Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/a1Nu1tEKaS3DstbkXX0qaP2nclY.roa
File:                     a1Nu1tEKaS3DstbkXX0qaP2nclY.roa (raw, json)
Hash identifier:          VrttYx/5MYyJXPDNOMoIvu5NOGWT94zHQcawc6nhTvM=
Subject key identifier:   6B:53:6E:D6:D1:0A:69:2D:C3:B2:D6:E4:5D:7D:2A:68:FD:A7:72:56
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0189E352C2792E59E1F6CD52DCE75837F9FD
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/a1Nu1tEKaS3DstbkXX0qaP2nclY.roa
Signing time:             Fri 11 Aug 2023 06:39:59 +0000
ROA not before:           Fri 11 Aug 2023 06:39:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.245.0/24 maxlen: 24
                          83.137.158.0/24 maxlen: 24
                          83.137.159.0/24 maxlen: 24
                          77.242.150.0/24 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          77.242.156.0/24 maxlen: 24
                          77.242.159.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.216.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24
                          178.210.250.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          88.151.63.0/24 maxlen: 24
                          2.58.168.0/24 maxlen: 24
                          2.58.170.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:e3:52:c2:79:2e:59:e1:f6:cd:52:dc:e7:58:37:f9:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Aug 11 06:39:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6b536ed6d10a692dc3b2d6e45d7d2a68fda77256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:26:0b:56:85:e2:46:b1:f6:cc:a6:ec:91:ea:
                    64:bf:47:b0:91:08:19:8f:ea:aa:18:a9:f8:fa:c9:
                    99:12:7d:db:9c:01:c8:85:49:d9:6a:96:65:0d:0d:
                    08:b7:5b:1a:3d:17:78:f8:a5:93:19:2c:f2:75:5c:
                    25:eb:0e:ed:3f:81:e5:b8:c6:38:db:5d:0f:e1:22:
                    38:c5:7e:5a:ef:eb:64:67:2d:c9:eb:20:84:34:ec:
                    53:b4:b6:7c:c3:63:d7:cd:96:ac:94:90:82:a0:fa:
                    f3:9a:6c:7e:73:b6:e1:be:df:ee:92:73:9e:a8:b3:
                    79:ca:84:b7:3a:5b:a8:74:e1:5e:5d:dc:b6:bd:e4:
                    5f:d4:e0:02:7a:bb:ce:58:81:89:db:c3:62:06:4c:
                    86:e7:c7:33:4c:4c:48:02:26:49:58:b3:8c:7d:62:
                    4f:d6:32:24:d0:7f:eb:1e:15:81:80:a3:47:0f:5f:
                    84:d9:e3:3f:7b:ba:41:29:e8:02:da:fd:80:00:dc:
                    85:a9:ea:17:72:89:1d:bf:3c:8c:ec:95:34:90:fe:
                    6f:15:9f:5b:3e:29:3f:84:28:58:43:83:a7:80:06:
                    94:68:60:8f:10:ab:86:36:6e:69:16:05:64:05:f7:
                    b1:7e:7b:1c:79:0b:25:f0:3c:bc:37:1a:d4:5a:f6:
                    32:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:53:6E:D6:D1:0A:69:2D:C3:B2:D6:E4:5D:7D:2A:68:FD:A7:72:56
