Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Oi7T3rFDjux82mYo8bXG1MQ5uYQ.roa
File:                     Oi7T3rFDjux82mYo8bXG1MQ5uYQ.roa (raw, json)
Hash identifier:          +eX5V9ewlnJuf9bp6EVj78itVA2xGITmOjIYupY9Io0=
Subject key identifier:   3A:2E:D3:DE:B1:43:8E:EC:7C:DA:66:28:F1:B5:C6:D4:C4:39:B9:84
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       01856E81F3E4BDD682648979729648DDB01D
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Oi7T3rFDjux82mYo8bXG1MQ5uYQ.roa
Signing time:             Sun 01 Jan 2023 18:04:48 +0000
ROA not before:           Sun 01 Jan 2023 18:04:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52104
IP address blocks:        88.218.60.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:81:f3:e4:bd:d6:82:64:89:79:72:96:48:dd:b0:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Jan  1 18:04:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3a2ed3deb1438eec7cda6628f1b5c6d4c439b984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:22:60:7b:3f:b9:8e:c1:0f:ad:22:95:68:a6:
                    2f:da:4e:69:bf:16:7b:9f:79:53:34:90:f5:39:c8:
                    61:01:7f:8b:4d:09:bd:da:f1:6c:41:d0:55:65:75:
                    8f:c7:1c:17:77:f2:11:32:28:b2:68:c4:7f:46:8b:
                    6e:06:cd:b3:43:6b:94:c9:a7:59:f5:9a:91:2c:6a:
                    25:42:a2:2c:58:b8:8b:88:19:c1:13:0c:ec:3b:1f:
                    ad:1a:e3:af:90:30:ba:66:cf:c2:6c:27:af:bb:b1:
                    f7:8d:c4:b6:75:12:b5:22:f6:5b:6a:c0:3e:78:f5:
                    dc:2a:2b:08:1c:14:6d:5f:09:30:54:27:e0:07:a0:
                    49:63:e1:55:31:75:28:44:1e:43:e6:bb:cc:91:52:
                    62:39:8f:c0:27:32:83:f7:01:3f:ad:b4:12:d9:bf:
                    3e:4f:6d:4a:10:cb:c6:c9:97:be:24:73:ea:75:25:
                    ba:6a:3e:5f:b2:5c:3e:7a:7b:77:df:dd:3f:b8:b6:
                    c7:40:18:92:f0:8c:0f:70:ac:b3:88:9f:e5:16:84:
                    04:05:c4:32:c3:dc:32:ec:a2:76:c2:6c:9b:69:a6:
                    23:27:19:fb:df:57:ee:74:6d:63:0e:4b:ed:93:ab:
                    57:16:4d:7c:f5:b8:c4:e2:99:8e:c7:1c:65:7c:f9:
                    4a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:2E:D3:DE:B1:43:8E:EC:7C:DA:66:28:F1:B5:C6:D4:C4:39:B9:84
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Oi7T3rFDjux82mYo8bXG1MQ5uYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.218.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e3:6d:cb:e9:f3:7e:f9:5d:16:bf:7f:c0:60:8b:d7:88:dc:09:
         ac:31:75:44:ca:7f:cf:a6:6e:35:bd:c8:e4:7e:c5:89:6b:7a:
         c9:99:67:a3:e2:04:b2:32:e9:73:e7:cb:2e:d3:7c:c7:40:f5:
         00:ab:92:89:ed:ba:2b:59:64:e3:b4:7d:07:8e:a9:5b:96:80:
         76:94:e4:51:24:90:4b:c2:05:1f:68:03:ef:15:cc:c4:11:ab:
         83:03:c4:c9:7c:93:75:2d:6d:3d:64:3c:e7:a2:73:9e:14:48:
         db:c4:a6:e7:87:a8:2b:61:86:ca:36:1d:8f:d1:a9:34:a3:2f:
         2e:42:60:1b:60:e4:dc:72:dd:43:d2:0d:84:1b:8d:3a:32:f5:
         66:e6:32:5a:76:ab:b7:8d:25:ef:95:a2:35:8c:0b:05:9b:ce:
         02:b1:b3:dc:9a:86:62:11:7e:f9:e3:73:68:ad:a1:f7:50:5e:
         f1:ef:70:4a:77:02:15:d5:45:90:b1:00:55:b6:7f:07:17:2d:
         63:9d:1a:fd:78:bb:86:9f:50:aa:d8:7a:5b:63:1c:f8:b3:9c:
         4e:1e:60:fd:19:96:46:51:c7:f2:73:7a:4b:51:03:c5:ab:e1:
         44:b8:dc:96:f9:1e:27:ec:f7:e8:32:4c:e9:fe:61:3e:d6:da:
         1e:6d:c4:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVugfPkvdaCZIl5cpZI3bAdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjMwMTAxMTgwNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTJlZDNkZWIxNDM4ZWVjN2NkYTY2MjhmMWI1YzZkNGM0MzliOTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyJgez+5jsEPrSKVaKYv2k5pvxZ7
n3lTNJD1OchhAX+LTQm92vFsQdBVZXWPxxwXd/IRMiiyaMR/RotuBs2zQ2uUyadZ
9ZqRLGolQqIsWLiLiBnBEwzsOx+tGuOvkDC6Zs/CbCevu7H3jcS2dRK1IvZbasA+
ePXcKisIHBRtXwkwVCfgB6BJY+FVMXUoRB5D5rvMkVJiOY/AJzKD9wE/rbQS2b8+
T21KEMvGyZe+JHPqdSW6aj5fslw+ent3390/uLbHQBiS8IwPcKyziJ/lFoQEBcQy
w9wy7KJ2wmybaaYjJxn731fudG1jDkvtk6tXFk189bjE4pmOxxxlfPlKZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDou096xQ47sfNpmKPG1xtTEObmEMB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvT2k3VDNyRkRqdXg4Mm1ZbzhiWEcxTVE1dVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWNo8MA0G
CSqGSIb3DQEBCwUAA4IBAQDjbcvp8375XRa/f8Bgi9eI3AmsMXVEyn/Ppm41vcjk
fsWJa3rJmWej4gSyMulz58su03zHQPUAq5KJ7borWWTjtH0HjqlbloB2lORRJJBL
wgUfaAPvFczEEauDA8TJfJN1LW09ZDznonOeFEjbxKbnh6grYYbKNh2P0ak0oy8u
QmAbYOTcct1D0g2EG406MvVm5jJadqu3jSXvlaI1jAsFm84CsbPcmoZiEX7543No
raH3UF7x73BKdwIV1UWQsQBVtn8HFy1jnRr9eLuGn1Cq2HpbYxz4s5xOHmD9GZZG
Ucfyc3pLUQPFq+FEuNyW+R4n7PfoMkzp/mE+1toebcR+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:28 2024 by rpki-client on console-ams.rpki-client.org