Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/lDMwJN2oZg6-nSIDmEcyaDn9NsY.roa
File:                     lDMwJN2oZg6-nSIDmEcyaDn9NsY.roa (raw, json)
Hash identifier:          NiALz3cwi4lE/KkBzkyu/Kxn6kkbQJmUNrWZKWqxdL0=
Subject key identifier:   94:33:30:24:DD:A8:66:0E:BE:9D:22:03:98:47:32:68:39:FD:36:C6
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018E0E8E76BB23B62F340A73D9BD5055F75F
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/lDMwJN2oZg6-nSIDmEcyaDn9NsY.roa
Signing time:             Tue 05 Mar 2024 12:20:01 +0000
ROA not before:           Tue 05 Mar 2024 12:20:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42864
IP address blocks:        5.182.115.0/24 maxlen: 24
                          45.9.169.0/24 maxlen: 24
                          45.9.170.0/24 maxlen: 24
                          45.9.171.0/24 maxlen: 24
                          45.14.10.0/24 maxlen: 24
                          45.14.11.0/24 maxlen: 24
                          45.88.93.0/24 maxlen: 24
                          77.242.144.0/22 maxlen: 24
                          77.242.148.0/24 maxlen: 24
                          77.242.151.0/24 maxlen: 24
                          77.242.152.0/22 maxlen: 24
                          83.137.153.0/24 maxlen: 24
                          83.137.158.0/24 maxlen: 24
                          88.209.193.0/24 maxlen: 24
                          88.209.196.0/24 maxlen: 24
                          88.209.208.0/24 maxlen: 24
                          88.209.210.0/24 maxlen: 24
                          88.209.212.0/24 maxlen: 24
                          88.209.213.0/24 maxlen: 24
                          88.209.214.0/24 maxlen: 24
                          88.209.215.0/24 maxlen: 24
                          88.209.238.0/24 maxlen: 24
                          92.52.208.0/24 maxlen: 24
                          92.52.209.0/24 maxlen: 24
                          92.52.210.0/23 maxlen: 23
                          92.52.212.0/22 maxlen: 24
                          178.210.224.0/24 maxlen: 24
                          178.210.225.0/24 maxlen: 24
                          178.210.226.0/23 maxlen: 23
                          178.210.228.0/22 maxlen: 24
                          178.210.232.0/22 maxlen: 22
                          178.210.236.0/24 maxlen: 24
                          178.210.237.0/24 maxlen: 24
                          178.210.238.0/23 maxlen: 23
                          178.210.240.0/22 maxlen: 22
                          178.210.244.0/22 maxlen: 22
                          178.210.248.0/24 maxlen: 24
                          178.210.249.0/24 maxlen: 24
                          178.210.250.0/24 maxlen: 24
                          178.210.251.0/24 maxlen: 24
                          178.210.252.0/22 maxlen: 22
                          178.248.200.0/21 maxlen: 21
                          193.138.125.0/24 maxlen: 24
                          2a00:1f40::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:8e:76:bb:23:b6:2f:34:0a:73:d9:bd:50:55:f7:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Mar  5 12:20:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94333024dda8660ebe9d22039847326839fd36c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:95:f1:fe:58:e4:f0:cc:d1:ab:77:ee:34:3d:
                    30:b7:bc:e0:7f:b7:f3:70:13:fb:f2:03:7a:8c:ac:
                    20:ff:f8:0a:c9:d5:c0:bc:07:3d:87:80:7f:a9:d2:
                    3f:dc:87:b9:b0:dd:f3:75:df:2e:93:f2:6f:c1:33:
                    09:37:a4:66:0b:93:d8:d7:c8:6b:67:3c:c7:8a:21:
                    7a:16:4f:99:9f:ce:e2:72:5b:fe:fc:ea:f1:e4:2b:
                    55:77:7b:75:c1:5c:68:3f:5b:18:e7:88:dc:83:11:
                    8f:d1:c1:1a:eb:47:39:04:2d:35:81:97:a6:35:75:
                    25:91:9e:24:80:bd:2a:de:e7:03:89:b0:0a:cf:dc:
                    3b:f2:db:25:d9:8f:c8:4e:ec:c6:bf:e3:68:2d:52:
