Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Ztx-K4ykKpz8S6Xk2tr4VIrnBGQ.roa
File:                     Ztx-K4ykKpz8S6Xk2tr4VIrnBGQ.roa (raw, json)
Hash identifier:          Db5bohwyX3hby3FkSbTjPtdXkCtYfpX6pTvMdZ/h+/0=
Subject key identifier:   66:DC:7E:2B:8C:A4:2A:9C:FC:4B:A5:E4:DA:DA:F8:54:8A:E7:04:64
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018726DE51662A91EFB55A0DF6973397D37B
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Ztx-K4ykKpz8S6Xk2tr4VIrnBGQ.roa
Signing time:             Tue 28 Mar 2023 06:18:36 +0000
ROA not before:           Tue 28 Mar 2023 06:18:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211619
IP address blocks:        88.209.228.0/24 maxlen: 24
                          88.209.236.0/22 maxlen: 22
                          88.209.246.0/23 maxlen: 23
                          88.209.254.0/24 maxlen: 24
                          83.137.159.0/24 maxlen: 24
                          83.137.157.0/24 maxlen: 24
                          83.137.153.0/24 maxlen: 24
                          178.210.232.0/24 maxlen: 24
                          178.210.233.0/24 maxlen: 24
                          178.210.237.0/24 maxlen: 24
                          178.210.234.0/24 maxlen: 24
                          178.210.235.0/24 maxlen: 24
                          45.9.168.0/24 maxlen: 24
                          77.242.152.0/22 maxlen: 24
                          92.52.218.0/24 maxlen: 24
                          194.41.47.0/24 maxlen: 24
                          88.151.62.0/24 maxlen: 24
                          5.182.112.0/24 maxlen: 24
                          45.14.9.0/24 maxlen: 24
                          5.182.115.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:26:de:51:66:2a:91:ef:b5:5a:0d:f6:97:33:97:d3:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Mar 28 06:18:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=66dc7e2b8ca42a9cfc4ba5e4dadaf8548ae70464
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b4:ec:18:6d:b7:5a:b4:30:1a:51:ee:d1:b2:
                    4d:97:8f:6a:f1:1b:99:01:90:e3:8e:12:b9:08:41:
                    18:83:b9:4a:d0:ec:5a:89:bc:71:12:0f:c2:5d:26:
                    fb:66:83:12:f5:3d:f0:55:7d:8b:17:31:75:e3:21:
                    9f:19:f3:af:54:88:7a:24:d0:f8:70:b8:fb:4a:de:
                    14:ba:90:53:35:ae:36:f7:96:0f:e1:ff:13:76:bc:
                    d6:1f:b9:c9:e3:d0:e8:b1:ae:06:6b:f4:46:1c:4a:
                    1f:dc:fa:49:25:16:6f:fb:7a:57:53:0d:5f:54:d3:
                    90:76:74:16:c1:42:87:36:8e:63:f1:b1:41:82:7c:
                    65:06:e6:a3:9e:65:ea:3e:7c:6e:0b:74:eb:64:19:
                    83:97:af:9f:58:47:25:36:88:84:5b:dc:d6:04:e3:
                    4b:e5:bf:5c:1a:64:75:bc:a5:64:61:db:a6:0f:a6:
                    f0:c5:94:b5:c3:30:6a:ed:d1:03:16:21:91:b3:47:
                    2d:2e:58:4d:b1:09:66:39:3f:b6:56:b0:27:b9:48:
                    08:90:63:d7:fc:ac:b4:3d:a5:a7:74:6a:1b:e4:9c:
                    8e:06:61:3f:13:e2:42:08:85:28:0b:fe:e1:02:45:
                    a3:1f:8b:c6:c2:30:63:05:21:5a:57:52:82:b5:dc:
