Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/X9-UuC7uVoKeyHg6GIG6s-BlFnw.roa
File:                     X9-UuC7uVoKeyHg6GIG6s-BlFnw.roa (raw, json)
Hash identifier:          ufijMWtF6Q40qbkFU1+Jy9qWry+HTJhQVTXflHupI20=
Subject key identifier:   5F:DF:94:B8:2E:EE:56:82:9E:C8:78:3A:18:81:BA:B3:E0:65:16:7C
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0186A2EE9300D621AAB5DF90979D0EFBFC80
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/X9-UuC7uVoKeyHg6GIG6s-BlFnw.roa
Signing time:             Thu 02 Mar 2023 15:26:29 +0000
ROA not before:           Thu 02 Mar 2023 15:26:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211619
IP address blocks:        88.209.228.0/24 maxlen: 24
                          88.209.236.0/22 maxlen: 22
                          88.209.246.0/23 maxlen: 23
                          88.209.253.0/24 maxlen: 24
                          83.137.157.0/24 maxlen: 24
                          83.137.153.0/24 maxlen: 24
                          178.210.232.0/24 maxlen: 24
                          178.210.233.0/24 maxlen: 24
                          178.210.234.0/24 maxlen: 24
                          178.210.235.0/24 maxlen: 24
                          45.9.168.0/24 maxlen: 24
                          77.242.152.0/22 maxlen: 24
                          92.52.218.0/24 maxlen: 24
                          194.41.47.0/24 maxlen: 24
                          88.151.62.0/24 maxlen: 24
                          5.182.112.0/24 maxlen: 24
                          45.14.9.0/24 maxlen: 24
                          5.182.115.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a2:ee:93:00:d6:21:aa:b5:df:90:97:9d:0e:fb:fc:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Mar  2 15:26:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5fdf94b82eee56829ec8783a1881bab3e065167c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:9f:5e:ed:62:93:06:ee:bd:de:b1:f1:c8:43:
                    e5:c6:46:ec:db:67:18:9c:df:53:ce:48:2d:71:86:
                    e7:c4:c7:1b:0f:82:4a:ab:e0:92:9d:35:24:4f:99:
                    f6:ec:aa:89:e7:71:32:46:58:80:00:2b:dc:48:3e:
                    a9:b9:02:82:dd:8d:72:b6:4f:33:ed:96:a3:3f:64:
                    bb:94:23:b2:98:15:97:95:30:80:a0:a9:a0:4f:d3:
                    7f:27:bd:b0:61:d5:62:61:03:11:4d:dd:62:37:f1:
                    93:2b:67:cc:ff:6a:db:68:9f:df:a7:e2:74:34:19:
                    48:25:32:34:e2:1b:f8:13:be:af:17:0c:ad:dc:e4:
                    f3:20:00:48:63:6d:46:21:01:52:46:0c:8b:84:61:
                    1c:35:a1:d4:56:78:7e:1c:a8:8c:3d:24:fa:dc:d0:
                    9a:95:b2:27:62:c7:46:4b:02:5f:8f:db:5e:26:ff:
                    0a:90:66:63:da:d2:d8:8b:f4:2d:50:12:fa:ca:68:
                    71:6d:bd:8f:60:dd:f3:4d:ef:da:46:5f:70:bc:ae:
                    80:d2:8a:b2:d3:9a:f4:fd:91:20:b3:84:fa:98:b2:
                    9c:c3:28:31:88:f8:d7:a9:83:80:43:e4:2b:20:a0:
                    49:3a:6c:e8:54:f6:f3:95:99:83:04:15:02:94:be:
                    ab:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:DF:94:B8:2E:EE:56:82:9E:C8:78:3A:18:81:BA:B3:E0:65:16:7C
