGRBa78DuAdqjE30CQ0KO2w6CvFbaLpdf9mX
gHjJtSQh5Gdiey9oAUGTYGm3+8ofmkNMPSYPN80zmTrv51vxNGLxTz8=
-----END CERTIFICATE-----