Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/_342F7JfiWSg2Xc9B0gwWIZv3Ao.roa
File:                     _342F7JfiWSg2Xc9B0gwWIZv3Ao.roa (raw, json)
Hash identifier:          ASuqFf2aBK/3RpgFLBUSC6166kZTzaFT2jB9yWZPhto=
Subject key identifier:   FF:7E:36:17:B2:5F:89:64:A0:D9:77:3D:07:48:30:58:86:6F:DC:0A
Certificate issuer:       /CN=fe0c9f30e3b46d50b8d1bf79b9d1db84f25134ba
Certificate serial:       01857015350C19F70DDDE03DFE508B0CB048
Authority key identifier: FE:0C:9F:30:E3:B4:6D:50:B8:D1:BF:79:B9:D1:DB:84:F2:51:34:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_gyfMOO0bVC40b95udHbhPJRNLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/_342F7JfiWSg2Xc9B0gwWIZv3Ao.roa
Signing time:             Mon 02 Jan 2023 01:25:16 +0000
ROA not before:           Mon 02 Jan 2023 01:25:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210030
IP address blocks:        193.26.121.0/24 maxlen: 24
                          193.26.14.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:15:35:0c:19:f7:0d:dd:e0:3d:fe:50:8b:0c:b0:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe0c9f30e3b46d50b8d1bf79b9d1db84f25134ba
        Validity
            Not Before: Jan  2 01:25:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ff7e3617b25f8964a0d9773d07483058866fdc0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:37:57:cd:4a:7d:e2:d3:45:e5:a5:61:c4:ea:
                    b8:4a:ed:f0:ce:cc:bf:dd:f4:3e:94:39:33:1a:f6:
                    4f:56:50:20:0a:19:a7:bf:4e:37:b8:e0:b2:5f:5e:
                    67:00:0e:7b:5b:f6:a6:b7:43:8a:c2:0c:d3:37:1c:
                    06:eb:7e:53:8f:a2:8e:95:e3:8b:48:3f:08:f4:c0:
                    da:1d:9d:c8:0f:2f:c3:d4:08:89:c3:4a:cd:36:d4:
                    f6:f9:d0:db:27:0b:af:5c:35:da:6e:15:33:dd:cd:
                    90:e5:c5:ec:25:e6:c1:89:8c:83:15:21:88:22:5b:
                    96:7d:62:ca:63:74:c3:3a:aa:c4:72:f7:18:d2:3d:
                    5b:7e:70:df:65:d9:6d:c5:b3:0e:ce:11:a6:c1:97:
                    da:98:0f:19:31:24:fd:b2:cd:c7:ca:3a:10:75:7a:
                    24:d6:58:8e:96:bd:f3:ca:de:96:e8:fd:56:34:8c:
                    eb:7b:ca:ac:82:69:63:a8:a1:9e:31:f6:4a:fb:54:
                    42:3c:8f:92:20:37:f8:7e:31:ce:3b:53:01:a3:72:
                    2c:59:71:37:c8:71:09:e8:6f:9c:bc:63:c7:e8:45:
                    96:f1:23:23:50:be:0f:19:05:b7:07:1e:4e:94:50:
                    f6:9b:40:74:50:15:ac:0f:7f:80:ba:94:44:bf:4c:
                    9e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:7E:36:17:B2:5F:89:64:A0:D9:77:3D:07:48:30:58:86:6F:DC:0A
            X509v3 Authority Key Identifier:
                keyid:FE:0C:9F:30:E3:B4:6D:50:B8:D1:BF:79:B9:D1:DB:84:F2:51:34:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_gyfMOO0bVC40b95udHbhPJRNLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/_342F7JfiWSg2Xc9B0gwWIZv3Ao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/_gyfMOO0bVC40b95udHbhPJRNLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.14.0/24
