Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/aaJd5eLAyQmapqS3wlwCdfcX1s4.roa
File:                     aaJd5eLAyQmapqS3wlwCdfcX1s4.roa (raw, json)
Hash identifier:          VSAbOfNCxngxCzu1RN8nDTaqOFydeDgJI27DvdeVwNc=
Subject key identifier:   69:A2:5D:E5:E2:C0:C9:09:9A:A6:A4:B7:C2:5C:02:75:F7:17:D6:CE
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018A3F0D6E8A5E9705CB0105719278381918
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/aaJd5eLAyQmapqS3wlwCdfcX1s4.roa
Signing time:             Tue 29 Aug 2023 02:09:19 +0000
ROA not before:           Tue 29 Aug 2023 02:09:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        37.153.132.0/24 maxlen: 24
                          188.240.83.0/24 maxlen: 24
                          84.247.20.0/24 maxlen: 24
                          89.37.106.0/24 maxlen: 24
                          91.250.244.0/24 maxlen: 24
                          89.42.40.0/24 maxlen: 24
                          62.112.30.0/24 maxlen: 24
                          89.44.210.0/24 maxlen: 24
                          89.36.231.0/24 maxlen: 24
                          46.102.174.0/24 maxlen: 24
                          89.37.128.0/24 maxlen: 24
                          93.114.69.0/24 maxlen: 24
                          89.40.43.0/24 maxlen: 24
                          176.223.190.0/24 maxlen: 24
                          188.211.249.0/24 maxlen: 24
                          94.177.113.0/24 maxlen: 24
                          94.177.118.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:3f:0d:6e:8a:5e:97:05:cb:01:05:71:92:78:38:19:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Aug 29 02:09:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=69a25de5e2c0c9099aa6a4b7c25c0275f717d6ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b8:37:00:99:dc:f3:cc:51:59:51:91:f9:76:
                    fb:8c:51:54:ba:6a:2a:db:77:a0:16:7c:5f:15:f9:
                    17:97:1b:f5:b5:3a:4e:73:e4:7f:94:26:da:9d:96:
                    c3:fd:34:46:2b:22:08:f1:40:dd:ba:90:9a:18:35:
                    85:b1:67:65:f8:cf:63:7e:54:83:f6:ff:40:9e:5e:
                    d2:b8:f8:1a:8e:71:92:b3:d2:bd:a0:8f:64:39:d2:
                    4b:80:92:5c:73:33:9a:d4:35:29:07:b3:2b:8f:c0:
                    9c:c7:e5:a0:08:9c:f9:76:a4:05:78:92:25:2e:18:
                    79:04:42:0c:0c:4a:e6:2f:7a:f9:98:bd:b8:81:ee:
                    6f:86:e3:b3:7c:8c:4f:31:21:d7:cc:ea:ef:29:02:
                    2c:04:f8:eb:f5:eb:43:d9:b4:84:aa:4c:1b:66:78:
                    2b:24:99:d7:4a:bd:88:ea:1f:57:f9:58:5f:2d:90:
                    d8:fc:68:a1:95:50:0c:4c:52:75:14:67:34:26:c2:
                    08:be:c6:b5:d0:ba:60:71:be:51:e5:b2:9c:c0:25:
                    b6:89:ed:6c:5a:b2:7b:66:c9:8c:91:77:6f:2b:99:
                    1b:49:02:79:00:66:47:fc:7d:b6:42:4c:b9:50:26:
                    2d:2a:54:35:27:a3:0c:bc:7a:44:75:d5:c7:39:56:
                    1c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:A2:5D:E5:E2:C0:C9:09:9A:A6:A4:B7:C2:5C:02:75:F7:17:D6:CE
