Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/SU_IzC3DWfjUBN-_havSHZsbqDs.roa
File:                     SU_IzC3DWfjUBN-_havSHZsbqDs.roa (raw, json)
Hash identifier:          RnkfovkblVSILYLFd23mGR2J7fVjWcn62WXui4GHupg=
Subject key identifier:   49:4F:C8:CC:2D:C3:59:F8:D4:04:DF:BF:85:AB:D2:1D:9B:1B:A8:3B
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0189D3F3D3D4274EF6A6BAEDF5BA996E894E
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/SU_IzC3DWfjUBN-_havSHZsbqDs.roa
Signing time:             Tue 08 Aug 2023 07:01:59 +0000
ROA not before:           Tue 08 Aug 2023 07:01:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        88.209.245.0/24 maxlen: 24
                          88.209.253.0/24 maxlen: 24
                          178.210.228.0/24 maxlen: 24
                          77.242.157.0/24 maxlen: 24
                          77.242.158.0/24 maxlen: 24
                          88.209.226.0/24 maxlen: 24
                          92.52.214.0/24 maxlen: 24
                          178.210.248.0/24 maxlen: 24
                          178.210.249.0/24 maxlen: 24
                          178.210.251.0/24 maxlen: 24
                          178.210.252.0/24 maxlen: 24
                          88.151.56.0/24 maxlen: 24
                          88.151.62.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:d3:f3:d3:d4:27:4e:f6:a6:ba:ed:f5:ba:99:6e:89:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Aug  8 07:01:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=494fc8cc2dc359f8d404dfbf85abd21d9b1ba83b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d7:35:bc:26:5a:fe:a9:eb:a2:60:2d:d4:68:
                    e6:e7:3c:a9:76:89:fe:82:5e:b4:05:f8:96:17:de:
                    12:35:22:5a:ac:e1:07:bd:ab:14:f2:8a:c0:aa:88:
                    5e:54:72:31:d0:83:e2:67:78:cb:7b:cb:f6:89:64:
                    f7:70:7f:76:d3:de:29:f7:83:2e:88:4c:ab:58:59:
                    92:c7:1f:89:4d:60:45:96:1a:fd:98:ac:e0:e4:86:
                    3b:cd:55:05:0e:6b:c1:eb:05:6d:76:aa:d6:48:a3:
                    21:f4:55:3d:35:a9:a1:9d:d9:34:e3:f5:b7:33:a2:
                    c5:a6:2d:a2:da:8f:4b:87:5b:09:bf:86:4c:2a:ed:
                    d9:1e:cb:19:a1:11:31:ab:76:fc:04:9d:2a:cb:ef:
                    5e:93:cb:99:93:23:a2:df:ec:74:f1:11:97:e5:4c:
                    f9:4d:43:3e:51:87:8b:15:17:bb:bc:db:cd:a4:5c:
                    06:25:39:75:25:35:e5:4d:90:ab:42:fb:5b:c8:06:
                    ee:f6:44:7d:38:7e:3f:b1:c5:ee:dc:5b:86:f9:06:
                    dd:57:80:cd:84:00:f6:11:03:35:b2:b2:88:7f:61:
                    c7:18:14:86:69:76:26:ae:45:0e:36:a7:68:01:f7:
                    f0:e3:3f:42:17:84:04:3c:42:f1:6d:93:43:b5:8e:
                    5b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:4F:C8:CC:2D:C3:59:F8:D4:04:DF:BF:85:AB:D2:1D:9B:1B:A8:3B
