Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zBoxAijpWYawXEFgXMb7snrKcJs.roa
File:                     zBoxAijpWYawXEFgXMb7snrKcJs.roa (raw, json)
Hash identifier:          BNDzX1vz2LigMvmnWtClsjsXB5xIPicCsm7/lGdkzOk=
Subject key identifier:   CC:1A:31:02:28:E9:59:86:B0:5C:41:60:5C:C6:FB:B2:7A:CA:70:9B
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0184C3D18C7743F76EA96655FB713F109E19
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zBoxAijpWYawXEFgXMb7snrKcJs.roa
Signing time:             Tue 29 Nov 2022 14:36:40 +0000
ROA not before:           Tue 29 Nov 2022 14:36:40 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.231.0/24 maxlen: 24
                          88.209.232.0/22 maxlen: 22
                          88.209.227.0/24 maxlen: 24
                          83.137.152.0/24 maxlen: 24
                          83.137.154.0/23 maxlen: 24
                          88.209.204.0/22 maxlen: 24
                          88.209.200.0/22 maxlen: 32
                          88.209.205.0/24 maxlen: 24
                          88.209.206.0/24 maxlen: 24
                          88.209.226.0/24 maxlen: 24
                          178.210.252.0/24 maxlen: 24
                          178.210.248.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          88.151.63.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c3:d1:8c:77:43:f7:6e:a9:66:55:fb:71:3f:10:9e:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Nov 29 14:36:40 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=cc1a310228e95986b05c41605cc6fbb27aca709b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a4:c0:fa:36:37:98:ea:45:51:cb:b2:0c:cc:
                    39:2f:c5:10:b3:b0:88:2a:9f:f3:9e:43:60:98:88:
                    54:b5:97:9c:54:12:98:e5:0c:b2:58:62:ef:36:3b:
                    c2:0c:a3:52:ac:2c:5b:90:47:d7:63:dc:90:34:a1:
                    cf:4d:73:2e:d3:03:a7:09:cb:d7:90:bd:98:66:c9:
                    4c:fd:80:62:c4:57:1a:b4:c5:a8:09:39:e5:36:8a:
                    3c:a4:d8:f0:f8:23:4f:e9:f5:2b:69:e7:fa:12:9f:
                    f1:7e:5c:78:e9:3a:41:e3:fb:df:aa:91:6f:72:5c:
                    51:66:9a:c5:26:74:eb:31:f9:bd:52:a8:d0:5b:3a:
                    03:b8:06:83:4a:6d:da:87:a4:af:e3:6d:f4:89:33:
                    e0:cf:e9:24:f7:0a:b8:79:10:c7:b9:67:99:ac:4d:
                    a3:53:11:23:a1:f9:b8:fc:84:ad:4f:66:41:4f:80:
                    58:b1:d6:8a:2f:09:e9:98:b5:2a:4a:a3:b2:ae:00:
                    d2:f7:80:22:2c:f5:10:11:01:8f:53:1b:a9:ba:fc:
                    b2:01:f5:24:37:79:35:2b:dd:a7:62:ef:64:bb:87:
                    32:02:7d:cd:bd:34:a2:41:2e:e2:6b:55:2a:97:a9:
                    4a:73:0c:54:fd:84:56:a3:85:b1:7e:29:58:f2:6c:
                    1b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:1A:31:02:28:E9:59:86:B0:5C:41:60:5C:C6:FB:B2:7A:CA:70:9B
