Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/1--aTbl593JOeBRkpHp1PN93mNeQ.roa
File:                     1--aTbl593JOeBRkpHp1PN93mNeQ.roa (raw, json)
Hash identifier:          Tig4xtKYUhxvlipRXisIdPWyvRkA1gWN47bPI/HQI58=
Subject key identifier:   FB:E6:93:6E:5E:7D:DC:93:9E:05:19:29:1E:9D:4F:37:DD:E6:35:E4
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018796E6335569E0643C335194C26DC50B03
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/1--aTbl593JOeBRkpHp1PN93mNeQ.roa
Signing time:             Wed 19 Apr 2023 00:24:41 +0000
ROA not before:           Wed 19 Apr 2023 00:24:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     393427
IP address blocks:        84.234.16.0/20 maxlen: 24
                          194.88.96.0/21 maxlen: 24
                          5.35.192.0/21 maxlen: 24
                          85.204.160.0/22 maxlen: 24
                          62.112.0.0/21 maxlen: 24
                          89.37.128.0/24 maxlen: 24
                          194.88.112.0/20 maxlen: 24
                          93.113.184.0/21 maxlen: 24
                          91.232.136.0/22 maxlen: 24
                          176.223.190.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:96:e6:33:55:69:e0:64:3c:33:51:94:c2:6d:c5:0b:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Apr 19 00:24:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fbe6936e5e7ddc939e0519291e9d4f37dde635e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f8:d2:9c:6e:e3:04:ef:34:4d:ac:72:2a:43:
                    2f:dc:31:28:86:74:10:cb:cd:38:84:7d:75:ae:88:
                    5e:09:5f:01:6e:eb:3e:3e:cc:86:f1:15:7d:96:19:
                    ae:82:3d:dd:f1:b1:02:58:5a:03:b1:26:13:39:7b:
                    da:ee:3b:29:e8:c2:53:db:49:fb:a5:64:af:f9:76:
                    1d:47:df:90:2d:fa:65:7a:b6:0c:4e:41:50:ca:da:
                    df:27:c3:08:d3:8a:5b:97:23:83:c1:9d:02:82:2f:
                    d0:91:f4:72:4d:12:ed:f0:9f:70:a0:01:fb:c4:66:
                    3a:f5:92:4b:a4:f3:d2:0e:68:11:c5:b9:30:1f:3e:
                    cc:b9:0a:f9:95:e8:91:19:a1:be:9b:a8:bb:e7:5b:
                    f6:c3:99:f2:97:01:05:6a:4f:c5:01:32:3f:d1:7c:
                    be:0f:7c:c9:a2:83:09:fd:9b:46:c8:6a:1b:ba:97:
                    fe:43:1d:ba:26:87:8e:ef:f7:85:50:65:ab:af:a8:
                    54:a4:60:ff:7c:4b:b5:da:25:58:70:30:cb:53:c9:
                    45:6d:f3:56:65:03:c4:71:db:d6:a6:6c:90:0c:47:
                    b0:81:fe:80:8a:15:12:f4:78:8d:6a:92:30:82:cf:
                    c5:89:57:6e:f8:c6:01:20:62:99:82:6e:9b:29:3a:
                    60:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:E6:93:6E:5E:7D:DC:93:9E:05:19:29:1E:9D:4F:37:DD:E6:35:E4
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/1--aTbl593JOeBRkpHp1PN93mNeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.192.0/21
                  62.112.0.0/21
