Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/q-a51RMNbP8feYHC5Bb88luHrck.roa
File:                     q-a51RMNbP8feYHC5Bb88luHrck.roa (raw, json)
Hash identifier:          We3Bw4Dp63Rv02xDhXGJe1k+viJJwlFBOA+R5vkVl8Y=
Subject key identifier:   AB:E6:B9:D5:13:0D:6C:FF:1F:79:81:C2:E4:16:FC:F2:5B:87:AD:C9
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01892F2160111564723594ACC45D156D16DE
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/q-a51RMNbP8feYHC5Bb88luHrck.roa
Signing time:             Fri 07 Jul 2023 06:54:23 +0000
ROA not before:           Fri 07 Jul 2023 06:54:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.230.0/24 maxlen: 24
                          88.209.255.0/24 maxlen: 24
                          178.210.230.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          2.58.169.0/24 maxlen: 24
                          5.182.113.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.216.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:2f:21:60:11:15:64:72:35:94:ac:c4:5d:15:6d:16:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jul  7 06:54:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=abe6b9d5130d6cff1f7981c2e416fcf25b87adc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5b:78:69:2f:e7:cf:d0:df:48:e1:f2:1a:8c:
                    dc:95:b4:48:22:39:8d:f4:b3:b8:c6:06:ec:20:f6:
                    44:02:b2:5c:b1:7c:c7:ab:50:95:a1:a8:14:6b:f5:
                    dc:c7:cb:15:34:3a:93:ea:a5:69:7a:df:5c:1e:ee:
                    42:a9:ef:19:7e:da:e9:ff:7b:94:e3:eb:35:4d:58:
                    40:48:03:27:a2:35:3b:64:eb:b8:22:d5:4b:67:b6:
                    f2:0c:38:c7:1d:f7:9a:6d:58:aa:91:e6:17:41:b7:
                    a5:1d:e8:86:b3:f5:3e:fa:c6:e0:a9:3a:5e:9b:65:
                    9a:e3:c7:5d:6f:29:de:47:85:a8:50:72:22:06:b3:
                    62:f1:ec:49:d7:61:8f:91:6a:ef:b5:70:83:64:24:
                    92:4c:65:24:34:96:d0:bc:f6:2a:ee:9d:70:ed:d2:
                    26:0d:5e:b2:ed:9b:b8:15:d6:06:81:40:89:4b:ff:
                    7f:45:3c:65:a2:14:fc:17:4f:cc:25:50:a9:ee:55:
                    f5:42:eb:a2:4d:27:dd:ef:06:0d:2b:47:ea:1e:ee:
                    d5:ca:7a:7f:7c:02:16:dc:7e:ad:fc:b4:3d:b7:35:
                    1b:31:51:58:02:54:c9:f7:16:d2:35:18:93:e0:48:
                    0a:ba:d5:af:0e:c2:4e:fc:2b:59:80:e5:2c:8d:da:
                    94:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:E6:B9:D5:13:0D:6C:FF:1F:79:81:C2:E4:16:FC:F2:5B:87:AD:C9
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/q-a51RMNbP8feYHC5Bb88luHrck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.169.0/24
                  5.182.113.0/24
                  88.151.56.0-88.151.58.255
                  88.209.195.0/24
                  88.209.211.0/24
                  88.209.216.0/24
                  88.209.221.0/24
                  88.209.230.0/24
                  88.209.255.0/24
                  178.210.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:32:08:7f:fa:6e:d5:b9:f5:42:0f:9e:3e:6d:39:b9:3d:5d:
         54:c5:21:34:2c:c3:85:68:ba:ea:ad:1f:25:9e:92:ad:f2:de:
         cb:cc:c1:a1:62:f4:55:77:ff:b6:68:21:e1:95:1f:65:0b:66:
         28:83:be:91:fd:f2:2d:97:f3:7b:55:cf:d7:8d:af:df:de:89:
         66:86:44:15:46:51:9e:f0:92:1e:37:d0:68:c3:58:83:9f:bc:
         3d:c6:fa:20:23:38:79:67:d3:fd:cb:41:e8:46:ff:6c:75:3d:
         78:13:50:4c:84:fc:7f:af:ce:cb:1f:3a:31:c4:45:4d:72:6b:
         dd:fb:e0:e3:c2:d8:fc:32:1e:11:87:cf:fa:af:6d:13:bd:f5:
         39:cc:32:23:79:da:03:0c:29:66:68:8b:78:85:fe:cc:c9:09:
         39:4c:e3:9d:6f:14:32:c3:db:de:6f:93:75:a3:f9:fc:65:8d:
         3d:dc:da:dc:2c:c1:9f:7d:71:29:bb:16:0c:ad:4f:d0:04:cf:
         a3:e1:2d:b6:2e:af:62:72:a9:b8:22:2c:b6:62:76:cd:a7:93:
         83:c2:a3:31:a3:6d:d5:d3:2e:18:64:af:ec:75:1a:0d:12:b4:
         86:e0:a2:28:3b:d3:56:17:e6:67:9a:cb:9d:cd:33:63:7e:1c:
         14:d6:a1:45
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYkvIWARFWRyNZSsxF0VbRbeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNzA3MDY1NDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmU2YjlkNTEzMGQ2Y2ZmMWY3OTgxYzJlNDE2ZmNmMjViODdhZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVt4aS/nz9DfSOHyGozclbRIIjmN
9LO4xgbsIPZEArJcsXzHq1CVoagUa/Xcx8sVNDqT6qVpet9cHu5Cqe8Zftrp/3uU
4+s1TVhASAMnojU7ZOu4ItVLZ7byDDjHHfeabViqkeYXQbelHeiGs/U++sbgqTpe
m2Wa48ddbyneR4WoUHIiBrNi8exJ12GPkWrvtXCDZCSSTGUkNJbQvPYq7p1w7dIm
DV6y7Zu4FdYGgUCJS/9/RTxlohT8F0/MJVCp7lX1QuuiTSfd7wYNK0fqHu7Vynp/
fAIW3H6t/LQ9tzUbMVFYAlTJ9xbSNRiT4EgKutWvDsJO/CtZgOUsjdqUewIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFKvmudUTDWz/H3mBwuQW/PJbh63JMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvcS1hNTFSTU5iUDhmZVlIQzVCYjg4bHVIcmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAAjqpAwQA
BbZxMAwDBANYlzgDBABYlzoDBABY0cMDBABY0dMDBABY0dgDBABY0d0DBABY0eYD
BABY0f8DBACy0uYwDQYJKoZIhvcNAQELBQADggEBAJIyCH/6btW59UIPnj5tObk9
XVTFITQsw4VouuqtHyWekq3y3svMwaFi9FV3/7ZoIeGVH2ULZiiDvpH98i2X83tV
z9eNr9/eiWaGRBVGUZ7wkh430GjDWIOfvD3G+iAjOHln0/3LQehG/2x1PXgTUEyE
/H+vzssfOjHERU1ya9374OPC2PwyHhGHz/qvbRO99TnMMiN52gMMKWZoi3iF/szJ
CTlM451vFDLD295vk3Wj+fxljT3c2twswZ99cSm7FgytT9AEz6PhLbYur2Jyqbgi
LLZids2nk4PCozGjbdXTLhhkr+x1Gg0StIbgoig701YX5meay53NM2N+HBTWoUU=
-----END CERTIFICATE-----