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/X9-UuC7uVoKeyHg6GIG6s-BlFnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.112.0/24
                  5.182.115.0/24
                  45.9.168.0/24
                  45.14.9.0/24
                  77.242.152.0/22
                  83.137.153.0/24
                  83.137.157.0/24
                  88.151.62.0/24
                  88.209.228.0/24
                  88.209.236.0/22
                  88.209.246.0/23
                  88.209.253.0/24
                  92.52.218.0/24
                  178.210.232.0/22
                  194.41.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:1a:59:fd:59:f0:83:51:ed:a0:79:3b:b9:b4:04:a9:31:03:
         c1:05:53:99:5f:9e:cf:b0:3d:9d:e1:ee:34:8b:3b:e4:fa:4d:
         32:78:bb:6b:6e:74:44:8f:58:21:cf:09:63:6b:25:54:b7:d7:
         a1:41:87:22:9e:50:94:22:b2:a8:8d:d7:89:46:43:6b:47:52:
         ee:90:af:b7:69:35:20:f2:41:ca:9b:b0:f9:2f:53:5f:09:92:
         8d:31:45:5f:bb:5c:d5:2b:9a:8d:3e:ca:b6:aa:63:ab:f0:4c:
         63:9e:70:e3:03:68:2c:11:03:62:c6:f3:7a:ed:ae:ac:8a:42:
         17:58:80:1a:dd:41:b8:64:02:34:ad:e8:b2:d7:20:d6:00:6c:
         ba:4d:88:25:47:6a:2b:45:87:b1:d1:57:bb:cf:05:53:c8:07:
         8a:2b:53:df:cb:3d:ba:a2:d5:a5:a9:eb:0f:b1:9b:15:49:54:
         6e:d0:38:74:95:76:39:8c:ce:87:be:31:d6:00:92:9d:18:f2:
         20:f0:b9:5d:74:5a:e5:fd:b2:51:9b:cf:85:61:d2:e9:3c:82:
         e1:8e:d8:88:68:a7:bd:96:3c:c7:d0:08:38:6f:03:10:32:ab:
         cd:c3:e8:7a:e8:96:02:d9:f2:56:2d:6d:c6:c3:0d:b1:2f:b5:
         75:2a:5e:86
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYai7pMA1iGqtd+Ql50O+/yAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwMzAyMTUyNjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmRmOTRiODJlZWU1NjgyOWVjODc4M2ExODgxYmFiM2UwNjUxNjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg59e7WKTBu693rHxyEPlxkbs22cY
nN9TzkgtcYbnxMcbD4JKq+CSnTUkT5n27KqJ53EyRliAACvcSD6puQKC3Y1ytk8z
7ZajP2S7lCOymBWXlTCAoKmgT9N/J72wYdViYQMRTd1iN/GTK2fM/2rbaJ/fp+J0
NBlIJTI04hv4E76vFwyt3OTzIABIY21GIQFSRgyLhGEcNaHUVnh+HKiMPST63NCa
lbInYsdGSwJfj9teJv8KkGZj2tLYi/QtUBL6ymhxbb2PYN3zTe/aRl9wvK6A0oqy
05r0/ZEgs4T6mLKcwygxiPjXqYOAQ+QrIKBJOmzoVPbzlZmDBBUClL6rLQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFF/flLgu7laCnsh4OhiBurPgZRZ8MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvWDktVXVDN3VWb0tleUhnNkdJRzZzLUJsRm53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQABbZwAwQA
BbZzAwQALQmoAwQALQ4JAwQCTfKYAwQAU4mZAwQAU4mdAwQAWJc+AwQAWNHkAwQC
WNHsAwQBWNH2AwQAWNH9AwQAXDTaAwQCstLoAwQAwikvMA0GCSqGSIb3DQEBCwUA
A4IBAQCvGln9WfCDUe2geTu5tASpMQPBBVOZX57PsD2d4e40izvk+k0yeLtrbnRE
j1ghzwljayVUt9ehQYcinlCUIrKojdeJRkNrR1LukK+3aTUg8kHKm7D5L1NfCZKN
MUVfu1zVK5qNPsq2qmOr8ExjnnDjA2gsEQNixvN67a6sikIXWIAa3UG4ZAI0reiy
1yDWAGy6TYglR2orRYex0Ve7zwVTyAeKK1Pfyz26otWlqesPsZsVSVRu0Dh0lXY5
jM6HvjHWAJKdGPIg8LlddFrl/bJRm8+FYdLpPILhjtiIaKe9ljzH0Ag4bwMQMqvN
w+h66JYC2fJWLW3Gww2xL7V1Kl6G
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:27 2024 by rpki-client on console-fra.rpki-client.org