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zBoxAijpWYawXEFgXMb7snrKcJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.152.0/24
                  83.137.154.0/23
                  88.151.61.0/24
                  88.151.63.0/24
                  88.209.200.0/21
                  88.209.226.0/23
                  88.209.231.0-88.209.235.255
                  178.210.248.0/24
                  178.210.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:44:ea:cd:41:cb:09:74:eb:32:83:98:7f:ab:fc:96:35:1d:
         2a:f9:48:03:01:d3:dc:06:c6:ba:73:48:7e:80:f5:97:68:11:
         00:09:fc:8b:40:82:24:fa:ef:a0:74:66:f9:42:69:d3:57:80:
         78:56:a8:70:ed:45:36:32:75:41:5f:24:cd:87:68:8b:52:84:
         53:eb:14:d6:19:b3:59:eb:32:3c:21:67:39:17:62:02:73:5a:
         da:6e:da:73:ea:f3:cc:eb:76:1d:1c:5b:67:60:19:6d:a1:b2:
         f5:2c:51:f7:d2:55:d8:90:22:a3:b9:4f:2c:7d:a3:82:6b:a9:
         84:de:70:33:32:ee:0a:fc:e1:d9:34:5d:37:39:68:6d:f3:3c:
         17:98:45:95:98:6a:c7:07:40:a1:ac:45:51:3e:5e:5d:e9:8f:
         c2:06:66:58:48:f5:74:02:f3:c2:88:ca:a0:1f:8a:17:71:45:
         33:8a:f9:2b:2a:e5:16:e9:f6:62:27:03:61:8a:85:7e:09:aa:
         d8:8d:df:80:a6:df:69:50:e8:82:d9:ca:f5:97:12:cd:42:64:
         9d:db:87:ac:af:4c:23:2a:1d:bd:ef:d1:28:88:3e:62:95:88:
         67:bc:97:d5:4f:11:ee:9d:7b:fe:b5:97:bc:3e:f8:d7:dd:da:
         94:89:80:78
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYTD0Yx3Q/duqWZV+3E/EJ4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIxMTI5MTQzNjQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzFhMzEwMjI4ZTk1OTg2YjA1YzQxNjA1Y2M2ZmJiMjdhY2E3MDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KTA+jY3mOpFUcuyDMw5L8UQs7CI
Kp/znkNgmIhUtZecVBKY5QyyWGLvNjvCDKNSrCxbkEfXY9yQNKHPTXMu0wOnCcvX
kL2YZslM/YBixFcatMWoCTnlNoo8pNjw+CNP6fUraef6Ep/xflx46TpB4/vfqpFv
clxRZprFJnTrMfm9UqjQWzoDuAaDSm3ah6Sv4230iTPgz+kk9wq4eRDHuWeZrE2j
UxEjofm4/IStT2ZBT4BYsdaKLwnpmLUqSqOyrgDS94AiLPUQEQGPUxupuvyyAfUk
N3k1K92nYu9ku4cyAn3NvTSiQS7ia1Uql6lKcwxU/YRWo4WxfilY8mwbpQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFMwaMQIo6VmGsFxBYFzG+7J6ynCbMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvekJveEFpanBXWWF3WEVGZ1hNYjdzbnJLY0pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAU4mYAwQB
U4maAwQAWJc9AwQAWJc/AwQDWNHIAwQBWNHiMAwDBABY0ecDBAJY0egDBACy0vgD
BACy0vwwDQYJKoZIhvcNAQELBQADggEBAA5E6s1Bywl06zKDmH+r/JY1HSr5SAMB
09wGxrpzSH6A9ZdoEQAJ/ItAgiT676B0ZvlCadNXgHhWqHDtRTYydUFfJM2HaItS
hFPrFNYZs1nrMjwhZzkXYgJzWtpu2nPq88zrdh0cW2dgGW2hsvUsUffSVdiQIqO5
Tyx9o4JrqYTecDMy7gr84dk0XTc5aG3zPBeYRZWYascHQKGsRVE+Xl3pj8IGZlhI
9XQC88KIyqAfihdxRTOK+Ssq5Rbp9mInA2GKhX4JqtiN34Cm32lQ6ILZyvWXEs1C
ZJ3bh6yvTCMqHb3v0SiIPmKViGe8l9VPEe6de/61l7w++Nfd2pSJgHg=
-----END CERTIFICATE-----