Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/88625w5bovsq9q_TvzU7WwqJU7E.roa
File:                     88625w5bovsq9q_TvzU7WwqJU7E.roa (raw, json)
Hash identifier:          5+V2yJ3m3kutKLb1m+Y006HzJCCT79cyiP6aSc5LPtY=
Subject key identifier:   F3:CE:B6:E7:0E:5B:A2:FB:2A:F6:AF:D3:BF:35:3B:5B:0A:89:53:B1
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0183D682C11398773793238E0AB2C38207C8
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/88625w5bovsq9q_TvzU7WwqJU7E.roa
Signing time:             Fri 14 Oct 2022 12:40:36 +0000
ROA not before:           Fri 14 Oct 2022 12:40:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42864
IP address blocks:        88.209.227.0/24 maxlen: 24
                          178.210.224.0/21 maxlen: 21
                          83.137.159.0/24 maxlen: 24
                          193.138.125.0/24 maxlen: 24
                          178.248.200.0/21 maxlen: 21
                          45.9.171.0/24 maxlen: 24
                          45.9.170.0/24 maxlen: 24
                          45.9.169.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          77.242.144.0/20 maxlen: 20
                          88.209.192.0/21 maxlen: 24
                          88.209.208.0/20 maxlen: 24
                          88.209.226.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          92.52.219.0/24 maxlen: 24
                          45.14.10.0/24 maxlen: 24
                          45.14.8.0/24 maxlen: 24
                          92.52.212.0/22 maxlen: 24
                          92.52.210.0/23 maxlen: 23
                          92.52.209.0/24 maxlen: 24
                          92.52.208.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:d6:82:c1:13:98:77:37:93:23:8e:0a:b2:c3:82:07:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Oct 14 12:40:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f3ceb6e70e5ba2fb2af6afd3bf353b5b0a8953b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ad:df:7f:0d:54:e0:e9:d3:a5:85:92:65:76:
                    f4:64:d4:3e:b1:96:2f:23:8e:61:4f:fc:97:86:28:
                    fe:7e:4b:f5:67:53:cf:fe:b9:4d:c4:79:12:96:36:
                    ea:54:a3:0e:8d:8a:03:de:0f:ea:3d:25:2d:b4:79:
                    8d:17:4b:37:26:cf:8c:8b:c1:15:fb:33:d2:a9:d7:
                    2e:a0:3a:f9:83:00:83:4e:f1:ed:8f:2b:9c:2b:dc:
                    91:92:6f:80:ed:f7:3e:3e:2a:32:8a:a7:65:f9:94:
                    73:68:2d:1c:0d:f6:79:fd:c2:02:77:af:1f:6f:b5:
                    6f:1a:42:9b:74:19:b1:ad:2b:1d:e0:2f:04:02:8c:
                    bd:85:21:b3:f8:95:9b:74:d2:c6:6b:b1:77:e6:d8:
                    29:63:1b:1c:2e:38:98:21:e2:10:22:d2:12:83:1c:
                    29:3b:68:c8:6a:b9:1e:eb:dc:84:21:80:77:28:01:
                    e3:e4:fd:a8:3f:ff:98:ba:a0:1a:c5:e0:8d:f7:48:
                    2b:a1:ec:e2:d2:7d:d5:61:e7:36:bb:5a:71:41:bb:
                    49:a5:81:04:7d:8e:63:e1:eb:c2:a5:99:00:9f:59:
                    28:f1:24:3e:1d:75:8b:2d:79:e9:96:c4:0e:a5:5f:
                    8a:23:06:fb:ee:79:bd:d5:8d:4f:c2:05:a3:e1:cf:
