Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/1y_Agt6RWZ81Gh8Q4fM7CdV2VQM.roa
File:                     1y_Agt6RWZ81Gh8Q4fM7CdV2VQM.roa (raw, json)
Hash identifier:          yRglvUdYgBNz16onwZpn+EeTJrbbBqbHHJr1WxglRUo=
Subject key identifier:   D7:2F:C0:82:DE:91:59:9F:35:1A:1F:10:E1:F3:3B:09:D5:76:55:03
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0185727A2D6C4CEF6B822B72A8C115D7B39D
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/1y_Agt6RWZ81Gh8Q4fM7CdV2VQM.roa
Signing time:             Mon 02 Jan 2023 12:34:47 +0000
ROA not before:           Mon 02 Jan 2023 12:34:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9516
IP address blocks:        185.129.110.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:7a:2d:6c:4c:ef:6b:82:2b:72:a8:c1:15:d7:b3:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 12:34:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d72fc082de91599f351a1f10e1f33b09d5765503
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e8:74:9b:da:5d:4b:2e:5a:20:e1:b9:c9:96:
                    a7:9f:99:ab:c3:97:08:0b:f9:3d:d9:0b:39:85:f0:
                    03:87:7c:1e:bc:42:5d:4a:7a:51:06:90:de:20:71:
                    74:cd:42:00:6d:0f:55:9f:d0:90:2e:5b:9a:ab:38:
                    2d:df:65:0b:4b:0a:9c:6d:e5:72:f2:9b:40:80:fb:
                    ee:d5:ad:57:b7:87:df:00:7e:0b:92:06:02:bb:99:
                    be:96:55:ed:e0:7b:93:82:09:76:aa:64:92:2c:f2:
                    a3:c0:f5:87:56:8c:2a:9c:02:68:de:78:64:27:70:
                    6e:9b:38:fb:5e:2e:21:5e:94:4b:66:2a:c7:44:e1:
                    f9:9b:c8:09:27:62:3b:ef:3d:24:18:bb:b7:55:47:
                    11:e0:5a:d4:01:e6:7f:47:97:df:0a:f7:f7:fb:3f:
                    1b:03:09:8f:2f:00:78:f9:a4:fa:d7:6d:b8:9f:5d:
                    82:80:da:f2:2a:d4:ef:5f:2c:1f:86:70:54:49:0d:
                    49:7a:38:3f:b9:75:f9:cd:26:cd:24:40:db:c6:fc:
                    3e:67:73:9f:2c:4f:32:ab:ce:32:b2:bb:a0:e8:7d:
                    aa:f6:be:65:5e:62:5a:17:fa:29:18:f0:54:c8:9a:
                    08:c1:f1:68:3e:04:60:9d:87:ef:42:d9:98:e9:8c:
                    af:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:2F:C0:82:DE:91:59:9F:35:1A:1F:10:E1:F3:3B:09:D5:76:55:03
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/1y_Agt6RWZ81Gh8Q4fM7CdV2VQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:1c:e5:e7:cc:5d:da:8c:3b:c3:a4:80:a9:df:88:a2:b0:95:
         d1:f2:c0:f7:25:0d:6c:a2:af:90:69:b3:67:cd:77:0e:6c:42:
         89:96:27:6a:0b:b7:d5:08:1b:85:de:1a:59:46:eb:ff:37:8c:
         a5:b9:85:88:17:f3:0b:3b:3d:5f:7a:d1:d5:9e:d4:ad:f1:a5:
         3b:11:f0:1c:ad:89:17:6b:9c:92:3b:d1:e9:b7:83:2b:7a:59:
         cf:bf:75:2c:7b:9e:e7:60:01:c0:94:87:25:0e:ef:c8:d3:a4:
         1a:60:0b:fa:3d:9e:89:a4:ef:a0:1a:f7:3a:ee:5c:18:71:6a:
         1f:0b:fd:f2:22:c3:a1:c0:d1:ba:7f:74:66:f9:d9:56:d6:6c:
         dd:1d:bf:02:db:2a:70:40:8a:4b:5e:7c:e9:16:da:64:14:61:
         92:09:79:51:f3:fa:d8:9c:4c:1e:e0:b9:c6:ad:3e:d4:8b:8c:
         09:73:03:05:ba:1e:b4:69:e6:64:b9:07:81:c7:2b:c7:25:22:
         a5:19:3b:1a:a0:f2:d1:4e:93:d4:fe:3c:62:11:32:47:fb:53:
         58:82:43:dd:06:a7:f2:30:dc:25:a5:e8:60:eb:1b:76:04:b6:
         80:1f:57:26:14:7d:e3:fe:6e:43:c3:a7:19:e2:4f:00:db:be:
         40:b3:2c:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVyei1sTO9rgityqMEV17OdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMTAyMTIzNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzJmYzA4MmRlOTE1OTlmMzUxYTFmMTBlMWYzM2IwOWQ1NzY1NTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgeh0m9pdSy5aIOG5yZann5mrw5cI
C/k92Qs5hfADh3wevEJdSnpRBpDeIHF0zUIAbQ9Vn9CQLluaqzgt32ULSwqcbeVy
8ptAgPvu1a1Xt4ffAH4LkgYCu5m+llXt4HuTggl2qmSSLPKjwPWHVowqnAJo3nhk
J3Bumzj7Xi4hXpRLZirHROH5m8gJJ2I77z0kGLu3VUcR4FrUAeZ/R5ffCvf3+z8b
AwmPLwB4+aT61224n12CgNryKtTvXywfhnBUSQ1Jejg/uXX5zSbNJEDbxvw+Z3Of
LE8yq84ysrug6H2q9r5lXmJaF/opGPBUyJoIwfFoPgRgnYfvQtmY6YyvKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcvwILekVmfNRofEOHzOwnVdlUDMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvMXlfQWd0NlJXWjgxR2g4UTRmTTdDZFYyVlFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYFuMA0G
CSqGSIb3DQEBCwUAA4IBAQCFHOXnzF3ajDvDpICp34iisJXR8sD3JQ1soq+QabNn
zXcObEKJlidqC7fVCBuF3hpZRuv/N4yluYWIF/MLOz1fetHVntSt8aU7EfAcrYkX
a5ySO9Hpt4MrelnPv3Use57nYAHAlIclDu/I06QaYAv6PZ6JpO+gGvc67lwYcWof
C/3yIsOhwNG6f3Rm+dlW1mzdHb8C2ypwQIpLXnzpFtpkFGGSCXlR8/rYnEwe4LnG
rT7Ui4wJcwMFuh60aeZkuQeBxyvHJSKlGTsaoPLRTpPU/jxiETJH+1NYgkPdBqfy
MNwlpehg6xt2BLaAH1cmFH3j/m5Dw6cZ4k8A275Asyw+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:15 2024 by rpki-client on console-ams.rpki-client.org