Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/29n10QdyGNBDaswXzSioCQltJl8.roa
File:                     29n10QdyGNBDaswXzSioCQltJl8.roa (raw, json)
Hash identifier:          RsP6uEz7DNjtISgQjjB4txgTMUfIKaW27yuy+AgBGow=
Subject key identifier:   DB:D9:F5:D1:07:72:18:D0:43:6A:CC:17:CD:28:A8:09:09:6D:26:5F
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       01879C9C4BBF7EB138482F366BF9202AC755
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/29n10QdyGNBDaswXzSioCQltJl8.roa
Signing time:             Thu 20 Apr 2023 03:01:41 +0000
ROA not before:           Thu 20 Apr 2023 03:01:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        37.153.132.0/24 maxlen: 24
                          84.247.20.0/24 maxlen: 24
                          46.102.174.0/24 maxlen: 24
                          176.223.190.0/24 maxlen: 24
                          94.177.113.0/24 maxlen: 24
                          94.177.118.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:9c:9c:4b:bf:7e:b1:38:48:2f:36:6b:f9:20:2a:c7:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Apr 20 03:01:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dbd9f5d1077218d0436acc17cd28a809096d265f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:8d:fb:d0:75:f1:11:f5:eb:c7:e2:89:18:21:
                    ed:88:9d:43:b7:da:f5:23:c2:cb:70:6e:1a:db:25:
                    71:10:75:89:1b:09:9b:cc:d9:14:0b:a9:5f:16:55:
                    66:a8:24:a5:d9:fd:8b:5d:d9:b1:54:ff:29:1f:4c:
                    a5:06:e5:ee:90:7d:33:c3:01:0c:29:03:ca:4c:ca:
                    68:78:5d:1e:ec:b6:78:a7:9f:e2:d4:d0:22:ae:dd:
                    e7:7d:5a:96:19:e7:12:ec:b5:0d:9e:22:0f:3b:3d:
                    e9:34:15:f9:56:af:9a:ad:2f:2f:4c:84:07:05:30:
                    ef:b4:54:11:ec:c2:55:79:94:dc:66:6f:05:53:4f:
                    f5:04:51:4d:a5:d8:c5:f5:bf:5d:cc:39:6c:fc:73:
                    69:bf:a0:86:d6:c0:3d:82:ab:3f:dd:2d:c6:39:14:
                    a3:8c:f2:da:5d:90:ac:61:57:4b:05:fe:c5:cf:67:
                    54:14:e4:ae:c5:da:74:c2:49:a3:06:69:07:8a:14:
                    1c:7c:c5:fc:a8:c3:8d:d1:35:ce:7a:bd:0d:b8:f9:
                    df:3a:18:e5:97:fd:85:5d:9e:5f:31:6f:ea:ad:99:
                    e6:86:9f:bc:d7:17:25:fd:57:49:65:78:28:6a:d0:
                    c7:e9:19:3d:3f:b9:9d:85:27:34:5e:0b:c8:d5:09:
                    ee:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D9:F5:D1:07:72:18:D0:43:6A:CC:17:CD:28:A8:09:09:6D:26:5F
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/29n10QdyGNBDaswXzSioCQltJl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.132.0/24
                  46.102.174.0/24
                  84.247.20.0/24
                  94.177.113.0/24
                  94.177.118.0/24
                  176.223.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:39:9f:d9:fa:5e:cd:8b:3f:7c:f4:d7:6d:69:7c:5d:db:eb:
         c6:a4:c8:46:ce:34:5e:80:cb:ea:07:a0:fd:2e:72:07:fd:2a:
         c1:6b:db:08:97:5b:37:72:5d:9c:30:1e:52:b3:27:ee:42:33:
         be:69:2f:79:8c:07:1f:07:54:e7:a9:3e:f8:e4:98:08:2d:7b:
         a9:64:1c:7c:46:ea:90:15:2f:d1:99:19:73:bf:88:ba:fe:bb:
         13:ac:22:15:2d:aa:b6:80:8e:a0:ea:b5:77:20:ac:e6:e3:82:
         7a:d4:84:84:5b:cb:0c:d0:7d:b4:79:c5:45:b0:c3:d2:17:b6:
         04:6f:04:bd:9a:a5:35:5d:4f:e2:6d:9a:ce:74:d6:c9:7a:98:
         e6:17:9b:7f:fb:84:a1:40:b9:c4:3e:ab:05:a7:c7:f5:14:db:
         86:f5:0b:ba:8e:36:56:c0:cd:ae:72:8b:29:b4:ad:1b:78:60:
         29:51:ff:ef:26:bc:51:00:5d:d6:74:6a:26:84:f7:f6:34:77:
         7d:48:97:61:22:90:18:85:7f:48:58:86:dc:8e:80:a1:71:38:
         95:37:a7:63:fa:bf:b0:fb:7e:80:91:1c:a6:f1:30:39:5b:86:
         5a:c4:eb:1d:65:28:0e:3c:73:ba:0c:5e:c3:f4:46:94:b9:70:
         ea:5c:d2:6f
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYecnEu/frE4SC82a/kgKsdVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNDIwMDMwMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmQ5ZjVkMTA3NzIxOGQwNDM2YWNjMTdjZDI4YTgwOTA5NmQyNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgI370HXxEfXrx+KJGCHtiJ1Dt9r1
I8LLcG4a2yVxEHWJGwmbzNkUC6lfFlVmqCSl2f2LXdmxVP8pH0ylBuXukH0zwwEM
KQPKTMpoeF0e7LZ4p5/i1NAirt3nfVqWGecS7LUNniIPOz3pNBX5Vq+arS8vTIQH
BTDvtFQR7MJVeZTcZm8FU0/1BFFNpdjF9b9dzDls/HNpv6CG1sA9gqs/3S3GORSj
jPLaXZCsYVdLBf7Fz2dUFOSuxdp0wkmjBmkHihQcfMX8qMON0TXOer0NuPnfOhjl
l/2FXZ5fMW/qrZnmhp+81xcl/VdJZXgoatDH6Rk9P7mdhSc0XgvI1QnuVwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNvZ9dEHchjQQ2rMF80oqAkJbSZfMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvMjluMTBRZHlHTkJEYXN3WHpTaW9DUWx0Smw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAJZmEAwQA
LmauAwQAVPcUAwQAXrFxAwQAXrF2AwQAsN++MA0GCSqGSIb3DQEBCwUAA4IBAQAJ
OZ/Z+l7Niz989NdtaXxd2+vGpMhGzjRegMvqB6D9LnIH/SrBa9sIl1s3cl2cMB5S
syfuQjO+aS95jAcfB1TnqT745JgILXupZBx8RuqQFS/RmRlzv4i6/rsTrCIVLaq2
gI6g6rV3IKzm44J61ISEW8sM0H20ecVFsMPSF7YEbwS9mqU1XU/ibZrOdNbJepjm
F5t/+4ShQLnEPqsFp8f1FNuG9Qu6jjZWwM2ucosptK0beGApUf/vJrxRAF3WdGom
hPf2NHd9SJdhIpAYhX9IWIbcjoChcTiVN6dj+r+w+36AkRym8TA5W4ZaxOsdZSgO
PHO6DF7D9EaUuXDqXNJv
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:48 2024 by rpki-client on console-ams.rpki-client.org