Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/qYgwntAREoEUusFTifQ1UCQmQus.roa
File:                     qYgwntAREoEUusFTifQ1UCQmQus.roa (raw, json)
Hash identifier:          ZrOQmi3UwLCtUx2aaVOBJQoNIVJLm+XIpIseRu5PemY=
Subject key identifier:   A9:88:30:9E:D0:11:12:81:14:BA:C1:53:89:F4:35:50:24:26:42:EB
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0189F992B3BF05F72C19E1FA9B7EC0B682E4
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/qYgwntAREoEUusFTifQ1UCQmQus.roa
Signing time:             Tue 15 Aug 2023 14:21:28 +0000
ROA not before:           Tue 15 Aug 2023 14:21:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     31732
IP address blocks:        5.34.216.0/21 maxlen: 21
                          188.209.155.0/24 maxlen: 24
                          185.151.236.0/22 maxlen: 24
                          188.253.8.0/21 maxlen: 24
                          188.253.12.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:f9:92:b3:bf:05:f7:2c:19:e1:fa:9b:7e:c0:b6:82:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Aug 15 14:21:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a988309ed011128114bac15389f43550242642eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:87:dc:55:ea:8a:dd:b1:14:43:f3:d6:a8:c9:
                    0e:66:b1:2b:71:c8:9c:32:44:6f:b4:81:31:43:2f:
                    ad:92:03:f5:73:79:f3:64:ed:0f:3e:90:58:49:18:
                    b5:dd:bb:55:9c:8e:76:65:e2:c5:5b:1c:c0:a4:2f:
                    04:56:40:64:10:b3:10:47:62:ef:6b:0b:5b:03:a8:
                    d6:3f:d3:b3:4b:7a:55:2e:f3:3e:34:f3:fb:7d:40:
                    b7:6d:8d:4e:27:28:02:30:ba:5f:2f:14:ad:c9:92:
                    3d:10:41:49:dd:14:fd:ed:3c:a0:42:ea:f4:14:fa:
                    d5:09:c4:f0:ea:be:06:3c:a4:e5:26:6c:f0:69:18:
                    e3:00:17:43:34:d2:b5:56:d1:f8:8c:70:d1:f6:b1:
                    33:95:eb:2c:05:e4:fb:a9:0a:86:b8:15:ab:ce:67:
                    67:47:eb:2d:b1:d5:1a:45:3d:8b:a0:63:32:21:cb:
                    0c:06:d1:69:0f:d5:99:cb:be:8f:eb:29:13:f6:80:
                    d8:fa:e4:48:e4:13:e5:b6:a7:78:2d:e1:3d:7d:2f:
                    16:11:6a:8a:ef:7a:b6:7f:bb:92:b7:0e:fc:4d:33:
                    df:ce:14:b1:ef:f4:9a:ea:0a:b6:a4:0e:0a:50:0b:
                    d0:2b:c1:b3:73:98:64:c1:3f:1f:c2:a8:e6:42:9a:
                    a7:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:88:30:9E:D0:11:12:81:14:BA:C1:53:89:F4:35:50:24:26:42:EB
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/qYgwntAREoEUusFTifQ1UCQmQus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.216.0/21
                  185.151.236.0/22
                  188.209.155.0/24
                  188.253.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2b:29:f3:9c:f6:87:c8:7d:79:24:01:1d:89:6d:47:43:48:b6:
         4b:c0:4a:0a:2a:34:92:5a:95:36:1b:50:f6:39:49:d5:b9:5f:
         73:d9:e7:35:81:37:9b:20:57:b8:73:29:fc:13:ee:32:d6:4e:
         36:ba:f6:49:47:fa:ff:22:39:a1:b1:d2:2b:32:20:8c:89:4e:
         66:5c:70:a0:58:f4:08:ed:6b:04:1e:40:79:1c:af:bf:0f:af:
         dc:0c:8a:9d:8f:fc:ac:27:e4:19:fd:89:5a:95:af:f5:a5:d3:
         fe:0b:31:93:9c:3c:f9:70:6b:57:0d:9e:3c:7d:b9:95:03:df:
         77:10:66:d6:1d:bd:d8:a1:03:d2:87:6e:e8:40:b8:00:da:5e:
         64:2b:fd:dd:86:e7:d0:96:ff:84:f3:eb:bb:33:0c:09:fc:7a:
         85:a0:1d:32:0b:a4:ba:70:fa:6e:8c:62:8c:a2:6e:b6:63:fd:
         a4:83:b4:14:c3:da:8e:e5:f6:d2:c5:01:46:41:3a:04:67:d9:
         4c:ff:9b:62:2d:bc:20:4b:01:69:92:80:fc:d8:53:0f:f2:1a:
         ca:a7:9a:8d:76:5f:64:a1:5c:84:e1:04:4f:b7:b6:36:61:26:
         6c:2b:a0:b4:cd:f7:fd:c8:d3:1f:a2:0d:ad:4f:1c:ab:7f:8e:
         cf:44:91:94
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYn5krO/BfcsGeH6m37AtoLkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwODE1MTQyMTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTg4MzA5ZWQwMTExMjgxMTRiYWMxNTM4OWY0MzU1MDI0MjY0MmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnofcVeqK3bEUQ/PWqMkOZrErccic
MkRvtIExQy+tkgP1c3nzZO0PPpBYSRi13btVnI52ZeLFWxzApC8EVkBkELMQR2Lv
awtbA6jWP9OzS3pVLvM+NPP7fUC3bY1OJygCMLpfLxStyZI9EEFJ3RT97TygQur0
FPrVCcTw6r4GPKTlJmzwaRjjABdDNNK1VtH4jHDR9rEzlessBeT7qQqGuBWrzmdn
R+stsdUaRT2LoGMyIcsMBtFpD9WZy76P6ykT9oDY+uRI5BPltqd4LeE9fS8WEWqK
73q2f7uStw78TTPfzhSx7/Sa6gq2pA4KUAvQK8Gzc5hkwT8fwqjmQpqnWQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKmIMJ7QERKBFLrBU4n0NVAkJkLrMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvcVlnd250QVJFb0VVdXNGVGlmUTFVQ1FtUXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDBSLYAwQC
uZfsAwQAvNGbAwQDvP0IMA0GCSqGSIb3DQEBCwUAA4IBAQArKfOc9ofIfXkkAR2J
bUdDSLZLwEoKKjSSWpU2G1D2OUnVuV9z2ec1gTebIFe4cyn8E+4y1k42uvZJR/r/
IjmhsdIrMiCMiU5mXHCgWPQI7WsEHkB5HK+/D6/cDIqdj/ysJ+QZ/Ylala/1pdP+
CzGTnDz5cGtXDZ48fbmVA993EGbWHb3YoQPSh27oQLgA2l5kK/3dhufQlv+E8+u7
MwwJ/HqFoB0yC6S6cPpujGKMom62Y/2kg7QUw9qO5fbSxQFGQToEZ9lM/5tiLbwg
SwFpkoD82FMP8hrKp5qNdl9koVyE4QRPt7Y2YSZsK6C0zff9yNMfog2tTxyrf47P
RJGU
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org