Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/cve130GpPX1DHtlqeS0-B9ekqGY.roa
File:                     cve130GpPX1DHtlqeS0-B9ekqGY.roa (raw, json)
Hash identifier:          NvqVtF0SQj/iW2eMJYEdZh5W37O2H8V8tZ3sl2BJWgE=
Subject key identifier:   72:F7:B5:DF:41:A9:3D:7D:43:1E:D9:6A:79:2D:3E:07:D7:A4:A8:66
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01898DC9992A86E00A4E38BAD2BC9D87F44E
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/cve130GpPX1DHtlqeS0-B9ekqGY.roa
Signing time:             Tue 25 Jul 2023 16:02:26 +0000
ROA not before:           Tue 25 Jul 2023 16:02:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        178.210.231.0/24 maxlen: 24
                          178.210.230.0/24 maxlen: 24
                          178.210.250.0/24 maxlen: 24
                          77.242.150.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          2.58.168.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8d:c9:99:2a:86:e0:0a:4e:38:ba:d2:bc:9d:87:f4:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jul 25 16:02:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72f7b5df41a93d7d431ed96a792d3e07d7a4a866
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:90:f4:dd:2f:9f:b0:47:c2:d4:af:dd:9e:7e:
                    6d:5a:5e:df:b5:b3:9b:44:1c:f2:f8:62:fc:93:8d:
                    0b:d4:20:5e:ef:8a:db:b0:2b:db:60:b9:6b:3c:76:
                    51:60:49:53:d8:2e:0e:4d:dd:db:35:c2:35:be:e6:
                    51:a7:a5:be:a9:81:93:3a:fd:90:64:40:39:f7:26:
                    70:22:d6:21:dc:92:4e:8d:4f:d7:0d:6e:61:6f:e1:
                    6a:54:8f:b4:cb:98:33:49:3e:35:ad:bc:37:7c:d2:
                    0c:72:ae:8e:9b:aa:84:0c:11:c1:13:0b:e8:db:53:
                    06:a9:c1:c0:60:74:12:6c:91:7a:42:1d:9a:b3:80:
                    00:4c:ba:41:ef:0a:81:f9:5d:20:bc:ec:e0:1d:a6:
                    10:24:e1:48:ce:dd:c3:0c:ac:86:a2:c4:68:3f:8a:
                    b6:37:6b:eb:2f:e0:8c:de:45:d7:50:53:ee:5e:a2:
                    6a:89:e9:f9:7c:45:08:b2:b1:3b:41:f8:b3:f9:e7:
                    c4:b8:e2:b8:f0:a3:e0:60:8c:c2:ae:05:5e:a9:2c:
                    68:fb:4c:5f:3a:bc:8a:e9:d7:5b:14:a9:8f:66:bf:
                    8d:ff:34:8c:7f:f6:03:73:e7:a4:b7:fc:8c:84:37:
                    bf:d2:95:65:10:cd:76:3a:e4:7b:97:e7:eb:9d:f4:
                    41:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F7:B5:DF:41:A9:3D:7D:43:1E:D9:6A:79:2D:3E:07:D7:A4:A8:66
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/cve130GpPX1DHtlqeS0-B9ekqGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.168.0/24
                  77.242.150.0/24
                  88.151.56.0-88.151.58.255
                  88.209.195.0/24
                  88.209.211.0/24
                  88.209.217.0/24
                  88.209.221.0/24
                  178.210.230.0/23
                  178.210.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:61:23:36:81:b0:06:e0:93:ca:7d:f9:df:72:22:f8:cd:99:
         61:e6:54:aa:6a:00:35:07:71:63:f0:46:cf:1a:c9:fe:09:7f:
         a6:4c:67:8c:ac:4b:5c:cb:2b:0c:a6:91:c8:47:cb:09:2c:02:
         55:c5:e3:f0:1a:2d:15:94:1d:e9:2c:17:31:43:08:4f:46:12:
         20:13:bd:68:4e:68:2e:04:af:aa:e1:b3:d2:d5:7c:c0:7a:85:
         23:6a:80:10:ff:31:96:63:a0:14:f4:33:04:e7:f6:49:33:e2:
         aa:8d:f5:34:ef:4e:14:d8:17:7c:26:ba:32:97:eb:31:fc:f9:
         68:d2:c7:90:6a:46:16:c5:dc:ff:da:c2:55:eb:b5:3a:59:3b:
         ee:08:68:7a:20:fa:66:e8:37:91:ba:e8:9c:6b:df:ba:b8:23:
         b8:26:48:d3:37:39:2f:89:9a:3c:05:b7:ca:f8:64:d6:76:12:
         b7:87:f3:cc:19:69:13:5f:2f:4b:48:43:66:95:da:cf:de:30:
         43:05:54:86:a3:19:35:9e:32:78:e8:61:02:c9:74:4d:e5:75:
         5f:ee:02:db:61:1e:2a:8d:90:f4:a2:a8:07:0f:14:26:64:b2:
         6e:69:d7:37:80:58:13:5e:1a:e9:14:93:f5:16:69:3a:1c:f8:
         c2:90:d2:29
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYmNyZkqhuAKTji60rydh/ROMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNzI1MTYwMjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmY3YjVkZjQxYTkzZDdkNDMxZWQ5NmE3OTJkM2UwN2Q3YTRhODY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJD03S+fsEfC1K/dnn5tWl7ftbOb
RBzy+GL8k40L1CBe74rbsCvbYLlrPHZRYElT2C4OTd3bNcI1vuZRp6W+qYGTOv2Q
ZEA59yZwItYh3JJOjU/XDW5hb+FqVI+0y5gzST41rbw3fNIMcq6Om6qEDBHBEwvo
21MGqcHAYHQSbJF6Qh2as4AATLpB7wqB+V0gvOzgHaYQJOFIzt3DDKyGosRoP4q2
N2vrL+CM3kXXUFPuXqJqien5fEUIsrE7Qfiz+efEuOK48KPgYIzCrgVeqSxo+0xf
OryK6ddbFKmPZr+N/zSMf/YDc+ekt/yMhDe/0pVlEM12OuR7l+frnfRBlQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFHL3td9BqT19Qx7ZanktPgfXpKhmMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvY3ZlMTMwR3BQWDFESHRscWVTMC1COWVrcUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAAjqoAwQA
TfKWMAwDBANYlzgDBABYlzoDBABY0cMDBABY0dMDBABY0dkDBABY0d0DBAGy0uYD
BACy0vowDQYJKoZIhvcNAQELBQADggEBAGNhIzaBsAbgk8p9+d9yIvjNmWHmVKpq
ADUHcWPwRs8ayf4Jf6ZMZ4ysS1zLKwymkchHywksAlXF4/AaLRWUHeksFzFDCE9G
EiATvWhOaC4Er6rhs9LVfMB6hSNqgBD/MZZjoBT0MwTn9kkz4qqN9TTvThTYF3wm
ujKX6zH8+WjSx5BqRhbF3P/awlXrtTpZO+4IaHog+mboN5G66Jxr37q4I7gmSNM3
OS+JmjwFt8r4ZNZ2EreH88wZaRNfL0tIQ2aV2s/eMEMFVIajGTWeMnjoYQLJdE3l
dV/uAtthHiqNkPSiqAcPFCZksm5p1zeAWBNeGukUk/UWaToc+MKQ0ik=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org