Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zxmgdxTFYHhrLJ7RVU8vJt6uSyg.roa
File:                     zxmgdxTFYHhrLJ7RVU8vJt6uSyg.roa (raw, json)
Hash identifier:          S6RUAQQNP++qm8nkoiDWksPViWeaUGk6RcwBB8uVE/k=
Subject key identifier:   CF:19:A0:77:14:C5:60:78:6B:2C:9E:D1:55:4F:2F:26:DE:AE:4B:28
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01890CDE8A6DCBFEF1752FD81C75236400E9
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zxmgdxTFYHhrLJ7RVU8vJt6uSyg.roa
Signing time:             Fri 30 Jun 2023 15:14:18 +0000
ROA not before:           Fri 30 Jun 2023 15:14:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        88.209.244.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          88.209.192.0/24 maxlen: 24
                          88.209.194.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.207.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.222.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          88.151.59.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          2.58.171.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:0c:de:8a:6d:cb:fe:f1:75:2f:d8:1c:75:23:64:00:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jun 30 15:14:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cf19a07714c560786b2c9ed1554f2f26deae4b28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:9e:07:bf:2f:48:35:54:ed:34:0b:a0:c7:d6:
                    5e:e1:5d:9b:f2:73:9d:6b:59:ff:e5:59:70:c7:84:
                    0a:e7:c8:43:56:14:ec:8f:64:c0:e4:38:56:a7:0f:
                    1e:d2:5d:57:a0:bc:9c:14:66:e4:3e:20:a5:9a:bf:
                    5f:28:8b:1f:51:c1:fc:cc:3f:5b:6c:d6:54:cf:f5:
                    4c:42:a7:74:8f:a5:82:4c:3b:bd:85:5a:0c:ed:0b:
                    b1:bf:0e:cf:99:b9:cf:f0:f1:90:da:9a:96:e2:28:
                    74:d0:2d:05:e7:23:21:49:68:83:07:7b:e2:52:c0:
                    fb:0b:22:4c:58:12:b9:fe:d2:16:fe:e4:e8:4d:eb:
                    42:f6:aa:68:97:14:1c:ff:f7:30:79:9a:49:dc:f9:
                    dd:76:ec:1b:6f:db:0d:93:98:c5:7c:95:c9:b2:e5:
                    0a:70:63:f9:62:5c:f0:4f:27:30:6e:53:27:e1:ff:
                    2d:f0:70:d4:24:e3:a6:7e:f9:cf:4f:43:05:30:76:
                    ea:f9:be:16:95:c1:5e:92:5d:69:d2:cd:1b:ee:40:
                    55:95:7a:7d:db:ba:98:c8:52:5a:ee:62:62:a7:3f:
                    1f:c0:4e:62:6b:ee:b2:11:b5:ae:5a:cb:04:f7:b8:
                    6d:56:59:84:a9:88:99:46:ed:1e:fd:4e:a7:7b:4d:
                    d4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:19:A0:77:14:C5:60:78:6B:2C:9E:D1:55:4F:2F:26:DE:AE:4B:28
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zxmgdxTFYHhrLJ7RVU8vJt6uSyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.171.0/24
                  88.151.59.0/24
                  88.151.61.0/24
                  88.209.192.0/24
                  88.209.194.0/24
                  88.209.207.0/24
                  88.209.209.0/24
                  88.209.211.0/24
                  88.209.222.0/24
                  88.209.224.0/23
                  88.209.244.0/24
                  178.210.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:aa:4d:ef:07:a6:2c:81:01:ce:46:56:4d:1f:20:7b:4f:0e:
         16:ba:c5:6f:6f:c5:9e:d3:29:13:1a:be:bd:f6:91:2c:9c:05:
         09:c1:5e:4c:da:42:60:ac:45:ae:b7:9e:fc:36:b1:79:07:9e:
         de:99:1b:da:ef:04:b0:16:42:d6:6e:88:24:af:8c:6d:91:bd:
         93:64:fe:c3:34:ee:ae:05:c3:bc:f8:40:c0:8d:a5:72:72:54:
         f8:90:bd:91:aa:79:99:73:bb:40:11:0a:b4:18:ab:da:22:3d:
         3a:1f:7a:38:3b:05:ed:c2:71:8d:df:3c:c2:91:5d:39:85:2a:
         38:92:a0:7a:54:db:12:cc:e9:70:82:45:68:df:11:49:2c:7d:
         ff:74:0b:93:20:3d:8a:45:b0:56:2c:88:60:4d:bb:5d:17:dd:
         f5:fe:17:4a:db:f7:b0:fd:89:f3:a3:b3:54:c3:12:e9:b5:7b:
         6e:61:40:8d:df:24:fe:76:0c:88:4e:85:0c:5a:57:39:a1:d3:
         c8:e2:a2:30:5d:8d:11:f4:2b:0f:70:ae:10:02:1f:97:6e:f6:
         1d:ee:09:87:dc:6c:9f:e4:3a:f0:e4:d5:b3:c9:eb:45:8a:67:
         57:73:62:a2:ad:14:44:17:4f:e3:e6:68:25:17:cf:5c:41:39:
         36:d1:33:b0
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYkM3opty/7xdS/YHHUjZADpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNjMwMTUxNDE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjE5YTA3NzE0YzU2MDc4NmIyYzllZDE1NTRmMmYyNmRlYWU0YjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJ4Hvy9INVTtNAugx9Ze4V2b8nOd
a1n/5Vlwx4QK58hDVhTsj2TA5DhWpw8e0l1XoLycFGbkPiClmr9fKIsfUcH8zD9b
bNZUz/VMQqd0j6WCTDu9hVoM7Quxvw7PmbnP8PGQ2pqW4ih00C0F5yMhSWiDB3vi
UsD7CyJMWBK5/tIW/uToTetC9qpolxQc//cweZpJ3Pndduwbb9sNk5jFfJXJsuUK
cGP5YlzwTycwblMn4f8t8HDUJOOmfvnPT0MFMHbq+b4WlcFekl1p0s0b7kBVlXp9
27qYyFJa7mJipz8fwE5ia+6yEbWuWssE97htVlmEqYiZRu0e/U6ne03UfQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFM8ZoHcUxWB4ayye0VVPLyberksoMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvenhtZ2R4VEZZSGhyTEo3UlZVOHZKdDZ1U3lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQAAjqrAwQA
WJc7AwQAWJc9AwQAWNHAAwQAWNHCAwQAWNHPAwQAWNHRAwQAWNHTAwQAWNHeAwQB
WNHgAwQAWNH0AwQAstLsMA0GCSqGSIb3DQEBCwUAA4IBAQA7qk3vB6YsgQHORlZN
HyB7Tw4WusVvb8We0ykTGr699pEsnAUJwV5M2kJgrEWut578NrF5B57emRva7wSw
FkLWbogkr4xtkb2TZP7DNO6uBcO8+EDAjaVyclT4kL2RqnmZc7tAEQq0GKvaIj06
H3o4OwXtwnGN3zzCkV05hSo4kqB6VNsSzOlwgkVo3xFJLH3/dAuTID2KRbBWLIhg
TbtdF931/hdK2/ew/Ynzo7NUwxLptXtuYUCN3yT+dgyIToUMWlc5odPI4qIwXY0R
9CsPcK4QAh+XbvYd7gmH3Gyf5Drw5NWzyetFimdXc2KirRREF0/j5mglF89cQTk2
0TOw
-----END CERTIFICATE-----