Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/AS5tjz7-t9lavn7ge4UzAESoUJY.roa
File:                     AS5tjz7-t9lavn7ge4UzAESoUJY.roa (raw, json)
Hash identifier:          wxaGD44DrkQ45WkHnWNV/6XsQuLatwrJTNRr1CBc/LU=
Subject key identifier:   01:2E:6D:8F:3E:FE:B7:D9:5A:BE:7E:E0:7B:85:33:00:44:A8:50:96
Certificate issuer:       /CN=892f3ff3c0a1ffb3af20f5b95e8cb64c88043f39
Certificate serial:       0197EE0621C00B00EDEF9BDDE556E4ED8577
Authority key identifier: 89:2F:3F:F3:C0:A1:FF:B3:AF:20:F5:B9:5E:8C:B6:4C:88:04:3F:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/AS5tjz7-t9lavn7ge4UzAESoUJY.roa
Signing time:             Wed 09 Jul 2025 07:11:08 +0000
ROA not before:           Wed 09 Jul 2025 07:11:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207059
IP address blocks:        151.216.46.0/24 maxlen: 24
                          2a07:bf80::/32 maxlen: 48
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:06:21:c0:0b:00:ed:ef:9b:dd:e5:56:e4:ed:85:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=892f3ff3c0a1ffb3af20f5b95e8cb64c88043f39
        Validity
            Not Before: Jul  9 07:11:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=012e6d8f3efeb7d95abe7ee07b85330044a85096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c1:91:2c:18:f5:c5:8c:ac:a2:d2:f6:03:55:
                    0a:19:df:0a:de:f4:96:73:e5:16:11:17:7e:61:e0:
                    ff:16:11:94:79:f1:02:8c:60:74:2d:e1:81:fe:f7:
                    64:bc:07:92:6c:65:9d:f2:87:78:cd:36:49:13:35:
                    b5:cc:4b:db:3b:1d:4f:19:11:57:46:26:ef:77:e6:
                    f6:27:f6:b8:63:a6:b9:d8:dc:6d:b9:c6:d6:aa:9c:
                    f1:cc:63:50:12:a0:ed:a9:6a:f3:17:ad:a1:eb:ad:
                    37:6e:91:67:e6:4d:5e:35:db:4d:31:15:1e:99:b4:
                    e1:b3:fb:3a:8c:ae:53:32:79:4d:3f:f2:e8:76:9b:
                    f9:61:4e:71:67:bc:8b:f9:13:d6:4a:60:a7:0e:2f:
                    15:75:99:37:9c:23:bf:f3:35:c1:6a:2e:a0:72:93:
                    04:02:a3:e4:27:c6:aa:d7:80:e7:6e:3f:0c:81:ec:
                    79:6b:e2:c8:c9:fb:1b:e6:fc:09:38:e8:28:42:f1:
                    a7:ca:2b:be:a0:49:b3:b1:11:a5:f2:c3:67:ce:16:
                    e0:2c:23:f5:4f:db:f4:1b:90:87:40:8c:4e:01:23:
                    e9:77:8b:76:09:3e:ae:31:a4:87:ef:4d:d7:52:f2:
                    1a:eb:13:9a:87:96:9b:4e:33:c1:38:35:5a:5f:c4:
                    10:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:2E:6D:8F:3E:FE:B7:D9:5A:BE:7E:E0:7B:85:33:00:44:A8:50:96
            X509v3 Authority Key Identifier:
                keyid:89:2F:3F:F3:C0:A1:FF:B3:AF:20:F5:B9:5E:8C:B6:4C:88:04:3F:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/AS5tjz7-t9lavn7ge4UzAESoUJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.216.46.0/24