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/a1Nu1tEKaS3DstbkXX0qaP2nclY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.168.0/24
                  2.58.170.0/24
                  77.242.150.0/24
                  77.242.156.0/24
                  77.242.159.0/24
                  83.137.158.0/23
                  88.151.56.0-88.151.58.255
                  88.151.63.0/24
                  88.209.195.0/24
                  88.209.211.0/24
                  88.209.216.0/23
                  88.209.245.0/24
                  178.210.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:eb:fc:39:2b:f1:cf:0e:fa:87:72:9b:8e:26:88:7e:8d:75:
         11:55:d5:ba:06:ce:5d:27:00:39:4f:6d:b0:3c:dd:61:ef:be:
         1a:67:39:81:3f:0c:26:be:be:7f:02:b2:41:f5:b0:65:23:c0:
         b6:63:5c:4d:8f:d1:41:f9:ed:6d:d6:7e:b2:c9:c7:b0:54:b9:
         92:04:0f:e4:f9:cd:62:1a:a9:23:e0:93:60:6e:23:ce:94:35:
         55:b2:d0:b3:17:07:89:ca:d8:7d:2f:0f:c0:74:53:a2:b4:26:
         70:27:c9:39:e1:f0:b7:61:b9:37:33:97:8c:d9:d0:99:60:04:
         e9:3b:c6:c4:23:ab:db:e0:13:a2:55:aa:0d:07:ae:fa:81:2e:
         2f:98:f0:6e:34:3e:07:7a:9a:4b:df:27:73:b4:77:a0:74:b9:
         33:e8:29:34:e5:bb:f3:e5:23:ab:92:48:bd:64:81:95:c6:5f:
         66:58:cf:9b:93:6f:92:7c:dc:62:02:74:09:4e:0c:8b:6f:dc:
         d5:d9:f2:4b:de:3e:98:ed:d7:23:ce:69:d0:e4:be:20:53:6f:
         c5:cf:20:eb:77:56:4f:bc:05:e4:5f:19:18:0f:a1:88:c7:2f:
         82:a7:00:08:9b:b2:84:6a:b3:27:66:b0:e1:22:a6:8e:55:8a:
         86:7b:57:1b
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYnjUsJ5Llnh9s1S3OdYN/n9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwODExMDYzOTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjUzNmVkNmQxMGE2OTJkYzNiMmQ2ZTQ1ZDdkMmE2OGZkYTc3MjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiYLVoXiRrH2zKbskepkv0ewkQgZ
j+qqGKn4+smZEn3bnAHIhUnZapZlDQ0It1saPRd4+KWTGSzydVwl6w7tP4HluMY4
210P4SI4xX5a7+tkZy3J6yCENOxTtLZ8w2PXzZaslJCCoPrzmmx+c7bhvt/uknOe
qLN5yoS3OluodOFeXdy2veRf1OACervOWIGJ28NiBkyG58czTExIAiZJWLOMfWJP
1jIk0H/rHhWBgKNHD1+E2eM/e7pBKegC2v2AANyFqeoXcokdvzyM7JU0kP5vFZ9b
Pik/hChYQ4OngAaUaGCPEKuGNm5pFgVkBfexfnsceQsl8Dy8NxrUWvYyjQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFGtTbtbRCmktw7LW5F19Kmj9p3JWMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvYTFOdTF0RUthUzNEc3Ria1hYMHFhUDJuY2xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAAjqoAwQA
AjqqAwQATfKWAwQATfKcAwQATfKfAwQBU4meMAwDBANYlzgDBABYlzoDBABYlz8D
BABY0cMDBABY0dMDBAFY0dgDBABY0fUDBACy0vowDQYJKoZIhvcNAQELBQADggEB
AIfr/Dkr8c8O+odym44miH6NdRFV1boGzl0nADlPbbA83WHvvhpnOYE/DCa+vn8C
skH1sGUjwLZjXE2P0UH57W3WfrLJx7BUuZIED+T5zWIaqSPgk2BuI86UNVWy0LMX
B4nK2H0vD8B0U6K0JnAnyTnh8LdhuTczl4zZ0JlgBOk7xsQjq9vgE6JVqg0HrvqB
Li+Y8G40Pgd6mkvfJ3O0d6B0uTPoKTTlu/PlI6uSSL1kgZXGX2ZYz5uTb5J83GIC
dAlODItv3NXZ8kvePpjt1yPOadDkviBTb8XPIOt3Vk+8BeRfGRgPoYjHL4KnAAib
soRqsydmsOEipo5VioZ7Vxs=
-----END CERTIFICATE-----