Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/o8VB4FItmkJ6Kcpcu0Kr5HbY3WE.roa
File:                     o8VB4FItmkJ6Kcpcu0Kr5HbY3WE.roa (raw, json)
Hash identifier:          fwwwWG7RSmIpG/EUHMMIzwdqPw+fQewuzBJD/XyLSTU=
Subject key identifier:   A3:C5:41:E0:52:2D:9A:42:7A:29:CA:5C:BB:42:AB:E4:76:D8:DD:61
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       1ABA878A
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/o8VB4FItmkJ6Kcpcu0Kr5HbY3WE.roa
Signing time:             Sat 01 Jan 2022 00:54:12 +0000
ROA not before:           Sat 01 Jan 2022 00:54:12 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     58224
IP address blocks:        82.97.240.0/24 maxlen: 24
                          82.97.245.0/24 maxlen: 24
                          82.97.244.0/24 maxlen: 24
                          82.97.242.0/24 maxlen: 24
                          82.97.253.0/24 maxlen: 24
                          82.97.252.0/24 maxlen: 24
                          82.97.251.0/24 maxlen: 24
                          82.97.250.0/24 maxlen: 24
                          82.97.249.0/24 maxlen: 24
                          82.97.248.0/21 maxlen: 21
                          82.97.248.0/24 maxlen: 24
                          82.97.255.0/24 maxlen: 24
                          82.97.254.0/24 maxlen: 24
                          5.159.49.0/24 maxlen: 24
                          5.159.54.0/24 maxlen: 24
                          89.46.217.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 448432010 (0x1aba878a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jan  1 00:54:12 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a3c541e0522d9a427a29ca5cbb42abe476d8dd61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a7:66:fe:e0:a8:75:11:6e:e5:92:8d:e5:e2:
                    6c:39:63:b9:b9:a1:bb:94:c9:bb:bd:52:a6:33:f6:
                    82:4d:d0:dd:1d:cc:c4:d0:20:ae:30:4f:bb:56:6b:
                    18:3b:d2:f6:21:9b:55:77:96:71:91:c8:c7:33:eb:
                    9b:49:9e:24:ad:18:fc:29:bb:c7:76:d8:18:ba:dd:
                    9e:e6:db:01:06:e2:b3:ac:ba:0d:62:56:87:35:24:
                    c6:3f:4e:4d:21:09:64:ef:95:6b:af:ad:25:4d:3e:
                    73:31:61:7e:ad:02:c9:90:f8:5d:3d:57:9b:3e:c6:
                    31:62:7a:c5:75:85:45:57:fb:84:8e:ce:39:12:d8:
                    87:7a:04:5b:79:d0:a3:5c:ab:ec:e8:76:71:78:88:
                    2a:42:db:00:19:fd:40:38:0e:ed:8b:5a:0c:77:a5:
                    60:7e:cb:4c:d5:b3:3c:68:b1:25:4e:93:b3:6a:f7:
                    20:30:34:40:e1:76:57:9a:ac:5a:2c:1b:19:05:a3:
                    96:23:c2:8f:34:52:ac:85:1e:5f:7c:89:8e:02:5d:
                    86:fc:06:42:51:a1:e6:83:d9:c2:e9:84:b4:95:15:
                    5c:17:d0:59:47:25:a2:e2:1c:46:f9:a5:62:a5:d9:
                    da:d1:8c:78:e6:d6:2c:29:34:8a:54:39:a6:a1:b5:
                    eb:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:C5:41:E0:52:2D:9A:42:7A:29:CA:5C:BB:42:AB:E4:76:D8:DD:61
