Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/ieOb2o8zOqzfWXtmip5Y1SUxCUQ.roa
File:                     ieOb2o8zOqzfWXtmip5Y1SUxCUQ.roa (raw, json)
Hash identifier:          bqblY1N8fripd7OlGiJm0ItMiEGoQRsFk2KPz1nukZc=
Subject key identifier:   89:E3:9B:DA:8F:33:3A:AC:DF:59:7B:66:8A:9E:58:D5:25:31:09:44
Certificate issuer:       /CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Certificate serial:       018C255A4B3BD5E189B15BD43A76A2F86E35
Authority key identifier: C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/ieOb2o8zOqzfWXtmip5Y1SUxCUQ.roa
Signing time:             Fri 01 Dec 2023 12:28:43 +0000
ROA not before:           Fri 01 Dec 2023 12:28:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29300
IP address blocks:        81.88.64.0/20 maxlen: 20
                          82.148.160.0/19 maxlen: 19
                          109.169.96.0/19 maxlen: 19
                          2a02:2828::/32 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:25:5a:4b:3b:d5:e1:89:b1:5b:d4:3a:76:a2:f8:6e:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c592786ced6ce597585468bb4f36b31cf6acec6e
        Validity
            Not Before: Dec  1 12:28:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=89e39bda8f333aacdf597b668a9e58d525310944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:64:58:51:4f:05:d6:99:98:63:8f:90:2a:f1:
                    47:3a:33:51:05:42:00:93:0a:d8:65:ff:70:ff:d2:
                    83:b1:c8:7e:87:05:ea:8b:3f:73:a2:4e:e3:bd:9c:
                    14:d2:ca:3d:4e:f9:9f:62:f2:80:f2:a9:f0:c7:4b:
                    19:ba:78:80:e2:fa:1a:cc:b8:5a:1d:36:45:0a:af:
                    c8:18:66:63:ea:97:3c:13:93:e7:b5:ba:81:ea:d8:
                    74:c8:14:01:49:9d:ad:5d:d9:85:97:b4:42:ce:f8:
                    e7:0f:15:a0:31:5d:0a:e8:62:f8:12:1b:f4:53:5e:
                    8d:1b:a9:bc:2a:e8:a3:be:dc:89:9b:bd:9f:59:d5:
                    d3:f0:c3:2f:42:cc:16:61:b0:42:09:28:58:d5:0b:
                    e6:f8:70:1a:66:21:ab:fe:83:7b:91:89:01:46:bb:
                    a1:40:e0:42:ad:fb:26:56:92:2d:96:69:77:48:0c:
                    e3:38:3d:f0:a3:c0:03:9d:12:bc:b2:dc:53:f3:63:
                    7d:6b:a7:86:d8:0a:b8:2e:db:6a:1e:be:e1:d6:28:
                    fa:70:0a:5e:91:e4:11:a4:c1:45:bf:f8:62:7d:62:
                    45:96:ea:72:86:91:d4:c0:e8:34:a5:59:42:ce:cb:
                    45:78:86:42:4e:37:74:60:76:dd:1d:13:ed:18:a3:
                    0a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:E3:9B:DA:8F:33:3A:AC:DF:59:7B:66:8A:9E:58:D5:25:31:09:44
            X509v3 Authority Key Identifier:
                keyid:C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/ieOb2o8zOqzfWXtmip5Y1SUxCUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.88.64.0/20
