Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/a8wrdDsxNBm6PrK7TkW-thaPSK0.roa
File:                     a8wrdDsxNBm6PrK7TkW-thaPSK0.roa (raw, json)
Hash identifier:          PtJ/MvhrzWCfeSIzAaA7flXLcjbBfk3vExB1ixJOhu8=
Subject key identifier:   6B:CC:2B:74:3B:31:34:19:BA:3E:B2:BB:4E:45:BE:B6:16:8F:48:AD
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018D922D8E7FC46F46D561F5DEE8F7795642
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/a8wrdDsxNBm6PrK7TkW-thaPSK0.roa
Signing time:             Sat 10 Feb 2024 08:41:15 +0000
ROA not before:           Sat 10 Feb 2024 08:41:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        88.151.56.0/23 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.232.0/22 maxlen: 24
                          178.210.226.0/24 maxlen: 24
                          178.210.227.0/24 maxlen: 24
                          178.210.228.0/24 maxlen: 24
                          178.210.230.0/24 maxlen: 24
                          178.210.231.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          178.210.252.0/24 maxlen: 24
                          178.210.253.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:92:2d:8e:7f:c4:6f:46:d5:61:f5:de:e8:f7:79:56:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Feb 10 08:41:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bcc2b743b313419ba3eb2bb4e45beb6168f48ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:24:e7:2d:88:8a:0d:93:8b:a2:c6:38:c0:88:
                    4c:63:ed:5c:50:7c:32:f4:e8:77:2d:00:a3:5c:4a:
                    7e:9c:d6:92:35:de:60:aa:d4:8a:b1:b2:ae:97:4b:
                    20:2b:b7:c7:54:c2:b2:4c:bd:b9:95:b0:e1:92:4d:
                    61:6c:c0:d9:cc:cf:f7:78:91:dc:0a:02:bd:12:2e:
                    9b:30:48:3f:1e:e7:aa:dd:49:fc:90:70:be:e1:7b:
                    95:5e:0c:c5:2c:9f:b4:ab:f9:07:7f:89:6f:11:a7:
                    57:ad:c3:f9:34:b2:f2:69:66:c7:18:d2:aa:bc:53:
                    83:f2:23:12:90:53:e8:95:bb:b3:32:8b:2e:b1:ce:
                    ff:4a:d3:dd:80:24:00:94:c4:c6:a9:a0:08:e5:23:
                    5a:c1:a2:89:15:e4:0b:c2:21:e4:7f:41:6f:1b:a2:
                    2f:14:5d:02:99:2e:8d:de:f6:18:af:9b:46:20:a4:
                    be:85:e0:0b:95:02:47:d1:aa:77:53:43:70:d7:c8:
                    23:50:00:fe:2c:8f:93:dd:eb:61:f8:bf:fd:2b:14:
                    fa:b8:6a:aa:7a:18:35:b6:0c:a1:f4:e6:6b:86:ce:
                    50:2c:3b:32:0e:78:9d:b8:ee:7d:b1:52:94:1d:97:
                    45:97:de:90:dc:73:7d:db:cb:2a:41:da:9e:a7:61:
                    f0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:CC:2B:74:3B:31:34:19:BA:3E:B2:BB:4E:45:BE:B6:16:8F:48:AD
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/a8wrdDsxNBm6PrK7TkW-thaPSK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.56.0/23
                  88.209.211.0/24
                  88.209.232.0/22
                  178.210.226.0-178.210.228.255
                  178.210.230.0/23
                  178.210.236.0/24
                  178.210.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:6d:ac:5c:57:6e:2f:ed:91:67:3b:ad:82:78:6e:5c:28:88:
         06:97:ff:b0:ab:a6:56:f6:b5:43:4d:ad:90:94:e5:14:ad:ab:
         0d:a2:44:cb:9a:f6:1e:71:09:61:62:82:ae:6d:71:90:e3:72:
         84:cb:02:f6:c4:89:9f:bc:b5:38:e1:24:8e:e3:99:a3:a8:98:
         00:a0:9f:23:2d:2f:ab:07:82:72:6f:23:f3:f6:e1:28:4b:20:
         34:6c:82:89:4a:45:87:d8:b9:1b:da:70:5f:52:ae:82:ec:d0:
         c0:d4:5d:a0:c3:6d:2c:04:7f:79:47:42:ca:3d:5d:4b:c7:ea:
         b1:22:b2:14:77:71:66:c0:87:48:df:10:5b:7c:95:15:5f:2b:
         0f:33:54:f8:6a:1f:ee:6a:51:65:3a:3b:26:24:cf:16:65:4f:
         e2:ce:0b:f4:55:41:6f:eb:02:7a:b7:3d:2c:c4:8c:ac:96:cc:
         bf:80:68:c7:5c:84:13:25:49:b6:88:35:a4:b4:11:82:81:e7:
         9b:15:d6:18:1c:02:af:4d:74:3b:9f:93:3e:cb:b0:3e:95:24:
         bf:e3:d7:39:21:75:a8:ee:3b:02:8c:80:aa:35:e9:05:43:bc:
         c2:ac:d1:a4:34:cb:21:ff:7f:be:13:42:a8:57:8d:a3:8d:74:
         55:a1:67:ec
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY2SLY5/xG9G1WH13uj3eVZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMjEwMDg0MTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmNjMmI3NDNiMzEzNDE5YmEzZWIyYmI0ZTQ1YmViNjE2OGY0OGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCTnLYiKDZOLosY4wIhMY+1cUHwy
9Oh3LQCjXEp+nNaSNd5gqtSKsbKul0sgK7fHVMKyTL25lbDhkk1hbMDZzM/3eJHc
CgK9Ei6bMEg/Hueq3Un8kHC+4XuVXgzFLJ+0q/kHf4lvEadXrcP5NLLyaWbHGNKq
vFOD8iMSkFPolbuzMosusc7/StPdgCQAlMTGqaAI5SNawaKJFeQLwiHkf0FvG6Iv
FF0CmS6N3vYYr5tGIKS+heALlQJH0ap3U0Nw18gjUAD+LI+T3eth+L/9KxT6uGqq
ehg1tgyh9OZrhs5QLDsyDniduO59sVKUHZdFl96Q3HN928sqQdqep2Hw9wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFGvMK3Q7MTQZuj6yu05FvrYWj0itMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvYTh3cmREc3hOQm02UHJLN1RrVy10aGFQU0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBWJc4AwQA
WNHTAwQCWNHoMAwDBAGy0uIDBACy0uQDBAGy0uYDBACy0uwDBAGy0vwwDQYJKoZI
hvcNAQELBQADggEBAIVtrFxXbi/tkWc7rYJ4blwoiAaX/7Crplb2tUNNrZCU5RSt
qw2iRMua9h5xCWFigq5tcZDjcoTLAvbEiZ+8tTjhJI7jmaOomACgnyMtL6sHgnJv
I/P24ShLIDRsgolKRYfYuRvacF9SroLs0MDUXaDDbSwEf3lHQso9XUvH6rEishR3
cWbAh0jfEFt8lRVfKw8zVPhqH+5qUWU6OyYkzxZlT+LOC/RVQW/rAnq3PSzEjKyW
zL+AaMdchBMlSbaINaS0EYKB55sV1hgcAq9NdDufkz7LsD6VJL/j1zkhdajuOwKM
gKo16QVDvMKs0aQ0yyH/f74TQqhXjaONdFWhZ+w=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org