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/o8VB4FItmkJ6Kcpcu0Kr5HbY3WE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.49.0/24
                  5.159.54.0/24
                  82.97.240.0/24
                  82.97.242.0/24
                  82.97.244.0/23
                  82.97.248.0/21
                  89.46.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:27:96:21:0a:30:6c:3b:65:71:d2:10:e9:b9:49:2b:e3:97:
         1f:89:58:1e:e6:5b:1b:2b:99:3d:4b:b0:8a:4c:98:bd:70:ca:
         31:8c:70:02:da:a9:1e:7f:a9:9c:a8:41:2a:b4:fe:ad:da:ba:
         f5:06:43:c7:e6:94:01:86:3b:c5:7c:89:78:c6:50:7d:ea:c1:
         a8:9d:4b:31:90:87:46:8a:48:a0:9a:1e:b6:4b:81:b8:1c:bd:
         e6:5d:d4:11:e3:5b:31:eb:cb:fc:64:ab:fa:35:e4:7a:4d:20:
         22:ab:30:a0:78:e5:41:02:32:74:d6:a4:23:5e:ea:c9:d9:c3:
         7e:c0:cd:4c:82:46:ff:6b:b2:79:2c:4e:50:49:17:f6:2b:51:
         bf:7b:8b:e7:73:fb:36:8b:a4:80:99:81:a1:fe:2c:1f:d3:d4:
         1b:4a:d6:95:2f:be:aa:a3:a9:9f:c4:a8:c7:25:97:44:d0:ea:
         ec:fa:c8:da:e1:60:6e:63:a2:a0:33:f7:72:8c:c2:77:96:e7:
         d7:d3:b3:b0:e2:58:4e:0d:44:e5:a8:53:f6:f8:e1:9a:a2:7c:
         46:13:f8:2f:56:e9:c9:a3:b8:93:a3:7a:6a:16:1a:a1:ef:c6:
         f6:82:eb:0d:e9:d4:d3:cd:55:e1:96:e7:74:d1:e2:0c:78:80:
         28:f0:f6:e7
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIEGrqHijANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZGRiMzhiMzQzZGEyZDExOTMwOWVkYWExOWM3YTc4ODcwMzI3ZWJlMB4XDTIyMDEw
MTAwNTQxMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTNjNTQxZTA1MjJk
OWE0MjdhMjljYTVjYmI0MmFiZTQ3NmQ4ZGQ2MTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK+nZv7gqHURbuWSjeXibDljubmhu5TJu71SpjP2gk3Q3R3M
xNAgrjBPu1ZrGDvS9iGbVXeWcZHIxzPrm0meJK0Y/Cm7x3bYGLrdnubbAQbis6y6
DWJWhzUkxj9OTSEJZO+Va6+tJU0+czFhfq0CyZD4XT1Xmz7GMWJ6xXWFRVf7hI7O
ORLYh3oEW3nQo1yr7Oh2cXiIKkLbABn9QDgO7YtaDHelYH7LTNWzPGixJU6Ts2r3
IDA0QOF2V5qsWiwbGQWjliPCjzRSrIUeX3yJjgJdhvwGQlGh5oPZwumEtJUVXBfQ
WUclouIcRvmlYqXZ2tGMeObWLCk0ilQ5pqG163ECAwEAAaOCAi0wggIpMB0GA1Ud
DgQWBBSjxUHgUi2aQnopyly7QqvkdtjdYTAfBgNVHSMEGDAWgBRt2zizQ9otEZMJ
7aoZx6eIcDJ+vjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JkczRzMFBhTFJHVENlMnFHY2VuaUhBeWZyNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTIvYzk2MWEwLTRmNTMtNDIyYS1iN2RkLTNkZmE1MTBkNmIxNi8x
L284VkI0Rkl0bWtKNktjcGN1MEtyNUhiWTNXRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTIv
Yzk2MWEwLTRmNTMtNDIyYS1iN2RkLTNkZmE1MTBkNmIxNi8xL2JkczRzMFBhTFJH
VENlMnFHY2VuaUhBeWZyNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBD
BggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEAAWfMQMEAAWfNgMEAFJh8AMEAFJh
8gMEAVJh9AMEA1Jh+AMEAFku2TANBgkqhkiG9w0BAQsFAAOCAQEAGieWIQowbDtl
cdIQ6blJK+OXH4lYHuZbGyuZPUuwikyYvXDKMYxwAtqpHn+pnKhBKrT+rdq69QZD
x+aUAYY7xXyJeMZQferBqJ1LMZCHRopIoJoetkuBuBy95l3UEeNbMevL/GSr+jXk
ek0gIqswoHjlQQIydNakI17qydnDfsDNTIJG/2uyeSxOUEkX9itRv3uL53P7Nouk
gJmBof4sH9PUG0rWlS++qqOpn8SoxyWXRNDq7PrI2uFgbmOioDP3cozCd5bn19Oz
sOJYTg1E5ahT9vjhmqJ8RhP4L1bpyaO4k6N6ahYaoe/G9oLrDenU081V4ZbndNHi
DHiAKPD25w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:51 2024 by rpki-client on console-fra.rpki-client.org