                  193.26.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:88:0f:22:53:bd:97:e1:cf:af:db:a3:cd:0e:c4:56:a0:fb:
         c1:3a:c0:57:b3:e5:aa:0f:8c:d1:ca:36:66:f7:58:ff:b0:55:
         20:ec:02:0a:35:83:88:c9:bc:7b:42:ff:13:68:3f:8e:fa:ae:
         0c:c9:86:28:f5:f5:f3:80:0b:8c:af:ae:75:b5:20:60:56:d3:
         3a:71:29:33:55:32:25:af:2e:e1:94:b5:20:bd:23:9f:cb:6b:
         e9:be:a0:61:6d:0c:af:72:36:bf:c7:3c:21:20:11:0b:74:82:
         6b:88:ac:17:a4:3b:e3:e6:d9:1b:f8:ce:13:dc:62:39:26:f6:
         7c:7d:a8:b5:b3:c7:4c:bc:59:f2:87:a5:10:05:fe:7f:42:da:
         94:ff:86:20:51:3a:9a:21:69:c9:36:db:cd:52:17:a3:83:e2:
         dc:e1:89:f3:72:5e:da:56:ea:61:ad:63:a8:44:d6:e6:c9:a5:
         7d:77:2c:18:54:04:2b:ee:67:2d:e8:81:24:8c:b8:b4:c3:ff:
         5f:3d:55:88:a5:26:20:3e:cb:b0:1b:90:84:58:19:5f:ad:b2:
         20:a2:23:e4:8b:5a:2b:6c:69:c1:23:cb:51:b2:1a:b8:ae:70:
         1c:d5:86:54:0a:54:04:5e:c3:51:c2:e3:91:1b:73:75:70:3f:
         d1:bf:03:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVwFTUMGfcN3eA9/lCLDLBIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMGM5ZjMwZTNiNDZkNTBiOGQxYmY3OWI5ZDFkYjg0ZjI1
MTM0YmEwHhcNMjMwMTAyMDEyNTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjdlMzYxN2IyNWY4OTY0YTBkOTc3M2QwNzQ4MzA1ODg2NmZkYzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDdXzUp94tNF5aVhxOq4Su3wzsy/
3fQ+lDkzGvZPVlAgChmnv043uOCyX15nAA57W/amt0OKwgzTNxwG635Tj6KOleOL
SD8I9MDaHZ3IDy/D1AiJw0rNNtT2+dDbJwuvXDXabhUz3c2Q5cXsJebBiYyDFSGI
IluWfWLKY3TDOqrEcvcY0j1bfnDfZdltxbMOzhGmwZfamA8ZMST9ss3HyjoQdXok
1liOlr3zyt6W6P1WNIzre8qsgmljqKGeMfZK+1RCPI+SIDf4fjHOO1MBo3IsWXE3
yHEJ6G+cvGPH6EWW8SMjUL4PGQW3Bx5OlFD2m0B0UBWsD3+AupREv0ye7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP9+NheyX4lkoNl3PQdIMFiGb9wKMB8GA1UdIwQY
MBaAFP4MnzDjtG1QuNG/ebnR24TyUTS6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2d5Zk1PTzBiVkM0MGI5NXVkSGJoUEpSTkxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9iOWVkNmMtZThjNS00MzFlLWIxODgt
ZjUyMDBmNTQ5Mzc3LzEvXzM0MkY3SmZpV1NnMlhjOUIwZ3dXSVp2M0FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9iOWVkNmMtZThjNS00MzFlLWIxODgtZjUyMDBmNTQ5Mzc3
LzEvX2d5Zk1PTzBiVkM0MGI5NXVkSGJoUEpSTkxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRoOAwQA
wRp5MA0GCSqGSIb3DQEBCwUAA4IBAQCciA8iU72X4c+v26PNDsRWoPvBOsBXs+Wq
D4zRyjZm91j/sFUg7AIKNYOIybx7Qv8TaD+O+q4MyYYo9fXzgAuMr651tSBgVtM6
cSkzVTIlry7hlLUgvSOfy2vpvqBhbQyvcja/xzwhIBELdIJriKwXpDvj5tkb+M4T
3GI5JvZ8fai1s8dMvFnyh6UQBf5/QtqU/4YgUTqaIWnJNtvNUhejg+Lc4Ynzcl7a
VuphrWOoRNbmyaV9dywYVAQr7mct6IEkjLi0w/9fPVWIpSYgPsuwG5CEWBlfrbIg
oiPki1orbGnBI8tRshq4rnAc1YZUClQEXsNRwuORG3N1cD/RvwNS
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:55 2024 by rpki-client on console-fra.rpki-client.org