Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/o9X-LYLja6-Y8gSNSJY57VBfgM0.roa
File:                     o9X-LYLja6-Y8gSNSJY57VBfgM0.roa (raw, json)
Hash identifier:          Zqo8C3uwdRauMNAV8CL3bidG2bGIOjRcIFf4E/TLzys=
Subject key identifier:   A3:D5:FE:2D:82:E3:6B:AF:98:F2:04:8D:48:96:39:ED:50:5F:80:CD
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       0187B94729F5BED124AE1AB354F111D03716
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/o9X-LYLja6-Y8gSNSJY57VBfgM0.roa
Signing time:             Tue 25 Apr 2023 16:37:41 +0000
ROA not before:           Tue 25 Apr 2023 16:37:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        188.240.83.0/24 maxlen: 24
                          85.204.148.0/22 maxlen: 22
                          5.35.192.0/21 maxlen: 24
                          84.234.16.0/20 maxlen: 24
                          194.88.96.0/21 maxlen: 24
                          62.112.0.0/21 maxlen: 24
                          85.204.160.0/22 maxlen: 24
                          93.113.184.0/21 maxlen: 24
                          194.88.112.0/20 maxlen: 24
                          91.232.136.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b9:47:29:f5:be:d1:24:ae:1a:b3:54:f1:11:d0:37:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Apr 25 16:37:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a3d5fe2d82e36baf98f2048d489639ed505f80cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:2c:65:93:aa:22:de:4e:b8:dc:0d:f5:4e:95:
                    16:61:3e:4b:3c:17:d1:74:b7:71:b4:e1:8c:24:30:
                    2a:48:d9:ec:8d:93:67:d5:d2:75:c5:d0:87:85:b6:
                    78:c4:98:88:df:42:cd:04:d7:07:d3:7c:51:eb:e3:
                    ba:3a:28:03:5d:12:14:54:f0:45:d1:de:d4:47:d9:
                    b4:51:97:36:55:2e:14:00:93:26:55:a5:5f:59:62:
                    a8:39:1c:b4:83:ef:7f:5d:7e:6c:0e:ae:42:29:59:
                    17:91:9f:37:dd:f8:8e:c8:24:e3:28:45:b2:9b:4b:
                    fa:0d:a4:69:f3:e4:cc:05:3b:7b:e7:71:0e:62:f2:
                    7e:c5:22:4a:a4:f2:70:59:86:bc:99:ab:23:7f:ac:
                    99:fd:bc:64:1b:4e:f3:6a:f7:3a:47:df:af:51:e1:
                    0e:e4:10:9c:c0:36:ae:c0:d0:11:fd:c8:95:63:a5:
                    bd:5a:8d:57:c0:15:e2:42:53:d7:d8:57:6e:fd:59:
                    48:9e:86:7a:a2:0e:09:c6:4c:ba:82:dd:2a:57:d6:
                    69:b4:5b:7c:b9:12:e0:aa:e4:7e:cc:2a:c1:07:9c:
                    57:a7:96:f4:71:07:04:9b:97:40:b3:d9:1b:48:a9:
                    cb:85:51:09:4f:b8:0c:9e:70:7c:e1:c8:fc:46:37:
                    0e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:D5:FE:2D:82:E3:6B:AF:98:F2:04:8D:48:96:39:ED:50:5F:80:CD