                    3d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:DC:7E:2B:8C:A4:2A:9C:FC:4B:A5:E4:DA:DA:F8:54:8A:E7:04:64
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Ztx-K4ykKpz8S6Xk2tr4VIrnBGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.112.0/24
                  5.182.115.0/24
                  45.9.168.0/24
                  45.14.9.0/24
                  77.242.152.0/22
                  83.137.153.0/24
                  83.137.157.0/24
                  83.137.159.0/24
                  88.151.62.0/24
                  88.209.228.0/24
                  88.209.236.0/22
                  88.209.246.0/23
                  88.209.254.0/24
                  92.52.218.0/24
                  178.210.232.0/22
                  178.210.237.0/24
                  194.41.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:58:32:0c:50:4c:60:02:0a:44:3c:99:23:dd:3d:51:8d:76:
         8f:37:25:ea:0a:7a:80:c3:34:76:0f:77:97:5c:08:8e:a8:98:
         11:a7:17:9e:22:04:37:6b:dd:41:ea:5f:06:69:02:9f:b2:e0:
         39:9f:54:c9:39:64:0e:e4:89:36:23:ba:08:00:0e:4f:ea:f7:
         5b:26:f7:a8:15:3e:ef:95:a0:3c:58:d7:74:65:34:c7:32:9f:
         c8:aa:a8:6d:0c:10:2a:29:15:56:39:ad:44:33:e7:6e:69:89:
         5d:82:ff:88:39:3b:86:a1:1b:09:25:10:83:65:f4:88:c5:46:
         03:bb:fc:63:ba:c5:97:c6:82:bf:0a:1a:f1:4c:8b:e2:06:74:
         a5:ee:41:3b:5f:52:d9:0e:aa:9a:8f:75:e1:eb:0b:b7:28:f6:
         1a:e4:b8:93:8b:38:e1:1e:b9:29:39:61:4b:94:d0:bf:59:01:
         7b:a1:10:1a:1a:0a:6e:66:92:f2:3c:c7:59:73:47:73:96:0f:
         d2:21:5c:19:77:56:f2:de:04:78:8f:a5:74:12:f1:6a:b3:51:
         41:26:cd:5e:af:42:14:cf:5a:96:92:49:46:bc:ca:91:06:ff:
         1e:89:12:8d:81:0b:68:d6:0a:86:03:00:07:84:30:e2:af:98:
         29:a6:08:ae
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAYcm3lFmKpHvtVoN9pczl9N7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwMzI4MDYxODM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmRjN2UyYjhjYTQyYTljZmM0YmE1ZTRkYWRhZjg1NDhhZTcwNDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbTsGG23WrQwGlHu0bJNl49q8RuZ
AZDjjhK5CEEYg7lK0OxaibxxEg/CXSb7ZoMS9T3wVX2LFzF14yGfGfOvVIh6JND4
cLj7St4UupBTNa4295YP4f8TdrzWH7nJ49Dosa4Ga/RGHEof3PpJJRZv+3pXUw1f
VNOQdnQWwUKHNo5j8bFBgnxlBuajnmXqPnxuC3TrZBmDl6+fWEclNoiEW9zWBONL
5b9cGmR1vKVkYdumD6bwxZS1wzBq7dEDFiGRs0ctLlhNsQlmOT+2VrAnuUgIkGPX
/Ky0PaWndGob5JyOBmE/E+JCCIUoC/7hAkWjH4vGwjBjBSFaV1KCtdw9cQIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFGbcfiuMpCqc/Eul5Nra+FSK5wRkMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvWnR4LUs0eWtLcHo4UzZYazJ0cjRWSXJuQkdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmAwQABbZwAwQA
BbZzAwQALQmoAwQALQ4JAwQCTfKYAwQAU4mZAwQAU4mdAwQAU4mfAwQAWJc+AwQA
WNHkAwQCWNHsAwQBWNH2AwQAWNH+AwQAXDTaAwQCstLoAwQAstLtAwQAwikvMA0G
CSqGSIb3DQEBCwUAA4IBAQBYWDIMUExgAgpEPJkj3T1RjXaPNyXqCnqAwzR2D3eX
XAiOqJgRpxeeIgQ3a91B6l8GaQKfsuA5n1TJOWQO5Ik2I7oIAA5P6vdbJveoFT7v
laA8WNd0ZTTHMp/IqqhtDBAqKRVWOa1EM+duaYldgv+IOTuGoRsJJRCDZfSIxUYD
u/xjusWXxoK/ChrxTIviBnSl7kE7X1LZDqqaj3Xh6wu3KPYa5LiTizjhHrkpOWFL
lNC/WQF7oRAaGgpuZpLyPMdZc0dzlg/SIVwZd1by3gR4j6V0EvFqs1FBJs1er0IU
z1qWkklGvMqRBv8eiRKNgQto1gqGAwAHhDDir5gppgiu
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org