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/SU_IzC3DWfjUBN-_havSHZsbqDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.157.0-77.242.158.255
                  88.151.56.0/24
                  88.151.62.0/24
                  88.209.226.0/24
                  88.209.245.0/24
                  88.209.253.0/24
                  92.52.214.0/24
                  178.210.228.0/24
                  178.210.248.0/23
                  178.210.251.0-178.210.252.255

    Signature Algorithm: sha256WithRSAEncryption
         09:80:33:7d:f4:54:80:91:d9:b9:ab:3c:27:85:e4:a9:8f:02:
         66:1e:0c:1f:f0:35:1a:a2:6c:07:25:56:d5:36:40:d1:b2:1c:
         30:e6:61:8f:9c:74:b4:ef:76:80:18:b2:ec:0e:c0:d6:b2:15:
         9c:7a:ca:27:39:9c:a8:1c:0b:e3:4c:4e:2a:ac:b0:64:f3:e8:
         33:ca:19:a5:27:29:09:4d:0b:20:94:97:fd:e6:3e:8f:cd:b0:
         95:13:38:ff:2f:a3:1c:9e:2f:d1:08:c5:46:e3:db:03:f1:08:
         4e:97:97:0a:77:8a:90:f5:af:84:a8:7d:11:38:4e:dc:5b:e9:
         5f:76:cb:7c:aa:2f:59:c8:3e:2c:e9:00:fa:db:7d:89:31:38:
         bd:6e:41:ef:b8:ad:b6:6a:cc:cd:67:05:2c:1b:b9:ab:9b:f7:
         06:b2:86:ea:4a:21:98:f2:37:58:9c:78:b0:de:96:5c:81:8c:
         b9:c1:ec:d6:71:82:7c:ac:85:cc:fd:e4:f5:6d:9d:c1:c8:f1:
         01:26:93:f2:ab:eb:2d:e0:5f:b4:27:a4:61:d9:00:25:e5:8a:
         c1:f5:15:ce:8e:fb:47:43:3b:05:80:4b:7b:39:33:c8:c9:2e:
         b5:2e:1d:79:88:32:df:64:a4:cd:78:0b:3e:d8:ab:d2:28:80:
         59:4f:60:51
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYnT89PUJ072prrt9bqZbolOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwODA4MDcwMTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTRmYzhjYzJkYzM1OWY4ZDQwNGRmYmY4NWFiZDIxZDliMWJhODNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldc1vCZa/qnromAt1Gjm5zypdon+
gl60BfiWF94SNSJarOEHvasU8orAqoheVHIx0IPiZ3jLe8v2iWT3cH92094p94Mu
iEyrWFmSxx+JTWBFlhr9mKzg5IY7zVUFDmvB6wVtdqrWSKMh9FU9Namhndk04/W3
M6LFpi2i2o9Lh1sJv4ZMKu3ZHssZoRExq3b8BJ0qy+9ek8uZkyOi3+x08RGX5Uz5
TUM+UYeLFRe7vNvNpFwGJTl1JTXlTZCrQvtbyAbu9kR9OH4/scXu3FuG+QbdV4DN
hAD2EQM1srKIf2HHGBSGaXYmrkUONqdoAffw4z9CF4QEPELxbZNDtY5bywIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFElPyMwtw1n41ATfv4Wr0h2bG6g7MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvU1VfSXpDM0RXZmpVQk4tX2hhdlNIWnNicURzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMMAwDBABN8p0D
BABN8p4DBABYlzgDBABYlz4DBABY0eIDBABY0fUDBABY0f0DBABcNNYDBACy0uQD
BAGy0vgwDAMEALLS+wMEALLS/DANBgkqhkiG9w0BAQsFAAOCAQEACYAzffRUgJHZ
uas8J4XkqY8CZh4MH/A1GqJsByVW1TZA0bIcMOZhj5x0tO92gBiy7A7A1rIVnHrK
JzmcqBwL40xOKqywZPPoM8oZpScpCU0LIJSX/eY+j82wlRM4/y+jHJ4v0QjFRuPb
A/EITpeXCneKkPWvhKh9EThO3FvpX3bLfKovWcg+LOkA+tt9iTE4vW5B77ittmrM
zWcFLBu5q5v3BrKG6kohmPI3WJx4sN6WXIGMucHs1nGCfKyFzP3k9W2dwcjxASaT
8qvrLeBftCekYdkAJeWKwfUVzo77R0M7BYBLezkzyMkutS4deYgy32SkzXgLPtir
0iiAWU9gUQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org