Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/kOJLFrhInKjtINPWlvReCtNji5E.roa
File:                     kOJLFrhInKjtINPWlvReCtNji5E.roa (raw, json)
Hash identifier:          ul9AQFAfq1ADVhlum7doF808DMiu/Ol1Wc5kNF4id74=
Subject key identifier:   90:E2:4B:16:B8:48:9C:A8:ED:20:D3:D6:96:F4:5E:0A:D3:63:8B:91
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018A185A9A47DF562494B4CBB72477B443EF
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/kOJLFrhInKjtINPWlvReCtNji5E.roa
Signing time:             Mon 21 Aug 2023 13:48:25 +0000
ROA not before:           Mon 21 Aug 2023 13:48:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        88.209.244.0/24 maxlen: 24
                          178.210.236.0/24 maxlen: 24
                          88.209.192.0/24 maxlen: 24
                          88.209.194.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.207.0/24 maxlen: 24
                          88.209.209.0/24 maxlen: 24
                          88.209.225.0/24 maxlen: 24
                          88.209.222.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24
                          88.209.224.0/24 maxlen: 24
                          88.151.56.0/24 maxlen: 24
                          88.151.59.0/24 maxlen: 24
                          88.151.61.0/24 maxlen: 24
                          2.58.171.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:18:5a:9a:47:df:56:24:94:b4:cb:b7:24:77:b4:43:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Aug 21 13:48:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=90e24b16b8489ca8ed20d3d696f45e0ad3638b91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c5:ea:ed:3d:0d:1b:bc:c2:5f:69:47:ec:2f:
                    78:c6:68:92:84:31:b6:21:35:80:42:74:5a:b4:39:
                    f5:b5:20:a8:de:f4:44:a8:0a:61:93:e7:27:0a:94:
                    ae:9e:93:d2:28:39:4e:2d:27:c0:26:d7:4f:50:41:
                    05:c3:18:a2:a6:77:91:48:51:16:8a:f8:dd:c8:6e:
                    a7:5d:3b:70:af:9d:31:e6:ea:78:2b:0d:a6:bc:43:
                    6b:a6:52:34:d0:1a:9e:f8:fd:c3:94:1f:1d:47:88:
                    4c:81:2e:14:d9:d7:37:c3:0a:7c:5a:81:57:7b:6f:
                    67:ed:b3:84:ca:38:d3:ee:53:6b:89:02:c8:2e:94:
                    b7:7d:7d:9d:8f:d8:69:a7:df:08:bf:66:ea:ff:9b:
                    1a:4a:c0:d6:74:42:3a:32:c3:f3:4f:8e:3b:c1:04:
                    b8:45:e4:13:d9:08:81:27:de:20:28:68:9a:bf:89:
                    76:bb:78:38:83:5e:2c:e7:8d:92:a8:e0:b7:b0:17:
                    f1:d5:2f:b2:c5:36:b3:44:68:0a:2f:75:a9:83:ec:
                    19:ac:d7:1e:54:d0:0a:49:e9:99:6d:41:2c:c9:84:
                    20:4f:fe:be:41:de:1b:8b:6b:45:7e:99:a8:33:32:
                    ce:c9:a8:9e:87:94:2d:b4:a0:b0:6d:21:e2:45:00:
                    13:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:E2:4B:16:B8:48:9C:A8:ED:20:D3:D6:96:F4:5E:0A:D3:63:8B:91