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/aaJd5eLAyQmapqS3wlwCdfcX1s4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.132.0/24
                  46.102.174.0/24
                  62.112.30.0/24
                  84.247.20.0/24
                  89.36.231.0/24
                  89.37.106.0/24
                  89.37.128.0/24
                  89.40.43.0/24
                  89.42.40.0/24
                  89.44.210.0/24
                  91.250.244.0/24
                  93.114.69.0/24
                  94.177.113.0/24
                  94.177.118.0/24
                  176.223.190.0/24
                  188.211.249.0/24
                  188.240.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:20:e0:7d:72:e1:05:10:df:b1:96:75:8c:c8:d1:1c:71:ec:
         74:00:99:95:61:c9:c2:f8:91:bd:93:93:00:fe:5e:e7:be:49:
         84:4f:6e:ae:f2:ba:a7:22:22:3d:3c:f8:86:ff:9b:1a:ce:6a:
         39:24:e0:2e:3f:ce:87:c4:87:69:0d:25:4f:70:42:9a:34:fc:
         7e:1d:bd:13:a5:4d:30:97:41:f4:8c:e4:48:82:3e:67:ed:9f:
         07:eb:51:51:c2:cb:9e:4b:6e:ef:87:cb:63:b6:da:c4:5c:a0:
         54:c2:cd:37:76:1d:96:b7:d6:71:49:1a:f5:50:1c:4b:e5:9d:
         8b:c6:0f:c0:97:f2:bb:81:ad:ed:0f:c8:a0:17:36:2e:66:db:
         b8:3a:39:ec:9d:e0:12:b2:9d:b3:cb:ac:d6:48:83:34:fc:99:
         8b:5a:36:99:93:8c:d0:49:9e:19:56:a9:af:72:96:ae:5e:82:
         9f:1e:0a:da:a6:b7:74:36:52:17:62:33:44:3b:d9:05:16:22:
         d4:28:21:16:86:7b:70:52:5d:7b:de:95:f5:9f:55:43:af:d3:
         30:ff:6a:de:7d:ce:f5:00:df:58:e3:39:54:fc:6d:c9:94:df:
         1a:12:a7:6e:fe:49:24:35:f0:aa:6b:18:45:d0:55:de:b8:8a:
         27:f1:8e:6a
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgISAYo/DW6KXpcFywEFcZJ4OBkYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwODI5MDIwOTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWEyNWRlNWUyYzBjOTA5OWFhNmE0YjdjMjVjMDI3NWY3MTdkNmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrg3AJnc88xRWVGR+Xb7jFFUumoq
23egFnxfFfkXlxv1tTpOc+R/lCbanZbD/TRGKyII8UDdupCaGDWFsWdl+M9jflSD
9v9Anl7SuPgajnGSs9K9oI9kOdJLgJJcczOa1DUpB7Mrj8Ccx+WgCJz5dqQFeJIl
Lhh5BEIMDErmL3r5mL24ge5vhuOzfIxPMSHXzOrvKQIsBPjr9etD2bSEqkwbZngr
JJnXSr2I6h9X+VhfLZDY/GihlVAMTFJ1FGc0JsIIvsa10Lpgcb5R5bKcwCW2ie1s
WrJ7ZsmMkXdvK5kbSQJ5AGZH/H22Qky5UCYtKlQ1J6MMvHpEddXHOVYcRwIDAQAB
o4ICaTCCAmUwHQYDVR0OBBYEFGmiXeXiwMkJmqakt8JcAnX3F9bOMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvYWFKZDVlTEF5UW1hcHFTM3dsd0NkZmNYMXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH8GCCsGAQUFBwEHAQH/BHAwbjBsBAIAATBmAwQAJZmEAwQA
LmauAwQAPnAeAwQAVPcUAwQAWSTnAwQAWSVqAwQAWSWAAwQAWSgrAwQAWSooAwQA
WSzSAwQAW/r0AwQAXXJFAwQAXrFxAwQAXrF2AwQAsN++AwQAvNP5AwQAvPBTMA0G
CSqGSIb3DQEBCwUAA4IBAQAxIOB9cuEFEN+xlnWMyNEccex0AJmVYcnC+JG9k5MA
/l7nvkmET26u8rqnIiI9PPiG/5sazmo5JOAuP86HxIdpDSVPcEKaNPx+Hb0TpU0w
l0H0jORIgj5n7Z8H61FRwsueS27vh8tjttrEXKBUws03dh2Wt9ZxSRr1UBxL5Z2L
xg/Al/K7ga3tD8igFzYuZtu4OjnsneASsp2zy6zWSIM0/JmLWjaZk4zQSZ4ZVqmv
cpauXoKfHgraprd0NlIXYjNEO9kFFiLUKCEWhntwUl173pX1n1VDr9Mw/2refc71
AN9Y4zlU/G3JlN8aEqdu/kkkNfCqaxhF0FXeuIon8Y5q
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org