Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/SohvS1Yf7-9rEAKjWeZstyCe_YM.roa
File:                     SohvS1Yf7-9rEAKjWeZstyCe_YM.roa (raw, json)
Hash identifier:          QJo+mt7dbp9xPWClKfJyEaRxqHofKaDhVPK7x8iu3AA=
Subject key identifier:   4A:88:6F:4B:56:1F:EF:EF:6B:10:02:A3:59:E6:6C:B7:20:9E:FD:83
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018843A015BDEB7BE9A7361EA52B12AEA26B
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/SohvS1Yf7-9rEAKjWeZstyCe_YM.roa
Signing time:             Mon 22 May 2023 13:22:24 +0000
ROA not before:           Mon 22 May 2023 13:22:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42864
IP address blocks:        178.248.200.0/21 maxlen: 21
                          45.9.171.0/24 maxlen: 24
                          45.9.170.0/24 maxlen: 24
                          45.9.169.0/24 maxlen: 24
                          88.209.196.0/24 maxlen: 24
                          88.209.193.0/24 maxlen: 24
                          88.209.208.0/24 maxlen: 24
                          88.209.213.0/24 maxlen: 24
                          88.209.212.0/24 maxlen: 24
                          88.209.210.0/24 maxlen: 24
                          88.209.215.0/24 maxlen: 24
                          88.209.214.0/24 maxlen: 24
                          2.58.168.0/22 maxlen: 24
                          178.210.224.0/22 maxlen: 24
                          193.138.125.0/24 maxlen: 24
                          77.242.144.0/22 maxlen: 24
                          77.242.151.0/24 maxlen: 24
                          77.242.148.0/24 maxlen: 24
                          77.242.156.0/24 maxlen: 24
                          92.52.219.0/24 maxlen: 24
                          45.88.93.0/24 maxlen: 24
                          45.14.11.0/24 maxlen: 24
                          45.14.10.0/24 maxlen: 24
                          45.14.8.0/24 maxlen: 24
                          92.52.212.0/22 maxlen: 24
                          92.52.210.0/23 maxlen: 23
                          92.52.209.0/24 maxlen: 24
                          92.52.208.0/24 maxlen: 24
                          2a00:1f40::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:43:a0:15:bd:eb:7b:e9:a7:36:1e:a5:2b:12:ae:a2:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May 22 13:22:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4a886f4b561fefef6b1002a359e66cb7209efd83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9e:8a:94:ab:e1:1e:ab:c4:35:db:e5:f0:17:
                    0a:0c:dc:1b:3d:ed:c8:44:53:4b:7e:a0:49:43:a9:
                    48:0a:c4:06:df:a6:14:70:14:25:cf:63:a4:bc:88:
                    be:18:a9:ec:91:26:f2:b5:51:43:d6:22:b9:57:92:
                    90:f7:da:42:b4:41:3d:50:fe:1b:50:a7:e6:c6:7b:
                    90:58:27:12:a1:22:3d:91:11:42:48:8a:e9:25:77:
                    ca:78:1a:68:f3:9e:e8:0b:3c:b6:0e:c2:b8:45:52:
                    44:dd:60:ae:7b:70:ca:cc:6c:20:00:b8:0f:4d:9b:
                    8f:d8:88:d6:dd:6a:73:83:6e:86:08:cf:89:41:5d:
                    a9:a1:10:83:e1:16:6b:5b:cd:da:47:84:11:1b:78:
                    e1:61:f7:87:20:03:79:91:28:59:95:85:5f:4e:50:
                    2f:c3:eb:4c:23:a4:a1:fd:d2:a4:9f:d0:48:84:f7:
                    04:97:63:2e:74:fc:df:5f:32:4f:cc:92:8e:73:a3:
                    e0:ca:54:f7:c7:1a:a2:95:b5:03:72:25:d1:9e:ff:
                    37:59:0a:d1:4f:d2:e2:0f:df:fa:e8:1e:08:2d:26:
                    27:f5:2f:7a:a4:4c:c2:d0:50:3a:ad:4d:96:30:4b:
                    9e:e3:74:69:4b:bf:07:80:c2:66:0d:7f:af:31:e5:
                    85:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:88:6F:4B:56:1F:EF:EF:6B:10:02:A3:59:E6:6C:B7:20:9E:FD:83
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/SohvS1Yf7-9rEAKjWeZstyCe_YM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.168.0/22
                  45.9.169.0-45.9.171.255
                  45.14.8.0/24
                  45.14.10.0/23
                  45.88.93.0/24
                  77.242.144.0-77.242.148.255
                  77.242.151.0/24
                  77.242.156.0/24
                  88.209.193.0/24
                  88.209.196.0/24
                  88.209.208.0/24
                  88.209.210.0/24
                  88.209.212.0/22
                  92.52.208.0/21
                  92.52.219.0/24
                  178.210.224.0/22
                  178.248.200.0/21
                  193.138.125.0/24
                IPv6:
                  2a00:1f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:4e:dd:aa:60:57:78:dd:15:a3:d2:a3:e0:35:4d:64:28:e1:
         e1:3b:46:70:40:ed:17:9f:8b:fa:21:a6:43:c0:8b:9d:d3:f5:
         9b:7d:e5:a0:04:15:18:e7:3d:59:76:6c:cb:4a:58:76:fc:12:
         a7:dc:75:79:09:03:c7:d6:5d:d3:06:48:e8:36:66:58:2b:a0:
         c9:df:fd:e7:07:e9:f9:5b:75:b3:2b:a7:a9:0c:77:02:97:29:
         0a:57:f2:fa:83:28:d4:e5:ae:14:1c:a1:92:5d:f6:66:3d:bd:
         a5:b4:0f:d0:be:98:45:cd:d8:b0:cf:08:df:3f:93:20:a9:b9:
         59:4a:e3:7d:9e:3e:6f:37:d1:84:f0:21:72:83:d3:89:45:e6:
         79:a1:bc:89:9d:04:30:95:20:66:69:13:96:d1:33:70:3b:c1:
         a3:8c:30:14:87:80:b7:ae:18:12:18:05:8b:bb:5b:02:d2:01:
         1b:ee:85:e6:4b:3d:56:1e:d0:85:b0:66:c1:11:ed:9d:a5:38:
         5e:39:7c:37:2a:aa:9e:82:3a:0c:ba:c1:db:12:d3:ec:e7:3d:
         80:5d:25:2e:aa:f3:b2:23:cb:b1:f5:6f:ae:01:01:ff:5b:f3:
         e7:af:af:b6:31:4d:5c:d5:a1:72:62:f8:50:4e:e8:b8:b2:03:
         96:0d:62:47
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAYhDoBW963vppzYepSsSrqJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTIyMTMyMjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTg4NmY0YjU2MWZlZmVmNmIxMDAyYTM1OWU2NmNiNzIwOWVmZDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn56KlKvhHqvENdvl8BcKDNwbPe3I
RFNLfqBJQ6lICsQG36YUcBQlz2OkvIi+GKnskSbytVFD1iK5V5KQ99pCtEE9UP4b
UKfmxnuQWCcSoSI9kRFCSIrpJXfKeBpo857oCzy2DsK4RVJE3WCue3DKzGwgALgP
TZuP2IjW3Wpzg26GCM+JQV2poRCD4RZrW83aR4QRG3jhYfeHIAN5kShZlYVfTlAv
w+tMI6Sh/dKkn9BIhPcEl2MudPzfXzJPzJKOc6PgylT3xxqilbUDciXRnv83WQrR
T9LiD9/66B4ILSYn9S96pEzC0FA6rU2WMEue43RpS78HgMJmDX+vMeWFpQIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFEqIb0tWH+/vaxACo1nmbLcgnv2DMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvU29odlMxWWY3LTlyRUFLaldlWnN0eUNlX1lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGnBggrBgEFBQcBBwEB/wSBlzCBlDCBggQCAAEwfAMEAgI6
qDAMAwQALQmpAwQCLQmoAwQALQ4IAwQBLQ4KAwQALVhdMAwDBARN8pADBABN8pQD
BABN8pcDBABN8pwDBABY0cEDBABY0cQDBABY0dADBABY0dIDBAJY0dQDBANcNNAD
BABcNNsDBAKy0uADBAOy+MgDBADBin0wDQQCAAIwBwMFAyoAH0AwDQYJKoZIhvcN
AQELBQADggEBAAFO3apgV3jdFaPSo+A1TWQo4eE7RnBA7Refi/ohpkPAi53T9Zt9
5aAEFRjnPVl2bMtKWHb8EqfcdXkJA8fWXdMGSOg2ZlgroMnf/ecH6flbdbMrp6kM
dwKXKQpX8vqDKNTlrhQcoZJd9mY9vaW0D9C+mEXN2LDPCN8/kyCpuVlK432ePm83
0YTwIXKD04lF5nmhvImdBDCVIGZpE5bRM3A7waOMMBSHgLeuGBIYBYu7WwLSARvu
heZLPVYe0IWwZsER7Z2lOF45fDcqqp6COgy6wdsS0+znPYBdJS6q87Ijy7H1b64B
Af9b8+evr7YxTVzVoXJi+FBO6LiyA5YNYkc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org