Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/oP8N1lZBMsNeyzpibBDicqBEizU.roa
File:                     oP8N1lZBMsNeyzpibBDicqBEizU.roa (raw, json)
Hash identifier:          iWxFjHSQMho/haxpx772IiEwAPk3CT8LOZ2aE9e2YYQ=
Subject key identifier:   A0:FF:0D:D6:56:41:32:C3:5E:CB:3A:62:6C:10:E2:72:A0:44:8B:35
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018C9202131C150ACE68C1BF0001C5F28CC0
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/oP8N1lZBMsNeyzpibBDicqBEizU.roa
Signing time:             Fri 22 Dec 2023 14:50:58 +0000
ROA not before:           Fri 22 Dec 2023 14:50:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42864
IP address blocks:        178.248.200.0/21 maxlen: 21
                          45.9.171.0/24 maxlen: 24
                          45.9.170.0/24 maxlen: 24
                          45.9.169.0/24 maxlen: 24
                          88.209.196.0/24 maxlen: 24
                          88.209.193.0/24 maxlen: 24
                          88.209.208.0/24 maxlen: 24
                          88.209.213.0/24 maxlen: 24
                          88.209.212.0/24 maxlen: 24
                          88.209.210.0/24 maxlen: 24
                          88.209.215.0/24 maxlen: 24
                          88.209.214.0/24 maxlen: 24
                          178.210.225.0/24 maxlen: 24
                          178.210.224.0/24 maxlen: 24
                          193.138.125.0/24 maxlen: 24
                          178.210.240.0/22 maxlen: 22
                          178.210.238.0/23 maxlen: 23
                          77.242.144.0/22 maxlen: 24
                          77.242.151.0/24 maxlen: 24
                          77.242.148.0/24 maxlen: 24
                          45.88.93.0/24 maxlen: 24
                          178.210.244.0/22 maxlen: 22
                          178.210.251.0/24 maxlen: 24
                          178.210.250.0/24 maxlen: 24
                          178.210.249.0/24 maxlen: 24
                          178.210.248.0/24 maxlen: 24
                          45.14.11.0/24 maxlen: 24
                          45.14.10.0/24 maxlen: 24
                          92.52.212.0/22 maxlen: 24
                          92.52.210.0/23 maxlen: 23
                          92.52.209.0/24 maxlen: 24
                          92.52.208.0/24 maxlen: 24
                          2a00:1f40::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:92:02:13:1c:15:0a:ce:68:c1:bf:00:01:c5:f2:8c:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Dec 22 14:50:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a0ff0dd6564132c35ecb3a626c10e272a0448b35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:26:f1:97:74:4d:fa:59:16:04:a2:ad:85:93:
                    dc:50:ce:2a:34:b6:7a:e4:4d:1d:00:ec:d1:36:45:
                    7f:82:62:14:8f:c2:6c:90:c4:f5:58:e7:74:6b:6d:
                    66:11:e4:0d:90:ec:17:f3:60:26:c2:02:c1:51:04:
                    d0:3b:4d:fa:59:23:2d:58:90:79:12:ac:b3:e6:41:
                    c9:b3:90:42:d4:ed:aa:3c:49:d3:fa:95:ed:12:3a:
                    c7:2c:5f:bd:00:a9:e2:fd:d0:eb:2d:65:a1:6d:b4:
                    17:2b:e7:d3:ff:2d:ab:cb:f4:79:e4:5a:59:3d:95:
                    c7:3d:24:22:54:8d:48:9a:da:0a:15:79:7b:44:e1:
                    57:c0:57:c2:2e:f6:83:46:68:4b:6e:53:35:a7:b6:
                    b0:c3:55:3c:de:ce:32:2c:81:05:d0:6f:1d:a9:08:
                    c2:76:c7:d7:e2:ec:6b:44:9c:de:2c:c1:3d:2e:66:
                    d2:b9:ff:f1:4e:b8:49:a2:a0:07:d1:b0:1a:38:3f:
                    8e:34:ba:59:0a:64:e9:94:c3:87:dd:95:ec:0a:ce:
                    56:d6:d8:63:f9:2a:f6:bc:9c:f5:c6:93:95:14:36:
                    e3:79:03:6b:62:91:74:87:be:c2:8b:9e:ef:f4:dc:
                    b9:96:79:b5:aa:18:51:64:42:50:7a:d2:fe:23:fe:
                    9c:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:FF:0D:D6:56:41:32:C3:5E:CB:3A:62:6C:10:E2:72:A0:44:8B:35
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/oP8N1lZBMsNeyzpibBDicqBEizU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.169.0-45.9.171.255
                  45.14.10.0/23
                  45.88.93.0/24
                  77.242.144.0-77.242.148.255
                  77.242.151.0/24
                  88.209.193.0/24
                  88.209.196.0/24
                  88.209.208.0/24
                  88.209.210.0/24
                  88.209.212.0/22
                  92.52.208.0/21
                  178.210.224.0/23
                  178.210.238.0-178.210.251.255
                  178.248.200.0/21
                  193.138.125.0/24
                IPv6:
                  2a00:1f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:13:2a:a9:cb:e2:1c:c2:f1:d1:55:80:34:9c:0a:e6:18:3c:
         de:23:5a:a9:8d:f6:fb:e2:61:31:47:d7:32:38:db:89:56:1a:
         04:2a:b8:87:f5:e0:89:ae:78:65:9c:88:3d:54:d2:04:4a:51:
         40:00:d8:61:bd:0c:cc:8d:d9:6c:09:bb:f4:be:a8:be:44:4f:
         21:5b:14:15:3b:46:b2:f1:46:a4:a4:50:34:08:e0:5d:42:80:
         8b:21:01:3b:11:ca:83:28:c4:d6:84:26:2b:dd:be:ec:60:fd:
         61:95:52:3b:33:3c:87:ad:82:dc:36:c4:cb:e9:f3:a4:e2:6d:
         c1:ff:69:4f:a8:e8:86:8d:48:87:e9:a4:14:82:59:31:61:d0:
         d2:24:e7:d4:e3:1d:61:ad:f8:18:3d:ed:f7:40:5f:3a:7a:a0:
         ba:b9:c7:ca:3c:24:4d:82:c1:6d:fc:13:fd:b8:e6:09:c1:18:
         0a:99:09:cd:07:dd:f9:bc:18:43:13:0f:59:86:4b:a4:8e:27:
         db:30:de:ab:6e:59:33:aa:d1:3e:14:2d:e8:aa:81:71:90:be:
         7f:3f:2a:10:bb:b0:b4:59:40:f4:e6:e9:d6:69:59:e1:9d:51:
         a6:ca:32:e4:f4:eb:7c:bd:88:51:66:bd:7f:fe:11:58:03:ae:
         57:66:85:89
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAYySAhMcFQrOaMG/AAHF8ozAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMjIyMTQ1MDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGZmMGRkNjU2NDEzMmMzNWVjYjNhNjI2YzEwZTI3MmEwNDQ4YjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCbxl3RN+lkWBKKthZPcUM4qNLZ6
5E0dAOzRNkV/gmIUj8JskMT1WOd0a21mEeQNkOwX82AmwgLBUQTQO036WSMtWJB5
Eqyz5kHJs5BC1O2qPEnT+pXtEjrHLF+9AKni/dDrLWWhbbQXK+fT/y2ry/R55FpZ
PZXHPSQiVI1ImtoKFXl7ROFXwFfCLvaDRmhLblM1p7aww1U83s4yLIEF0G8dqQjC
dsfX4uxrRJzeLME9LmbSuf/xTrhJoqAH0bAaOD+ONLpZCmTplMOH3ZXsCs5W1thj
+Sr2vJz1xpOVFDbjeQNrYpF0h77Ci57v9Ny5lnm1qhhRZEJQetL+I/6c5wIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFKD/DdZWQTLDXss6YmwQ4nKgRIs1MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvb1A4TjFsWkJNc05leXpwaWJCRGljcUJFaXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGcBggrBgEFBQcBBwEB/wSBjDCBiTB4BAIAATByMAwDBAAt
CakDBAItCagDBAEtDgoDBAAtWF0wDAMEBE3ykAMEAE3ylAMEAE3ylwMEAFjRwQME
AFjRxAMEAFjR0AMEAFjR0gMEAljR1AMEA1w00AMEAbLS4DAMAwQBstLuAwQCstL4
AwQDsvjIAwQAwYp9MA0EAgACMAcDBQMqAB9AMA0GCSqGSIb3DQEBCwUAA4IBAQAj
Eyqpy+IcwvHRVYA0nArmGDzeI1qpjfb74mExR9cyONuJVhoEKriH9eCJrnhlnIg9
VNIESlFAANhhvQzMjdlsCbv0vqi+RE8hWxQVO0ay8UakpFA0COBdQoCLIQE7EcqD
KMTWhCYr3b7sYP1hlVI7MzyHrYLcNsTL6fOk4m3B/2lPqOiGjUiH6aQUglkxYdDS
JOfU4x1hrfgYPe33QF86eqC6ucfKPCRNgsFt/BP9uOYJwRgKmQnNB935vBhDEw9Z
hkukjifbMN6rblkzqtE+FC3oqoFxkL5/PyoQu7C0WUD05unWaVnhnVGmyjLk9Ot8
vYhRZr1//hFYA65XZoWJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org