Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/_xgmH44SzMDktTEPuf2SRci0PL4.roa
File:                     _xgmH44SzMDktTEPuf2SRci0PL4.roa (raw, json)
Hash identifier:          fRP+FI+bHTgCMaBfl9kC84lKrtp7oVoDly7Lyg5cvtM=
Subject key identifier:   FF:18:26:1F:8E:12:CC:C0:E4:B5:31:0F:B9:FD:92:45:C8:B4:3C:BE
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       01898951312682DF917FEE2CB2057BEBD352
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/_xgmH44SzMDktTEPuf2SRci0PL4.roa
Signing time:             Mon 24 Jul 2023 19:12:26 +0000
ROA not before:           Mon 24 Jul 2023 19:12:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        89.36.231.0/24 maxlen: 24
                          188.240.83.0/24 maxlen: 24
                          84.247.20.0/24 maxlen: 24
                          46.102.174.0/24 maxlen: 24
                          89.37.128.0/24 maxlen: 24
                          62.112.30.0/24 maxlen: 24
                          93.114.69.0/24 maxlen: 24
                          89.40.43.0/24 maxlen: 24
                          176.223.190.0/24 maxlen: 24
                          94.177.113.0/24 maxlen: 24
                          94.177.118.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:89:51:31:26:82:df:91:7f:ee:2c:b2:05:7b:eb:d3:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Jul 24 19:12:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ff18261f8e12ccc0e4b5310fb9fd9245c8b43cbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b7:bf:77:7e:3e:76:b3:0e:cf:f9:ff:6a:88:
                    7b:20:7c:fc:34:94:13:5a:03:7a:4a:10:12:5a:be:
                    fd:39:75:cc:70:4d:48:59:2e:e8:59:90:78:88:5b:
                    64:60:68:d3:d5:06:1b:01:ec:b9:9a:fc:21:8b:1e:
                    7f:c0:cf:9f:fb:60:41:01:84:a4:44:3d:6c:43:e9:
                    cf:fb:3a:0e:ab:17:06:dc:44:f1:c3:9d:95:7b:63:
                    13:51:51:99:21:cb:e7:59:5b:93:4c:bf:e4:e6:6d:
                    7f:59:ca:6a:f8:94:1b:cc:15:35:74:8f:2e:a1:96:
                    c4:54:84:c5:b8:62:e2:e9:c7:19:5f:2a:a4:5c:7a:
                    02:7f:5f:a3:0d:b5:de:65:10:8b:69:74:44:79:7b:
                    20:8c:da:25:9c:97:3b:ba:00:40:fd:21:f1:92:de:
                    24:01:31:8a:1f:3a:04:ae:0b:45:e0:69:ea:ec:76:
                    bd:33:be:bf:65:89:3a:d8:b3:de:07:98:7a:79:67:
                    ea:25:cc:b7:f1:c0:fd:6d:92:c1:d1:23:b9:f4:fc:
                    ee:77:c3:eb:b4:3e:37:a8:bf:49:eb:1d:02:7d:ff:
                    d5:5c:74:db:33:7d:fc:43:76:9e:fc:e2:b7:36:59:
                    60:e6:77:4f:1b:e2:b9:90:4e:42:7d:43:94:ea:87:
                    52:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:18:26:1F:8E:12:CC:C0:E4:B5:31:0F:B9:FD:92:45:C8:B4:3C:BE
