Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/Cc0sS8b3yhldsYb-QO6hcmgQfxw.roa
File:                     Cc0sS8b3yhldsYb-QO6hcmgQfxw.roa (raw, json)
Hash identifier:          4l7KLqtHyg5PJsgETvUM8lwgjx8oLbXlpwEO5enj32o=
Subject key identifier:   09:CD:2C:4B:C6:F7:CA:19:5D:B1:86:FE:40:EE:A1:72:68:10:7F:1C
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       01856C6EF3989FC8CF6D373D104345F86087
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/Cc0sS8b3yhldsYb-QO6hcmgQfxw.roa
Signing time:             Sun 01 Jan 2023 08:24:48 +0000
ROA not before:           Sun 01 Jan 2023 08:24:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9050
IP address blocks:        89.39.1.0/24 maxlen: 24
                          89.39.2.0/24 maxlen: 24
                          89.39.0.0/24 maxlen: 24
                          89.39.4.0/24 maxlen: 24
                          89.39.3.0/24 maxlen: 24
                          89.34.101.0/24 maxlen: 24
                          89.39.5.0/24 maxlen: 24
                          89.34.238.0/24 maxlen: 24
                          188.241.72.0/24 maxlen: 24
                          89.40.226.0/24 maxlen: 24
                          185.248.138.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:6e:f3:98:9f:c8:cf:6d:37:3d:10:43:45:f8:60:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Jan  1 08:24:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=09cd2c4bc6f7ca195db186fe40eea17268107f1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f5:c1:82:35:6e:22:df:84:e7:8a:3a:b5:ac:
                    86:d5:21:6a:72:1d:57:2d:84:a1:91:59:ac:9d:85:
                    79:55:15:9d:90:e8:65:e8:45:9c:29:e5:f4:6f:18:
                    d6:a1:25:53:b2:e5:ed:35:0f:48:cc:24:d4:7e:ee:
                    f9:41:ee:6c:65:b5:5d:ff:a1:82:94:2b:4d:1c:34:
                    ad:b6:cb:3c:6c:93:44:1e:ca:ff:21:8f:6d:01:b8:
                    af:73:1a:13:e2:78:2b:85:d2:49:8b:68:2d:b7:04:
                    ed:d8:89:b2:cd:80:0d:ca:91:83:75:c1:47:df:99:
                    65:e3:01:d4:dd:a0:6d:d4:35:b7:57:af:4c:00:13:
                    5c:4e:da:56:c5:01:00:5f:65:8a:41:8b:6a:37:22:
                    dc:44:91:f4:d6:3b:3b:8e:3f:af:3e:b4:f3:9b:5c:
                    ab:80:12:39:f2:26:f3:f0:a5:8e:f0:7e:86:08:e5:
                    fc:ae:98:e8:91:38:3c:24:8c:84:57:bc:78:e2:4d:
                    6a:70:07:1e:f0:8b:38:7c:b7:83:60:b4:e3:17:cb:
                    94:5c:ad:4c:98:4b:9e:98:2b:dc:af:8b:30:17:5d:
                    66:d5:24:dd:1b:8e:a4:2c:5b:c1:ed:fe:1a:84:c9:
                    00:c3:7e:6f:92:17:00:c2:6f:3a:ae:86:a6:98:d5:
                    e9:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:CD:2C:4B:C6:F7:CA:19:5D:B1:86:FE:40:EE:A1:72:68:10:7F:1C
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/Cc0sS8b3yhldsYb-QO6hcmgQfxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.101.0/24
                  89.34.238.0/24
                  89.39.0.0-89.39.5.255
                  89.40.226.0/24
                  185.248.138.0/24
                  188.241.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:cb:fc:61:6a:27:b6:92:ac:2d:b8:1d:70:43:8e:f1:bf:13:
         89:b7:50:bb:97:52:04:ac:de:12:f3:5f:45:c4:c4:92:8e:9d:
         9c:cc:06:f9:80:ae:83:88:68:63:52:88:c6:52:15:44:32:2e:
         b4:5e:a2:c7:5c:aa:b6:2e:04:b4:1d:e7:0d:3f:25:25:9b:d4:
         e8:7b:54:5d:64:e3:08:4b:13:fb:16:57:da:13:53:50:ab:cf:
         2e:3c:6b:5f:d7:7f:d0:44:03:ad:a3:57:e6:2c:a8:66:09:ee:
         65:4f:cc:c5:74:8e:03:06:79:e3:5f:9d:db:45:b5:e8:79:63:
         13:47:1c:97:96:94:42:1a:1c:f8:d0:4d:d0:a3:7b:04:2a:92:
         cf:c5:7d:f5:09:8f:17:3f:27:50:ef:52:3a:8d:4b:00:07:7b:
         1c:70:ae:cd:6d:a7:df:b2:9e:51:dd:ab:a9:0c:e5:8d:eb:67:
         7a:a0:5f:e4:2e:c8:d2:78:bd:e8:79:2d:31:1c:3b:73:38:93:
         93:fd:a3:f2:dc:e3:69:f7:e5:36:3b:73:54:1b:e1:cf:33:1a:
         dc:92:be:95:ba:88:d1:51:49:3c:f4:4c:c2:72:a2:6e:5f:71:
         fb:e4:53:de:de:91:e6:45:5d:4a:0a:be:8c:c8:79:bc:6b:37:
         69:84:12:c4
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYVsbvOYn8jPbTc9EENF+GCHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjMwMTAxMDgyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWNkMmM0YmM2ZjdjYTE5NWRiMTg2ZmU0MGVlYTE3MjY4MTA3ZjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvXBgjVuIt+E54o6tayG1SFqch1X
LYShkVmsnYV5VRWdkOhl6EWcKeX0bxjWoSVTsuXtNQ9IzCTUfu75Qe5sZbVd/6GC
lCtNHDSttss8bJNEHsr/IY9tAbivcxoT4ngrhdJJi2gttwTt2ImyzYANypGDdcFH
35ll4wHU3aBt1DW3V69MABNcTtpWxQEAX2WKQYtqNyLcRJH01js7jj+vPrTzm1yr
gBI58ibz8KWO8H6GCOX8rpjokTg8JIyEV7x44k1qcAce8Is4fLeDYLTjF8uUXK1M
mEuemCvcr4swF11m1STdG46kLFvB7f4ahMkAw35vkhcAwm86roammNXpYQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFAnNLEvG98oZXbGG/kDuoXJoEH8cMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvQ2Mwc1M4YjN5aGxkc1liLVFPNmhjbWdRZnh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAxBAIAATArAwQAWSJlAwQA
WSLuMAsDAwBZJwMEAVknBAMEAFko4gMEALn4igMEALzxSDANBgkqhkiG9w0BAQsF
AAOCAQEAksv8YWontpKsLbgdcEOO8b8TibdQu5dSBKzeEvNfRcTEko6dnMwG+YCu
g4hoY1KIxlIVRDIutF6ix1yqti4EtB3nDT8lJZvU6HtUXWTjCEsT+xZX2hNTUKvP
LjxrX9d/0EQDraNX5iyoZgnuZU/MxXSOAwZ541+d20W16HljE0ccl5aUQhoc+NBN
0KN7BCqSz8V99QmPFz8nUO9SOo1LAAd7HHCuzW2n37KeUd2rqQzljetneqBf5C7I
0ni96HktMRw7cziTk/2j8tzjafflNjtzVBvhzzMa3JK+lbqI0VFJPPRMwnKibl9x
++RT3t6R5kVdSgq+jMh5vGs3aYQSxA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:14 2024 by rpki-client on console-fra.rpki-client.org