Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/RDlHCbEhrxSfQUh0zCUI07biqgM.roa
File:                     RDlHCbEhrxSfQUh0zCUI07biqgM.roa (raw, json)
Hash identifier:          pcW1O4SwQmfWcLjHIBHlEeBpCyTu0em/zCBDI9if/3k=
Subject key identifier:   44:39:47:09:B1:21:AF:14:9F:41:48:74:CC:25:08:D3:B6:E2:AA:03
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018803C5C039F84BE06902F0687C414EA3CB
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/RDlHCbEhrxSfQUh0zCUI07biqgM.roa
Signing time:             Wed 10 May 2023 03:47:51 +0000
ROA not before:           Wed 10 May 2023 03:47:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     996
IP address blocks:        89.37.188.0/22 maxlen: 24
                          89.36.32.0/22 maxlen: 24
                          89.37.228.0/22 maxlen: 24
                          89.37.236.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:03:c5:c0:39:f8:4b:e0:69:02:f0:68:7c:41:4e:a3:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: May 10 03:47:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=44394709b121af149f414874cc2508d3b6e2aa03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f2:4d:85:ca:30:83:de:ac:01:7e:dc:21:62:
                    bf:ab:68:37:b8:d1:e0:9c:9c:87:fb:ca:bd:6f:c1:
                    97:c4:c5:7d:56:7f:10:8e:ab:1f:6f:d0:86:6c:ff:
                    06:ac:24:26:fb:1e:d0:9e:c5:69:78:e4:57:d8:0e:
                    80:6c:9c:19:03:33:16:d3:b1:d7:40:9c:a8:2b:95:
                    43:68:0b:1f:a9:e0:c8:00:48:f8:8f:2c:f3:7d:13:
                    de:90:09:4a:86:45:66:58:6d:d6:b9:41:86:94:5f:
                    f8:e7:6d:76:42:cc:83:37:dd:37:35:13:fb:bd:24:
                    c2:f4:e1:ce:bd:6b:d8:7f:d0:b3:f0:74:49:4a:c2:
                    80:3d:8e:0c:be:62:2f:c9:b3:45:24:fd:95:e8:42:
                    39:a2:0c:a9:e6:e2:e4:c2:15:88:6c:d6:77:80:70:
                    e7:9c:1c:6f:52:2d:92:cb:a6:74:54:57:5a:fa:47:
                    ab:f5:1a:a3:6e:07:7e:52:f5:e8:3b:b4:83:35:79:
                    8c:db:c9:cc:fc:a9:65:6a:37:e4:6d:ea:e3:9d:c9:
                    ef:78:5d:d3:98:fd:25:d3:b7:07:78:6c:7d:b3:71:
                    2d:8c:0a:55:d2:cb:59:c8:1c:28:0c:2a:ae:a6:22:
                    62:30:cf:4b:3f:2a:5b:9e:6c:3f:44:c5:35:5b:0d:
                    0c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:39:47:09:B1:21:AF:14:9F:41:48:74:CC:25:08:D3:B6:E2:AA:03
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/RDlHCbEhrxSfQUh0zCUI07biqgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.32.0/22
                  89.37.188.0/22
                  89.37.228.0/22
                  89.37.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:1a:c2:7a:62:52:69:78:63:39:2e:f7:d7:d0:27:2d:6c:73:
         1f:1f:c2:f0:c8:07:16:3b:8a:70:fb:95:00:6d:6d:d1:4b:91:
         41:25:aa:24:ac:ac:c9:08:50:97:a9:8c:72:eb:9d:e6:5c:22:
         bf:42:72:f2:31:8e:dc:a7:5f:87:90:d0:f8:e0:92:98:5d:1c:
         1f:6a:4e:f4:b1:35:2a:3b:41:06:ed:08:1b:21:72:f5:68:65:
         ba:d3:83:c2:7a:d0:0d:35:54:51:3f:45:20:63:07:1a:41:6a:
         2b:72:c2:0b:e6:5a:5f:0a:ca:23:0f:c0:63:f4:cb:3b:84:ba:
         65:ba:df:a8:ca:d3:55:c0:99:d5:2d:4c:d2:20:91:43:73:1e:
         65:1b:1a:fe:a2:9b:46:81:7a:87:b3:86:6d:a4:90:4c:c1:c8:
         96:61:93:d5:e4:62:11:5e:b0:7b:e3:d8:ca:7b:4f:93:8f:4a:
         39:44:2f:45:be:cc:46:7d:d5:b0:42:64:e1:b1:15:5f:b2:52:
         5f:81:72:4b:8c:6c:3c:25:b0:71:39:aa:ff:0b:1a:e9:8e:16:
         c2:23:8e:14:86:8d:37:b3:42:85:35:1c:bc:6d:d2:0e:17:b3:
         63:1b:95:54:ac:27:11:63:f9:ed:cb:8d:01:b7:1c:b0:d6:29:
         29:18:45:79
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYgDxcA5+EvgaQLwaHxBTqPLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNTEwMDM0NzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDM5NDcwOWIxMjFhZjE0OWY0MTQ4NzRjYzI1MDhkM2I2ZTJhYTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovJNhcowg96sAX7cIWK/q2g3uNHg
nJyH+8q9b8GXxMV9Vn8Qjqsfb9CGbP8GrCQm+x7QnsVpeORX2A6AbJwZAzMW07HX
QJyoK5VDaAsfqeDIAEj4jyzzfRPekAlKhkVmWG3WuUGGlF/45212QsyDN903NRP7
vSTC9OHOvWvYf9Cz8HRJSsKAPY4MvmIvybNFJP2V6EI5ogyp5uLkwhWIbNZ3gHDn
nBxvUi2Sy6Z0VFda+ker9Rqjbgd+UvXoO7SDNXmM28nM/KllajfkberjncnveF3T
mP0l07cHeGx9s3EtjApV0stZyBwoDCqupiJiMM9LPypbnmw/RMU1Ww0M0QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEQ5RwmxIa8Un0FIdMwlCNO24qoDMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvUkRsSENiRWhyeFNmUVVoMHpDVUkwN2JpcWdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCWSQgAwQC
WSW8AwQCWSXkAwQCWSXsMA0GCSqGSIb3DQEBCwUAA4IBAQBLGsJ6YlJpeGM5LvfX
0CctbHMfH8LwyAcWO4pw+5UAbW3RS5FBJaokrKzJCFCXqYxy653mXCK/QnLyMY7c
p1+HkND44JKYXRwfak70sTUqO0EG7QgbIXL1aGW604PCetANNVRRP0UgYwcaQWor
csIL5lpfCsojD8Bj9Ms7hLplut+oytNVwJnVLUzSIJFDcx5lGxr+optGgXqHs4Zt
pJBMwciWYZPV5GIRXrB749jKe0+Tj0o5RC9FvsxGfdWwQmThsRVfslJfgXJLjGw8
JbBxOar/CxrpjhbCI44Uho03s0KFNRy8bdIOF7NjG5VUrCcRY/nty40Btxyw1ikp
GEV5
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org