Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/GTCMgzxxhQ4SYZs-vLkT-W5JtE0.roa
File:                     GTCMgzxxhQ4SYZs-vLkT-W5JtE0.roa (raw, json)
Hash identifier:          k+M0QbpDH1rySxif4uM+FNVr4WJLTDPC49wZSX93jVs=
Subject key identifier:   19:30:8C:83:3C:71:85:0E:12:61:9B:3E:BC:B9:13:F9:6E:49:B4:4D
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018B4BB0222BEECC8B00AF1AED855C9361AD
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/GTCMgzxxhQ4SYZs-vLkT-W5JtE0.roa
Signing time:             Fri 20 Oct 2023 06:05:16 +0000
ROA not before:           Fri 20 Oct 2023 06:05:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.232.0/22 maxlen: 24
                          88.209.245.0/24 maxlen: 24
                          178.210.228.0/24 maxlen: 24
                          77.242.150.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          88.151.62.0/24 maxlen: 24
                          88.209.200.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:4b:b0:22:2b:ee:cc:8b:00:af:1a:ed:85:5c:93:61:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Oct 20 06:05:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=19308c833c71850e12619b3ebcb913f96e49b44d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:62:b4:80:d9:8f:a6:2c:ae:8c:d0:bf:b4:5f:
                    92:fa:c9:c7:26:17:6d:65:8b:af:18:17:4e:f4:27:
                    5e:ee:fc:0b:4a:76:ef:6a:db:bb:69:f4:52:5f:ba:
                    19:53:41:fb:11:ed:09:18:e8:6f:53:4b:86:a2:56:
                    3c:3e:fc:f3:58:59:b0:8f:26:5c:dc:1b:e0:fe:fa:
                    5c:1b:19:e9:cd:ee:1e:b3:25:8d:06:83:a2:24:d2:
                    84:4d:10:6e:9a:e1:d5:96:10:fe:07:e8:3a:4a:27:
                    26:db:af:be:dd:a5:30:2c:a4:72:46:4e:66:d9:d8:
                    b3:e8:0a:9f:99:9b:f4:50:33:dc:54:ce:86:31:c3:
                    d8:3e:11:37:1e:0f:36:13:6f:40:06:02:13:e1:b2:
                    63:73:42:b9:af:82:33:1e:38:2d:ba:e7:68:a0:b3:
                    96:de:41:b8:4a:c3:f1:ff:e3:05:46:9d:ce:40:8e:
                    f7:1e:67:8c:84:44:a4:37:17:8a:a3:8c:53:fb:8d:
                    3e:dd:0f:07:21:e8:ee:d7:d9:68:cf:5b:20:5b:cb:
                    3a:77:b2:b3:0a:14:0b:c5:95:fb:c7:97:9e:6e:5e:
                    88:18:4a:d2:b2:df:ac:ff:dd:77:b9:70:5b:94:a0:
                    94:69:67:08:1b:4d:b1:91:bc:4e:c4:43:74:fd:3d:
                    a3:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:30:8C:83:3C:71:85:0E:12:61:9B:3E:BC:B9:13:F9:6E:49:B4:4D
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/GTCMgzxxhQ4SYZs-vLkT-W5JtE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.150.0/24
                  88.151.56.0/23
                  88.151.62.0/24
                  88.209.200.0/24
                  88.209.211.0/24
                  88.209.217.0/24
                  88.209.232.0/22
                  88.209.245.0/24
                  178.210.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:c2:68:92:a2:6b:57:55:8f:98:61:1c:a5:37:fe:39:53:b4:
         59:8d:e5:a6:d4:21:bc:95:a0:4d:75:5d:d7:a5:6e:7e:43:80:
         f5:13:39:bc:4e:d0:2f:5f:15:91:12:11:3f:2d:0b:2b:33:1d:
         f6:0f:26:4e:94:08:5c:13:10:33:cc:f2:37:3e:8d:4c:e4:6f:
         4c:c4:57:6f:32:b9:59:a9:7d:4b:94:36:bd:76:e3:70:52:34:
         99:c6:61:ba:9c:71:a8:22:b4:ab:a0:58:9e:76:b8:0b:e8:38:
         da:36:9a:60:1b:5a:3e:7d:23:2b:8f:3d:b5:cf:c4:61:6d:34:
         25:6c:d3:1e:55:3d:44:e9:5b:36:b4:b0:ec:b8:b4:88:c5:7b:
         05:8e:a3:b7:94:ab:dd:ed:f1:06:83:7c:f8:95:4a:9f:fd:89:
         72:33:20:f2:ba:c3:af:68:58:d6:9a:b2:dc:a1:f4:6c:ec:e7:
         30:ae:95:d8:35:fc:c7:be:0d:e8:00:3f:b2:71:99:84:7a:1a:
         32:62:f4:9b:0e:30:d1:cc:d2:f5:4a:53:8d:40:d9:8f:d8:c6:
         56:5f:a2:51:2e:b9:ec:8c:23:9f:82:78:fc:64:21:6e:ca:8a:
         af:11:1b:a5:a2:60:29:cd:ce:47:22:74:18:a4:a8:40:cd:cf:
         24:3d:4c:69
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYtLsCIr7syLAK8a7YVck2GtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMDIwMDYwNTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTMwOGM4MzNjNzE4NTBlMTI2MTliM2ViY2I5MTNmOTZlNDliNDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWK0gNmPpiyujNC/tF+S+snHJhdt
ZYuvGBdO9Cde7vwLSnbvatu7afRSX7oZU0H7Ee0JGOhvU0uGolY8PvzzWFmwjyZc
3Bvg/vpcGxnpze4esyWNBoOiJNKETRBumuHVlhD+B+g6Sicm26++3aUwLKRyRk5m
2diz6AqfmZv0UDPcVM6GMcPYPhE3Hg82E29ABgIT4bJjc0K5r4IzHjgtuudooLOW
3kG4SsPx/+MFRp3OQI73HmeMhESkNxeKo4xT+40+3Q8HIeju19loz1sgW8s6d7Kz
ChQLxZX7x5eebl6IGErSst+s/913uXBblKCUaWcIG02xkbxOxEN0/T2j5wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFBkwjIM8cYUOEmGbPry5E/luSbRNMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvR1RDTWd6eHhoUTRTWVpzLXZMa1QtVzVKdEUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQATfKWAwQB
WJc4AwQAWJc+AwQAWNHIAwQAWNHTAwQAWNHZAwQCWNHoAwQAWNH1AwQAstLkMA0G
CSqGSIb3DQEBCwUAA4IBAQB9wmiSomtXVY+YYRylN/45U7RZjeWm1CG8laBNdV3X
pW5+Q4D1Ezm8TtAvXxWREhE/LQsrMx32DyZOlAhcExAzzPI3Po1M5G9MxFdvMrlZ
qX1LlDa9duNwUjSZxmG6nHGoIrSroFiedrgL6DjaNppgG1o+fSMrjz21z8RhbTQl
bNMeVT1E6Vs2tLDsuLSIxXsFjqO3lKvd7fEGg3z4lUqf/YlyMyDyusOvaFjWmrLc
ofRs7OcwrpXYNfzHvg3oAD+ycZmEehoyYvSbDjDRzNL1SlONQNmP2MZWX6JRLrns
jCOfgnj8ZCFuyoqvERulomApzc5HInQYpKhAzc8kPUxp
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org