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/kOJLFrhInKjtINPWlvReCtNji5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.171.0/24
                  88.151.56.0/24
                  88.151.59.0/24
                  88.151.61.0/24
                  88.209.192.0/24
                  88.209.194.0/24
                  88.209.207.0/24
                  88.209.209.0/24
                  88.209.211.0/24
                  88.209.221.0-88.209.222.255
                  88.209.224.0/23
                  88.209.244.0/24
                  178.210.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:ad:e1:4b:c4:02:ec:5a:22:6b:63:e9:e7:0c:13:1e:4e:46:
         a9:85:4a:62:f9:f3:5f:53:d8:ac:1c:09:14:7c:5a:b2:b1:96:
         61:c7:a7:70:ba:d1:f1:4f:c5:8f:0e:08:f3:cd:99:70:83:92:
         7c:a8:01:8b:6d:f6:f4:fa:42:b1:b2:76:60:34:2f:db:df:bf:
         a2:77:35:53:ab:77:21:11:29:d3:8c:52:b1:cb:89:04:cf:7e:
         5f:73:fc:76:3d:70:ae:d1:76:ea:11:4b:a0:d5:79:18:b8:f6:
         c4:fd:66:36:3e:07:c2:93:93:b7:3b:a0:e4:2b:d4:33:e9:99:
         be:48:1d:aa:ba:f2:4f:12:9c:15:c3:ed:6f:73:29:e4:b3:f7:
         7f:2a:64:6c:d8:52:5c:77:e4:77:47:f1:28:07:c1:d9:ba:35:
         9d:e6:3c:f8:21:d2:ec:2f:fa:3e:55:43:26:20:7c:79:f7:9c:
         51:40:a7:dc:c1:78:d4:e6:a1:a9:54:f1:23:3b:47:69:ff:72:
         f5:ab:e3:11:6c:0e:ff:ea:21:31:7b:cb:5e:0d:05:ee:39:8f:
         6c:5f:57:78:87:c4:67:d1:d6:a0:dd:a6:98:0f:08:0a:d5:9a:
         65:e3:98:f3:94:dc:b2:7e:76:d4:8a:21:49:fb:4a:35:c5:86:
         6a:c7:f9:88
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYoYWppH31YklLTLtyR3tEPvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwODIxMTM0ODI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGUyNGIxNmI4NDg5Y2E4ZWQyMGQzZDY5NmY0NWUwYWQzNjM4YjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMXq7T0NG7zCX2lH7C94xmiShDG2
ITWAQnRatDn1tSCo3vREqAphk+cnCpSunpPSKDlOLSfAJtdPUEEFwxiipneRSFEW
ivjdyG6nXTtwr50x5up4Kw2mvENrplI00Bqe+P3DlB8dR4hMgS4U2dc3wwp8WoFX
e29n7bOEyjjT7lNriQLILpS3fX2dj9hpp98Iv2bq/5saSsDWdEI6MsPzT447wQS4
ReQT2QiBJ94gKGiav4l2u3g4g14s542SqOC3sBfx1S+yxTazRGgKL3Wpg+wZrNce
VNAKSemZbUEsyYQgT/6+Qd4bi2tFfpmoMzLOyaieh5QttKCwbSHiRQAToQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFJDiSxa4SJyo7SDT1pb0XgrTY4uRMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEva09KTEZyaEluS2p0SU5QV2x2UmVDdE5qaTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAAjqrAwQA
WJc4AwQAWJc7AwQAWJc9AwQAWNHAAwQAWNHCAwQAWNHPAwQAWNHRAwQAWNHTMAwD
BABY0d0DBABY0d4DBAFY0eADBABY0fQDBACy0uwwDQYJKoZIhvcNAQELBQADggEB
ALSt4UvEAuxaImtj6ecMEx5ORqmFSmL5819T2KwcCRR8WrKxlmHHp3C60fFPxY8O
CPPNmXCDknyoAYtt9vT6QrGydmA0L9vfv6J3NVOrdyERKdOMUrHLiQTPfl9z/HY9
cK7RduoRS6DVeRi49sT9ZjY+B8KTk7c7oOQr1DPpmb5IHaq68k8SnBXD7W9zKeSz
938qZGzYUlx35HdH8SgHwdm6NZ3mPPgh0uwv+j5VQyYgfHn3nFFAp9zBeNTmoalU
8SM7R2n/cvWr4xFsDv/qITF7y14NBe45j2xfV3iHxGfR1qDdppgPCArVmmXjmPOU
3LJ+dtSKIUn7SjXFhmrH+Yg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org