Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/A7ZkwoGpUxEPcwIldZ9yp-o9lrI.roa
File:                     A7ZkwoGpUxEPcwIldZ9yp-o9lrI.roa (raw, json)
Hash identifier:          HZr+YTLkXYGgud8dAT3RW2km1afxYYVZXGA8+CqNQtI=
Subject key identifier:   03:B6:64:C2:81:A9:53:11:0F:73:02:25:75:9F:72:A7:EA:3D:96:B2
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0188C34A764C19B32C2262FD69AEA1706CEA
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/A7ZkwoGpUxEPcwIldZ9yp-o9lrI.roa
Signing time:             Fri 16 Jun 2023 08:20:17 +0000
ROA not before:           Fri 16 Jun 2023 08:20:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        178.210.250.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          88.209.211.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:c3:4a:76:4c:19:b3:2c:22:62:fd:69:ae:a1:70:6c:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jun 16 08:20:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=03b664c281a953110f730225759f72a7ea3d96b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:bb:73:84:a3:a0:e5:37:52:74:ae:96:74:6a:
                    a1:fd:9e:d9:a7:5c:96:c9:05:e6:84:ba:7b:0e:d0:
                    4e:c0:79:33:b1:b4:1e:01:a3:aa:68:81:37:47:f8:
                    10:5d:08:65:30:a4:94:6b:34:a5:e2:62:c2:6b:c3:
                    c8:d4:a8:8b:10:49:25:af:48:fd:c0:83:aa:bb:12:
                    e3:05:17:cf:fe:c7:5f:6d:cb:fd:c7:7b:a2:b9:a3:
                    a8:a5:57:2e:0b:28:75:61:74:83:de:bf:bf:9d:9d:
                    30:47:df:4b:73:a9:c1:86:19:b3:2e:78:79:99:6f:
                    c5:e1:8e:bd:ac:0a:84:30:fa:b6:ad:d7:03:3a:93:
                    4c:46:ca:dc:9b:59:c4:99:5a:ea:35:f7:f7:92:01:
                    11:80:9b:de:69:6d:54:59:6a:8f:b5:e9:c1:a5:76:
                    a8:86:dc:72:14:9d:50:ae:6a:28:bf:73:ef:05:61:
                    f4:d9:45:41:83:ff:54:89:cc:82:e3:dc:79:7d:bd:
                    15:15:29:83:76:23:b7:30:92:70:28:5d:84:88:50:
                    b0:de:64:b1:71:87:8a:a5:f1:e8:79:7c:41:b9:82:
                    f4:ee:44:9a:c4:51:1d:e9:d7:1a:0d:9b:2b:5a:ac:
                    8a:4e:61:64:22:f1:d5:2e:bb:58:af:f7:19:55:e9:
                    36:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:B6:64:C2:81:A9:53:11:0F:73:02:25:75:9F:72:A7:EA:3D:96:B2
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/A7ZkwoGpUxEPcwIldZ9yp-o9lrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.56.0/23
                  88.209.211.0/24
                  178.210.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:e7:12:24:d6:b4:8d:a1:71:34:2a:b0:03:7c:38:58:e9:99:
         13:03:82:14:4e:30:50:5f:d5:01:63:05:48:41:66:d2:0b:ec:
         a5:cd:13:39:77:19:38:81:ab:6e:df:ac:93:84:1d:68:5d:54:
         3f:23:5d:17:da:53:ef:ec:76:58:20:b5:a3:56:97:02:33:f1:
         31:56:f5:46:db:e6:c5:34:53:0c:22:ee:2b:5c:1d:d9:08:8b:
         ee:72:97:23:07:cc:04:91:95:e1:b9:32:08:55:a8:5e:07:03:
         fa:a9:be:3a:74:cc:04:6c:06:ab:bd:94:93:63:11:b5:a2:8d:
         e1:81:13:58:2f:99:62:9d:cf:6f:4c:bf:2a:4d:b7:13:1d:d5:
         12:2c:42:94:6f:a5:a9:db:43:34:35:c8:21:6e:05:fb:41:7c:
         7d:62:77:2c:53:20:fa:f2:b1:1d:48:06:93:5e:cb:d0:34:f1:
         13:44:cf:dd:eb:e0:0e:59:cd:13:b5:ec:b1:0d:dd:a8:77:34:
         79:8b:06:c9:a3:6b:f1:37:d7:bd:1d:c5:fa:d0:1a:b7:1f:56:
         8e:5d:99:c9:5c:44:68:02:ba:e4:15:c7:d5:6d:73:8e:db:04:
         2c:aa:13:39:e3:16:3d:18:14:b6:f8:2e:a8:40:78:c0:c7:19:
         25:52:38:7b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYjDSnZMGbMsImL9aa6hcGzqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNjE2MDgyMDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2I2NjRjMjgxYTk1MzExMGY3MzAyMjU3NTlmNzJhN2VhM2Q5NmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4LtzhKOg5TdSdK6WdGqh/Z7Zp1yW
yQXmhLp7DtBOwHkzsbQeAaOqaIE3R/gQXQhlMKSUazSl4mLCa8PI1KiLEEklr0j9
wIOquxLjBRfP/sdfbcv9x3uiuaOopVcuCyh1YXSD3r+/nZ0wR99Lc6nBhhmzLnh5
mW/F4Y69rAqEMPq2rdcDOpNMRsrcm1nEmVrqNff3kgERgJveaW1UWWqPtenBpXao
htxyFJ1Qrmoov3PvBWH02UVBg/9UicyC49x5fb0VFSmDdiO3MJJwKF2EiFCw3mSx
cYeKpfHoeXxBuYL07kSaxFEd6dcaDZsrWqyKTmFkIvHVLrtYr/cZVek2rwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAO2ZMKBqVMRD3MCJXWfcqfqPZayMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvQTdaa3dvR3BVeEVQY3dJbGRaOXlwLW85bHJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBWJc4AwQA
WNHTAwQAstL6MA0GCSqGSIb3DQEBCwUAA4IBAQAb5xIk1rSNoXE0KrADfDhY6ZkT
A4IUTjBQX9UBYwVIQWbSC+ylzRM5dxk4gatu36yThB1oXVQ/I10X2lPv7HZYILWj
VpcCM/ExVvVG2+bFNFMMIu4rXB3ZCIvucpcjB8wEkZXhuTIIVaheBwP6qb46dMwE
bAarvZSTYxG1oo3hgRNYL5linc9vTL8qTbcTHdUSLEKUb6Wp20M0NcghbgX7QXx9
YncsUyD68rEdSAaTXsvQNPETRM/d6+AOWc0TteyxDd2odzR5iwbJo2vxN9e9HcX6
0Bq3H1aOXZnJXERoArrkFcfVbXOO2wQsqhM54xY9GBS2+C6oQHjAxxklUjh7
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org