Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/UtTG4d2DTvCuw07whGcmh-51j20.roa
File:                     UtTG4d2DTvCuw07whGcmh-51j20.roa (raw, json)
Hash identifier:          fKI6vaZeo2mda4nDPzE8PVHkN+xCoUGV2uQfdfsYMCk=
Subject key identifier:   52:D4:C6:E1:DD:83:4E:F0:AE:C3:4E:F0:84:67:26:87:EE:75:8F:6D
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01883E8E1271485DD08699DCC82EDAC1009D
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/UtTG4d2DTvCuw07whGcmh-51j20.roa
Signing time:             Sun 21 May 2023 13:44:38 +0000
ROA not before:           Sun 21 May 2023 13:44:38 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211619
IP address blocks:        88.209.228.0/24 maxlen: 24
                          88.209.236.0/22 maxlen: 22
                          88.209.246.0/23 maxlen: 23
                          88.209.253.0/24 maxlen: 24
                          88.209.254.0/24 maxlen: 24
                          83.137.159.0/24 maxlen: 24
                          83.137.156.0/24 maxlen: 24
                          83.137.157.0/24 maxlen: 24
                          83.137.158.0/24 maxlen: 24
                          83.137.153.0/24 maxlen: 24
                          45.9.168.0/24 maxlen: 24
                          88.209.205.0/24 maxlen: 24
                          88.209.206.0/24 maxlen: 24
                          88.209.219.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24
                          88.151.62.0/24 maxlen: 24
                          178.210.230.0/24 maxlen: 24
                          178.210.231.0/24 maxlen: 24
                          178.210.232.0/24 maxlen: 24
                          178.210.233.0/24 maxlen: 24
                          178.210.228.0/24 maxlen: 24
                          178.210.237.0/24 maxlen: 24
                          178.210.234.0/24 maxlen: 24
                          178.210.235.0/24 maxlen: 24
                          77.242.152.0/22 maxlen: 24
                          77.242.157.0/24 maxlen: 24
                          77.242.158.0/24 maxlen: 24
                          92.52.217.0/24 maxlen: 24
                          92.52.218.0/24 maxlen: 24
                          194.41.47.0/24 maxlen: 24
                          5.182.112.0/24 maxlen: 24
                          5.182.115.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:3e:8e:12:71:48:5d:d0:86:99:dc:c8:2e:da:c1:00:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May 21 13:44:38 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=52d4c6e1dd834ef0aec34ef084672687ee758f6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d0:64:84:cf:c5:72:1a:c3:54:e4:ed:6d:cf:
                    ed:8e:f0:28:32:9b:d9:df:21:d3:72:7e:f3:d3:5c:
                    67:ed:58:57:57:51:1d:42:71:3e:c4:d4:e0:69:41:
                    8a:98:87:e9:b8:9d:cd:27:66:18:e8:64:b5:0a:9d:
                    73:e0:cd:ab:83:21:4b:c5:2f:8e:d8:85:aa:98:ad:
                    0d:07:c2:2d:9e:67:de:c3:56:68:cd:7d:9b:0d:ab:
                    52:de:76:0a:ab:39:fe:c6:7d:fd:a1:31:34:a1:98:
                    f2:2b:a3:08:9b:95:36:86:42:c5:8f:18:22:9b:af:
                    49:74:41:b5:56:87:d7:ef:2e:d6:68:71:3c:a2:78:
                    3f:fc:ec:17:97:5f:2b:7f:38:af:6e:2f:94:48:01:
                    0f:fe:84:e2:ac:4f:0a:7e:b4:95:d8:0d:c7:3a:04:
                    d5:b0:45:f3:d6:0c:b7:3b:4e:7c:7f:5a:03:ff:1e:
                    44:bf:43:ce:cb:01:6a:ed:83:5f:54:8f:bf:ec:84:
                    6d:e3:0d:10:da:7b:8f:c5:5f:06:5e:a8:04:51:22:
                    fe:9d:c0:90:c4:a7:41:14:04:5e:24:88:76:d4:68:
                    63:a0:87:e4:c3:17:9c:26:5e:7c:ef:80:7a:e7:05:
                    06:5e:7a:d0:ab:4d:31:30:69:46:6a:5f:d7:ba:31:
                    3f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D4:C6:E1:DD:83:4E:F0:AE:C3:4E:F0:84:67:26:87:EE:75:8F:6D
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/UtTG4d2DTvCuw07whGcmh-51j20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.112.0/24
                  5.182.115.0/24
                  45.9.168.0/24
                  77.242.152.0/22
                  77.242.157.0-77.242.158.255
                  83.137.153.0/24
                  83.137.156.0/22
                  88.151.62.0/24
                  88.209.205.0-88.209.206.255
                  88.209.217.0/24
                  88.209.219.0/24
                  88.209.228.0/24
                  88.209.236.0/22
                  88.209.246.0/23
                  88.209.253.0-88.209.254.255
                  92.52.217.0-92.52.218.255
                  178.210.228.0/24
                  178.210.230.0-178.210.235.255
                  178.210.237.0/24
                  194.41.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:f1:88:5c:2a:f9:da:08:d5:66:e7:da:dc:13:d7:bf:42:34:
         32:93:6a:db:2e:82:ad:15:99:b2:50:32:d1:ec:fa:fb:92:a4:
         44:b4:f1:1d:c1:13:b2:2a:e3:91:a1:d1:af:74:21:3d:ea:01:
         3d:98:05:75:99:bb:8d:0c:ca:30:78:88:34:ae:4d:de:49:5d:
         e3:44:60:06:c3:64:72:68:0d:71:a7:29:2f:53:a0:ae:99:ca:
         db:f7:ce:72:f0:a3:c4:61:d9:3f:93:9c:61:5c:5a:ca:80:72:
         73:37:43:3c:b1:e5:61:24:50:a5:75:24:8c:ac:3f:88:08:9a:
         91:44:6b:32:d0:35:c0:aa:3c:55:57:04:a4:4e:5c:31:86:77:
         00:69:a8:5c:7e:d4:b4:f1:df:69:fb:79:5e:62:21:aa:96:7e:
         c3:8b:e0:54:20:ae:7f:91:38:8a:07:3a:21:d4:15:74:c2:4b:
         18:bb:56:42:5d:25:03:ed:69:dc:9e:3f:38:02:7d:82:b1:24:
         fb:08:47:7f:47:4e:91:db:8f:bb:b3:a9:d5:d8:64:9b:c2:8f:
         02:41:6f:f8:34:51:42:59:41:fb:e1:33:1c:00:ec:21:09:87:
         66:68:01:47:f3:c1:36:f7:f8:4f:bd:3e:f7:a6:de:56:05:5d:
         3e:74:76:dd
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAYg+jhJxSF3QhpncyC7awQCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTIxMTM0NDM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmQ0YzZlMWRkODM0ZWYwYWVjMzRlZjA4NDY3MjY4N2VlNzU4ZjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudBkhM/FchrDVOTtbc/tjvAoMpvZ
3yHTcn7z01xn7VhXV1EdQnE+xNTgaUGKmIfpuJ3NJ2YY6GS1Cp1z4M2rgyFLxS+O
2IWqmK0NB8Itnmfew1ZozX2bDatS3nYKqzn+xn39oTE0oZjyK6MIm5U2hkLFjxgi
m69JdEG1VofX7y7WaHE8ong//OwXl18rfzivbi+USAEP/oTirE8KfrSV2A3HOgTV
sEXz1gy3O058f1oD/x5Ev0POywFq7YNfVI+/7IRt4w0Q2nuPxV8GXqgEUSL+ncCQ
xKdBFAReJIh21GhjoIfkwxecJl5874B65wUGXnrQq00xMGlGal/XujE/gwIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFFLUxuHdg07wrsNO8IRnJofudY9tMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvVXRURzRkMkRUdkN1dzA3d2hHY21oLTUxajIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjCBpwQCAAEwgaADBAAF
tnADBAAFtnMDBAAtCagDBAJN8pgwDAMEAE3ynQMEAE3yngMEAFOJmQMEAlOJnAME
AFiXPjAMAwQAWNHNAwQAWNHOAwQAWNHZAwQAWNHbAwQAWNHkAwQCWNHsAwQBWNH2
MAwDBABY0f0DBABY0f4wDAMEAFw02QMEAFw02gMEALLS5DAMAwQBstLmAwQCstLo
AwQAstLtAwQAwikvMA0GCSqGSIb3DQEBCwUAA4IBAQBs8YhcKvnaCNVm59rcE9e/
QjQyk2rbLoKtFZmyUDLR7Pr7kqREtPEdwROyKuORodGvdCE96gE9mAV1mbuNDMow
eIg0rk3eSV3jRGAGw2RyaA1xpykvU6Cumcrb985y8KPEYdk/k5xhXFrKgHJzN0M8
seVhJFCldSSMrD+ICJqRRGsy0DXAqjxVVwSkTlwxhncAaahcftS08d9p+3leYiGq
ln7Di+BUIK5/kTiKBzoh1BV0wksYu1ZCXSUD7Wncnj84An2CsST7CEd/R06R24+7
s6nV2GSbwo8CQW/4NFFCWUH74TMcAOwhCYdmaAFH88E29/hPvT73pt5WBV0+dHbd
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org