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/o9X-LYLja6-Y8gSNSJY57VBfgM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.192.0/21
                  62.112.0.0/21
                  84.234.16.0/20
                  85.204.148.0/22
                  85.204.160.0/22
                  91.232.136.0/22
                  93.113.184.0/21
                  188.240.83.0/24
                  194.88.96.0/21
                  194.88.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6c:ab:2c:69:e0:c6:5d:24:fe:b9:a2:b6:33:c5:83:e1:c3:52:
         29:e7:88:43:b5:46:9f:d7:11:5f:44:e5:51:53:bf:ae:1e:c2:
         18:9b:2d:bc:bc:a1:6a:1e:5a:e8:15:7c:f9:64:0b:8d:09:01:
         93:fe:61:f1:2b:93:d2:b1:0e:fe:de:74:2d:42:0d:b5:48:3e:
         d0:dd:49:11:e0:bb:c5:3d:82:64:13:77:58:6c:51:58:2b:ca:
         80:23:59:f1:17:6e:23:6f:5d:d0:88:af:6d:a1:a5:59:03:c2:
         9f:3f:ba:e6:98:7b:fd:51:e3:9b:3c:a7:cc:00:bb:d0:42:ce:
         19:46:75:7b:84:02:89:26:23:9b:58:20:76:bd:5e:37:9c:99:
         bf:3a:78:4d:f0:73:50:1f:d8:f2:a5:c9:9d:d1:45:b9:9e:09:
         20:8f:41:41:88:a5:cc:6b:9c:c6:88:4b:f7:9a:5a:91:8c:a2:
         88:10:a6:71:14:97:73:2a:44:75:68:f3:41:3b:b1:46:48:ad:
         85:08:28:27:b0:df:2f:11:61:98:cb:07:39:b5:41:49:44:22:
         65:d8:2d:6d:f7:7d:34:0f:a4:a6:5a:ec:c0:aa:c5:3a:cc:05:
         9a:e6:c8:e2:16:06:12:45:c5:c4:33:3d:fc:65:58:54:d4:7e:
         ff:aa:17:38
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYe5Ryn1vtEkrhqzVPER0DcWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNDI1MTYzNzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Q1ZmUyZDgyZTM2YmFmOThmMjA0OGQ0ODk2MzllZDUwNWY4MGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyxlk6oi3k643A31TpUWYT5LPBfR
dLdxtOGMJDAqSNnsjZNn1dJ1xdCHhbZ4xJiI30LNBNcH03xR6+O6OigDXRIUVPBF
0d7UR9m0UZc2VS4UAJMmVaVfWWKoORy0g+9/XX5sDq5CKVkXkZ833fiOyCTjKEWy
m0v6DaRp8+TMBTt753EOYvJ+xSJKpPJwWYa8masjf6yZ/bxkG07zavc6R9+vUeEO
5BCcwDauwNAR/ciVY6W9Wo1XwBXiQlPX2Fdu/VlInoZ6og4Jxky6gt0qV9ZptFt8
uRLgquR+zCrBB5xXp5b0cQcEm5dAs9kbSKnLhVEJT7gMnnB84cj8RjcOqwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFKPV/i2C42uvmPIEjUiWOe1QX4DNMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvbzlYLUxZTGphNi1ZOGdTTlNKWTU3VkJmZ00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQDBSPAAwQD
PnAAAwQEVOoQAwQCVcyUAwQCVcygAwQCW+iIAwQDXXG4AwQAvPBTAwQDwlhgAwQE
wlhwMA0GCSqGSIb3DQEBCwUAA4IBAQBsqyxp4MZdJP65orYzxYPhw1Ip54hDtUaf
1xFfROVRU7+uHsIYmy28vKFqHlroFXz5ZAuNCQGT/mHxK5PSsQ7+3nQtQg21SD7Q
3UkR4LvFPYJkE3dYbFFYK8qAI1nxF24jb13QiK9toaVZA8KfP7rmmHv9UeObPKfM
ALvQQs4ZRnV7hAKJJiObWCB2vV43nJm/OnhN8HNQH9jypcmd0UW5ngkgj0FBiKXM
a5zGiEv3mlqRjKKIEKZxFJdzKkR1aPNBO7FGSK2FCCgnsN8vEWGYywc5tUFJRCJl
2C1t9300D6SmWuzAqsU6zAWa5sjiFgYSRcXEMz38ZVhU1H7/qhc4
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org