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/_xgmH44SzMDktTEPuf2SRci0PL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.174.0/24
                  62.112.30.0/24
                  84.247.20.0/24
                  89.36.231.0/24
                  89.37.128.0/24
                  89.40.43.0/24
                  93.114.69.0/24
                  94.177.113.0/24
                  94.177.118.0/24
                  176.223.190.0/24
                  188.240.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:d0:17:e6:2d:ec:4f:c0:c4:d2:44:5a:39:5b:e4:f8:43:8c:
         77:66:4f:8b:3d:b3:9f:ea:fd:7a:e5:ef:fc:68:7b:82:48:6b:
         b9:84:63:ec:44:ac:08:ca:6e:67:c2:8a:44:d0:ab:1a:84:71:
         49:6f:c7:99:25:71:c9:38:37:dc:c9:a4:49:ff:fe:54:02:2c:
         b8:82:fc:df:19:c0:6d:54:0b:9f:c0:c9:e6:ad:96:99:c4:15:
         81:6a:81:bf:42:c6:7d:d6:94:bf:00:ec:ba:0d:da:bf:32:1d:
         8e:5c:c3:92:21:58:9e:d1:cc:f7:91:72:5a:d0:99:0b:93:a7:
         b6:ef:5f:a3:98:dd:f0:88:12:79:73:0b:c3:ee:94:60:8a:8b:
         4d:63:63:92:71:d8:8d:96:45:e7:7b:a1:ce:2b:e7:0e:ac:4d:
         73:a9:7a:c1:40:3b:d9:e1:f6:02:46:9b:fa:c9:bb:0b:7d:36:
         47:b5:d9:00:5d:6d:04:d8:14:80:8e:f4:bb:c9:99:13:63:04:
         4e:4e:b4:7b:15:4b:f1:fe:17:c1:4d:0c:ed:4d:8c:3c:fe:0b:
         45:40:4f:df:46:d1:31:99:02:c7:2f:db:05:d8:30:3d:23:7d:
         92:68:15:4f:6f:81:18:ff:15:53:7b:bc:1e:b8:16:46:ad:5e:
         e7:b3:80:8f
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYmJUTEmgt+Rf+4ssgV769NSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNzI0MTkxMjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjE4MjYxZjhlMTJjY2MwZTRiNTMxMGZiOWZkOTI0NWM4YjQzY2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmre/d34+drMOz/n/aoh7IHz8NJQT
WgN6ShASWr79OXXMcE1IWS7oWZB4iFtkYGjT1QYbAey5mvwhix5/wM+f+2BBAYSk
RD1sQ+nP+zoOqxcG3ETxw52Ve2MTUVGZIcvnWVuTTL/k5m1/Wcpq+JQbzBU1dI8u
oZbEVITFuGLi6ccZXyqkXHoCf1+jDbXeZRCLaXREeXsgjNolnJc7ugBA/SHxkt4k
ATGKHzoErgtF4Gnq7Ha9M76/ZYk62LPeB5h6eWfqJcy38cD9bZLB0SO59Pzud8Pr
tD43qL9J6x0Cff/VXHTbM338Q3ae/OK3Nllg5ndPG+K5kE5CfUOU6odS3wIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFP8YJh+OEszA5LUxD7n9kkXItDy+MB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvX3hnbUg0NFN6TURrdFRFUHVmMlNSY2kwUEw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALmauAwQA
PnAeAwQAVPcUAwQAWSTnAwQAWSWAAwQAWSgrAwQAXXJFAwQAXrFxAwQAXrF2AwQA
sN++AwQAvPBTMA0GCSqGSIb3DQEBCwUAA4IBAQCD0BfmLexPwMTSRFo5W+T4Q4x3
Zk+LPbOf6v165e/8aHuCSGu5hGPsRKwIym5nwopE0KsahHFJb8eZJXHJODfcyaRJ
//5UAiy4gvzfGcBtVAufwMnmrZaZxBWBaoG/QsZ91pS/AOy6Ddq/Mh2OXMOSIVie
0cz3kXJa0JkLk6e271+jmN3wiBJ5cwvD7pRgiotNY2OScdiNlkXne6HOK+cOrE1z
qXrBQDvZ4fYCRpv6ybsLfTZHtdkAXW0E2BSAjvS7yZkTYwROTrR7FUvx/hfBTQzt
TYw8/gtFQE/fRtExmQLHL9sF2DA9I32SaBVPb4EY/xVTe7weuBZGrV7ns4CP
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org