Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/8HltT7u-VCCzGa94eauPVHgPS8g.roa
File:                     8HltT7u-VCCzGa94eauPVHgPS8g.roa (raw, json)
Hash identifier:          92r6zJ35dOMj1IiJ2E3OHVxs3tMU7L2MlYOIEj9/qeA=
Subject key identifier:   F0:79:6D:4F:BB:BE:54:20:B3:19:AF:78:79:AB:8F:54:78:0F:4B:C8
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018AF9C1B1C975802C5180209DBF9B043FED
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/8HltT7u-VCCzGa94eauPVHgPS8g.roa
Signing time:             Wed 04 Oct 2023 08:15:35 +0000
ROA not before:           Wed 04 Oct 2023 08:15:35 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.253.0/24 maxlen: 24
                          178.210.228.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          77.242.157.0/24 maxlen: 24
                          88.151.62.0/24 maxlen: 24
                          88.209.200.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24
                          88.209.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f9:c1:b1:c9:75:80:2c:51:80:20:9d:bf:9b:04:3f:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Oct  4 08:15:35 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f0796d4fbbbe5420b319af7879ab8f54780f4bc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:06:a6:96:67:d1:fa:8b:7c:e5:33:a1:10:64:
                    ad:96:23:63:5d:2c:d2:94:88:65:4e:22:c4:09:48:
                    3a:09:90:5d:03:eb:4f:0f:ff:34:c1:b5:46:de:95:
                    89:2c:35:12:e1:71:9c:7b:70:c3:94:5c:94:ae:be:
                    07:52:6a:fb:4e:9b:0e:cf:d0:ea:fc:52:59:d2:39:
                    d7:6e:35:cd:4c:9c:ae:d0:3e:7a:2a:40:59:fb:af:
                    b8:00:d5:b1:af:21:da:0a:90:d8:1c:2a:48:2d:18:
                    cb:9b:1c:bc:24:a3:6e:a6:e2:93:cf:2c:24:d9:f2:
                    0b:9b:4a:23:22:5a:2b:a1:eb:c2:e0:43:ae:f7:92:
                    a2:07:98:a0:2a:48:9f:c7:9b:89:49:b4:59:13:c7:
                    7c:01:34:08:55:9d:bb:e5:fb:3b:b9:2d:6c:ee:7f:
                    b2:57:a5:77:6f:0f:24:a5:e1:2d:4b:46:b6:dc:d1:
                    8c:f2:20:fa:32:b0:c5:87:69:6d:77:18:ee:da:58:
                    cd:d2:12:24:90:cd:5a:eb:09:aa:4a:ff:05:d5:f8:
                    b4:32:aa:3e:52:f1:80:7b:2c:96:12:b3:c9:24:d5:
                    e2:9b:ec:6f:55:b8:0c:08:dc:8e:8d:9d:da:08:b3:
                    91:47:54:31:3b:3b:14:f7:ba:5d:36:56:fc:05:59:
                    f3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:79:6D:4F:BB:BE:54:20:B3:19:AF:78:79:AB:8F:54:78:0F:4B:C8
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/8HltT7u-VCCzGa94eauPVHgPS8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.157.0/24
                  88.151.56.0/23
                  88.151.62.0/24
                  88.209.200.0/24
                  88.209.211.0/24
                  88.209.217.0/24
                  88.209.220.0/24
                  88.209.253.0/24
                  178.210.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:57:f0:5d:04:2a:8b:ec:52:56:cb:a8:93:ba:d8:b0:ee:26:
         d4:30:33:6c:4a:c5:35:16:70:10:26:f3:06:b9:f1:a0:80:ce:
         ad:d9:f6:9e:02:c3:60:fc:b4:33:69:20:85:d9:d2:20:55:24:
         44:42:8d:36:c6:d0:73:23:64:2d:87:b3:e4:61:74:bc:c8:29:
         54:bf:f5:6d:c8:1e:9a:eb:57:97:0d:6b:0b:15:ef:72:97:42:
         0a:e9:1e:7b:07:76:59:33:7d:fe:10:ef:e3:90:6c:35:38:12:
         ce:76:a2:8b:ff:81:ed:4b:f8:b9:0d:56:ab:93:6a:4a:e4:6d:
         32:40:32:eb:e1:ba:80:7a:4f:d0:e1:80:80:60:35:f5:ad:0f:
         17:c7:04:98:e0:e5:a5:5a:4f:2e:5b:9c:a1:c2:7c:4d:79:10:
         8f:81:30:3d:d0:fa:74:9a:7e:19:ef:e5:82:16:df:5e:68:90:
         9b:74:85:e7:6e:ea:72:7e:ed:64:c0:80:6f:8d:99:28:8c:74:
         f9:35:fc:65:fa:1e:89:f4:c7:b9:a9:22:fd:52:5e:83:d3:e3:
         3f:b5:39:be:bf:35:e5:aa:41:99:bc:85:8c:76:53:d7:fb:2c:
         2d:63:e9:b3:83:f1:e6:58:0b:71:41:f1:ba:58:c6:8e:af:5c:
         a3:4b:76:9d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYr5wbHJdYAsUYAgnb+bBD/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMDA0MDgxNTM1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDc5NmQ0ZmJiYmU1NDIwYjMxOWFmNzg3OWFiOGY1NDc4MGY0YmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQamlmfR+ot85TOhEGStliNjXSzS
lIhlTiLECUg6CZBdA+tPD/80wbVG3pWJLDUS4XGce3DDlFyUrr4HUmr7TpsOz9Dq
/FJZ0jnXbjXNTJyu0D56KkBZ+6+4ANWxryHaCpDYHCpILRjLmxy8JKNupuKTzywk
2fILm0ojIloroevC4EOu95KiB5igKkifx5uJSbRZE8d8ATQIVZ275fs7uS1s7n+y
V6V3bw8kpeEtS0a23NGM8iD6MrDFh2ltdxju2ljN0hIkkM1a6wmqSv8F1fi0Mqo+
UvGAeyyWErPJJNXim+xvVbgMCNyOjZ3aCLORR1QxOzsU97pdNlb8BVnzJwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFPB5bU+7vlQgsxmveHmrj1R4D0vIMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvOEhsdFQ3dS1WQ0N6R2E5NGVhdVBWSGdQUzhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQATfKdAwQB
WJc4AwQAWJc+AwQAWNHIAwQAWNHTAwQAWNHZAwQAWNHcAwQAWNH9AwQAstLkMA0G
CSqGSIb3DQEBCwUAA4IBAQBMV/BdBCqL7FJWy6iTutiw7ibUMDNsSsU1FnAQJvMG
ufGggM6t2faeAsNg/LQzaSCF2dIgVSREQo02xtBzI2Qth7PkYXS8yClUv/VtyB6a
61eXDWsLFe9yl0IK6R57B3ZZM33+EO/jkGw1OBLOdqKL/4HtS/i5DVark2pK5G0y
QDLr4bqAek/Q4YCAYDX1rQ8XxwSY4OWlWk8uW5yhwnxNeRCPgTA90Pp0mn4Z7+WC
Ft9eaJCbdIXnbupyfu1kwIBvjZkojHT5Nfxl+h6J9Me5qSL9Ul6D0+M/tTm+vzXl
qkGZvIWMdlPX+ywtY+mzg/HmWAtxQfG6WMaOr1yjS3ad
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org