Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Vn2A42EYEu6TtJETeUrDkRLEnEQ.roa
File:                     Vn2A42EYEu6TtJETeUrDkRLEnEQ.roa (raw, json)
Hash identifier:          8V0oZ8wOYR4qCu8LOaxQbu6aeXPtdwXaF3tfLVa/LKU=
Subject key identifier:   56:7D:80:E3:61:18:12:EE:93:B4:91:13:79:4A:C3:91:12:C4:9C:44
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01831C7DB3AC188918E493A1ABBC7AF4DB95
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Vn2A42EYEu6TtJETeUrDkRLEnEQ.roa
Signing time:             Thu 08 Sep 2022 09:45:43 +0000
ROA not before:           Thu 08 Sep 2022 09:45:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.231.0/24 maxlen: 24
                          88.209.232.0/22 maxlen: 22
                          83.137.152.0/24 maxlen: 24
                          83.137.154.0/23 maxlen: 24
                          178.210.252.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          88.151.63.0/24 maxlen: 24
                          88.209.204.0/22 maxlen: 24
                          88.209.200.0/22 maxlen: 32
                          88.209.205.0/24 maxlen: 24
                          88.209.206.0/24 maxlen: 24
                          88.209.207.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:1c:7d:b3:ac:18:89:18:e4:93:a1:ab:bc:7a:f4:db:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Sep  8 09:45:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=567d80e3611812ee93b49113794ac39112c49c44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b8:a2:83:ef:f5:e7:90:9d:dd:58:14:a2:f6:
                    fa:57:44:a8:49:75:04:d2:6f:bc:39:96:de:47:05:
                    e0:75:33:1a:94:bf:51:98:74:a9:58:2d:18:2f:2e:
                    a2:d7:9f:31:11:65:b1:e7:11:cc:05:18:f4:ad:61:
                    e2:99:b0:ca:4b:89:d7:db:9a:59:89:eb:11:03:f4:
                    06:a9:54:16:fc:5d:2a:7c:99:65:7a:a2:9a:62:68:
                    20:04:c5:6f:3a:ef:1b:78:87:b1:27:d8:ba:59:8d:
                    c7:21:7b:8d:c2:73:4f:80:83:91:8a:df:68:ad:d6:
                    81:00:34:8e:53:8a:5a:4f:4c:45:09:3d:23:68:c0:
                    3d:a6:77:77:9d:61:ff:93:98:8c:69:17:2d:39:29:
                    02:5c:17:f2:bb:28:26:ff:33:8b:53:28:e2:b9:ed:
                    ba:8c:93:f4:bf:e7:8a:72:5f:bc:a5:f7:85:60:58:
                    31:fb:05:06:e2:66:1e:18:c1:32:76:4c:20:64:24:
                    c5:72:c0:4f:fb:d2:ff:77:eb:ff:38:fb:b1:4f:dd:
                    a9:c6:07:ad:24:d1:2d:1b:34:cf:3a:6b:ba:7a:a2:
                    64:0f:b3:0b:f4:56:d2:8e:a7:16:c3:4c:d2:03:39:
                    95:bc:59:05:b3:63:c9:23:5a:8b:a1:27:54:63:81:
                    b5:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:7D:80:E3:61:18:12:EE:93:B4:91:13:79:4A:C3:91:12:C4:9C:44
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Vn2A42EYEu6TtJETeUrDkRLEnEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.152.0/24
                  83.137.154.0/23
                  88.151.61.0/24
                  88.151.63.0/24
                  88.209.200.0/21
                  88.209.231.0-88.209.235.255
                  178.210.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:d7:2f:33:73:6a:8a:8b:16:42:85:40:a6:70:9a:2e:d0:49:
         7c:b4:67:9d:42:b5:3d:dc:fc:27:1f:aa:22:3b:80:a7:48:48:
         ec:22:f1:44:e2:04:47:9a:80:b1:22:90:91:88:d4:15:fd:f9:
         59:18:bc:0c:54:50:53:08:f5:ff:a5:ba:14:38:f4:d6:0b:40:
         38:3a:2a:ec:15:7b:e4:7c:7a:92:57:db:ff:4e:25:ba:b5:87:
         92:9a:3e:d2:54:b7:8c:0d:08:56:ec:7a:1b:0d:66:f7:33:d8:
         dc:a2:1d:e8:f6:67:b4:17:f3:44:3d:f7:d0:e0:7d:e0:65:2d:
         b1:76:f3:2c:9e:69:52:c1:82:ae:c2:0c:6c:c6:15:69:77:a8:
         d9:90:94:2d:41:7d:93:41:74:d7:f7:86:ae:5d:8c:ca:bb:d0:
         92:93:f0:b0:d3:e1:f0:d1:c3:57:fd:5c:99:6b:c0:ff:e9:59:
         7e:80:6f:ea:ff:fa:cc:22:f1:09:a9:d8:e8:d7:e0:52:c3:38:
         57:4c:e6:2c:22:f9:91:6b:8e:e3:42:be:1f:0b:2b:70:94:6f:
         37:df:9a:77:ac:b5:b9:27:b8:65:5a:7e:a8:43:dc:aa:79:0f:
         82:cb:d8:85:18:47:23:30:96:e0:77:5b:73:9f:c9:11:76:ea:
         b7:99:c3:20
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYMcfbOsGIkY5JOhq7x69NuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIwOTA4MDk0NTQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjdkODBlMzYxMTgxMmVlOTNiNDkxMTM3OTRhYzM5MTEyYzQ5YzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7iig+/155Cd3VgUovb6V0SoSXUE
0m+8OZbeRwXgdTMalL9RmHSpWC0YLy6i158xEWWx5xHMBRj0rWHimbDKS4nX25pZ
iesRA/QGqVQW/F0qfJlleqKaYmggBMVvOu8beIexJ9i6WY3HIXuNwnNPgIORit9o
rdaBADSOU4paT0xFCT0jaMA9pnd3nWH/k5iMaRctOSkCXBfyuygm/zOLUyjiue26
jJP0v+eKcl+8pfeFYFgx+wUG4mYeGMEydkwgZCTFcsBP+9L/d+v/OPuxT92pxget
JNEtGzTPOmu6eqJkD7ML9FbSjqcWw0zSAzmVvFkFs2PJI1qLoSdUY4G17wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFFZ9gONhGBLuk7SRE3lKw5ESxJxEMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvVm4yQTQyRVlFdTZUdEpFVGVVckRrUkxFbkVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAU4mYAwQB
U4maAwQAWJc9AwQAWJc/AwQDWNHIMAwDBABY0ecDBAJY0egDBACy0vwwDQYJKoZI
hvcNAQELBQADggEBAETXLzNzaoqLFkKFQKZwmi7QSXy0Z51CtT3c/CcfqiI7gKdI
SOwi8UTiBEeagLEikJGI1BX9+VkYvAxUUFMI9f+luhQ49NYLQDg6KuwVe+R8epJX
2/9OJbq1h5KaPtJUt4wNCFbsehsNZvcz2NyiHej2Z7QX80Q999DgfeBlLbF28yye
aVLBgq7CDGzGFWl3qNmQlC1BfZNBdNf3hq5djMq70JKT8LDT4fDRw1f9XJlrwP/p
WX6Ab+r/+swi8Qmp2OjX4FLDOFdM5iwi+ZFrjuNCvh8LK3CUbzffmnestbknuGVa
fqhD3Kp5D4LL2IUYRyMwluB3W3OfyRF26reZwyA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org