Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/l4IeoE92qPpcTwryafiXkCD8278.roa
File:                     l4IeoE92qPpcTwryafiXkCD8278.roa (raw, json)
Hash identifier:          tIuyqFIc2oVVrofjZrB57E6PTf4quDegbQ3OPwDVpJ0=
Subject key identifier:   97:82:1E:A0:4F:76:A8:FA:5C:4F:0A:F2:69:F8:97:90:20:FC:DB:BF
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0189B123BD2164C77B859A282EC0CE2FFD2B
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/l4IeoE92qPpcTwryafiXkCD8278.roa
Signing time:             Tue 01 Aug 2023 12:47:36 +0000
ROA not before:           Tue 01 Aug 2023 12:47:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        178.210.250.0/24 maxlen: 24
                          77.242.150.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.151.56.0/23 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          77.242.159.0/24 maxlen: 24
                          2.58.168.0/24 maxlen: 24
                          88.209.211.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24
                          88.209.221.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:b1:23:bd:21:64:c7:7b:85:9a:28:2e:c0:ce:2f:fd:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Aug  1 12:47:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=97821ea04f76a8fa5c4f0af269f8979020fcdbbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c5:35:f0:42:a4:13:53:44:54:f9:d3:d6:5c:
                    ef:98:a2:08:b2:fb:f5:f9:61:4e:a9:5c:85:c9:ad:
                    92:37:21:fb:b7:4e:da:5f:42:23:d8:21:6b:44:55:
                    12:6a:ed:ef:8d:43:02:3b:03:83:de:9a:96:ef:aa:
                    92:a2:8a:23:18:1e:2f:cf:5c:fb:8b:4a:8f:2c:59:
                    14:ba:f5:ad:76:73:78:77:c4:79:5f:e2:16:df:22:
                    82:6d:22:0e:ae:0b:a0:e2:f1:25:0e:bd:e6:8b:7f:
                    2e:d6:9e:20:f3:a9:f6:07:d6:96:73:d1:71:1c:a4:
                    81:a3:34:ea:2d:15:bc:ec:f5:bd:3f:7a:bd:34:f4:
                    92:eb:a2:24:74:2e:f8:dd:d7:87:fb:bd:de:94:b4:
                    54:2c:d3:5a:3a:26:b2:59:31:7c:f8:63:04:31:06:
                    3a:f7:d3:69:8d:21:37:c0:44:b6:53:a0:cf:2f:eb:
                    98:1a:12:42:7c:8d:9f:a2:72:7f:c9:0c:c3:f2:c3:
                    8a:19:f2:b2:69:ce:16:0e:37:24:5b:e1:73:60:8c:
                    8f:a2:95:68:51:4d:a6:d1:fe:d6:5b:cb:b8:70:0c:
                    bf:6d:b5:e2:58:a4:a4:3c:1e:d3:80:07:dd:d9:1a:
                    37:84:81:af:73:18:02:f8:2e:ef:85:a2:83:ad:3c:
                    8a:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:82:1E:A0:4F:76:A8:FA:5C:4F:0A:F2:69:F8:97:90:20:FC:DB:BF
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/l4IeoE92qPpcTwryafiXkCD8278.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.168.0/24
                  77.242.150.0/24
                  77.242.159.0/24
                  88.151.56.0-88.151.58.255
                  88.209.195.0/24
                  88.209.211.0/24
                  88.209.217.0/24
                  88.209.221.0/24
                  178.210.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:1c:67:04:6c:17:5f:d2:24:23:c1:34:75:e7:3c:af:b8:e5:
         5c:ab:86:7b:94:b7:53:88:9d:88:3f:62:00:84:92:bc:2f:f7:
         24:e1:32:8b:f1:9e:2f:e0:dd:a4:bf:c4:35:56:91:24:39:71:
         95:66:95:db:13:b5:b0:84:a8:69:af:32:b2:c3:43:5c:5a:40:
         78:de:05:09:63:2f:ef:c1:3e:10:bb:18:7e:d5:44:18:72:11:
         99:8b:e0:89:cd:fe:d5:b4:33:5d:23:76:13:9b:4f:d8:f8:95:
         fa:90:da:ea:6a:ee:57:e8:8a:d5:37:4b:0f:a8:b3:78:a4:fb:
         4c:95:2b:b2:6e:b8:5d:74:a7:c8:e3:e0:9c:94:09:ac:9c:39:
         b3:32:ad:e8:a6:cf:34:51:b8:27:f7:42:5f:ea:8a:1c:3d:7a:
         03:51:9b:18:ac:61:f8:0e:3c:62:3e:07:67:a1:86:b9:a0:27:
         b0:af:4e:30:9a:1e:22:c9:ca:8f:8a:65:f9:ea:99:d7:ec:67:
         9b:22:49:25:6b:a4:70:33:62:0e:82:f4:14:cd:ed:11:d5:41:
         d3:ff:39:de:d2:7f:90:70:c3:e7:62:de:0c:ca:cc:b7:3c:5b:
         8b:c8:35:c1:ee:2f:b8:88:57:60:4e:0c:94:49:e5:c7:71:8b:
         16:15:9f:fd
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYmxI70hZMd7hZooLsDOL/0rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwODAxMTI0NzM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzgyMWVhMDRmNzZhOGZhNWM0ZjBhZjI2OWY4OTc5MDIwZmNkYmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMU18EKkE1NEVPnT1lzvmKIIsvv1
+WFOqVyFya2SNyH7t07aX0Ij2CFrRFUSau3vjUMCOwOD3pqW76qSooojGB4vz1z7
i0qPLFkUuvWtdnN4d8R5X+IW3yKCbSIOrgug4vElDr3mi38u1p4g86n2B9aWc9Fx
HKSBozTqLRW87PW9P3q9NPSS66IkdC743deH+73elLRULNNaOiayWTF8+GMEMQY6
99NpjSE3wES2U6DPL+uYGhJCfI2fonJ/yQzD8sOKGfKyac4WDjckW+FzYIyPopVo
UU2m0f7WW8u4cAy/bbXiWKSkPB7TgAfd2Ro3hIGvcxgC+C7vhaKDrTyKowIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFJeCHqBPdqj6XE8K8mn4l5Ag/Nu/MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvbDRJZW9FOTJxUHBjVHdyeWFmaVhrQ0Q4Mjc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAAjqoAwQA
TfKWAwQATfKfMAwDBANYlzgDBABYlzoDBABY0cMDBABY0dMDBABY0dkDBABY0d0D
BACy0vowDQYJKoZIhvcNAQELBQADggEBABccZwRsF1/SJCPBNHXnPK+45VyrhnuU
t1OInYg/YgCEkrwv9yThMovxni/g3aS/xDVWkSQ5cZVmldsTtbCEqGmvMrLDQ1xa
QHjeBQljL+/BPhC7GH7VRBhyEZmL4InN/tW0M10jdhObT9j4lfqQ2upq7lfoitU3
Sw+os3ik+0yVK7JuuF10p8jj4JyUCaycObMyreimzzRRuCf3Ql/qihw9egNRmxis
YfgOPGI+B2ehhrmgJ7CvTjCaHiLJyo+KZfnqmdfsZ5siSSVrpHAzYg6C9BTN7RHV
QdP/Od7Sf5Bww+di3gzKzLc8W4vINcHuL7iIV2BODJRJ5cdxixYVn/0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org