Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gn08QIpD9CJQnlgenelEQvj_o-M.roa
File:                     gn08QIpD9CJQnlgenelEQvj_o-M.roa (raw, json)
Hash identifier:          eD2tCutqhA4cbXF1/G8BmaDxbey16ekGJYsPDL/WevI=
Subject key identifier:   82:7D:3C:40:8A:43:F4:22:50:9E:58:1E:9D:E9:44:42:F8:FF:A3:E3
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01881E4AA957DB16D74D79A3964A3B701BB6
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gn08QIpD9CJQnlgenelEQvj_o-M.roa
Signing time:             Mon 15 May 2023 07:23:09 +0000
ROA not before:           Mon 15 May 2023 07:23:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        88.209.229.0/24 maxlen: 24
                          88.209.248.0/24 maxlen: 24
                          88.209.249.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          88.209.194.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.216.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.220.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24
                          88.209.222.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          5.182.113.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:1e:4a:a9:57:db:16:d7:4d:79:a3:96:4a:3b:70:1b:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May 15 07:23:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=827d3c408a43f422509e581e9de94442f8ffa3e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6d:53:83:9d:44:c1:6a:a4:3a:d3:b3:0d:58:
                    7b:2a:86:61:3f:6d:58:51:e1:dd:a6:c6:9b:e8:fc:
                    6f:33:ef:04:09:e5:53:5a:fe:87:04:eb:61:09:d2:
                    b4:37:d7:cd:a1:2b:0e:a8:a8:14:36:41:f2:14:78:
                    a7:8e:a8:b7:5a:f4:06:f7:5e:0a:4d:64:0d:79:16:
                    f5:82:4c:04:35:f6:df:12:33:75:6f:b4:46:07:90:
                    4b:0e:33:49:47:49:c8:5a:c5:90:67:0f:85:79:37:
                    c2:cf:24:61:ae:0b:b1:1e:f7:b1:ac:e1:e0:00:7e:
                    b5:2a:d1:ab:2a:f0:66:17:d7:8a:8a:b5:36:0a:d4:
                    4a:de:c0:7e:05:43:c8:78:d1:36:6d:79:c1:3b:67:
                    b9:28:d9:02:27:91:a8:e0:e7:72:ce:78:4e:f5:a6:
                    ed:7f:52:9c:84:f1:a2:9d:85:a2:1e:f0:d1:ca:b2:
                    a8:e6:f4:39:ec:7f:31:e3:60:8f:14:e7:e8:6a:1a:
                    9c:92:b2:c2:ba:e4:ca:92:a2:f4:a2:ed:9b:41:03:
                    a4:d3:b9:2f:b8:e5:35:c5:96:5e:5d:6a:10:82:53:
                    3b:a5:00:a2:a9:ca:c5:29:dd:3c:9c:be:07:1e:93:
                    60:4d:45:d2:8b:b2:1b:ed:75:52:d6:58:06:28:56:
                    e8:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:7D:3C:40:8A:43:F4:22:50:9E:58:1E:9D:E9:44:42:F8:FF:A3:E3
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/gn08QIpD9CJQnlgenelEQvj_o-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.113.0/24
                  88.151.58.0/24
                  88.151.61.0/24
                  88.209.194.0/23
                  88.209.209.0/24
                  88.209.211.0/24
                  88.209.216.0/24
                  88.209.220.0-88.209.222.255
                  88.209.224.0/23
                  88.209.229.0/24
                  88.209.248.0/23
                  178.210.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:ed:51:e1:eb:da:af:3d:1c:a2:de:fe:05:8d:80:4f:32:7c:
         6a:af:8d:3b:6c:9b:6a:07:1c:9f:86:f2:21:b0:1b:15:bb:e0:
         9d:63:6a:3d:1a:9a:6c:b6:2c:06:9d:58:5c:5a:0a:18:f9:fb:
         aa:99:33:49:bf:a3:9d:4e:90:6f:eb:df:38:31:84:47:5f:6f:
         c9:82:2b:ce:1b:82:a2:bb:cf:19:8c:49:93:60:dc:3a:7e:89:
         2c:90:e7:b4:37:1e:55:e0:70:64:e3:5f:3b:e9:74:ec:46:0a:
         fe:ed:bc:42:33:07:9d:4c:05:bf:90:07:8f:4e:35:81:35:33:
         4a:e5:4d:96:63:83:d0:fd:6e:25:c8:50:c1:f7:c1:2d:a6:8d:
         27:ca:7e:d8:de:01:2b:60:ff:04:45:8f:21:4b:c2:8e:bf:b5:
         aa:76:3e:0f:72:6d:f2:09:98:4d:c7:95:53:9f:47:57:5d:4c:
         5f:54:e0:92:d5:c5:1d:74:bd:66:1f:ff:da:39:29:94:6f:04:
         1a:4e:81:c1:81:1d:03:7e:4b:d6:e8:23:04:96:2e:d3:73:87:
         96:7d:eb:43:2f:52:b9:1c:3b:fb:d1:b7:1d:32:4a:5a:96:80:
         47:31:5d:36:61:e0:75:d2:c5:d5:c2:e4:f3:d8:c1:eb:5b:78:
         19:77:8d:e4
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYgeSqlX2xbXTXmjlko7cBu2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTE1MDcyMzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjdkM2M0MDhhNDNmNDIyNTA5ZTU4MWU5ZGU5NDQ0MmY4ZmZhM2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvG1Tg51EwWqkOtOzDVh7KoZhP21Y
UeHdpsab6PxvM+8ECeVTWv6HBOthCdK0N9fNoSsOqKgUNkHyFHinjqi3WvQG914K
TWQNeRb1gkwENfbfEjN1b7RGB5BLDjNJR0nIWsWQZw+FeTfCzyRhrguxHvexrOHg
AH61KtGrKvBmF9eKirU2CtRK3sB+BUPIeNE2bXnBO2e5KNkCJ5Go4OdyznhO9abt
f1KchPGinYWiHvDRyrKo5vQ57H8x42CPFOfoahqckrLCuuTKkqL0ou2bQQOk07kv
uOU1xZZeXWoQglM7pQCiqcrFKd08nL4HHpNgTUXSi7Ib7XVS1lgGKFbo7QIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFIJ9PECKQ/QiUJ5YHp3pREL4/6PjMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvZ24wOFFJcEQ5Q0pRbmxnZW5lbEVRdmpfby1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQABbZxAwQA
WJc6AwQAWJc9AwQBWNHCAwQAWNHRAwQAWNHTAwQAWNHYMAwDBAJY0dwDBABY0d4D
BAFY0eADBABY0eUDBAFY0fgDBACy0uwwDQYJKoZIhvcNAQELBQADggEBAKPtUeHr
2q89HKLe/gWNgE8yfGqvjTtsm2oHHJ+G8iGwGxW74J1jaj0ammy2LAadWFxaChj5
+6qZM0m/o51OkG/r3zgxhEdfb8mCK84bgqK7zxmMSZNg3Dp+iSyQ57Q3HlXgcGTj
XzvpdOxGCv7tvEIzB51MBb+QB49ONYE1M0rlTZZjg9D9biXIUMH3wS2mjSfKftje
AStg/wRFjyFLwo6/tap2Pg9ybfIJmE3HlVOfR1ddTF9U4JLVxR10vWYf/9o5KZRv
BBpOgcGBHQN+S9boIwSWLtNzh5Z960MvUrkcO/vRtx0ySlqWgEcxXTZh4HXSxdXC
5PPYwetbeBl3jeQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org