Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/1ky95pRFYHqNUVzXaaPAmaMHO_A.roa
File:                     1ky95pRFYHqNUVzXaaPAmaMHO_A.roa (raw, json)
Hash identifier:          lv1bQM83Guac0H4OmqQ7CCfpAcsiveIxacxmWg9J+78=
Subject key identifier:   D6:4C:BD:E6:94:45:60:7A:8D:51:5C:D7:69:A3:C0:99:A3:07:3B:F0
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018AD1F2D5BC7F668BDB64576FFE5DD65277
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/1ky95pRFYHqNUVzXaaPAmaMHO_A.roa
Signing time:             Tue 26 Sep 2023 14:44:27 +0000
ROA not before:           Tue 26 Sep 2023 14:44:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.253.0/24 maxlen: 24
                          178.210.228.0/24 maxlen: 24
                          77.242.150.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          88.151.62.0/24 maxlen: 24
                          5.182.113.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d1:f2:d5:bc:7f:66:8b:db:64:57:6f:fe:5d:d6:52:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Sep 26 14:44:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d64cbde69445607a8d515cd769a3c099a3073bf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:79:0a:3a:f4:60:18:60:11:2e:a7:49:30:0f:
                    80:78:20:23:6e:2a:3b:b7:51:3b:af:de:3d:ab:89:
                    21:a4:04:97:c5:09:c8:9d:69:91:9f:bc:8d:c4:48:
                    cf:d3:ab:94:9d:e5:fd:f0:87:25:c8:ca:3c:e2:63:
                    7a:0c:d7:d8:86:29:bf:a5:50:5d:cb:97:c3:3a:30:
                    54:10:cf:55:f8:65:37:5a:da:b6:f4:2d:7d:17:f0:
                    aa:4f:62:53:c6:54:98:5c:03:9c:ef:f1:a5:e9:b2:
                    b1:72:cf:eb:17:a1:24:58:e1:32:c0:fe:8c:44:02:
                    d0:3f:ee:84:b7:96:60:ef:2f:2e:10:39:eb:31:64:
                    8e:61:e8:ed:8e:94:36:0e:79:b3:99:4a:d5:ac:13:
                    99:b8:0a:ad:c3:35:3a:49:bf:ee:b8:27:0a:91:4c:
                    d3:9c:60:99:c9:f2:65:6b:6c:cf:66:94:bb:29:5e:
                    ed:34:ad:2a:f5:6b:0b:b7:54:a8:72:b8:30:68:dc:
                    4f:5b:8f:da:7a:3a:14:08:1c:e3:51:04:7b:09:49:
                    ea:08:5b:58:9b:f1:d1:bf:64:fc:c2:46:02:ec:b0:
                    cf:7e:75:c7:a6:cd:7c:5a:84:1c:95:0c:c0:60:04:
                    c1:aa:b4:6c:fe:48:52:cf:56:bd:f0:c5:bf:01:e4:
                    4d:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:4C:BD:E6:94:45:60:7A:8D:51:5C:D7:69:A3:C0:99:A3:07:3B:F0
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/1ky95pRFYHqNUVzXaaPAmaMHO_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.113.0/24
                  77.242.150.0/24
                  88.151.56.0/23
                  88.151.62.0/24
                  88.209.211.0/24
                  88.209.217.0/24
                  88.209.253.0/24
                  178.210.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:fd:ef:a9:85:eb:ec:1b:dc:6a:87:cf:51:68:ca:02:64:27:
         bd:02:1b:53:ce:3f:67:f0:c3:35:a1:31:7a:f8:8a:fd:a5:35:
         75:f1:8d:8b:c5:05:57:0b:1c:94:af:4a:82:7a:a8:a2:73:fd:
         fe:43:b7:0a:c8:05:a2:0b:c6:38:1c:07:0a:96:68:86:6d:bc:
         bb:5e:85:ec:55:22:02:ad:41:05:4e:9b:52:d8:12:92:88:38:
         cf:6f:e1:a7:07:41:2a:96:92:90:d2:30:cd:bc:03:72:14:15:
         8c:24:47:a9:d1:7b:ff:05:a0:4a:20:35:f8:61:ae:33:38:99:
         97:e0:72:e9:33:f9:77:cd:b4:4c:37:cf:33:42:61:b0:ef:13:
         f3:a2:11:d8:41:de:c1:18:ed:c2:ab:1c:ed:a6:5d:dc:bb:c7:
         84:1b:d8:c6:2a:b7:26:5b:3d:8e:05:16:b5:ea:b0:85:35:4d:
         9f:31:e4:cf:d5:25:de:2e:c2:0c:ee:e4:bb:77:16:58:a2:f3:
         5a:b2:1b:36:4b:c6:d9:9a:08:50:fb:32:e4:59:5d:67:b2:36:
         63:45:99:a2:1b:79:c0:74:8b:34:e2:11:a0:6f:dd:12:a7:3c:
         09:00:ea:7b:c0:c2:99:32:56:d1:50:41:28:14:14:d7:04:39:
         b4:4a:ef:47
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYrR8tW8f2aL22RXb/5d1lJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwOTI2MTQ0NDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjRjYmRlNjk0NDU2MDdhOGQ1MTVjZDc2OWEzYzA5OWEzMDczYmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XkKOvRgGGARLqdJMA+AeCAjbio7
t1E7r949q4khpASXxQnInWmRn7yNxEjP06uUneX98IclyMo84mN6DNfYhim/pVBd
y5fDOjBUEM9V+GU3Wtq29C19F/CqT2JTxlSYXAOc7/Gl6bKxcs/rF6EkWOEywP6M
RALQP+6Et5Zg7y8uEDnrMWSOYejtjpQ2DnmzmUrVrBOZuAqtwzU6Sb/uuCcKkUzT
nGCZyfJla2zPZpS7KV7tNK0q9WsLt1SocrgwaNxPW4/aejoUCBzjUQR7CUnqCFtY
m/HRv2T8wkYC7LDPfnXHps18WoQclQzAYATBqrRs/khSz1a98MW/AeRN7wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNZMveaURWB6jVFc12mjwJmjBzvwMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvMWt5OTVwUkZZSHFOVVZ6WGFhUEFtYU1IT19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQABbZxAwQA
TfKWAwQBWJc4AwQAWJc+AwQAWNHTAwQAWNHZAwQAWNH9AwQAstLkMA0GCSqGSIb3
DQEBCwUAA4IBAQBW/e+phevsG9xqh89RaMoCZCe9AhtTzj9n8MM1oTF6+Ir9pTV1
8Y2LxQVXCxyUr0qCeqiic/3+Q7cKyAWiC8Y4HAcKlmiGbby7XoXsVSICrUEFTptS
2BKSiDjPb+GnB0EqlpKQ0jDNvANyFBWMJEep0Xv/BaBKIDX4Ya4zOJmX4HLpM/l3
zbRMN88zQmGw7xPzohHYQd7BGO3Cqxztpl3cu8eEG9jGKrcmWz2OBRa16rCFNU2f
MeTP1SXeLsIM7uS7dxZYovNashs2S8bZmghQ+zLkWV1nsjZjRZmiG3nAdIs04hGg
b90SpzwJAOp7wMKZMlbRUEEoFBTXBDm0Su9H
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:26 2024 by rpki-client on console-fra.rpki-client.org