Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/yD9LbcjhiCmiUhWBtQ3jrxQYXSk.roa
File:                     yD9LbcjhiCmiUhWBtQ3jrxQYXSk.roa (raw, json)
Hash identifier:          fsG9u+ivERP5XtgiuZLg5JMpkLY+Bmr4kXhJfUeqh6Q=
Subject key identifier:   C8:3F:4B:6D:C8:E1:88:29:A2:52:15:81:B5:0D:E3:AF:14:18:5D:29
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0189BA925005F16C991F8031D405B85DC7E8
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/yD9LbcjhiCmiUhWBtQ3jrxQYXSk.roa
Signing time:             Thu 03 Aug 2023 08:44:58 +0000
ROA not before:           Thu 03 Aug 2023 08:44:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        88.209.244.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          88.209.192.0/24 maxlen: 24
                          88.209.194.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.207.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.222.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          88.151.59.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          2.58.171.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:ba:92:50:05:f1:6c:99:1f:80:31:d4:05:b8:5d:c7:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Aug  3 08:44:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c83f4b6dc8e18829a2521581b50de3af14185d29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:43:e1:68:ad:cd:c5:c4:63:8a:ef:1b:1d:d0:
                    7d:d7:bf:66:ad:d1:30:75:28:38:7c:0e:a4:c6:ca:
                    43:98:d2:9d:1e:f3:5c:0a:2b:29:4d:72:ec:ce:c5:
                    0c:41:5b:dc:97:01:df:73:a0:e8:7a:e8:ed:9c:d2:
                    33:47:37:8f:9a:6a:c3:46:eb:df:be:77:e6:24:45:
                    2e:6b:ed:36:69:c3:5a:a7:81:91:78:1f:d9:43:31:
                    85:93:b5:35:60:3b:5c:59:e3:ab:4e:01:e4:9f:18:
                    e4:eb:14:00:97:4b:2d:9b:4e:7c:98:b9:d1:2c:97:
                    74:1b:ed:70:40:19:bb:1b:c0:f7:c2:62:72:76:60:
                    3e:fd:7f:c0:e4:8f:5c:8a:ff:26:b6:ed:0c:1e:ce:
                    b0:62:b7:41:6a:89:15:89:af:e9:33:fe:00:b7:7e:
                    79:d5:72:02:c4:ba:b8:77:51:56:86:8c:c7:1b:45:
                    e5:0e:55:b6:8b:fb:ac:55:70:f2:dc:5f:ef:c1:17:
                    80:79:5c:92:a6:12:e3:bf:69:aa:4b:17:8d:15:8d:
                    2f:4c:84:42:75:97:60:70:f2:70:8e:6b:c2:c4:cd:
                    0f:e7:7d:13:9c:9b:4e:9a:31:85:44:e3:2a:7f:c5:
                    75:cb:ff:39:41:69:01:95:80:1c:3c:26:a0:32:86:
                    66:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:3F:4B:6D:C8:E1:88:29:A2:52:15:81:B5:0D:E3:AF:14:18:5D:29
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/yD9LbcjhiCmiUhWBtQ3jrxQYXSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.171.0/24
                  88.151.59.0/24
                  88.151.61.0/24
                  88.209.192.0/24
                  88.209.194.0/24
                  88.209.207.0/24
                  88.209.209.0/24
                  88.209.211.0/24
                  88.209.221.0-88.209.222.255
                  88.209.224.0/23
                  88.209.244.0/24
                  178.210.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:58:f1:b6:71:15:31:86:62:d7:51:53:89:c4:3b:7f:3a:fb:
         07:ba:7b:d3:7b:9b:50:0a:7a:90:8d:b4:87:41:13:2b:d0:e1:
         f2:d1:5c:28:e2:5b:a1:51:ce:dc:6b:57:96:c2:a4:19:08:bf:
         a8:2f:6c:10:4d:20:3b:5f:b4:50:d1:b5:b7:10:0c:11:14:16:
         dd:f0:3a:4e:13:0a:55:a1:15:ff:3e:1d:4d:cb:21:72:cf:6b:
         84:a3:27:90:d7:28:47:12:36:cd:e2:9e:b5:0b:f4:00:e8:71:
         52:4d:a3:24:df:fd:c1:ae:86:1f:86:a7:72:b9:56:4e:26:ab:
         78:f5:a7:a0:9a:79:57:94:55:62:64:0d:17:d2:a3:ad:67:02:
         57:c0:95:ac:2c:8c:ca:8f:09:9b:b2:d3:ab:2f:7a:82:96:68:
         81:3e:88:e6:56:7c:a1:32:47:66:72:c2:c3:53:c8:6c:1c:40:
         ed:53:f8:97:4d:70:21:44:ad:78:76:0d:a6:0f:f5:8c:4c:2c:
         be:60:4b:e2:4f:e1:21:d3:24:8a:97:c4:c3:bd:01:96:b3:08:
         49:9d:ce:da:c0:d7:57:7e:d2:8d:61:46:78:b6:9a:98:f5:dd:
         65:30:a9:43:a2:9d:7c:bc:6a:90:d7:04:c5:04:e6:3e:de:89:
         64:6f:35:de
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYm6klAF8WyZH4Ax1AW4XcfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwODAzMDg0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODNmNGI2ZGM4ZTE4ODI5YTI1MjE1ODFiNTBkZTNhZjE0MTg1ZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0PhaK3NxcRjiu8bHdB9179mrdEw
dSg4fA6kxspDmNKdHvNcCispTXLszsUMQVvclwHfc6DoeujtnNIzRzePmmrDRuvf
vnfmJEUua+02acNap4GReB/ZQzGFk7U1YDtcWeOrTgHknxjk6xQAl0stm058mLnR
LJd0G+1wQBm7G8D3wmJydmA+/X/A5I9civ8mtu0MHs6wYrdBaokVia/pM/4At355
1XICxLq4d1FWhozHG0XlDlW2i/usVXDy3F/vwReAeVySphLjv2mqSxeNFY0vTIRC
dZdgcPJwjmvCxM0P530TnJtOmjGFROMqf8V1y/85QWkBlYAcPCagMoZmXwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFMg/S23I4YgpolIVgbUN468UGF0pMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEveUQ5TGJjamhpQ21pVWhXQnRRM2pyeFFZWFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQAAjqrAwQA
WJc7AwQAWJc9AwQAWNHAAwQAWNHCAwQAWNHPAwQAWNHRAwQAWNHTMAwDBABY0d0D
BABY0d4DBAFY0eADBABY0fQDBACy0uwwDQYJKoZIhvcNAQELBQADggEBAJdY8bZx
FTGGYtdRU4nEO386+we6e9N7m1AKepCNtIdBEyvQ4fLRXCjiW6FRztxrV5bCpBkI
v6gvbBBNIDtftFDRtbcQDBEUFt3wOk4TClWhFf8+HU3LIXLPa4SjJ5DXKEcSNs3i
nrUL9ADocVJNoyTf/cGuhh+Gp3K5Vk4mq3j1p6CaeVeUVWJkDRfSo61nAlfAlaws
jMqPCZuy06sveoKWaIE+iOZWfKEyR2ZywsNTyGwcQO1T+JdNcCFErXh2DaYP9YxM
LL5gS+JP4SHTJIqXxMO9AZazCEmdztrA11d+0o1hRni2mpj13WUwqUOinXy8apDX
BMUE5j7eiWRvNd4=
-----END CERTIFICATE-----