Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/jaothVNahXji7IqGD32EJK2pWEw.roa
File:                     jaothVNahXji7IqGD32EJK2pWEw.roa (raw, json)
Hash identifier:          3h+9zhP83EGT6VmoDQMT59iwP2ibZx34CK6etUs9uVA=
Subject key identifier:   8D:AA:2D:85:53:5A:85:78:E2:EC:8A:86:0F:7D:84:24:AD:A9:58:4C
Certificate issuer:       /CN=fe0c9f30e3b46d50b8d1bf79b9d1db84f25134ba
Certificate serial:       018452CD30E63362A207174D74EB959D07B6
Authority key identifier: FE:0C:9F:30:E3:B4:6D:50:B8:D1:BF:79:B9:D1:DB:84:F2:51:34:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_gyfMOO0bVC40b95udHbhPJRNLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/jaothVNahXji7IqGD32EJK2pWEw.roa
Signing time:             Mon 07 Nov 2022 15:54:49 +0000
ROA not before:           Mon 07 Nov 2022 15:54:49 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209730
IP address blocks:        193.26.121.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:52:cd:30:e6:33:62:a2:07:17:4d:74:eb:95:9d:07:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe0c9f30e3b46d50b8d1bf79b9d1db84f25134ba
        Validity
            Not Before: Nov  7 15:54:49 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8daa2d85535a8578e2ec8a860f7d8424ada9584c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d4:0d:44:a0:74:82:30:55:91:5c:6b:78:96:
                    01:6b:5b:f5:df:4d:44:1b:07:9e:dd:16:72:12:7d:
                    9b:db:89:d5:ba:ff:ee:dd:9d:22:65:7f:91:6f:87:
                    91:ea:7e:a1:95:d9:9b:ee:c1:f4:2a:28:90:69:b2:
                    19:c8:72:85:0b:e6:14:ac:4d:74:49:68:3b:db:ed:
                    e8:9c:a1:36:c8:f4:60:d7:15:4a:b8:49:db:1e:24:
                    77:81:45:41:ac:be:40:00:73:7f:19:0f:33:db:54:
                    68:77:15:b6:f8:e3:1b:23:99:0a:a0:7c:fe:84:b4:
                    f6:2b:50:64:bf:a2:0b:68:d6:93:cc:ad:f8:95:60:
                    3c:65:46:1e:b8:4d:e0:82:a7:3b:50:b3:58:0d:5c:
                    53:93:5c:0f:3a:ae:8f:0e:0d:5f:20:2f:ad:eb:47:
                    6d:da:27:e0:cd:d2:a3:62:9e:20:2e:96:9d:68:88:
                    af:1e:bb:ab:fe:ab:dc:4f:24:03:73:46:6c:74:d0:
                    cf:4f:7d:78:2c:e9:ab:ca:5b:e7:40:48:e9:89:8d:
                    89:53:5a:60:79:91:23:01:9d:da:b7:a0:4f:a1:59:
                    53:47:2d:7d:17:a4:88:15:51:60:4b:db:d7:c6:71:
                    62:93:6d:0d:23:72:eb:4b:2b:28:4c:aa:47:1a:5c:
                    3d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:AA:2D:85:53:5A:85:78:E2:EC:8A:86:0F:7D:84:24:AD:A9:58:4C
            X509v3 Authority Key Identifier:
                keyid:FE:0C:9F:30:E3:B4:6D:50:B8:D1:BF:79:B9:D1:DB:84:F2:51:34:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_gyfMOO0bVC40b95udHbhPJRNLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/jaothVNahXji7IqGD32EJK2pWEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/b9ed6c-e8c5-431e-b188-f5200f549377/1/_gyfMOO0bVC40b95udHbhPJRNLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:6d:a6:e1:76:97:e6:e7:3e:4a:46:46:b4:5c:aa:c4:a7:00:
         5d:06:cd:e7:fd:58:1f:6f:c3:19:0d:55:ac:1a:8d:25:54:66:
         9e:b0:4a:d9:d6:c5:fc:c2:04:fa:39:54:26:13:0d:6e:e6:19:
         e7:41:a8:74:61:aa:b1:eb:0e:45:ed:fa:23:c9:1c:a7:5a:67:
         47:e0:72:b3:10:00:14:ac:09:7b:37:57:54:d3:f1:33:8a:1c:
         53:9a:8a:b3:97:e9:2e:79:53:25:47:e5:61:72:c8:3a:dd:bf:
         f9:7a:08:86:98:a1:60:e3:48:3d:92:54:c9:cd:c2:cf:26:fd:
         7f:e1:f2:d6:73:52:e7:06:4a:78:29:1b:c8:d8:2f:a9:7d:ea:
         fe:aa:b1:1b:17:47:8d:b7:92:db:88:c8:58:22:13:72:56:27:
         c8:41:8b:25:88:36:cc:62:45:6a:40:a4:67:32:92:9a:1d:57:
         22:ed:bb:d5:4e:ed:48:95:4c:04:0f:70:91:0e:ee:7a:85:aa:
         0a:88:88:62:89:c1:68:b3:d4:1e:3d:54:86:17:91:f2:6b:cc:
         5f:8e:e7:1f:88:6e:66:9c:a0:9e:3e:94:03:69:4f:28:cb:c0:
         44:77:01:c9:06:d4:ca:b1:bd:02:40:5a:b6:c7:a2:95:0f:dc:
         29:24:42:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYRSzTDmM2KiBxdNdOuVnQe2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMGM5ZjMwZTNiNDZkNTBiOGQxYmY3OWI5ZDFkYjg0ZjI1
MTM0YmEwHhcNMjIxMTA3MTU1NDQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGFhMmQ4NTUzNWE4NTc4ZTJlYzhhODYwZjdkODQyNGFkYTk1ODRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdQNRKB0gjBVkVxreJYBa1v1301E
Gwee3RZyEn2b24nVuv/u3Z0iZX+Rb4eR6n6hldmb7sH0KiiQabIZyHKFC+YUrE10
SWg72+3onKE2yPRg1xVKuEnbHiR3gUVBrL5AAHN/GQ8z21RodxW2+OMbI5kKoHz+
hLT2K1Bkv6ILaNaTzK34lWA8ZUYeuE3ggqc7ULNYDVxTk1wPOq6PDg1fIC+t60dt
2ifgzdKjYp4gLpadaIivHrur/qvcTyQDc0ZsdNDPT314LOmrylvnQEjpiY2JU1pg
eZEjAZ3at6BPoVlTRy19F6SIFVFgS9vXxnFik20NI3LrSysoTKpHGlw9BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2qLYVTWoV44uyKhg99hCStqVhMMB8GA1UdIwQY
MBaAFP4MnzDjtG1QuNG/ebnR24TyUTS6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2d5Zk1PTzBiVkM0MGI5NXVkSGJoUEpSTkxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9iOWVkNmMtZThjNS00MzFlLWIxODgt
ZjUyMDBmNTQ5Mzc3LzEvamFvdGhWTmFoWGppN0lxR0QzMkVKSzJwV0V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9iOWVkNmMtZThjNS00MzFlLWIxODgtZjUyMDBmNTQ5Mzc3
LzEvX2d5Zk1PTzBiVkM0MGI5NXVkSGJoUEpSTkxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRp5MA0G
CSqGSIb3DQEBCwUAA4IBAQCcbabhdpfm5z5KRka0XKrEpwBdBs3n/Vgfb8MZDVWs
Go0lVGaesErZ1sX8wgT6OVQmEw1u5hnnQah0Yaqx6w5F7fojyRynWmdH4HKzEAAU
rAl7N1dU0/EzihxTmoqzl+kueVMlR+Vhcsg63b/5egiGmKFg40g9klTJzcLPJv1/
4fLWc1LnBkp4KRvI2C+pfer+qrEbF0eNt5LbiMhYIhNyVifIQYsliDbMYkVqQKRn
MpKaHVci7bvVTu1IlUwED3CRDu56haoKiIhiicFos9QePVSGF5Hya8xfjucfiG5m
nKCePpQDaU8oy8BEdwHJBtTKsb0CQFq2x6KVD9wpJEJ2
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:55 2024 by rpki-client on console-fra.rpki-client.org