Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/44hmJIKv7mqyKBY2rYAP9oa3-Ic.roa
File:                     44hmJIKv7mqyKBY2rYAP9oa3-Ic.roa (raw, json)
Hash identifier:          FYJSUAmNTuVQhTU+DTMDrD4j/CeaXVKowi9xScY60rM=
Subject key identifier:   E3:88:66:24:82:AF:EE:6A:B2:28:16:36:AD:80:0F:F6:86:B7:F8:87
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0183FE547968446D65DDDFAAF729FFB70A91
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/44hmJIKv7mqyKBY2rYAP9oa3-Ic.roa
Signing time:             Sat 22 Oct 2022 06:14:52 +0000
ROA not before:           Sat 22 Oct 2022 06:14:52 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.231.0/24 maxlen: 24
                          88.209.232.0/22 maxlen: 22
                          83.137.152.0/24 maxlen: 24
                          83.137.154.0/23 maxlen: 24
                          178.210.252.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          88.151.63.0/24 maxlen: 24
                          88.209.204.0/22 maxlen: 24
                          88.209.200.0/22 maxlen: 32
                          88.209.205.0/24 maxlen: 24
                          88.209.206.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:fe:54:79:68:44:6d:65:dd:df:aa:f7:29:ff:b7:0a:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Oct 22 06:14:52 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=e388662482afee6ab2281636ad800ff686b7f887
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:20:dc:fb:23:af:e7:70:27:21:63:57:7f:e5:
                    3c:7a:3d:16:59:e4:c8:76:9e:85:d3:4b:b2:fc:be:
                    75:02:5b:1a:c5:0c:eb:dc:bb:0a:c1:3e:bf:b2:05:
                    35:27:3c:c0:6d:a6:ca:2c:cf:f2:9c:34:a4:7f:c2:
                    52:5a:c1:87:d8:67:e5:f7:54:fd:e2:59:eb:df:d6:
                    da:06:07:a8:cd:e8:4c:2c:74:98:ae:52:60:cc:dd:
                    a8:6e:4d:23:34:f9:9f:07:c1:3f:06:7f:98:ae:8e:
                    5c:3e:5f:95:e9:48:0e:67:91:bf:c7:22:6f:fe:7c:
                    c4:97:73:5a:ec:c1:1f:3b:aa:b6:2c:49:8a:13:94:
                    b8:fd:d6:a1:65:38:33:4c:46:4a:86:5b:18:21:f8:
                    06:db:5c:28:3f:0d:4c:76:51:c6:29:29:bc:56:25:
                    aa:c5:e0:4c:b0:55:1b:ae:46:11:c8:5f:4c:c6:ed:
                    8a:e7:b3:be:10:d2:5b:26:4b:49:9b:d2:24:a8:78:
                    b9:8d:24:ff:54:c3:63:89:f9:db:30:82:26:3a:6e:
                    de:6e:7c:eb:25:c4:42:96:a3:ea:84:4c:a1:e1:59:
                    45:89:8a:15:37:1b:1e:8b:de:67:af:33:21:c3:53:
                    7b:63:2b:d3:0a:3b:7e:91:8a:8d:a2:47:fe:cc:03:
                    38:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:88:66:24:82:AF:EE:6A:B2:28:16:36:AD:80:0F:F6:86:B7:F8:87
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/44hmJIKv7mqyKBY2rYAP9oa3-Ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.152.0/24
                  83.137.154.0/23
                  88.151.61.0/24
                  88.151.63.0/24
                  88.209.200.0/21
                  88.209.231.0-88.209.235.255
                  178.210.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:9d:ec:5d:b2:0c:48:c4:f4:ca:40:90:e6:14:4b:c2:4a:cf:
         d1:6f:42:cc:e1:36:76:06:d8:fb:a3:e2:58:10:97:43:d7:08:
         b7:77:4a:83:e6:41:07:d1:dd:bd:18:88:01:37:a9:0d:a9:30:
         65:e8:e3:41:84:c2:78:78:4f:29:aa:df:84:3f:00:a9:14:b7:
         28:49:ab:e5:96:e9:65:2b:42:d7:ed:78:a4:2a:3e:0d:c1:5f:
         d3:60:c1:ab:72:ef:cb:22:8d:77:2c:21:24:0a:3f:17:c1:60:
         f7:68:8d:0b:44:b5:76:3e:79:90:90:d3:f4:48:24:83:d4:7f:
         59:08:01:3d:03:9d:ed:68:1f:91:f6:9f:8d:ef:d4:7a:0a:f1:
         58:6a:be:4c:ea:8e:ee:2f:de:f9:6c:ab:ac:ac:0c:0b:45:0c:
         b1:15:02:7e:bc:ae:97:15:df:14:7a:cf:91:ae:15:f0:7e:25:
         30:b0:22:b9:1a:78:21:22:e6:64:5e:a6:14:dd:87:9a:4a:48:
         d3:30:06:16:f2:56:07:db:17:10:bf:f3:b3:e7:90:5f:99:63:
         cb:9b:f3:82:d5:f2:a0:ad:56:c0:33:de:fa:b5:46:18:b2:ba:
         b2:df:b0:fe:27:52:9a:98:a6:2d:73:90:1f:68:ac:c0:37:50:
         2e:35:61:b6
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYP+VHloRG1l3d+q9yn/twqRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIxMDIyMDYxNDUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzg4NjYyNDgyYWZlZTZhYjIyODE2MzZhZDgwMGZmNjg2YjdmODg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCDc+yOv53AnIWNXf+U8ej0WWeTI
dp6F00uy/L51AlsaxQzr3LsKwT6/sgU1JzzAbabKLM/ynDSkf8JSWsGH2Gfl91T9
4lnr39baBgeozehMLHSYrlJgzN2obk0jNPmfB8E/Bn+Yro5cPl+V6UgOZ5G/xyJv
/nzEl3Na7MEfO6q2LEmKE5S4/dahZTgzTEZKhlsYIfgG21woPw1MdlHGKSm8ViWq
xeBMsFUbrkYRyF9Mxu2K57O+ENJbJktJm9IkqHi5jST/VMNjifnbMIImOm7ebnzr
JcRClqPqhEyh4VlFiYoVNxsei95nrzMhw1N7YyvTCjt+kYqNokf+zAM4RQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFOOIZiSCr+5qsigWNq2AD/aGt/iHMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvNDRobUpJS3Y3bXF5S0JZMnJZQVA5b2EzLUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAU4mYAwQB
U4maAwQAWJc9AwQAWJc/AwQDWNHIMAwDBABY0ecDBAJY0egDBACy0vwwDQYJKoZI
hvcNAQELBQADggEBAC+d7F2yDEjE9MpAkOYUS8JKz9FvQszhNnYG2Puj4lgQl0PX
CLd3SoPmQQfR3b0YiAE3qQ2pMGXo40GEwnh4Tymq34Q/AKkUtyhJq+WW6WUrQtft
eKQqPg3BX9Ngwaty78sijXcsISQKPxfBYPdojQtEtXY+eZCQ0/RIJIPUf1kIAT0D
ne1oH5H2n43v1HoK8Vhqvkzqju4v3vlsq6ysDAtFDLEVAn68rpcV3xR6z5GuFfB+
JTCwIrkaeCEi5mRephTdh5pKSNMwBhbyVgfbFxC/87PnkF+ZY8ub84LV8qCtVsAz
3vq1RhiyurLfsP4nUpqYpi1zkB9orMA3UC41YbY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:26 2024 by rpki-client on console-fra.rpki-client.org