Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gAAsUpzypXEQO1QP7HXvHY-GknY.roa
File:                     gAAsUpzypXEQO1QP7HXvHY-GknY.roa (raw, json)
Hash identifier:          0QTW5dclPJMJfGm+zuyuEgto8mEh+1ZAwUT//SVcXSY=
Subject key identifier:   80:00:2C:52:9C:F2:A5:71:10:3B:54:0F:EC:75:EF:1D:8F:86:92:76
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018B90B2269FF2296DF9703DDFC35DE04171
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gAAsUpzypXEQO1QP7HXvHY-GknY.roa
Signing time:             Thu 02 Nov 2023 15:41:16 +0000
ROA not before:           Thu 02 Nov 2023 15:41:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211619
IP address blocks:        88.209.228.0/24 maxlen: 24
                          88.209.239.0/24 maxlen: 24
                          88.209.236.0/24 maxlen: 24
                          88.209.236.0/22 maxlen: 22
                          88.209.237.0/24 maxlen: 24
                          88.209.238.0/24 maxlen: 24
                          88.209.246.0/23 maxlen: 23
                          88.209.254.0/24 maxlen: 24
                          83.137.157.0/24 maxlen: 24
                          83.137.153.0/24 maxlen: 24
                          178.210.232.0/24 maxlen: 24
                          178.210.229.0/24 maxlen: 24
                          178.210.237.0/24 maxlen: 24
                          178.210.234.0/24 maxlen: 24
                          178.210.235.0/24 maxlen: 24
                          45.9.168.0/24 maxlen: 24
                          77.242.152.0/22 maxlen: 24
                          88.209.219.0/24 maxlen: 24
                          92.52.217.0/24 maxlen: 24
                          92.52.218.0/24 maxlen: 24
                          194.41.47.0/24 maxlen: 24
                          5.182.112.0/24 maxlen: 24
                          5.182.115.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:90:b2:26:9f:f2:29:6d:f9:70:3d:df:c3:5d:e0:41:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Nov  2 15:41:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=80002c529cf2a571103b540fec75ef1d8f869276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:73:c0:db:66:d0:90:7c:39:a2:1c:9f:b6:7d:
                    5a:cf:38:c9:bc:81:21:0d:9b:a9:b3:49:ed:5c:4b:
                    dd:07:ed:df:38:53:f4:12:52:bd:16:19:3e:85:a7:
                    91:01:10:d6:10:e9:69:7f:6c:c8:d5:ff:89:31:21:
                    39:f5:3c:60:94:fa:f6:fb:7e:11:1a:21:0d:3e:54:
                    80:54:34:13:65:4a:21:2c:c0:b8:95:6b:8b:4f:f7:
                    19:a0:ee:6d:16:7d:1a:f7:b9:92:1f:53:08:6c:90:
                    39:6b:9e:2f:4a:8f:70:ec:4e:52:ab:52:2f:d9:a1:
                    7c:c7:c3:f0:13:e0:2b:62:fd:42:ce:af:c2:93:f9:
                    30:de:c0:ab:31:55:b5:f9:88:a2:7a:6c:be:ae:68:
                    65:97:c6:b9:03:69:a2:d2:ef:a6:11:cb:c0:b6:2d:
                    8e:ce:1a:80:dd:19:00:df:bb:e2:a2:32:75:e8:9c:
                    90:ec:60:9a:11:9c:03:a3:0b:5c:48:cf:84:23:dd:
                    b6:55:9b:a8:e4:3a:b3:6e:f8:5d:61:88:dd:f5:3f:
                    94:c0:44:e7:46:5d:a6:cd:52:22:f9:e8:3e:7e:da:
                    86:95:59:9d:e4:2d:5b:b0:ed:a0:b1:24:b6:55:a6:
                    95:00:7e:3c:9f:2f:2f:63:cc:f8:c5:e5:59:c6:ce:
                    69:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:00:2C:52:9C:F2:A5:71:10:3B:54:0F:EC:75:EF:1D:8F:86:92:76
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gAAsUpzypXEQO1QP7HXvHY-GknY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.112.0/24
                  5.182.115.0/24
                  45.9.168.0/24
                  77.242.152.0/22
                  83.137.153.0/24
                  83.137.157.0/24
                  88.209.219.0/24
                  88.209.228.0/24
                  88.209.236.0/22
                  88.209.246.0/23
                  88.209.254.0/24
                  92.52.217.0-92.52.218.255
                  178.210.229.0/24
                  178.210.232.0/24
                  178.210.234.0/23
                  178.210.237.0/24
                  194.41.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:f5:75:20:45:6a:ee:8b:77:35:fe:7f:1b:cf:45:9c:dc:71:
         cc:1f:e5:3b:ea:eb:db:ed:7b:90:c8:04:89:d0:96:90:a2:fe:
         b6:9b:10:83:06:76:15:02:ed:13:b2:da:b3:9d:0f:22:2c:2d:
         9f:6b:d8:17:6b:55:16:2d:61:64:6f:53:86:08:b6:65:53:ce:
         1d:8f:51:98:72:a2:2e:dd:be:25:6c:fb:65:6e:be:5e:d7:54:
         00:7a:ae:5e:dd:75:3e:4f:0a:11:ec:08:11:a0:1e:fe:17:73:
         2a:2e:e7:b8:fd:29:f6:0e:00:84:68:8e:02:1b:13:f3:a5:91:
         41:71:4d:81:cd:e6:de:05:9d:7c:28:1e:d0:0e:de:f9:26:22:
         01:6e:c1:72:db:41:3b:07:ad:90:94:59:c7:bb:c5:fb:de:52:
         0a:00:d0:3a:52:8e:ec:46:8f:a6:1f:8a:67:e7:f3:8d:ca:0c:
         ba:c7:3d:bf:b7:d8:8a:df:d8:8a:4e:1f:c3:d3:2a:b0:cb:44:
         de:63:b5:3f:ae:53:31:5e:12:fe:2b:1a:08:10:e0:0b:8f:f8:
         dc:60:c4:0e:c2:20:d6:ac:f5:cc:38:a2:d0:42:8e:74:5d:0e:
         01:b5:26:67:bc:52:0d:45:6c:58:8e:75:b2:0f:e7:f3:e5:96:
         4d:12:6f:5f
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgISAYuQsiaf8ilt+XA938Nd4EFxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMTAyMTU0MTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDAwMmM1MjljZjJhNTcxMTAzYjU0MGZlYzc1ZWYxZDhmODY5Mjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3PA22bQkHw5ohyftn1azzjJvIEh
DZups0ntXEvdB+3fOFP0ElK9Fhk+haeRARDWEOlpf2zI1f+JMSE59TxglPr2+34R
GiENPlSAVDQTZUohLMC4lWuLT/cZoO5tFn0a97mSH1MIbJA5a54vSo9w7E5Sq1Iv
2aF8x8PwE+ArYv1Czq/Ck/kw3sCrMVW1+Yiiemy+rmhll8a5A2mi0u+mEcvAti2O
zhqA3RkA37viojJ16JyQ7GCaEZwDowtcSM+EI922VZuo5DqzbvhdYYjd9T+UwETn
Rl2mzVIi+eg+ftqGlVmd5C1bsO2gsSS2VaaVAH48ny8vY8z4xeVZxs5pcQIDAQAB
o4ICcjCCAm4wHQYDVR0OBBYEFIAALFKc8qVxEDtUD+x17x2PhpJ2MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZ0FBc1VwenlwWEVRTzFRUDdIWHZIWS1Ha25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGHBggrBgEFBQcBBwEB/wR4MHYwdAQCAAEwbgMEAAW2cAME
AAW2cwMEAC0JqAMEAk3ymAMEAFOJmQMEAFOJnQMEAFjR2wMEAFjR5AMEAljR7AME
AVjR9gMEAFjR/jAMAwQAXDTZAwQAXDTaAwQAstLlAwQAstLoAwQBstLqAwQAstLt
AwQAwikvMA0GCSqGSIb3DQEBCwUAA4IBAQBe9XUgRWrui3c1/n8bz0Wc3HHMH+U7
6uvb7XuQyASJ0JaQov62mxCDBnYVAu0TstqznQ8iLC2fa9gXa1UWLWFkb1OGCLZl
U84dj1GYcqIu3b4lbPtlbr5e11QAeq5e3XU+TwoR7AgRoB7+F3MqLue4/Sn2DgCE
aI4CGxPzpZFBcU2BzebeBZ18KB7QDt75JiIBbsFy20E7B62QlFnHu8X73lIKANA6
Uo7sRo+mH4pn5/ONygy6xz2/t9iK39iKTh/D0yqwy0TeY7U/rlMxXhL+KxoIEOAL
j/jcYMQOwiDWrPXMOKLQQo50XQ4BtSZnvFINRWxYjnWyD+fz5ZZNEm9f
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org