                    a8:ae:9b:3a:9d:ce:03:60:05:f6:e4:29:b4:ec:e0:
                    4f:ee:ee:54:15:a3:65:5c:dc:56:a5:21:4c:9b:99:
                    1a:7f:45:3d:1d:25:90:ae:45:7f:8c:74:8d:10:1f:
                    5b:91:78:2b:f0:f3:25:23:e8:b7:96:70:e4:35:bf:
                    f5:d5:9e:17:b5:25:cb:e8:b2:c1:bb:5d:2b:5b:8b:
                    80:39:81:22:77:90:83:10:f8:a7:aa:14:14:b2:54:
                    12:19:91:bd:3a:e2:7a:06:56:59:0c:5e:a2:f9:72:
                    e3:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:33:30:24:DD:A8:66:0E:BE:9D:22:03:98:47:32:68:39:FD:36:C6
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/lDMwJN2oZg6-nSIDmEcyaDn9NsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.115.0/24
                  45.9.169.0-45.9.171.255
                  45.14.10.0/23
                  45.88.93.0/24
                  77.242.144.0-77.242.148.255
                  77.242.151.0-77.242.155.255
                  83.137.153.0/24
                  83.137.158.0/24
                  88.209.193.0/24
                  88.209.196.0/24
                  88.209.208.0/24
                  88.209.210.0/24
                  88.209.212.0/22
                  88.209.238.0/24
                  92.52.208.0/21
                  178.210.224.0/19
                  178.248.200.0/21
                  193.138.125.0/24
                IPv6:
                  2a00:1f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         b6:a8:bd:cd:0a:06:58:d2:c1:92:f6:d6:64:b9:b5:0d:f8:b2:
         f2:91:89:33:f0:09:94:f8:28:5e:af:8b:7b:1e:89:ba:8b:12:
         a6:cc:f1:56:b7:3b:63:14:24:44:b5:3d:ad:b6:23:3d:1a:40:
         ca:bf:b6:cc:58:db:28:68:da:20:aa:78:4f:63:c2:35:d3:b3:
         05:dc:1e:1f:d9:c1:aa:39:e7:71:4f:77:ad:69:cf:ba:4d:36:
         f8:41:2c:d2:aa:6e:ef:77:8a:73:90:46:c6:52:bc:99:df:2d:
         03:8c:02:0b:b2:fb:b0:4a:ad:78:44:30:7f:dd:e6:bd:6f:7c:
         48:d4:d6:a4:ea:d6:f8:32:c4:c2:ef:ee:ee:2e:51:57:fe:64:
         6b:0e:c3:70:f9:24:88:cc:59:0b:21:20:3d:9c:ba:80:13:31:
         58:c5:9c:e7:02:d9:c6:1e:bb:8b:02:12:75:c2:02:05:29:03:
         cc:01:11:7a:34:fe:57:04:8d:bf:b9:2b:d7:b6:01:db:65:62:
         91:81:2b:5d:6f:0a:08:22:63:0d:47:98:1b:8e:fb:ce:1e:9b:
         48:15:50:75:61:15:58:b3:f2:65:3c:01:63:c4:a0:9a:ea:b5:
         6a:47:81:f2:f7:58:ab:8f:45:93:6e:22:06:d0:34:3b:94:f3:
         13:e2:24:cd
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAY4Ojna7I7YvNApz2b1QVfdfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMzA1MTIyMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDMzMzAyNGRkYTg2NjBlYmU5ZDIyMDM5ODQ3MzI2ODM5ZmQzNmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5Xx/ljk8MzRq3fuND0wt7zgf7fz
cBP78gN6jKwg//gKydXAvAc9h4B/qdI/3Ie5sN3zdd8uk/JvwTMJN6RmC5PY18hr
ZzzHiiF6Fk+Zn87iclv+/Orx5CtVd3t1wVxoP1sY54jcgxGP0cEa60c5BC01gZem
NXUlkZ4kgL0q3ucDibAKz9w78tsl2Y/ITuzGv+NoLVKorps6nc4DYAX25Cm07OBP
7u5UFaNlXNxWpSFMm5kaf0U9HSWQrkV/jHSNEB9bkXgr8PMlI+i3lnDkNb/11Z4X
tSXL6LLBu10rW4uAOYEid5CDEPinqhQUslQSGZG9OuJ6BlZZDF6i+XLjkwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFJQzMCTdqGYOvp0iA5hHMmg5/TbGMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvbERNd0pOMm9aZzYtblNJRG1FY3lhRG45TnNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGwBggrBgEFBQcBBwEB/wSBoDCBnTCBiwQCAAEwgYQDBAAF
tnMwDAMEAC0JqQMEAi0JqAMEAS0OCgMEAC1YXTAMAwQETfKQAwQATfKUMAwDBABN
8pcDBAJN8pgDBABTiZkDBABTiZ4DBABY0cEDBABY0cQDBABY0dADBABY0dIDBAJY
0dQDBABY0e4DBANcNNADBAWy0uADBAOy+MgDBADBin0wDQQCAAIwBwMFAyoAH0Aw
DQYJKoZIhvcNAQELBQADggEBALaovc0KBljSwZL21mS5tQ34svKRiTPwCZT4KF6v
i3seibqLEqbM8Va3O2MUJES1Pa22Iz0aQMq/tsxY2yho2iCqeE9jwjXTswXcHh/Z
wao553FPd61pz7pNNvhBLNKqbu93inOQRsZSvJnfLQOMAguy+7BKrXhEMH/d5r1v
fEjU1qTq1vgyxMLv7u4uUVf+ZGsOw3D5JIjMWQshID2cuoATMVjFnOcC2cYeu4sC
EnXCAgUpA8wBEXo0/lcEjb+5K9e2AdtlYpGBK11vCggiYw1HmBuO+84em0gVUHVh
FViz8mU8AWPEoJrqtWpHgfL3WKuPRZNuIgbQNDuU8xPiJM0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org