Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/aWYCvqCHssdu3JHw2izYxKK0Uwc.roa
File:                     aWYCvqCHssdu3JHw2izYxKK0Uwc.roa (raw, json)
Hash identifier:          IaF+pyJPHx0/KK9P2iJ5D+PVryYdFeDbR5Wfa+J/OyU=
Subject key identifier:   69:66:02:BE:A0:87:B2:C7:6E:DC:91:F0:DA:2C:D8:C4:A2:B4:53:07
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01824A6E1016AC2C18AA043B7E61FCE37DF7
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/aWYCvqCHssdu3JHw2izYxKK0Uwc.roa
Signing time:             Fri 29 Jul 2022 14:48:23 +0000
ROA not before:           Fri 29 Jul 2022 14:48:23 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     47169
IP address blocks:        88.209.250.0/23 maxlen: 23
                          45.88.92.0/24 maxlen: 24
                          178.210.254.0/23 maxlen: 23
                          92.52.192.0/21 maxlen: 21
                          92.52.200.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:4a:6e:10:16:ac:2c:18:aa:04:3b:7e:61:fc:e3:7d:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jul 29 14:48:23 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=696602bea087b2c76edc91f0da2cd8c4a2b45307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:9a:5c:d0:71:f5:6d:8c:85:e9:3e:61:56:5c:
                    36:12:41:7c:2a:a0:e9:dc:4b:c4:04:2d:1b:ed:1f:
                    30:fa:46:6a:d0:00:3a:07:4f:f5:55:6e:d6:46:69:
                    c3:c8:0a:2d:92:42:92:25:ae:8d:af:aa:4b:fb:74:
                    7c:e3:8f:4e:67:32:f4:93:04:f6:73:8a:47:6d:46:
                    9c:22:23:4a:fb:9e:5c:90:1d:a6:6a:cb:9d:36:9f:
                    56:5e:56:5e:35:ae:b8:94:18:3b:6c:75:c1:d9:a7:
                    7b:33:f0:b8:4e:a5:04:7d:ee:df:0d:73:56:82:71:
                    81:05:61:ba:37:00:a6:30:f1:2c:6f:6e:0b:38:2d:
                    57:f5:ad:94:56:70:dc:fc:5b:8e:b8:fc:13:b4:fc:
                    05:0d:d0:45:49:f0:d0:e1:d8:9d:45:0c:bc:48:9f:
                    c9:76:a8:28:2c:8f:2a:1d:3b:0f:c0:02:e7:3e:86:
                    5e:86:09:74:25:5d:c6:7d:1c:20:8c:7b:c7:cf:e0:
                    09:08:47:48:90:4b:b4:e6:cf:16:2e:fe:40:a2:19:
                    f1:c4:f9:fa:1b:1b:c4:56:ec:32:6c:1e:42:77:76:
                    84:c6:bb:37:32:6d:29:d1:21:09:95:4c:a7:3e:78:
                    ef:ba:89:ed:d3:d0:15:a8:6a:73:ee:4a:ce:b1:48:
                    06:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:66:02:BE:A0:87:B2:C7:6E:DC:91:F0:DA:2C:D8:C4:A2:B4:53:07
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/aWYCvqCHssdu3JHw2izYxKK0Uwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.92.0/24
                  88.209.250.0/23
                  92.52.192.0-92.52.203.255
                  178.210.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:ad:79:f5:45:59:7a:9e:a9:b4:f7:27:36:4b:3d:5e:4a:23:
         9b:4e:dd:9b:7c:bf:f7:c7:be:3b:83:22:79:56:64:86:cc:4c:
         39:08:67:48:63:ab:a1:33:97:b5:55:be:01:44:6f:cd:c6:77:
         67:56:03:7a:e3:ba:38:3f:39:72:bf:ab:4d:d0:46:72:a4:c9:
         53:05:e2:85:0a:a7:61:29:7f:e4:0b:4f:5a:98:8b:87:e7:46:
         95:20:cb:37:4f:b7:3c:31:62:e9:e4:c0:68:91:9e:96:be:22:
         09:4d:bd:c7:43:f0:b9:64:c1:ff:f7:48:0a:dc:7d:16:af:20:
         28:6c:98:5b:37:ff:95:20:34:84:d3:4a:9f:1d:35:3a:5a:f0:
         01:47:e9:0c:53:29:ec:4c:0f:3e:8c:97:a2:bf:b7:0f:44:60:
         99:ba:8f:8a:86:67:88:e2:73:75:a8:2e:2b:92:5b:94:00:4b:
         2e:a7:23:a8:ff:05:9c:87:cb:d9:43:6b:1d:6d:9f:ee:9f:db:
         ae:1e:0e:d1:9b:a8:41:8c:ec:34:29:a5:69:a9:b3:11:8d:79:
         20:d1:59:3a:12:cd:81:27:d7:27:7c:03:b5:94:ee:1d:93:08:
         d1:86:83:c6:73:ed:29:4a:5e:ef:30:82:92:ec:f7:c8:65:72:
         57:68:a0:d7
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYJKbhAWrCwYqgQ7fmH84333MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIwNzI5MTQ0ODIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTY2MDJiZWEwODdiMmM3NmVkYzkxZjBkYTJjZDhjNGEyYjQ1MzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJpc0HH1bYyF6T5hVlw2EkF8KqDp
3EvEBC0b7R8w+kZq0AA6B0/1VW7WRmnDyAotkkKSJa6Nr6pL+3R8449OZzL0kwT2
c4pHbUacIiNK+55ckB2masudNp9WXlZeNa64lBg7bHXB2ad7M/C4TqUEfe7fDXNW
gnGBBWG6NwCmMPEsb24LOC1X9a2UVnDc/FuOuPwTtPwFDdBFSfDQ4didRQy8SJ/J
dqgoLI8qHTsPwALnPoZehgl0JV3GfRwgjHvHz+AJCEdIkEu05s8WLv5AohnxxPn6
GxvEVuwybB5Cd3aExrs3Mm0p0SEJlUynPnjvuont09AVqGpz7krOsUgG/wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFGlmAr6gh7LHbtyR8Nos2MSitFMHMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvYVdZQ3ZxQ0hzc2R1M0pIdzJpell4S0swVXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQALVhcAwQB
WNH6MAwDBAZcNMADBAJcNMgDBAGy0v4wDQYJKoZIhvcNAQELBQADggEBAHKtefVF
WXqeqbT3JzZLPV5KI5tO3Zt8v/fHvjuDInlWZIbMTDkIZ0hjq6Ezl7VVvgFEb83G
d2dWA3rjujg/OXK/q03QRnKkyVMF4oUKp2Epf+QLT1qYi4fnRpUgyzdPtzwxYunk
wGiRnpa+IglNvcdD8Llkwf/3SArcfRavIChsmFs3/5UgNITTSp8dNTpa8AFH6QxT
KexMDz6Ml6K/tw9EYJm6j4qGZ4jic3WoLiuSW5QASy6nI6j/BZyHy9lDax1tn+6f
264eDtGbqEGM7DQppWmpsxGNeSDRWToSzYEn1yd8A7WU7h2TCNGGg8Zz7SlKXu8w
gpLs98hlcldooNc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org