Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/QEVV88brj1wa97tSfWSnjCZRRfI.roa
File:                     QEVV88brj1wa97tSfWSnjCZRRfI.roa (raw, json)
Hash identifier:          RmaPt01+r2uqG9QQbZFAlxkV6FYpuWN5DxCYLcJQ3Xg=
Subject key identifier:   40:45:55:F3:C6:EB:8F:5C:1A:F7:BB:52:7D:64:A7:8C:26:51:45:F2
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0185727A305908579A4F7D840E9A2131A97F
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/QEVV88brj1wa97tSfWSnjCZRRfI.roa
Signing time:             Mon 02 Jan 2023 12:34:48 +0000
ROA not before:           Mon 02 Jan 2023 12:34:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     22773
IP address blocks:        185.151.236.0/22 maxlen: 24
                          159.255.32.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:7a:30:59:08:57:9a:4f:7d:84:0e:9a:21:31:a9:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 12:34:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=404555f3c6eb8f5c1af7bb527d64a78c265145f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:8f:03:78:e5:04:56:2a:5b:40:76:7e:b8:87:
                    9b:9f:e5:af:89:7d:93:23:5c:36:df:1e:61:a9:0e:
                    50:f5:8b:fd:68:f6:5a:82:a6:43:24:59:a0:0b:28:
                    a4:9d:4b:a6:6e:1f:9f:1b:b2:a5:f1:cf:ed:b0:60:
                    eb:ee:99:da:dc:00:9a:b2:ce:b8:e6:a1:67:ad:a4:
                    a2:c9:14:6e:b8:5e:f8:b3:fd:f2:18:4c:55:71:38:
                    d7:15:80:57:2d:99:ad:14:e1:2b:17:93:a3:b1:d7:
                    a9:02:14:8b:d6:15:b7:7c:a5:ce:1b:b2:f6:60:53:
                    41:4a:01:9f:94:26:d4:51:07:40:fc:76:06:72:79:
                    4f:fe:31:f9:99:93:5b:92:c1:d6:8e:24:52:aa:88:
                    0f:84:f7:47:08:d8:b9:8b:96:04:4f:ed:c0:d9:b0:
                    09:b9:5a:f6:41:f7:9f:be:54:0b:8b:7c:c6:42:b6:
                    45:84:f8:c7:b4:24:1b:7d:d2:6b:a2:9f:7d:48:00:
                    56:d2:37:8d:9c:c0:fb:b7:21:c7:ac:b3:4e:92:5d:
                    20:42:ec:93:31:8f:4c:ee:c6:c9:9c:44:29:30:5b:
                    1d:bb:5e:3b:27:4f:29:8e:97:ce:d6:d3:55:d8:25:
                    71:a2:22:c6:62:f7:d0:f6:de:72:8a:95:51:4b:95:
                    f0:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:45:55:F3:C6:EB:8F:5C:1A:F7:BB:52:7D:64:A7:8C:26:51:45:F2
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/QEVV88brj1wa97tSfWSnjCZRRfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.255.32.0/21
                  185.151.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:b5:ee:da:12:d9:69:78:fd:62:9a:5e:e2:2f:ab:85:2b:c6:
         84:2c:fc:be:5f:e4:ca:ba:a8:bd:c2:fd:0e:d6:2c:ed:c2:9e:
         af:d4:03:4f:c7:79:44:f4:35:b4:66:18:19:64:d1:72:a4:3c:
         4a:fe:19:ce:c2:b0:57:8b:31:1a:cf:00:d2:0d:f7:d8:3e:f4:
         9b:95:40:bd:de:7f:ff:fe:fc:98:bb:ca:2d:13:95:2e:57:11:
         b6:86:ae:e4:fc:9d:62:88:bb:a0:c5:28:f7:1c:ba:6e:e4:50:
         a8:a0:d2:d8:ce:03:13:5a:2c:28:f4:79:7d:7a:b3:83:e1:8e:
         3a:b0:f0:c2:c9:6a:a2:51:e2:4d:d6:a4:35:45:a8:7d:54:8e:
         0a:85:e0:e3:39:05:a0:17:d2:47:d9:39:01:c2:b1:69:d8:eb:
         e1:1d:56:1f:0e:f0:c9:f7:aa:a5:bb:dd:b5:f8:b3:fe:b7:23:
         e4:0d:8f:03:aa:df:b4:8a:01:4f:82:09:2a:f3:8c:70:80:24:
         b2:96:57:00:f7:24:35:8d:78:fc:ff:a8:2a:59:9b:70:44:8c:
         f7:44:84:2a:6f:f5:1e:a4:8d:a1:84:5b:7d:13:73:8b:ee:20:
         20:ce:7d:ed:83:cf:64:2b:5d:1a:7b:5f:8f:18:75:93:d3:de:
         9c:81:36:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVyejBZCFeaT32EDpohMal/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMTAyMTIzNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDQ1NTVmM2M2ZWI4ZjVjMWFmN2JiNTI3ZDY0YTc4YzI2NTE0NWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg48DeOUEVipbQHZ+uIebn+WviX2T
I1w23x5hqQ5Q9Yv9aPZagqZDJFmgCyiknUumbh+fG7Kl8c/tsGDr7pna3ACass64
5qFnraSiyRRuuF74s/3yGExVcTjXFYBXLZmtFOErF5OjsdepAhSL1hW3fKXOG7L2
YFNBSgGflCbUUQdA/HYGcnlP/jH5mZNbksHWjiRSqogPhPdHCNi5i5YET+3A2bAJ
uVr2QfefvlQLi3zGQrZFhPjHtCQbfdJrop99SABW0jeNnMD7tyHHrLNOkl0gQuyT
MY9M7sbJnEQpMFsdu147J08pjpfO1tNV2CVxoiLGYvfQ9t5yipVRS5Xw0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEBFVfPG649cGve7Un1kp4wmUUXyMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvUUVWVjg4YnJqMXdhOTd0U2ZXU25qQ1pSUmZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDn/8gAwQC
uZfsMA0GCSqGSIb3DQEBCwUAA4IBAQChte7aEtlpeP1iml7iL6uFK8aELPy+X+TK
uqi9wv0O1iztwp6v1ANPx3lE9DW0ZhgZZNFypDxK/hnOwrBXizEazwDSDffYPvSb
lUC93n///vyYu8otE5UuVxG2hq7k/J1iiLugxSj3HLpu5FCooNLYzgMTWiwo9Hl9
erOD4Y46sPDCyWqiUeJN1qQ1Rah9VI4KheDjOQWgF9JH2TkBwrFp2OvhHVYfDvDJ
96qlu921+LP+tyPkDY8Dqt+0igFPggkq84xwgCSyllcA9yQ1jXj8/6gqWZtwRIz3
RIQqb/UepI2hhFt9E3OL7iAgzn3tg89kK10ae1+PGHWT096cgTY+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:35 2024 by rpki-client on console-fra.rpki-client.org