Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/q58EnMa9rUZ1iLA3zET-naiYtAE.roa
File:                     q58EnMa9rUZ1iLA3zET-naiYtAE.roa (raw, json)
Hash identifier:          Tfg6iAODLw5axDYYLAPcDoSXReGDs66y8AKnF1qz7xg=
Subject key identifier:   AB:9F:04:9C:C6:BD:AD:46:75:88:B0:37:CC:44:FE:9D:A8:98:B4:01
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       0187B43C467862A5D15B64C6556BBF0D5309
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/q58EnMa9rUZ1iLA3zET-naiYtAE.roa
Signing time:             Mon 24 Apr 2023 17:07:41 +0000
ROA not before:           Mon 24 Apr 2023 17:07:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        37.153.132.0/24 maxlen: 24
                          46.102.174.0/24 maxlen: 24
                          89.37.128.0/24 maxlen: 24
                          176.223.190.0/24 maxlen: 24
                          94.177.113.0/24 maxlen: 24
                          94.177.118.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b4:3c:46:78:62:a5:d1:5b:64:c6:55:6b:bf:0d:53:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Apr 24 17:07:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ab9f049cc6bdad467588b037cc44fe9da898b401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:80:6d:0a:7d:94:8f:61:be:cb:47:41:92:7d:
                    f3:58:43:24:fd:bf:2a:3d:02:69:a5:b6:b6:78:71:
                    b4:5d:e3:b1:46:5e:4a:31:ee:69:33:5b:20:ef:ab:
                    bd:ce:75:bd:20:17:a7:ab:f5:38:1f:7c:de:c5:b6:
                    4a:30:87:3d:f7:a0:c8:eb:48:68:e3:3e:f3:27:77:
                    ac:f4:d4:24:3f:e5:5e:a8:0a:21:97:47:e5:43:c7:
                    42:70:90:87:1a:1d:70:e7:a1:70:d9:c8:42:61:d5:
                    95:62:24:2d:6b:fb:8b:3b:5a:03:32:8c:66:1b:aa:
                    ac:21:0b:6f:71:88:99:2d:86:c7:a1:2e:e6:20:cd:
                    dc:36:e8:93:10:ad:3c:75:49:fd:fb:9c:ae:32:fa:
                    e8:6d:52:43:4d:7a:b5:b8:19:1d:f5:42:61:0b:e4:
                    26:49:c0:9a:16:64:0b:60:bd:ac:16:84:17:ca:a8:
                    81:f1:e1:d8:fa:4b:07:6c:8a:9a:7e:c8:e1:87:ad:
                    9c:b0:c4:f9:22:37:1f:b2:a9:5c:10:ad:df:ba:a8:
                    38:3f:20:16:ec:29:99:09:38:06:43:33:cb:4f:49:
                    b6:65:d2:06:17:93:44:26:d6:d3:52:5e:ce:83:d0:
                    6f:72:26:4d:8b:8e:2d:2d:79:65:c5:b7:59:db:8c:
                    41:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:9F:04:9C:C6:BD:AD:46:75:88:B0:37:CC:44:FE:9D:A8:98:B4:01
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/q58EnMa9rUZ1iLA3zET-naiYtAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.132.0/24
                  46.102.174.0/24
                  89.37.128.0/24
                  94.177.113.0/24
                  94.177.118.0/24
                  176.223.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:0f:e7:88:23:6f:8d:ac:f5:2b:23:98:72:03:7f:2f:3d:4f:
         8a:7e:23:c1:a6:6c:d2:41:68:37:d0:db:76:ac:f2:33:06:66:
         7e:2b:a7:08:d9:13:10:9e:32:e6:39:77:d3:4a:0f:7e:ab:28:
         5c:bb:0a:42:0e:69:d1:09:cc:4e:98:10:fe:6d:a2:1d:40:3e:
         7f:5a:cb:5a:2c:62:fc:86:73:46:19:11:b7:ee:a6:11:6a:c2:
         70:c8:3b:f7:b4:04:ae:7c:c7:18:08:d1:9b:95:31:85:c5:c7:
         dd:10:43:9b:c1:8e:fc:21:bd:c6:be:f2:f0:06:15:be:23:c9:
         37:c8:be:32:6e:2b:22:a4:b5:a9:bd:bc:b8:58:7b:e5:fd:41:
         b6:6e:7e:eb:48:ce:75:ce:1f:31:57:46:16:9e:e2:88:1e:64:
         36:a9:ea:bc:a6:6f:a7:83:fc:5d:2c:78:33:a7:7e:a7:6b:4b:
         a6:01:e6:65:e8:a8:e2:1b:3d:29:ba:5c:dc:92:ad:80:98:80:
         91:ec:13:7f:a2:f2:15:0d:b6:cc:ed:19:86:56:b5:da:6d:ab:
         36:9b:2b:99:38:a2:35:90:2f:5b:e5:06:85:6d:cd:bc:3d:19:
         54:04:54:c5:bf:9a:96:f1:7d:f7:f3:c2:d3:90:33:81:72:7d:
         26:55:50:d5
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYe0PEZ4YqXRW2TGVWu/DVMJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNDI0MTcwNzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjlmMDQ5Y2M2YmRhZDQ2NzU4OGIwMzdjYzQ0ZmU5ZGE4OThiNDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3IBtCn2Uj2G+y0dBkn3zWEMk/b8q
PQJppba2eHG0XeOxRl5KMe5pM1sg76u9znW9IBenq/U4H3zexbZKMIc996DI60ho
4z7zJ3es9NQkP+VeqAohl0flQ8dCcJCHGh1w56Fw2chCYdWVYiQta/uLO1oDMoxm
G6qsIQtvcYiZLYbHoS7mIM3cNuiTEK08dUn9+5yuMvrobVJDTXq1uBkd9UJhC+Qm
ScCaFmQLYL2sFoQXyqiB8eHY+ksHbIqafsjhh62csMT5IjcfsqlcEK3fuqg4PyAW
7CmZCTgGQzPLT0m2ZdIGF5NEJtbTUl7Og9BvciZNi44tLXllxbdZ24xBgQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKufBJzGva1GdYiwN8xE/p2omLQBMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvcTU4RW5NYTlyVVoxaUxBM3pFVC1uYWlZdEFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAJZmEAwQA
LmauAwQAWSWAAwQAXrFxAwQAXrF2AwQAsN++MA0GCSqGSIb3DQEBCwUAA4IBAQAv
D+eII2+NrPUrI5hyA38vPU+KfiPBpmzSQWg30Nt2rPIzBmZ+K6cI2RMQnjLmOXfT
Sg9+qyhcuwpCDmnRCcxOmBD+baIdQD5/WstaLGL8hnNGGRG37qYRasJwyDv3tASu
fMcYCNGblTGFxcfdEEObwY78Ib3GvvLwBhW+I8k3yL4ybisipLWpvby4WHvl/UG2
bn7rSM51zh8xV0YWnuKIHmQ2qeq8pm+ng/xdLHgzp36na0umAeZl6KjiGz0pulzc
kq2AmICR7BN/ovIVDbbM7RmGVrXabas2myuZOKI1kC9b5QaFbc28PRlUBFTFv5qW
8X3388LTkDOBcn0mVVDV
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org