Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/3XTliAf_OWFbGGi5sJId-lpmnZ4.roa
File:                     3XTliAf_OWFbGGi5sJId-lpmnZ4.roa (raw, json)
Hash identifier:          n4BohkErpnY5vDBlTz7UUYJZL4ZybhIBumCDPws9RaQ=
Subject key identifier:   DD:74:E5:88:07:FF:39:61:5B:18:68:B9:B0:92:1D:FA:5A:66:9D:9E
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       01862D188ED14ACEB4141A4BD43A58CB7053
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/3XTliAf_OWFbGGi5sJId-lpmnZ4.roa
Signing time:             Tue 07 Feb 2023 18:17:09 +0000
ROA not before:           Tue 07 Feb 2023 18:17:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     996
IP address blocks:        94.190.248.0/22 maxlen: 24
                          89.40.176.0/22 maxlen: 24
                          89.37.188.0/22 maxlen: 24
                          89.36.236.0/22 maxlen: 24
                          89.36.32.0/22 maxlen: 24
                          89.37.228.0/22 maxlen: 24
                          89.37.236.0/22 maxlen: 24
                          91.232.136.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:2d:18:8e:d1:4a:ce:b4:14:1a:4b:d4:3a:58:cb:70:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Feb  7 18:17:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dd74e58807ff39615b1868b9b0921dfa5a669d9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bc:c6:e7:4a:22:89:f7:a6:0f:99:c2:6a:07:
                    e1:15:47:82:4c:2f:47:92:3f:f4:6d:95:e4:73:7c:
                    ad:fa:bc:d5:1f:66:ea:6d:64:80:09:1e:69:92:da:
                    fb:87:54:d3:7b:ed:dd:76:ac:70:b4:f8:74:93:8c:
                    75:2a:33:ef:14:76:d1:c3:89:6a:18:a5:9e:bf:3f:
                    fa:a0:10:1f:1a:f1:6f:5b:33:a5:98:3d:4d:3d:43:
                    d7:8c:d7:e2:6c:db:37:1f:41:6b:b6:1d:47:94:bd:
                    23:b8:34:cd:f7:2b:c0:fc:fe:df:3d:10:db:1e:68:
                    25:d4:29:e1:02:6c:dd:65:2b:87:b6:91:4f:e5:a7:
                    e3:0d:72:e3:81:d4:eb:65:90:f9:d4:a5:0c:d4:e2:
                    09:45:53:43:8b:28:41:37:ff:41:78:b6:bf:9a:e9:
                    2f:9c:9c:4c:b6:1e:ff:6e:e0:4a:25:12:bf:c4:6e:
                    3b:94:c7:1c:42:96:51:83:30:91:17:0e:0d:3d:19:
                    1e:63:9a:c1:50:f1:26:dc:0d:26:8f:b9:39:bc:04:
                    1a:42:13:75:c7:96:5a:6a:14:85:c9:aa:69:c8:f4:
                    8f:3f:68:9f:90:a4:f6:6c:61:0f:71:12:28:0f:15:
                    ca:f0:b4:cf:28:a6:95:fa:94:42:b3:9d:a8:7e:45:
                    23:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:74:E5:88:07:FF:39:61:5B:18:68:B9:B0:92:1D:FA:5A:66:9D:9E
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/3XTliAf_OWFbGGi5sJId-lpmnZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.32.0/22
                  89.36.236.0/22
                  89.37.188.0/22
                  89.37.228.0/22
                  89.37.236.0/22
                  89.40.176.0/22
                  91.232.136.0/22
                  94.190.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:19:af:6d:47:44:ce:fc:9d:4f:ef:71:c7:3c:12:4f:92:2e:
         f8:5b:8b:fb:6f:3e:5a:00:41:9f:d8:73:40:d8:30:9d:83:94:
         d1:1d:ae:57:20:f4:f0:ce:fe:01:14:ce:d2:bd:4e:94:a4:82:
         c7:ea:f7:bd:04:33:13:ce:43:0a:82:fb:33:43:b2:c4:ad:08:
         f1:30:20:27:e5:5b:1b:cb:ef:45:a6:33:e3:1b:3c:bb:6b:03:
         57:fb:be:d2:44:f4:87:65:16:22:5f:79:f8:7c:1a:7d:23:2d:
         05:7b:61:55:40:1a:44:5e:92:80:4b:33:a8:70:47:52:ed:17:
         f8:68:6c:58:c5:51:df:2b:21:f8:fb:e4:4e:28:94:f5:f2:12:
         5f:a6:1e:9f:d8:aa:86:86:0f:f4:99:a9:82:99:f0:58:63:1b:
         55:bf:35:d3:5f:6e:76:4c:08:2c:5b:63:f7:5c:3b:3e:a0:97:
         7c:2a:7c:13:66:6b:f3:af:58:fb:32:15:88:7d:2e:de:9e:fb:
         77:fd:b6:0d:02:1b:ba:84:29:5b:e7:fa:31:19:6e:32:09:7b:
         a1:4e:19:44:c5:85:81:5c:60:e4:77:c4:ec:a7:5d:c4:bc:0d:
         d5:0e:06:58:94:09:dd:ef:f9:c5:f8:fc:32:e4:33:8e:5d:52:
         c2:5d:87:05
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYYtGI7RSs60FBpL1DpYy3BTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwMjA3MTgxNzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDc0ZTU4ODA3ZmYzOTYxNWIxODY4YjliMDkyMWRmYTVhNjY5ZDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7zG50oiifemD5nCagfhFUeCTC9H
kj/0bZXkc3yt+rzVH2bqbWSACR5pktr7h1TTe+3ddqxwtPh0k4x1KjPvFHbRw4lq
GKWevz/6oBAfGvFvWzOlmD1NPUPXjNfibNs3H0Frth1HlL0juDTN9yvA/P7fPRDb
Hmgl1CnhAmzdZSuHtpFP5afjDXLjgdTrZZD51KUM1OIJRVNDiyhBN/9BeLa/mukv
nJxMth7/buBKJRK/xG47lMccQpZRgzCRFw4NPRkeY5rBUPEm3A0mj7k5vAQaQhN1
x5ZaahSFyappyPSPP2ifkKT2bGEPcRIoDxXK8LTPKKaV+pRCs52ofkUj4wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFN105YgH/zlhWxhoubCSHfpaZp2eMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvM1hUbGlBZl9PV0ZiR0dpNXNKSWQtbHBtblo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCWSQgAwQC
WSTsAwQCWSW8AwQCWSXkAwQCWSXsAwQCWSiwAwQCW+iIAwQCXr74MA0GCSqGSIb3
DQEBCwUAA4IBAQAPGa9tR0TO/J1P73HHPBJPki74W4v7bz5aAEGf2HNA2DCdg5TR
Ha5XIPTwzv4BFM7SvU6UpILH6ve9BDMTzkMKgvszQ7LErQjxMCAn5Vsby+9FpjPj
Gzy7awNX+77SRPSHZRYiX3n4fBp9Iy0Fe2FVQBpEXpKASzOocEdS7Rf4aGxYxVHf
KyH4++ROKJT18hJfph6f2KqGhg/0mamCmfBYYxtVvzXTX252TAgsW2P3XDs+oJd8
KnwTZmvzr1j7MhWIfS7envt3/bYNAhu6hClb5/oxGW4yCXuhThlExYWBXGDkd8Ts
p13EvA3VDgZYlAnd7/nF+Pwy5DOOXVLCXYcF
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org