Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/mV-PnWI061uesOU6DlTBYQHpnVI.roa
File:                     mV-PnWI061uesOU6DlTBYQHpnVI.roa (raw, json)
Hash identifier:          nuil7gsuHxtV0Og//KY+HzdWPI8dL+FrtRUIwB356dg=
Subject key identifier:   99:5F:8F:9D:62:34:EB:5B:9E:B0:E5:3A:0E:54:C1:61:01:E9:9D:52
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0188286B8F1B6EAA117C5E291A889D04B312
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/mV-PnWI061uesOU6DlTBYQHpnVI.roa
Signing time:             Wed 17 May 2023 06:35:17 +0000
ROA not before:           Wed 17 May 2023 06:35:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47169
IP address blocks:        88.209.250.0/23 maxlen: 23
                          45.88.92.0/24 maxlen: 24
                          178.210.254.0/23 maxlen: 23
                          92.52.192.0/21 maxlen: 21
                          92.52.200.0/22 maxlen: 22
                          88.209.218.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:28:6b:8f:1b:6e:aa:11:7c:5e:29:1a:88:9d:04:b3:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: May 17 06:35:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=995f8f9d6234eb5b9eb0e53a0e54c16101e99d52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:91:84:5b:0b:7c:cc:a7:e2:2a:9b:3f:6f:8f:
                    ef:fe:00:2c:62:f2:06:ac:60:e0:ac:16:9c:b9:99:
                    f2:79:bb:89:d4:9c:e5:4f:de:c1:d6:a0:df:d3:3d:
                    01:2f:50:16:96:f8:14:1a:7b:fc:52:2a:3e:fc:8d:
                    3a:66:a5:0a:0b:a0:77:24:c9:c0:26:73:76:f9:9d:
                    e9:70:1c:6e:8a:d7:40:27:9a:f1:17:06:1a:8f:51:
                    fe:fb:80:55:f1:ce:98:34:55:cf:67:d6:e6:e6:eb:
                    85:34:a7:ea:05:99:be:ba:fd:8b:79:8f:50:53:45:
                    3d:a0:3e:01:bd:59:f0:3e:30:54:50:4b:60:19:24:
                    99:11:40:c4:21:be:5b:54:3f:db:0d:ab:88:cd:72:
                    ef:c2:39:37:d1:f8:75:c2:f8:0c:ef:87:49:69:c8:
                    0d:35:be:c1:42:7a:33:58:42:e4:b6:51:e5:53:a5:
                    40:c5:6a:61:23:e3:b8:df:2b:de:50:2d:c5:25:f3:
                    f4:a3:07:d7:0a:ef:27:10:3c:10:1f:13:ec:23:9d:
                    15:61:b1:26:3e:70:c4:02:4a:b1:72:f0:a3:e6:a3:
                    83:a7:ea:27:34:cd:75:2b:69:2a:ac:12:83:49:01:
                    0e:bc:55:42:e0:ad:62:0a:fc:a8:0c:65:f6:f0:fe:
                    31:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:5F:8F:9D:62:34:EB:5B:9E:B0:E5:3A:0E:54:C1:61:01:E9:9D:52
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/mV-PnWI061uesOU6DlTBYQHpnVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.92.0/24
                  88.209.218.0/24
                  88.209.250.0/23
                  92.52.192.0-92.52.203.255
                  178.210.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:88:49:7b:4c:33:7d:aa:26:bb:d8:98:b1:da:8f:8f:db:93:
         48:3f:39:81:46:cd:07:a5:17:5e:56:06:1c:05:49:a2:c1:d1:
         80:e9:af:b3:20:e9:df:46:cc:15:7f:02:d0:b4:15:48:b8:21:
         65:71:a4:f1:29:9e:8d:da:36:72:35:8a:b1:d1:a1:14:fd:74:
         62:eb:f9:1f:dc:2e:50:fc:9d:46:3b:31:38:ec:0c:da:0b:12:
         dc:72:06:b6:4f:16:24:16:cd:2c:84:f5:78:20:b8:c2:6f:d4:
         27:89:65:52:33:a5:9f:ce:5d:cd:32:0d:64:7b:e7:a0:30:eb:
         47:8e:5b:5f:ee:51:29:d6:71:fa:74:7d:00:e1:2f:22:33:ab:
         02:bb:91:c3:bd:2a:47:1d:0a:56:f3:4b:7d:6e:22:f0:fa:10:
         06:ef:3e:a6:55:79:3b:35:c9:03:0d:b2:64:c7:ba:31:5d:10:
         ec:ff:14:71:6f:fe:e2:df:13:68:8e:fa:04:5a:bb:ba:6d:ba:
         06:41:e5:d1:99:01:72:e4:f4:7d:5e:3c:92:99:e8:e7:39:cd:
         ea:8d:35:43:55:d4:64:15:88:f1:a1:48:b5:8c:19:0c:9f:83:
         56:45:bf:96:76:06:a9:98:93:ae:25:3d:61:fe:ae:db:00:8c:
         e9:e5:0c:1a
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYgoa48bbqoRfF4pGoidBLMSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNTE3MDYzNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTVmOGY5ZDYyMzRlYjViOWViMGU1M2EwZTU0YzE2MTAxZTk5ZDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJGEWwt8zKfiKps/b4/v/gAsYvIG
rGDgrBacuZnyebuJ1JzlT97B1qDf0z0BL1AWlvgUGnv8Uio+/I06ZqUKC6B3JMnA
JnN2+Z3pcBxuitdAJ5rxFwYaj1H++4BV8c6YNFXPZ9bm5uuFNKfqBZm+uv2LeY9Q
U0U9oD4BvVnwPjBUUEtgGSSZEUDEIb5bVD/bDauIzXLvwjk30fh1wvgM74dJacgN
Nb7BQnozWELktlHlU6VAxWphI+O43yveUC3FJfP0owfXCu8nEDwQHxPsI50VYbEm
PnDEAkqxcvCj5qODp+onNM11K2kqrBKDSQEOvFVC4K1iCvyoDGX28P4xZwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFJlfj51iNOtbnrDlOg5UwWEB6Z1SMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvbVYtUG5XSTA2MXVlc09VNkRsVEJZUUhwblZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQALVhcAwQA
WNHaAwQBWNH6MAwDBAZcNMADBAJcNMgDBAGy0v4wDQYJKoZIhvcNAQELBQADggEB
AG2ISXtMM32qJrvYmLHaj4/bk0g/OYFGzQelF15WBhwFSaLB0YDpr7Mg6d9GzBV/
AtC0FUi4IWVxpPEpno3aNnI1irHRoRT9dGLr+R/cLlD8nUY7MTjsDNoLEtxyBrZP
FiQWzSyE9XgguMJv1CeJZVIzpZ/OXc0yDWR756Aw60eOW1/uUSnWcfp0fQDhLyIz
qwK7kcO9KkcdClbzS31uIvD6EAbvPqZVeTs1yQMNsmTHujFdEOz/FHFv/uLfE2iO
+gRau7ptugZB5dGZAXLk9H1ePJKZ6Oc5zeqNNUNV1GQViPGhSLWMGQyfg1ZFv5Z2
BqmYk64lPWH+rtsAjOnlDBo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org