                IPv6:
                  2a07:bf80::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:ab:60:0e:29:4c:a3:6f:0d:13:19:d3:b6:bb:15:8c:1b:89:
         7d:f7:66:f6:11:98:fd:f4:90:e1:e4:20:37:47:93:5c:dc:62:
         27:6c:c8:86:3e:3c:99:e9:0a:56:52:7e:91:55:99:b8:61:01:
         c9:13:50:a4:f3:88:b4:92:45:a6:63:56:0d:2b:3c:63:b5:43:
         66:33:79:f3:38:d7:a7:0f:48:4b:cf:41:7d:fb:20:43:11:56:
         5a:90:2b:fa:7c:89:75:90:11:92:15:24:d3:d4:8b:28:19:99:
         f2:46:92:d3:77:71:5d:85:dd:34:60:a2:47:5d:7a:62:32:d1:
         42:0e:48:66:f2:55:2b:0b:6e:fc:70:60:c6:ef:5a:26:7f:63:
         38:46:0a:6f:7e:60:97:bc:c0:73:0b:2e:81:5a:0d:82:61:cd:
         03:06:9f:6c:42:51:44:d7:a6:53:a8:3f:72:0c:6f:e5:38:bf:
         e9:9d:0c:b5:1d:77:7a:a2:66:88:e4:61:f0:e8:17:8d:61:12:
         0c:25:c1:d6:3b:aa:0c:11:fe:fa:54:25:ee:9e:c3:e7:68:01:
         1b:a2:5a:3e:67:7a:b6:c2:82:56:19:a0:bc:ca:6f:b4:a5:8e:
         ff:63:1c:64:ef:ed:2e:5d:08:8c:ca:07:09:19:83:ab:39:1e:
         0b:26:27:ba
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZfuBiHACwDt75vd5Vbk7YV3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MmYzZmYzYzBhMWZmYjNhZjIwZjViOTVlOGNiNjRjODgw
NDNmMzkwHhcNMjUwNzA5MDcxMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTJlNmQ4ZjNlZmViN2Q5NWFiZTdlZTA3Yjg1MzMwMDQ0YTg1MDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MGRLBj1xYysotL2A1UKGd8K3vSW
c+UWERd+YeD/FhGUefECjGB0LeGB/vdkvAeSbGWd8od4zTZJEzW1zEvbOx1PGRFX
Ribvd+b2J/a4Y6a52NxtucbWqpzxzGNQEqDtqWrzF62h6603bpFn5k1eNdtNMRUe
mbThs/s6jK5TMnlNP/Lodpv5YU5xZ7yL+RPWSmCnDi8VdZk3nCO/8zXBai6gcpME
AqPkJ8aq14Dnbj8Mgex5a+LIyfsb5vwJOOgoQvGnyiu+oEmzsRGl8sNnzhbgLCP1
T9v0G5CHQIxOASPpd4t2CT6uMaSH703XUvIa6xOah5abTjPBODVaX8QQ+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAEubY8+/rfZWr5+4HuFMwBEqFCWMB8GA1UdIwQY
MBaAFIkvP/PAof+zryD1uV6MtkyIBD85MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVM4Xzg4Q2hfN092SVBXNVhveTJUSWdFUHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81ZDJhZjctMzgyYi00ZGQ2LWE4YjQt
ZjkyMWRiNzViZGY5LzEvQVM1dGp6Ny10OWxhdm43Z2U0VXpBRVNvVUpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81ZDJhZjctMzgyYi00ZGQ2LWE4YjQtZjkyMWRiNzViZGY5
LzEvaVM4Xzg4Q2hfN092SVBXNVhveTJUSWdFUHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAl9guMA0E
AgACMAcDBQAqB7+AMA0GCSqGSIb3DQEBCwUAA4IBAQB2q2AOKUyjbw0TGdO2uxWM
G4l992b2EZj99JDh5CA3R5Nc3GInbMiGPjyZ6QpWUn6RVZm4YQHJE1Ck84i0kkWm
Y1YNKzxjtUNmM3nzONenD0hLz0F9+yBDEVZakCv6fIl1kBGSFSTT1IsoGZnyRpLT
d3Fdhd00YKJHXXpiMtFCDkhm8lUrC278cGDG71omf2M4RgpvfmCXvMBzCy6BWg2C
Yc0DBp9sQlFE16ZTqD9yDG/lOL/pnQy1HXd6omaI5GHw6BeNYRIMJcHWO6oMEf76
VCXunsPnaAEbolo+Z3q2woJWGaC8ym+0pY7/Yxxk7+0uXQiMygcJGYOrOR4LJie6
-----END CERTIFICATE-----
Generated at Mon Jul 21 03:13:58 2025 by rpki-client