Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/N4Mm1x6lPilCayku5fGjOO3jyiw.roa
File:                     N4Mm1x6lPilCayku5fGjOO3jyiw.roa (raw, json)
Hash identifier:          LoHmpIHdR6rvRmLAlcytj6GLuucwog8ovwRUDmPjUxI=
Subject key identifier:   37:83:26:D7:1E:A5:3E:29:42:6B:29:2E:E5:F1:A3:38:ED:E3:CA:2C
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018AF031EB979D7AE4D8FB8CA2611EF6A8B1
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/N4Mm1x6lPilCayku5fGjOO3jyiw.roa
Signing time:             Mon 02 Oct 2023 11:41:57 +0000
ROA not before:           Mon 02 Oct 2023 11:41:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.253.0/24 maxlen: 24
                          178.210.228.0/24 maxlen: 24
                          77.242.150.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          88.151.62.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24
                          88.209.220.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f0:31:eb:97:9d:7a:e4:d8:fb:8c:a2:61:1e:f6:a8:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Oct  2 11:41:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=378326d71ea53e29426b292ee5f1a338ede3ca2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ec:7f:19:d6:c8:4d:98:dc:4c:82:16:63:76:
                    b2:99:12:9a:91:32:3e:e8:29:fd:68:b7:a4:b4:c3:
                    a4:24:7b:8c:a8:e5:73:30:0a:bd:97:06:35:b6:ca:
                    63:d9:34:c7:17:4a:3b:8d:93:30:af:55:48:86:1f:
                    36:56:48:a1:7c:eb:a5:d5:af:6e:1f:6c:db:5d:48:
                    df:7a:dd:b3:e5:9a:e8:a2:cb:da:ce:f4:b6:f5:d1:
                    b9:7c:fe:cc:fe:f2:17:ae:b9:e4:23:08:6a:fa:e4:
                    e8:a2:c1:46:83:74:24:95:b8:27:83:ba:f1:97:f9:
                    fc:a8:d2:90:a9:f2:3d:e8:b1:e3:18:79:ca:9b:5d:
                    7d:38:ae:bb:26:da:38:fe:25:bf:3a:f6:32:62:af:
                    82:47:25:da:7f:66:99:78:49:d4:32:90:4f:35:f7:
                    2d:14:70:7b:23:f8:6c:4d:03:93:4c:85:42:44:13:
                    98:30:ed:ce:20:cf:51:00:ee:8a:96:a4:52:f6:b9:
                    05:bc:b1:8d:77:4d:e6:fa:be:b6:f1:09:40:24:a2:
                    96:12:fc:ab:38:f4:87:7e:c9:af:2c:b0:50:c0:d6:
                    08:ae:e4:ee:56:c5:89:3d:95:48:e8:fa:d2:4e:e6:
                    2d:08:7d:9f:df:d2:5b:c7:f7:3f:49:95:73:f6:0a:
                    7f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:83:26:D7:1E:A5:3E:29:42:6B:29:2E:E5:F1:A3:38:ED:E3:CA:2C
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/N4Mm1x6lPilCayku5fGjOO3jyiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.150.0/24
                  88.151.56.0/23
                  88.151.62.0/24
                  88.209.211.0/24
                  88.209.217.0/24
                  88.209.220.0/24
                  88.209.253.0/24
                  178.210.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:73:3d:80:d1:4f:90:6a:ad:5f:b7:7b:65:dd:99:dd:51:8c:
         1d:e4:db:7b:b7:0b:40:da:c9:c9:2f:66:f0:4e:53:a8:46:9b:
         01:05:1b:08:de:c0:0c:31:a5:ba:5c:f2:b8:58:22:55:fa:98:
         c8:4d:d8:60:43:17:8c:12:13:66:28:95:75:71:77:0d:b0:4d:
         c1:41:0a:b6:ee:aa:50:9a:c4:3d:a6:e4:39:4d:c3:c2:e0:6d:
         ae:8e:21:f9:01:26:cb:c7:fe:30:20:7c:37:2a:2a:1b:31:f5:
         10:77:bc:57:72:2b:7a:41:e0:97:c6:4e:50:68:ed:b0:28:71:
         89:51:4a:48:e0:c0:bd:c6:b6:e0:b3:1e:96:f4:8d:12:71:34:
         36:62:b9:78:c9:79:bf:c4:33:72:1f:65:65:b2:90:88:3b:1d:
         23:2f:c3:0e:26:50:3e:50:9a:ad:10:64:24:36:4d:e2:82:52:
         a2:d5:22:78:50:6b:9c:0e:2a:84:fa:a4:ec:5f:f3:53:6c:f9:
         91:5a:9f:cb:40:7d:bf:d0:73:1b:b8:99:e1:c2:5c:1f:75:00:
         b1:1a:9d:36:2b:4c:4b:44:27:18:dc:97:c2:cd:e3:cc:49:51:
         dc:e6:bd:d1:17:6b:e2:07:1b:dc:ac:6f:14:21:5d:9c:0b:70:
         89:58:fa:48
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYrwMeuXnXrk2PuMomEe9qixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMDAyMTE0MTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzgzMjZkNzFlYTUzZTI5NDI2YjI5MmVlNWYxYTMzOGVkZTNjYTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+x/GdbITZjcTIIWY3aymRKakTI+
6Cn9aLektMOkJHuMqOVzMAq9lwY1tspj2TTHF0o7jZMwr1VIhh82VkihfOul1a9u
H2zbXUjfet2z5ZroosvazvS29dG5fP7M/vIXrrnkIwhq+uToosFGg3Qklbgng7rx
l/n8qNKQqfI96LHjGHnKm119OK67Jto4/iW/OvYyYq+CRyXaf2aZeEnUMpBPNfct
FHB7I/hsTQOTTIVCRBOYMO3OIM9RAO6KlqRS9rkFvLGNd03m+r628QlAJKKWEvyr
OPSHfsmvLLBQwNYIruTuVsWJPZVI6PrSTuYtCH2f39Jbx/c/SZVz9gp/EQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDeDJtcepT4pQmspLuXxozjt48osMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvTjRNbTF4NmxQaWxDYXlrdTVmR2pPTzNqeWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQATfKWAwQB
WJc4AwQAWJc+AwQAWNHTAwQAWNHZAwQAWNHcAwQAWNH9AwQAstLkMA0GCSqGSIb3
DQEBCwUAA4IBAQAIcz2A0U+Qaq1ft3tl3ZndUYwd5Nt7twtA2snJL2bwTlOoRpsB
BRsI3sAMMaW6XPK4WCJV+pjITdhgQxeMEhNmKJV1cXcNsE3BQQq27qpQmsQ9puQ5
TcPC4G2ujiH5ASbLx/4wIHw3KiobMfUQd7xXcit6QeCXxk5QaO2wKHGJUUpI4MC9
xrbgsx6W9I0ScTQ2Yrl4yXm/xDNyH2VlspCIOx0jL8MOJlA+UJqtEGQkNk3iglKi
1SJ4UGucDiqE+qTsX/NTbPmRWp/LQH2/0HMbuJnhwlwfdQCxGp02K0xLRCcY3JfC
zePMSVHc5r3RF2viBxvcrG8UIV2cC3CJWPpI
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org