                  84.234.16.0/20
                  85.204.160.0/22
                  89.37.128.0/24
                  91.232.136.0/22
                  93.113.184.0/21
                  176.223.190.0/24
                  194.88.96.0/21
                  194.88.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         50:94:b9:02:a7:af:c0:70:7b:11:26:ef:4f:ee:08:83:8f:21:
         15:50:cf:da:4f:ca:29:c6:d7:a7:45:5c:af:68:5c:d6:8c:a0:
         c2:85:26:4f:42:54:b6:b0:7f:65:55:6a:66:0a:15:13:1d:a5:
         70:3b:c3:d6:22:0b:ec:f2:81:ab:3e:b1:7d:95:f0:86:e1:07:
         2e:19:21:8e:d9:18:b3:58:3a:27:7c:62:a3:21:10:90:bf:8b:
         4b:dc:48:b7:d1:13:e1:e3:1b:68:cb:fb:82:06:49:1d:4b:3c:
         81:c8:39:f8:82:83:c8:b6:09:56:2f:4d:c2:36:09:fa:ae:8e:
         7f:4b:4d:34:af:30:08:56:64:74:09:4f:3e:4f:43:22:71:63:
         67:e7:cf:89:df:c0:15:73:f3:f1:3d:48:02:23:b8:c6:6f:79:
         94:0e:a0:4f:d8:fa:d1:91:60:df:7d:64:94:ad:42:29:14:65:
         75:55:f6:52:0e:4c:4d:9d:18:4b:93:bc:98:8a:f0:40:ca:7f:
         ed:14:a6:7d:61:b0:c2:ba:ed:89:4b:4b:b4:0b:1f:48:90:38:
         e7:1b:c2:b1:70:b6:d8:43:62:72:a7:29:e7:9c:f3:e0:17:17:
         77:8a:8a:90:e7:73:cc:f8:e3:02:59:dd:c0:60:93:a6:d1:bc:
         89:80:8b:16
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYeW5jNVaeBkPDNRlMJtxQsDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNDE5MDAyNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmU2OTM2ZTVlN2RkYzkzOWUwNTE5MjkxZTlkNGYzN2RkZTYzNWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/jSnG7jBO80TaxyKkMv3DEohnQQ
y804hH11roheCV8Bbus+PsyG8RV9lhmugj3d8bECWFoDsSYTOXva7jsp6MJT20n7
pWSv+XYdR9+QLfplerYMTkFQytrfJ8MI04pblyODwZ0Cgi/QkfRyTRLt8J9woAH7
xGY69ZJLpPPSDmgRxbkwHz7MuQr5leiRGaG+m6i751v2w5nylwEFak/FATI/0Xy+
D3zJooMJ/ZtGyGobupf+Qx26JoeO7/eFUGWrr6hUpGD/fEu12iVYcDDLU8lFbfNW
ZQPEcdvWpmyQDEewgf6AihUS9HiNapIwgs/FiVdu+MYBIGKZgm6bKTpgGwIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFPvmk25efdyTngUZKR6dTzfd5jXkMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvMS0tYVRibDU5M0pPZUJSa3BIcDFQTjkzbU5lUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmYvODJhN2Q2LTkyYTktNDIwNC05YWUwLTlhNDhlY2Y5ZTE1
ZS8xLzJnRHBnWlV3WVpjc2lXdlcwbmM0MElPcTJ3NC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBVBggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAwUjwAME
Az5wAAMEBFTqEAMEAlXMoAMEAFklgAMEAlvoiAMEA11xuAMEALDfvgMEA8JYYAME
BMJYcDANBgkqhkiG9w0BAQsFAAOCAQEAUJS5AqevwHB7ESbvT+4Ig48hFVDP2k/K
KcbXp0Vcr2hc1oygwoUmT0JUtrB/ZVVqZgoVEx2lcDvD1iIL7PKBqz6xfZXwhuEH
LhkhjtkYs1g6J3xioyEQkL+LS9xIt9ET4eMbaMv7ggZJHUs8gcg5+IKDyLYJVi9N
wjYJ+q6Of0tNNK8wCFZkdAlPPk9DInFjZ+fPid/AFXPz8T1IAiO4xm95lA6gT9j6
0ZFg331klK1CKRRldVX2Ug5MTZ0YS5O8mIrwQMp/7RSmfWGwwrrtiUtLtAsfSJA4
5xvCsXC22ENicqcp55zz4BcXd4qKkOdzzPjjAlndwGCTptG8iYCLFg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:48 2024 by rpki-client on console-ams.rpki-client.org