Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/rtjnDS0siQkreiBYIi9BdIiX5xM.roa
File:                     rtjnDS0siQkreiBYIi9BdIiX5xM.roa (raw, json)
Hash identifier:          +Ge4L6STGyKlMqvQeyPt9TklfnvW22C1eMQZjLwnO+g=
Subject key identifier:   AE:D8:E7:0D:2D:2C:89:09:2B:7A:20:58:22:2F:41:74:88:97:E7:13
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018C3E257366E4AA5EE7B0EE955BCAF434F1
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/rtjnDS0siQkreiBYIi9BdIiX5xM.roa
Signing time:             Wed 06 Dec 2023 08:01:30 +0000
ROA not before:           Wed 06 Dec 2023 08:01:30 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5065
IP address blocks:        83.137.159.0/24 maxlen: 24
                          178.210.231.0/24 maxlen: 24
                          178.210.230.0/24 maxlen: 24
                          88.209.195.0/24 maxlen: 24
                          77.242.156.0/24 maxlen: 24
                          77.242.158.0/24 maxlen: 24
                          88.209.217.0/24 maxlen: 24
                          88.151.57.0/24 maxlen: 24
                          88.151.58.0/24 maxlen: 24
                          88.151.62.0/24 maxlen: 24
                          2.58.168.0/24 maxlen: 24
                          2.58.170.0/24 maxlen: 24
                          2.58.169.0/24 maxlen: 24
                          5.182.114.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:3e:25:73:66:e4:aa:5e:e7:b0:ee:95:5b:ca:f4:34:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Dec  6 08:01:30 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aed8e70d2d2c89092b7a2058222f41748897e713
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:01:30:0e:27:64:2c:42:ba:63:06:ae:ea:23:
                    1f:bf:58:de:93:c8:c2:e4:a9:3b:ce:6b:21:96:38:
                    af:84:99:94:34:d5:13:98:50:34:01:fd:b1:4f:bf:
                    b4:cc:ba:bf:67:71:11:bb:42:52:3a:d3:1a:ca:75:
                    38:88:04:8f:6b:58:96:b4:02:12:14:f9:a3:36:97:
                    9c:06:7b:16:28:c4:be:ef:a7:ef:7e:2a:32:ee:c4:
                    dc:a4:d3:7f:cb:7f:c9:7a:ef:d3:9f:4e:d1:e1:55:
                    16:77:13:45:4a:a5:b0:53:5c:81:25:95:23:32:cc:
                    b5:8e:b1:b6:22:2c:b7:8f:4c:e5:a1:77:51:e3:ae:
                    33:32:b4:72:7f:2d:e5:95:45:13:11:06:92:6d:92:
                    b4:3b:70:de:eb:8b:ed:3e:8f:4a:42:48:70:aa:d9:
                    82:26:b8:d2:14:b5:ab:71:8f:aa:5d:29:bc:c5:24:
                    75:50:32:31:0e:87:db:6b:d9:91:8b:14:ec:5f:2d:
                    11:52:89:8b:06:d9:0a:01:f9:18:58:31:dd:49:42:
                    d4:59:b4:3e:9c:da:c8:a4:cb:0b:80:74:ab:f7:0c:
                    2d:d1:17:07:e4:b9:d4:a3:51:5d:8f:b3:2d:0d:06:
                    0d:1b:1a:74:b4:e1:70:6f:ca:70:ad:bd:6e:62:65:
                    6d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:D8:E7:0D:2D:2C:89:09:2B:7A:20:58:22:2F:41:74:88:97:E7:13
