Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/WY4zO6S9U4Cr4K1NwYX6dHSCUtY.roa
File:                     WY4zO6S9U4Cr4K1NwYX6dHSCUtY.roa (raw, json)
Hash identifier:          j4lASY2H0EY0lK12Vth4sE38kZfXWbgwByHRQQfBFEE=
Subject key identifier:   59:8E:33:3B:A4:BD:53:80:AB:E0:AD:4D:C1:85:FA:74:74:82:52:D6
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018B85089DCFD994FF6EADC9F303B0DB4715
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/WY4zO6S9U4Cr4K1NwYX6dHSCUtY.roa
Signing time:             Tue 31 Oct 2023 09:20:16 +0000
ROA not before:           Tue 31 Oct 2023 09:20:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        88.209.245.0/24 maxlen: 24
                          88.209.244.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          88.209.192.0/24 maxlen: 24
                          88.209.194.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.207.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.222.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          88.151.56.0/24 maxlen: 24
                          88.151.59.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          2.58.171.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:85:08:9d:cf:d9:94:ff:6e:ad:c9:f3:03:b0:db:47:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Oct 31 09:20:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=598e333ba4bd5380abe0ad4dc185fa74748252d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:44:56:d5:0d:8e:2e:1c:34:0d:a5:fb:95:93:
                    a5:90:5b:96:16:56:41:a1:fe:a3:81:f5:80:a0:c7:
                    90:19:71:dc:ae:32:df:07:cf:43:02:12:03:e0:7a:
                    3b:64:a0:20:91:65:63:5d:60:7e:00:69:54:59:e2:
                    59:4c:f5:6b:02:c4:9d:81:2d:53:9b:5d:14:bb:9f:
                    c0:c8:cb:3b:12:b0:77:98:2c:03:9c:15:6b:32:5e:
                    b2:5e:d8:e6:de:78:e3:58:01:76:13:66:7b:8f:05:
                    76:d4:d6:71:72:58:96:81:d0:f8:4a:87:b9:c7:0c:
                    99:e1:f7:75:33:8f:66:5e:61:c8:84:12:14:21:a2:
                    d4:bb:3a:d7:9a:46:4d:61:64:82:df:b3:af:61:ba:
                    c6:d9:a7:ee:bb:61:7e:84:1b:90:52:69:3e:80:41:
                    49:4a:10:5e:3c:f6:f6:4f:e4:20:e6:64:05:82:7d:
                    5a:5f:55:26:08:81:9c:81:ad:f5:56:f2:3b:9f:48:
                    ca:d2:5b:e5:ab:48:a1:c0:9a:30:bd:2f:cb:f9:31:
                    e5:cf:ff:ea:ec:48:1d:ff:67:14:9f:74:27:da:f8:
                    b3:b9:63:3a:92:59:f7:9a:9f:56:c4:78:77:b6:4a:
                    37:df:51:d2:b3:93:cc:12:e0:2b:da:92:df:4e:64:
                    3a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:8E:33:3B:A4:BD:53:80:AB:E0:AD:4D:C1:85:FA:74:74:82:52:D6
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/WY4zO6S9U4Cr4K1NwYX6dHSCUtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.171.0/24
                  88.151.56.0/24
                  88.151.59.0/24
                  88.151.61.0/24
                  88.209.192.0/24
                  88.209.194.0/24
                  88.209.207.0/24
                  88.209.209.0/24
                  88.209.211.0/24
                  88.209.221.0-88.209.222.255
                  88.209.224.0/23
                  88.209.244.0/23
                  178.210.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:65:d5:c8:7f:f3:ac:df:15:f4:3f:17:a3:0b:5c:8e:97:c5:
         38:16:10:25:82:11:f7:aa:bc:e9:ef:3e:7d:b4:cc:68:96:ad:
         09:eb:d9:bf:05:8b:19:dc:9c:64:ea:c0:49:c7:d0:62:df:42:
         11:96:cb:15:90:32:f6:93:ff:18:c7:4b:30:12:82:5a:bb:4c:
         4a:cb:10:99:e0:44:16:4f:5d:ed:51:2d:9f:62:0e:0e:f1:0b:
         ce:11:b8:49:81:bd:34:aa:2d:51:af:fb:54:d6:08:1e:05:67:
         f0:b3:3d:b3:e3:44:f4:90:ed:b6:da:fe:de:5a:79:1a:8e:5b:
         a6:82:ed:9d:93:08:ab:a3:af:ee:d8:0d:11:12:39:df:0e:cf:
         0a:6b:04:ab:a9:cf:98:52:ac:af:64:78:55:2c:93:44:c7:30:
         03:cb:98:d8:88:37:7c:d5:cf:ba:83:d0:1e:a5:2d:c9:87:48:
         f9:e4:79:30:be:1a:af:10:83:06:51:ff:c3:4d:2e:15:b1:f7:
         93:78:68:3b:aa:e7:03:dc:ba:f9:37:65:a5:8f:88:c2:b9:98:
         08:42:dc:c8:96:74:7d:92:68:cf:6f:54:5e:92:3e:60:f8:6a:
         6c:84:f0:eb:3c:24:0f:44:6a:bb:01:a4:55:2d:ec:61:cc:7e:
         aa:01:b5:a0
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYuFCJ3P2ZT/bq3J8wOw20cVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMDMxMDkyMDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OThlMzMzYmE0YmQ1MzgwYWJlMGFkNGRjMTg1ZmE3NDc0ODI1MmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoURW1Q2OLhw0DaX7lZOlkFuWFlZB
of6jgfWAoMeQGXHcrjLfB89DAhID4Ho7ZKAgkWVjXWB+AGlUWeJZTPVrAsSdgS1T
m10Uu5/AyMs7ErB3mCwDnBVrMl6yXtjm3njjWAF2E2Z7jwV21NZxcliWgdD4Soe5
xwyZ4fd1M49mXmHIhBIUIaLUuzrXmkZNYWSC37OvYbrG2afuu2F+hBuQUmk+gEFJ
ShBePPb2T+Qg5mQFgn1aX1UmCIGcga31VvI7n0jK0lvlq0ihwJowvS/L+THlz//q
7Egd/2cUn3Qn2vizuWM6kln3mp9WxHh3tko331HSs5PMEuAr2pLfTmQ6CwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFFmOMzukvVOAq+CtTcGF+nR0glLWMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvV1k0ek82UzlVNENyNEsxTndZWDZkSFNDVXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAAjqrAwQA
WJc4AwQAWJc7AwQAWJc9AwQAWNHAAwQAWNHCAwQAWNHPAwQAWNHRAwQAWNHTMAwD
BABY0d0DBABY0d4DBAFY0eADBAFY0fQDBACy0uwwDQYJKoZIhvcNAQELBQADggEB
AGdl1ch/86zfFfQ/F6MLXI6XxTgWECWCEfeqvOnvPn20zGiWrQnr2b8FixncnGTq
wEnH0GLfQhGWyxWQMvaT/xjHSzASglq7TErLEJngRBZPXe1RLZ9iDg7xC84RuEmB
vTSqLVGv+1TWCB4FZ/CzPbPjRPSQ7bba/t5aeRqOW6aC7Z2TCKujr+7YDRESOd8O
zwprBKupz5hSrK9keFUsk0THMAPLmNiIN3zVz7qD0B6lLcmHSPnkeTC+Gq8QgwZR
/8NNLhWx95N4aDuq5wPcuvk3ZaWPiMK5mAhC3MiWdH2SaM9vVF6SPmD4amyE8Os8
JA9EarsBpFUt7GHMfqoBtaA=
-----END CERTIFICATE-----