Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/FVBDTjCxh6Nyj8Ae51XFK8pEJEI.roa
File:                     FVBDTjCxh6Nyj8Ae51XFK8pEJEI.roa (raw, json)
Hash identifier:          gwZ0CuNv+zPk3PfSW+/6VggYaTvgn1+OLPB0R+zwQvI=
Subject key identifier:   15:50:43:4E:30:B1:87:A3:72:8F:C0:1E:E7:55:C5:2B:CA:44:24:42
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0188BB70AFDD15433825BC130BF05C5EFC68
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/FVBDTjCxh6Nyj8Ae51XFK8pEJEI.roa
Signing time:             Wed 14 Jun 2023 19:45:04 +0000
ROA not before:           Wed 14 Jun 2023 19:45:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        178.210.231.0/24 maxlen: 24
                          178.210.228.0/24 maxlen: 24
                          178.210.230.0/23 maxlen: 24
                          178.210.250.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          77.242.157.0/24 maxlen: 24
                          88.151.62.0/24 maxlen: 24
                          77.242.158.0/24 maxlen: 24
                          77.242.159.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          45.14.9.0/24 maxlen: 24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:bb:70:af:dd:15:43:38:25:bc:13:0b:f0:5c:5e:fc:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jun 14 19:45:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1550434e30b187a3728fc01ee755c52bca442442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:66:c7:01:ee:69:db:7d:9b:7b:57:46:c3:3a:
                    92:5f:4a:fd:6f:68:5e:95:a7:e9:9b:21:e5:3d:86:
                    1e:4f:c6:e8:45:b9:fc:63:67:a3:9d:cb:d7:1c:8d:
                    4f:db:58:01:47:33:a9:9d:75:fe:e6:8f:30:b4:b4:
                    9f:4f:bd:83:67:a6:7c:40:0c:70:8c:16:8a:39:be:
                    08:00:d4:62:f9:2f:2d:78:b1:6c:90:52:62:11:fe:
                    11:8c:9c:1b:c8:d1:33:11:48:13:c3:b3:8e:4a:41:
                    13:04:6f:ba:db:b7:14:06:78:77:cf:77:47:63:01:
                    af:55:a3:cb:51:f3:15:f4:b5:40:9f:59:0a:67:97:
                    ef:1a:3a:61:90:b5:84:bd:ca:9e:ab:71:97:0a:cb:
                    d2:31:07:f6:d1:2e:4e:a3:37:c0:b8:94:44:23:82:
                    9f:b2:82:22:d0:6b:6e:8b:e5:4c:cf:55:05:75:ef:
                    af:1c:7a:b9:5d:62:65:f7:ae:c6:c6:76:5a:8b:17:
                    a0:1d:40:1b:dd:f6:d4:1d:6f:d5:3f:d8:0f:38:48:
                    a4:fb:81:c2:fe:a0:8b:64:02:36:46:57:80:c4:c5:
                    1d:18:5e:6f:db:92:01:c6:72:63:9e:a0:7b:c7:ce:
                    0f:4f:54:12:9f:5b:97:0e:1e:de:b7:15:f0:b6:9f:
                    55:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:50:43:4E:30:B1:87:A3:72:8F:C0:1E:E7:55:C5:2B:CA:44:24:42
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/FVBDTjCxh6Nyj8Ae51XFK8pEJEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.9.0/24
                  77.242.157.0-77.242.159.255
                  88.151.56.0/23
                  88.151.62.0/24
                  88.209.211.0/24
                  178.210.228.0/24
                  178.210.230.0/23
                  178.210.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:fe:68:f7:3f:67:96:7a:b3:7c:07:cf:0b:0f:56:5b:8b:29:
         7c:48:d1:90:f8:49:6f:0a:97:32:d0:63:79:9a:5c:92:cd:4e:
         6a:c0:3e:3a:c6:f9:63:c3:e8:8c:1c:1a:9a:13:21:bc:ab:cd:
         8f:12:80:e2:0f:71:d5:be:02:c6:67:97:f1:69:f8:a1:54:b3:
         7c:f8:45:0d:eb:c0:6d:69:01:2b:99:51:b1:7a:3a:cc:5c:31:
         f0:a4:97:fa:77:9e:db:9d:d9:89:79:77:66:fb:de:0a:f2:32:
         2d:b0:7f:ee:14:57:d6:1b:50:88:1e:3c:d4:0c:24:c3:3e:55:
         40:ce:f9:27:84:3c:bf:8c:47:cb:43:76:15:4e:ec:4c:29:52:
         ce:68:38:42:93:e4:3f:16:21:f2:61:d4:00:66:97:d3:05:33:
         7c:7e:c0:09:59:ca:86:38:dd:fc:71:76:10:28:76:d3:8b:e4:
         18:8a:35:26:e6:6f:9e:cd:a7:3c:89:61:2e:ae:5c:75:81:44:
         9b:45:23:7f:bc:9b:ec:02:cc:f0:b7:9a:ae:dd:b8:11:0c:74:
         2c:6e:f4:5a:fd:fc:9d:95:93:31:b3:b4:5d:ca:c5:50:7a:e9:
         cd:f8:81:21:26:40:1a:1f:52:44:3e:0a:61:f2:3c:67:38:6c:
         9a:b8:64:28
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYi7cK/dFUM4JbwTC/BcXvxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNjE0MTk0NTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTUwNDM0ZTMwYjE4N2EzNzI4ZmMwMWVlNzU1YzUyYmNhNDQyNDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWbHAe5p232be1dGwzqSX0r9b2he
lafpmyHlPYYeT8boRbn8Y2ejncvXHI1P21gBRzOpnXX+5o8wtLSfT72DZ6Z8QAxw
jBaKOb4IANRi+S8teLFskFJiEf4RjJwbyNEzEUgTw7OOSkETBG+627cUBnh3z3dH
YwGvVaPLUfMV9LVAn1kKZ5fvGjphkLWEvcqeq3GXCsvSMQf20S5OozfAuJREI4Kf
soIi0Gtui+VMz1UFde+vHHq5XWJl967GxnZaixegHUAb3fbUHW/VP9gPOEik+4HC
/qCLZAI2RleAxMUdGF5v25IBxnJjnqB7x84PT1QSn1uXDh7etxXwtp9VVwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFBVQQ04wsYejco/AHudVxSvKRCRCMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvRlZCRFRqQ3hoNk55ajhBZTUxWEZLOHBFSkVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQALQ4JMAwD
BABN8p0DBAVN8oADBAFYlzgDBABYlz4DBABY0dMDBACy0uQDBAGy0uYDBACy0vow
DQYJKoZIhvcNAQELBQADggEBADb+aPc/Z5Z6s3wHzwsPVluLKXxI0ZD4SW8KlzLQ
Y3maXJLNTmrAPjrG+WPD6IwcGpoTIbyrzY8SgOIPcdW+AsZnl/Fp+KFUs3z4RQ3r
wG1pASuZUbF6OsxcMfCkl/p3ntud2Yl5d2b73gryMi2wf+4UV9YbUIgePNQMJMM+
VUDO+SeEPL+MR8tDdhVO7EwpUs5oOEKT5D8WIfJh1ABml9MFM3x+wAlZyoY43fxx
dhAodtOL5BiKNSbmb57NpzyJYS6uXHWBRJtFI3+8m+wCzPC3mq7duBEMdCxu9Fr9
/J2VkzGztF3KxVB66c34gSEmQBofUkQ+CmHyPGc4bJq4ZCg=
-----END CERTIFICATE-----