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/rtjnDS0siQkreiBYIi9BdIiX5xM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.168.0-2.58.170.255
                  5.182.114.0/24
                  77.242.156.0/24
                  77.242.158.0/24
                  83.137.159.0/24
                  88.151.57.0-88.151.58.255
                  88.151.62.0/24
                  88.209.195.0/24
                  88.209.217.0/24
                  178.210.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:e0:d8:3a:99:7f:60:6f:b5:f5:04:ae:d3:b8:b0:32:44:39:
         7a:c7:94:0b:f1:c1:98:de:60:71:45:1e:b9:e9:f6:cf:a3:ee:
         a4:21:6b:eb:09:e0:fc:0f:ed:86:ee:e3:47:5d:0c:22:e7:0e:
         b5:ad:23:0f:f4:0f:d0:58:39:d3:1c:f6:6a:22:85:26:bc:0b:
         83:7e:13:2d:8c:91:e5:29:db:7b:13:55:86:42:7d:e4:aa:04:
         81:b4:f1:93:a0:7c:0e:b3:a1:a2:ba:0b:63:1b:73:47:48:20:
         b8:1d:69:4c:7c:f0:a5:92:e7:88:4b:f0:8b:71:50:b5:10:51:
         f6:6c:a5:76:f5:50:62:40:29:57:fe:8d:b0:c0:fb:b1:5e:cb:
         ab:89:84:c9:bb:e1:8f:ce:0f:9c:cc:3d:50:35:ef:8b:f7:4f:
         6e:13:70:e3:14:2d:85:40:b9:22:62:c1:3b:31:32:3a:31:ce:
         f3:25:5f:06:18:3d:c3:e3:41:33:bc:3b:61:25:f8:6f:6c:f1:
         5f:9e:7e:78:e3:5f:c3:be:92:3d:ef:96:2a:e6:ec:3b:9f:f6:
         17:b0:5c:1c:a7:0f:e7:dd:e2:a4:0a:bc:74:79:2f:51:dc:bd:
         a3:a4:88:83:bf:b0:b4:ba:d9:3c:6c:e8:0f:2c:c7:03:c8:63:
         40:66:01:1a
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYw+JXNm5Kpe57DulVvK9DTxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMxMjA2MDgwMTMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWQ4ZTcwZDJkMmM4OTA5MmI3YTIwNTgyMjJmNDE3NDg4OTdlNzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigEwDidkLEK6Ywau6iMfv1jek8jC
5Kk7zmshljivhJmUNNUTmFA0Af2xT7+0zLq/Z3ERu0JSOtMaynU4iASPa1iWtAIS
FPmjNpecBnsWKMS+76fvfioy7sTcpNN/y3/Jeu/Tn07R4VUWdxNFSqWwU1yBJZUj
Msy1jrG2Iiy3j0zloXdR464zMrRyfy3llUUTEQaSbZK0O3De64vtPo9KQkhwqtmC
JrjSFLWrcY+qXSm8xSR1UDIxDofba9mRixTsXy0RUomLBtkKAfkYWDHdSULUWbQ+
nNrIpMsLgHSr9wwt0RcH5LnUo1Fdj7MtDQYNGxp0tOFwb8pwrb1uYmVtNwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFK7Y5w0tLIkJK3ogWCIvQXSIl+cTMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvcnRqbkRTMHNpUWtyZWlCWUlpOUJkSWlYNXhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMMAwDBAMCOqgD
BAACOqoDBAAFtnIDBABN8pwDBABN8p4DBABTiZ8wDAMEAFiXOQMEAFiXOgMEAFiX
PgMEAFjRwwMEAFjR2QMEAbLS5jANBgkqhkiG9w0BAQsFAAOCAQEAPODYOpl/YG+1
9QSu07iwMkQ5eseUC/HBmN5gcUUeuen2z6PupCFr6wng/A/thu7jR10MIucOta0j
D/QP0Fg50xz2aiKFJrwLg34TLYyR5SnbexNVhkJ95KoEgbTxk6B8DrOhoroLYxtz
R0gguB1pTHzwpZLniEvwi3FQtRBR9myldvVQYkApV/6NsMD7sV7Lq4mEybvhj84P
nMw9UDXvi/dPbhNw4xQthUC5ImLBOzEyOjHO8yVfBhg9w+NBM7w7YSX4b2zxX55+
eONfw76SPe+WKubsO5/2F7BcHKcP593ipAq8dHkvUdy9o6SIg7+wtLrZPGzoDyzH
A8hjQGYBGg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:57 2024 by rpki-client on console-ams.rpki-client.org