Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/j85VOCnCDyJsl-M4MIx2mA2QaKw.roa
File:                     j85VOCnCDyJsl-M4MIx2mA2QaKw.roa (raw, json)
Hash identifier:          ZqvUzp0/vJonN8DB3s7eZTjDulk4IttF9GabhR9BylY=
Subject key identifier:   8F:CE:55:38:29:C2:0F:22:6C:97:E3:38:30:8C:76:98:0D:90:68:AC
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018C20A437215E1ECA6DB50F8E9F8EEAAB50
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/j85VOCnCDyJsl-M4MIx2mA2QaKw.roa
Signing time:             Thu 30 Nov 2023 14:31:22 +0000
ROA not before:           Thu 30 Nov 2023 14:31:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42864
IP address blocks:        178.248.200.0/21 maxlen: 21
                          45.9.171.0/24 maxlen: 24
                          45.9.170.0/24 maxlen: 24
                          45.9.169.0/24 maxlen: 24
                          88.209.196.0/24 maxlen: 24
                          88.209.193.0/24 maxlen: 24
                          88.209.208.0/24 maxlen: 24
                          88.209.213.0/24 maxlen: 24
                          88.209.212.0/24 maxlen: 24
                          88.209.210.0/24 maxlen: 24
                          88.209.215.0/24 maxlen: 24
                          88.209.214.0/24 maxlen: 24
                          178.210.225.0/24 maxlen: 24
                          178.210.224.0/24 maxlen: 24
                          193.138.125.0/24 maxlen: 24
                          77.242.144.0/22 maxlen: 24
                          77.242.151.0/24 maxlen: 24
                          77.242.148.0/24 maxlen: 24
                          92.52.219.0/24 maxlen: 24
                          45.88.93.0/24 maxlen: 24
                          178.210.251.0/24 maxlen: 24
                          178.210.250.0/24 maxlen: 24
                          178.210.249.0/24 maxlen: 24
                          178.210.248.0/24 maxlen: 24
                          45.14.11.0/24 maxlen: 24
                          45.14.10.0/24 maxlen: 24
                          92.52.212.0/22 maxlen: 24
                          92.52.210.0/23 maxlen: 23
                          92.52.209.0/24 maxlen: 24
                          92.52.208.0/24 maxlen: 24
                          2a00:1f40::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:20:a4:37:21:5e:1e:ca:6d:b5:0f:8e:9f:8e:ea:ab:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Nov 30 14:31:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8fce553829c20f226c97e338308c76980d9068ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:3c:ce:96:34:50:7d:83:8e:73:73:9e:b6:86:
                    61:42:c2:bc:5a:90:95:bd:a3:f3:e1:7f:e5:6b:30:
                    b4:89:30:b7:79:2d:ae:1e:ee:d6:b7:15:47:5b:da:
                    c8:34:b2:5d:97:24:ea:a6:7c:b2:8c:d7:97:6d:e4:
                    fa:89:15:36:bc:fd:dd:7f:da:32:20:49:6d:30:d3:
                    a1:97:ed:6b:7a:2b:64:b7:20:d8:c0:19:25:d0:81:
                    83:b4:e3:cc:f3:11:88:23:5c:36:3b:c2:74:1f:b2:
                    93:1b:b2:f4:1f:fa:1d:0e:47:21:6c:70:56:a0:3a:
                    19:b4:a0:93:27:eb:44:5e:ef:70:39:5c:1a:82:43:
                    40:f5:e7:17:c2:ab:ce:42:37:2e:6c:a0:58:02:bf:
                    76:48:27:47:39:ea:eb:b1:ba:4e:c5:19:04:e1:cf:
                    e9:8b:e9:4d:76:82:cc:9f:63:1a:d9:60:5d:ab:e2:
                    f5:ee:ca:30:3a:d3:32:ff:01:0f:bb:4a:b6:24:7a:
                    5c:33:26:be:65:1b:cf:7a:46:47:4a:b6:2f:1d:6f:
                    5a:0b:b7:7e:d0:f4:3c:24:d8:ca:f5:38:0f:ec:c6:
                    b5:73:82:9d:e8:1f:90:00:1b:c6:13:a8:3d:88:a2:
                    95:c4:80:ce:f6:f2:45:0d:2c:d8:e1:6b:72:4f:4d:
                    7a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:CE:55:38:29:C2:0F:22:6C:97:E3:38:30:8C:76:98:0D:90:68:AC
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/j85VOCnCDyJsl-M4MIx2mA2QaKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.169.0-45.9.171.255
                  45.14.10.0/23
                  45.88.93.0/24
                  77.242.144.0-77.242.148.255
                  77.242.151.0/24
                  88.209.193.0/24
                  88.209.196.0/24
                  88.209.208.0/24
                  88.209.210.0/24
                  88.209.212.0/22
                  92.52.208.0/21
                  92.52.219.0/24
                  178.210.224.0/23
                  178.210.248.0/22
                  178.248.200.0/21
                  193.138.125.0/24
                IPv6:
                  2a00:1f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:51:07:e3:ba:c1:8a:a3:49:53:45:7f:e4:77:9b:ad:3f:78:
         02:49:dc:24:b6:56:f2:d8:d3:66:80:02:ff:0d:2b:93:52:77:
         10:00:19:68:50:5b:5f:df:60:9c:39:eb:53:40:71:ea:28:1a:
         07:cb:21:6f:e3:16:e0:36:ec:a3:96:47:e4:6b:75:5e:e7:be:
         3b:71:21:bf:31:47:82:3f:57:f7:1b:f6:ed:25:6a:49:0b:bd:
         08:17:9e:a4:4b:f0:9d:e9:6b:e9:18:85:56:c4:49:c6:ba:60:
         36:03:0e:1b:4e:a3:b2:83:bb:a0:2a:a8:7f:f9:f4:ea:8f:27:
         7e:cc:09:7a:92:b0:49:d2:45:40:c0:24:1b:d1:c1:2c:fe:17:
         df:a3:ea:81:03:71:02:ac:64:fc:37:cd:9b:bc:a9:aa:74:6e:
         d0:aa:52:ee:c2:cd:b7:95:80:a7:01:86:d0:a4:d1:6a:34:f2:
         69:57:4d:f4:29:25:78:06:eb:63:a8:32:36:83:c8:70:bc:38:
         2c:dc:73:a1:92:6a:3b:75:41:fb:79:a9:2d:8e:41:65:8b:c9:
         b8:de:8d:3a:b3:3d:39:6f:0e:ea:bd:86:71:f8:8c:3e:e5:b8:
         87:07:d6:3e:57:e4:5e:55:f3:c0:33:5c:34:5d:7e:15:60:f9:
         1b:ad:41:9a
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYwgpDchXh7KbbUPjp+O6qtQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMTMwMTQzMTIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmNlNTUzODI5YzIwZjIyNmM5N2UzMzgzMDhjNzY5ODBkOTA2OGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDzOljRQfYOOc3OetoZhQsK8WpCV
vaPz4X/lazC0iTC3eS2uHu7WtxVHW9rINLJdlyTqpnyyjNeXbeT6iRU2vP3df9oy
IEltMNOhl+1reitktyDYwBkl0IGDtOPM8xGII1w2O8J0H7KTG7L0H/odDkchbHBW
oDoZtKCTJ+tEXu9wOVwagkNA9ecXwqvOQjcubKBYAr92SCdHOerrsbpOxRkE4c/p
i+lNdoLMn2Ma2WBdq+L17sowOtMy/wEPu0q2JHpcMya+ZRvPekZHSrYvHW9aC7d+
0PQ8JNjK9TgP7Ma1c4Kd6B+QABvGE6g9iKKVxIDO9vJFDSzY4WtyT016gQIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFI/OVTgpwg8ibJfjODCMdpgNkGisMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvajg1Vk9DbkNEeUpzbC1NNE1JeDJtQTJRYUt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzB2BAIAATBwMAwDBAAt
CakDBAItCagDBAEtDgoDBAAtWF0wDAMEBE3ykAMEAE3ylAMEAE3ylwMEAFjRwQME
AFjRxAMEAFjR0AMEAFjR0gMEAljR1AMEA1w00AMEAFw02wMEAbLS4AMEArLS+AME
A7L4yAMEAMGKfTANBAIAAjAHAwUDKgAfQDANBgkqhkiG9w0BAQsFAAOCAQEAYlEH
47rBiqNJU0V/5HebrT94AkncJLZW8tjTZoAC/w0rk1J3EAAZaFBbX99gnDnrU0Bx
6igaB8shb+MW4Dbso5ZH5Gt1Xue+O3EhvzFHgj9X9xv27SVqSQu9CBeepEvwnelr
6RiFVsRJxrpgNgMOG06jsoO7oCqof/n06o8nfswJepKwSdJFQMAkG9HBLP4X36Pq
gQNxAqxk/DfNm7ypqnRu0KpS7sLNt5WApwGG0KTRajTyaVdN9CkleAbrY6gyNoPI
cLw4LNxzoZJqO3VB+3mpLY5BZYvJuN6NOrM9OW8O6r2GcfiMPuW4hwfWPlfkXlXz
wDNcNF1+FWD5G61Bmg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org