Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/jN77vVc6N_ArZ5rfD7CfqgGo2tY.roa
File:                     jN77vVc6N_ArZ5rfD7CfqgGo2tY.roa (raw, json)
Hash identifier:          oSJL4YPrVcAfIRZv3KGlb45Bzrq+eCEgH1iElneTARM=
Subject key identifier:   8C:DE:FB:BD:57:3A:37:F0:2B:67:9A:DF:0F:B0:9F:AA:01:A8:DA:D6
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01886CB694A93AD57B80BFEC446BB13AABA0
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/jN77vVc6N_ArZ5rfD7CfqgGo2tY.roa
Signing time:             Tue 30 May 2023 12:51:24 +0000
ROA not before:           Tue 30 May 2023 12:51:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        88.209.244.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          88.209.192.0/24 maxlen: 24
                          88.209.194.0/24 maxlen: 24
                          88.151.59.0/24 maxlen: 24
                          88.209.207.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:6c:b6:94:a9:3a:d5:7b:80:bf:ec:44:6b:b1:3a:ab:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May 30 12:51:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8cdefbbd573a37f02b679adf0fb09faa01a8dad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:47:b3:1e:ec:48:96:a1:64:c6:08:b1:50:2b:
                    fb:9d:1b:a7:82:61:a5:51:30:ff:76:b5:19:8d:c6:
                    ee:db:f8:4e:16:ab:e5:f5:a1:4f:52:13:85:92:9b:
                    39:82:af:5b:92:6a:2f:a8:ee:66:b5:62:e6:f9:5f:
                    96:31:df:d7:e1:b3:f7:95:d8:10:92:61:69:10:ae:
                    e2:60:a4:0f:60:6a:d1:9d:d8:5c:b9:9f:8a:b7:f7:
                    32:d5:40:43:8a:28:91:ab:d1:9c:33:3e:1f:2a:97:
                    c0:dd:3a:4c:c6:f2:7d:5a:fb:f9:6f:a3:cd:d8:bc:
                    25:1b:02:33:73:7b:b4:7d:bd:42:8b:35:43:ed:e6:
                    dd:cc:12:60:7b:9d:fc:7d:11:5c:10:b0:f1:88:7a:
                    be:a5:f1:71:02:dd:fc:b9:2f:eb:43:d8:47:9d:77:
                    3c:3c:6c:5e:7c:8c:c3:2b:5a:11:c0:df:c4:cc:db:
                    7d:10:a1:ab:af:50:51:a8:1d:e6:00:3d:d0:89:dd:
                    5d:a8:5a:56:59:e3:39:b4:8e:4f:bf:20:f9:43:ce:
                    48:d1:29:0f:c9:4b:7d:42:7d:49:1e:ed:f2:a4:4a:
                    80:13:85:1f:d5:b8:21:fa:2b:f0:e6:bf:ff:e9:c9:
                    31:4f:ad:67:3f:62:d3:07:fb:81:dd:36:b6:ca:09:
                    cb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:DE:FB:BD:57:3A:37:F0:2B:67:9A:DF:0F:B0:9F:AA:01:A8:DA:D6
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/jN77vVc6N_ArZ5rfD7CfqgGo2tY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.59.0/24
                  88.209.192.0/24
                  88.209.194.0/24
                  88.209.207.0/24
                  88.209.209.0/24
                  88.209.244.0/24
                  178.210.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:19:21:bc:23:cf:ed:70:37:74:6d:a4:20:1f:b0:1a:1c:99:
         8d:c9:c9:0b:4a:6e:d5:4e:44:3b:c0:70:52:af:5d:f9:f6:a8:
         e7:84:cf:2c:9b:e2:7d:48:35:f0:dc:71:0e:92:fa:e6:87:ff:
         b7:8b:c8:4b:73:d3:c7:f1:73:9e:96:45:52:71:cc:d4:42:3c:
         28:45:0d:22:5d:b5:d4:f7:66:79:b5:da:f9:81:99:60:10:e3:
         cb:f1:d0:7e:0f:8a:32:79:4a:86:d2:74:e8:99:7e:d9:ed:c4:
         75:dd:aa:fc:a6:6c:9f:b9:11:c1:08:a5:eb:ea:41:ed:d6:da:
         b6:2f:9c:37:90:59:e4:57:33:fd:74:d8:cf:70:e7:90:34:eb:
         ea:bb:a0:d1:44:16:dd:d0:a3:51:01:31:5f:34:df:09:60:5e:
         77:16:7b:b5:f8:e9:23:b1:23:6e:e3:f3:1e:8b:51:f4:bb:c7:
         9a:46:56:87:0a:67:7c:6d:8d:99:a1:69:43:c7:5a:6a:03:79:
         a5:73:2f:3c:1d:9b:e0:1a:64:1f:e1:e7:c1:4f:a1:f3:95:6b:
         1c:3f:73:bf:96:e4:62:ea:17:2f:e6:da:18:8f:6d:d6:52:26:
         c2:68:31:11:44:30:9d:b0:a8:74:70:6d:2e:23:fd:e7:9e:9b:
         86:a6:76:96
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYhstpSpOtV7gL/sRGuxOqugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTMwMTI1MTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2RlZmJiZDU3M2EzN2YwMmI2NzlhZGYwZmIwOWZhYTAxYThkYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4EezHuxIlqFkxgixUCv7nRungmGl
UTD/drUZjcbu2/hOFqvl9aFPUhOFkps5gq9bkmovqO5mtWLm+V+WMd/X4bP3ldgQ
kmFpEK7iYKQPYGrRndhcuZ+Kt/cy1UBDiiiRq9GcMz4fKpfA3TpMxvJ9Wvv5b6PN
2LwlGwIzc3u0fb1CizVD7ebdzBJge538fRFcELDxiHq+pfFxAt38uS/rQ9hHnXc8
PGxefIzDK1oRwN/EzNt9EKGrr1BRqB3mAD3Qid1dqFpWWeM5tI5PvyD5Q85I0SkP
yUt9Qn1JHu3ypEqAE4Uf1bgh+ivw5r//6ckxT61nP2LTB/uB3Ta2ygnLXQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFIze+71XOjfwK2ea3w+wn6oBqNrWMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvak43N3ZWYzZOX0FyWjVyZkQ3Q2ZxZ0dvMnRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAWJc7AwQA
WNHAAwQAWNHCAwQAWNHPAwQAWNHRAwQAWNH0AwQAstLsMA0GCSqGSIb3DQEBCwUA
A4IBAQCyGSG8I8/tcDd0baQgH7AaHJmNyckLSm7VTkQ7wHBSr1359qjnhM8sm+J9
SDXw3HEOkvrmh/+3i8hLc9PH8XOelkVScczUQjwoRQ0iXbXU92Z5tdr5gZlgEOPL
8dB+D4oyeUqG0nTomX7Z7cR13ar8pmyfuRHBCKXr6kHt1tq2L5w3kFnkVzP9dNjP
cOeQNOvqu6DRRBbd0KNRATFfNN8JYF53Fnu1+OkjsSNu4/Mei1H0u8eaRlaHCmd8
bY2ZoWlDx1pqA3mlcy88HZvgGmQf4efBT6HzlWscP3O/luRi6hcv5toYj23WUibC
aDERRDCdsKh0cG0uI/3nnpuGpnaW
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org