                    9f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:CE:B6:E7:0E:5B:A2:FB:2A:F6:AF:D3:BF:35:3B:5B:0A:89:53:B1
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/88625w5bovsq9q_TvzU7WwqJU7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.169.0-45.9.171.255
                  45.14.8.0/24
                  45.14.10.0/24
                  77.242.144.0/20
                  83.137.159.0/24
                  88.209.192.0/21
                  88.209.208.0-88.209.227.255
                  92.52.208.0/21
                  92.52.219.0/24
                  178.210.224.0/21
                  178.210.236.0/24
                  178.248.200.0/21
                  193.138.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:c6:99:c4:4a:da:55:06:d9:7a:fa:91:64:15:09:2d:ce:81:
         04:c3:a4:4c:0b:ef:2f:49:f8:36:32:f7:ce:90:cb:35:85:c4:
         fc:89:f5:17:fd:7c:ef:5f:7b:48:f0:0d:ef:86:8f:c7:16:ae:
         8d:21:0c:46:1d:23:51:26:7f:71:f9:a2:48:11:e1:6c:fd:0c:
         d6:08:52:35:b7:4b:93:bc:44:08:e2:37:71:37:d2:50:8e:23:
         e2:95:0b:be:6f:aa:ee:70:52:2b:e0:86:a1:3b:24:fd:56:82:
         ff:a9:5f:9d:78:52:f0:21:49:d2:9a:fa:27:24:2e:d6:fc:9a:
         23:cc:0b:6a:ba:f1:76:11:7f:af:fb:65:9a:56:fb:5f:1d:7f:
         48:79:d3:45:a3:a6:49:c0:7a:b2:fc:33:1f:c0:51:0b:dd:0a:
         33:cd:b4:8e:49:f5:be:cb:1f:c9:76:a9:8a:a9:d3:3d:79:35:
         d1:f0:24:db:d9:82:dd:e3:a8:2d:75:58:e1:ab:0b:31:2a:00:
         a8:0a:65:58:30:43:94:5a:4b:bf:b3:2e:ce:8d:eb:b6:28:50:
         64:db:ce:b9:45:ef:0e:4f:99:e8:a4:cf:42:95:72:ae:cf:ab:
         f2:40:a9:77:a4:5f:71:70:05:e9:47:88:7b:90:8c:12:3b:98:
         fc:96:76:62
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYPWgsETmHc3kyOOCrLDggfIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIxMDE0MTI0MDM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2NlYjZlNzBlNWJhMmZiMmFmNmFmZDNiZjM1M2I1YjBhODk1M2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgK3ffw1U4OnTpYWSZXb0ZNQ+sZYv
I45hT/yXhij+fkv1Z1PP/rlNxHkSljbqVKMOjYoD3g/qPSUttHmNF0s3Js+Mi8EV
+zPSqdcuoDr5gwCDTvHtjyucK9yRkm+A7fc+Pioyiqdl+ZRzaC0cDfZ5/cICd68f
b7VvGkKbdBmxrSsd4C8EAoy9hSGz+JWbdNLGa7F35tgpYxscLjiYIeIQItISgxwp
O2jIarke69yEIYB3KAHj5P2oP/+YuqAaxeCN90groezi0n3VYec2u1pxQbtJpYEE
fY5j4evCpZkAn1ko8SQ+HXWLLXnplsQOpV+KIwb77nm91Y1PwgWj4c+fpwIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFPPOtucOW6L7Kvav0781O1sKiVOxMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvODg2MjV3NWJvdnNxOXFfVHZ6VTdXd3FKVTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeMAwDBAAtCakD
BAItCagDBAAtDggDBAAtDgoDBARN8pADBABTiZ8DBANY0cAwDAMEBFjR0AMEAljR
4AMEA1w00AMEAFw02wMEA7LS4AMEALLS7AMEA7L4yAMEAMGKfTANBgkqhkiG9w0B
AQsFAAOCAQEAgsaZxEraVQbZevqRZBUJLc6BBMOkTAvvL0n4NjL3zpDLNYXE/In1
F/187197SPAN74aPxxaujSEMRh0jUSZ/cfmiSBHhbP0M1ghSNbdLk7xECOI3cTfS
UI4j4pULvm+q7nBSK+CGoTsk/VaC/6lfnXhS8CFJ0pr6JyQu1vyaI8wLarrxdhF/
r/tlmlb7Xx1/SHnTRaOmScB6svwzH8BRC90KM820jkn1vssfyXapiqnTPXk10fAk
29mC3eOoLXVY4asLMSoAqAplWDBDlFpLv7Muzo3rtihQZNvOuUXvDk+Z6KTPQpVy
rs+r8kCpd6RfcXAF6UeIe5CMEjuY/JZ2Yg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org