Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/FaRmoTi_Q1tDN3dmSplM6TQD67k.roa
File:                     FaRmoTi_Q1tDN3dmSplM6TQD67k.roa (raw, json)
Hash identifier:          MYSsQ0ourjUJLnRJqdDAJq1Hybg5xe+87DDrAgmS6TY=
Subject key identifier:   15:A4:66:A1:38:BF:43:5B:43:37:77:66:4A:99:4C:E9:34:03:EB:B9
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01887BAEC93C4F26541AE6517F14478C79D5
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/FaRmoTi_Q1tDN3dmSplM6TQD67k.roa
Signing time:             Fri 02 Jun 2023 10:37:12 +0000
ROA not before:           Fri 02 Jun 2023 10:37:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        88.209.244.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          88.209.192.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.209.194.0/24 maxlen: 24
                          88.151.59.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          88.209.207.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:7b:ae:c9:3c:4f:26:54:1a:e6:51:7f:14:47:8c:79:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jun  2 10:37:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=15a466a138bf435b433777664a994ce93403ebb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:35:ba:4a:c3:19:af:5a:6e:72:5e:94:78:11:
                    ed:4d:81:e4:5b:4e:53:d9:6d:85:76:d4:30:06:99:
                    3d:df:2c:be:10:3a:49:ed:0d:84:f7:a8:d0:68:fd:
                    b2:17:1c:0f:e5:3a:27:f9:2d:3f:92:3a:c5:62:20:
                    65:d3:00:6e:47:95:8b:41:01:db:0d:ae:1c:4e:30:
                    42:db:7d:91:4e:0c:2e:64:84:8f:5f:e6:2c:e8:67:
                    e8:e9:f6:96:4b:85:0a:93:e0:6c:dc:f1:33:47:f0:
                    cb:a7:f9:d9:5d:8c:56:89:eb:0e:94:58:7a:8b:7c:
                    7d:18:35:c7:04:99:f9:64:73:44:bb:d9:6f:88:49:
                    df:31:63:b8:55:a5:c6:48:f6:ee:4c:ff:bc:4e:25:
                    64:90:e1:21:90:4d:1f:8d:b0:ab:32:dd:68:04:10:
                    bc:1e:21:ce:fb:af:2f:73:5c:2a:45:10:6e:05:5e:
                    14:9a:77:52:4b:a7:5c:b2:70:58:23:5c:c0:49:fd:
                    ec:09:de:74:c0:76:54:8c:17:f7:0e:8b:3c:1d:bc:
                    b1:9d:cc:aa:fc:9c:26:2f:af:0e:c3:3b:26:85:96:
                    29:2e:2a:9f:8c:e6:9c:98:87:97:ce:53:ce:ad:c0:
                    45:cf:f5:22:f3:ab:f5:d2:54:75:fe:36:d3:b8:ee:
                    45:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:A4:66:A1:38:BF:43:5B:43:37:77:66:4A:99:4C:E9:34:03:EB:B9
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/FaRmoTi_Q1tDN3dmSplM6TQD67k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.58.0/23
                  88.151.61.0/24
                  88.209.192.0/24
                  88.209.194.0/24
                  88.209.207.0/24
                  88.209.209.0/24
                  88.209.221.0/24
                  88.209.224.0/23
                  88.209.244.0/24
                  178.210.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:3d:91:8d:86:f0:e2:ec:0b:b3:fc:11:a0:af:cc:c5:e7:87:
         af:cb:94:0a:7c:d0:ec:a8:26:e2:40:8d:80:a3:d1:f5:6b:9f:
         63:3a:b6:41:04:83:f6:cf:83:82:4c:92:98:a1:28:d0:66:35:
         a6:7e:ab:99:48:fc:10:f2:53:dd:d8:1c:4a:07:c6:4d:be:0d:
         0c:31:21:b6:51:f3:c0:0a:ef:ad:60:7d:67:5d:36:3c:dc:4a:
         33:34:43:90:35:b9:d4:4b:d0:73:7d:3a:51:64:c1:12:d4:a3:
         b6:09:9a:cf:61:b7:7a:c6:d7:48:09:21:34:91:f5:5c:fa:66:
         1d:47:9d:3e:6c:4d:56:29:cd:b3:57:2e:0b:02:9b:6b:e9:24:
         b2:a3:a1:99:90:7d:53:09:0a:a5:9d:d6:e1:c3:53:77:9f:c0:
         99:a3:82:cf:0b:97:23:55:99:0b:aa:9d:38:2c:1a:96:02:29:
         ba:5a:c0:90:c4:ce:65:98:7e:7a:a4:e5:62:91:15:95:66:c5:
         61:5c:55:56:07:d7:c8:57:89:f6:34:65:67:53:7d:66:7a:44:
         db:82:d1:d0:e3:78:91:f3:f1:65:a6:3f:30:6b:9c:ec:d5:2f:
         70:bb:22:85:c4:86:8a:8b:6e:e4:29:2c:dd:35:c5:15:24:45:
         29:46:e5:b2
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYh7rsk8TyZUGuZRfxRHjHnVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNjAyMTAzNzEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWE0NjZhMTM4YmY0MzViNDMzNzc3NjY0YTk5NGNlOTM0MDNlYmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDW6SsMZr1pucl6UeBHtTYHkW05T
2W2FdtQwBpk93yy+EDpJ7Q2E96jQaP2yFxwP5Ton+S0/kjrFYiBl0wBuR5WLQQHb
Da4cTjBC232RTgwuZISPX+Ys6Gfo6faWS4UKk+Bs3PEzR/DLp/nZXYxWiesOlFh6
i3x9GDXHBJn5ZHNEu9lviEnfMWO4VaXGSPbuTP+8TiVkkOEhkE0fjbCrMt1oBBC8
HiHO+68vc1wqRRBuBV4UmndSS6dcsnBYI1zASf3sCd50wHZUjBf3Dos8Hbyxncyq
/JwmL68OwzsmhZYpLiqfjOacmIeXzlPOrcBFz/Ui86v10lR1/jbTuO5FcwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFBWkZqE4v0NbQzd3ZkqZTOk0A+u5MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvRmFSbW9UaV9RMXRETjNkbVNwbE02VFFENjdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBWJc6AwQA
WJc9AwQAWNHAAwQAWNHCAwQAWNHPAwQAWNHRAwQAWNHdAwQBWNHgAwQAWNH0AwQA
stLsMA0GCSqGSIb3DQEBCwUAA4IBAQAqPZGNhvDi7Auz/BGgr8zF54evy5QKfNDs
qCbiQI2Ao9H1a59jOrZBBIP2z4OCTJKYoSjQZjWmfquZSPwQ8lPd2BxKB8ZNvg0M
MSG2UfPACu+tYH1nXTY83EozNEOQNbnUS9BzfTpRZMES1KO2CZrPYbd6xtdICSE0
kfVc+mYdR50+bE1WKc2zVy4LAptr6SSyo6GZkH1TCQqlndbhw1N3n8CZo4LPC5cj
VZkLqp04LBqWAim6WsCQxM5lmH56pOVikRWVZsVhXFVWB9fIV4n2NGVnU31mekTb
gtHQ43iR8/Flpj8wa5zs1S9wuyKFxIaKi27kKSzdNcUVJEUpRuWy
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org