                  82.148.160.0/19
                  109.169.96.0/19
                IPv6:
                  2a02:2828::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:fa:b1:e5:e0:24:58:c1:2a:60:00:03:6b:e3:c0:82:0c:4c:
         fe:e8:7a:7d:cc:ec:ca:9d:f0:a0:91:d0:f1:59:df:92:38:fe:
         a5:d3:c7:f8:66:a3:98:07:55:c0:80:bb:df:f5:65:2d:a1:e9:
         e8:49:24:97:b6:e9:3f:12:08:cb:24:49:38:8a:b6:38:9d:7d:
         4e:6d:19:de:af:89:8f:49:c1:f0:36:77:86:29:75:7b:e7:11:
         d3:ca:03:05:0e:23:6e:ec:4a:90:a6:02:41:9e:5a:02:09:68:
         8b:b8:ab:d5:68:d4:bb:e8:e6:ff:4a:9b:a9:b5:fd:b4:16:da:
         eb:b4:46:00:dd:be:64:be:0b:12:61:4e:22:65:96:46:ba:4a:
         e1:79:7e:90:4c:01:4f:0d:56:6b:c9:d0:7e:d7:3f:8a:f3:b3:
         a3:72:0f:07:2c:cc:cc:da:ea:8f:cd:08:3a:30:f2:0b:25:b4:
         84:10:d5:0f:b5:f4:ea:e1:55:f3:13:4b:71:c2:7f:49:54:52:
         06:13:1f:a0:e3:3d:c1:6f:88:50:70:37:2c:7e:4a:9c:42:1d:
         0a:9d:41:ee:17:66:ce:e8:98:2f:f5:28:f4:f2:c6:ad:25:02:
         3b:f6:56:61:3e:fb:58:55:fb:0b:ac:c7:b1:f9:04:22:15:36:
         3d:de:b5:e0
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYwlWks71eGJsVvUOnai+G41MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OTI3ODZjZWQ2Y2U1OTc1ODU0NjhiYjRmMzZiMzFjZjZh
Y2VjNmUwHhcNMjMxMjAxMTIyODQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWUzOWJkYThmMzMzYWFjZGY1OTdiNjY4YTllNThkNTI1MzEwOTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGRYUU8F1pmYY4+QKvFHOjNRBUIA
kwrYZf9w/9KDsch+hwXqiz9zok7jvZwU0so9TvmfYvKA8qnwx0sZuniA4voazLha
HTZFCq/IGGZj6pc8E5PntbqB6th0yBQBSZ2tXdmFl7RCzvjnDxWgMV0K6GL4Ehv0
U16NG6m8KuijvtyJm72fWdXT8MMvQswWYbBCCShY1Qvm+HAaZiGr/oN7kYkBRruh
QOBCrfsmVpItlml3SAzjOD3wo8ADnRK8stxT82N9a6eG2Aq4LttqHr7h1ij6cApe
keQRpMFFv/hifWJFlupyhpHUwOg0pVlCzstFeIZCTjd0YHbdHRPtGKMKhQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFInjm9qPMzqs31l7ZoqeWNUlMQlEMB8GA1UdIwQY
MBaAFMWSeGztbOWXWFRou082sxz2rOxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQt
YmEzNzUxMTQwNGMyLzEvaWVPYjJvOHpPcXpmV1h0bWlwNVkxU1V4Q1VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQtYmEzNzUxMTQwNGMy
LzEveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQEUVhAAwQF
UpSgAwQFbalgMA0EAgACMAcDBQAqAigoMA0GCSqGSIb3DQEBCwUAA4IBAQAk+rHl
4CRYwSpgAANr48CCDEz+6Hp9zOzKnfCgkdDxWd+SOP6l08f4ZqOYB1XAgLvf9WUt
oenoSSSXtuk/EgjLJEk4irY4nX1ObRner4mPScHwNneGKXV75xHTygMFDiNu7EqQ
pgJBnloCCWiLuKvVaNS76Ob/Spuptf20FtrrtEYA3b5kvgsSYU4iZZZGukrheX6Q
TAFPDVZrydB+1z+K87Ojcg8HLMzM2uqPzQg6MPILJbSEENUPtfTq4VXzE0txwn9J
VFIGEx+g4z3Bb4hQcDcsfkqcQh0KnUHuF2bO6Jgv9Sj08satJQI79lZhPvtYVfsL
rMex+QQiFTY93rXg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:23 2024 by rpki-client on console-ams.rpki-client.org