Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5OJJlOlfx9P9cJep6D6jLQsDSlg.roa
File:                     5OJJlOlfx9P9cJep6D6jLQsDSlg.roa (raw, json)
Hash identifier:          lliKrzhDR/sJKHpEl1E6Jvg4l/Dk5TLB8yl5TZ3B/eU=
Subject key identifier:   E4:E2:49:94:E9:5F:C7:D3:FD:70:97:A9:E8:3E:A3:2D:0B:03:4A:58
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CEED917BC5046CD4F56F18857E9A82ED2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5OJJlOlfx9P9cJep6D6jLQsDSlg.roa
Signing time:             Tue 09 Jan 2024 15:30:53 +0000
ROA not before:           Tue 09 Jan 2024 15:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400377
IP address blocks:        185.216.69.0/24 maxlen: 24
                          93.123.84.0/24 maxlen: 24
                          109.206.237.0/24 maxlen: 24
                          95.214.24.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ee:d9:17:bc:50:46:cd:4f:56:f1:88:57:e9:a8:2e:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  9 15:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4e24994e95fc7d3fd7097a9e83ea32d0b034a58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:10:ac:a1:6c:0b:e3:d8:1a:1f:00:a8:10:8c:
                    27:5a:f2:c5:20:58:d0:e4:29:e6:07:c9:84:89:c3:
                    46:41:93:b9:e7:ad:0b:fa:48:6d:51:70:d0:8e:53:
                    8f:2c:b2:71:e0:71:c1:e2:ec:50:c3:6a:2e:87:84:
                    6c:b5:29:c9:40:08:ea:c9:d6:36:21:07:20:ec:ab:
                    f0:83:b1:b8:95:11:9f:7e:78:50:30:16:77:0d:c0:
                    8b:f8:1b:27:32:d8:0f:06:ff:ac:46:18:03:fa:07:
                    b8:0f:70:f9:ec:db:ed:7b:cc:16:5a:ca:36:52:38:
                    fe:41:ca:cc:f1:fa:b2:52:44:a8:79:79:c0:80:43:
                    c3:7f:c1:92:02:7f:61:49:66:17:63:54:b4:15:9c:
                    0d:b5:e8:93:9a:80:84:79:07:39:34:67:47:f6:bc:
                    8e:ed:b1:48:af:e6:5c:26:d5:76:02:63:fa:c0:25:
                    cc:bb:23:99:2b:1b:71:5b:a4:ff:fe:0e:d7:f0:51:
                    e2:86:1e:f9:dd:1d:00:42:3d:01:8f:19:a6:e6:c7:
                    05:06:5d:b3:10:c8:ea:34:f1:26:0c:30:e5:bf:99:
                    00:07:51:96:6c:24:e8:9b:df:96:4f:b8:1d:d5:3e:
                    07:41:7c:24:76:50:74:53:7b:ca:ed:f5:15:dd:41:
                    71:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:E2:49:94:E9:5F:C7:D3:FD:70:97:A9:E8:3E:A3:2D:0B:03:4A:58
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5OJJlOlfx9P9cJep6D6jLQsDSlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.123.84.0/24
                  95.214.24.0/24
                  109.206.237.0/24
                  185.216.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:e5:e8:14:9e:75:9f:fe:d8:98:73:c6:2c:92:f8:33:02:3f:
         ae:85:5a:59:0d:bb:62:1c:23:ac:2c:74:69:79:3a:86:90:90:
         15:1b:18:64:de:cd:03:ff:d8:b4:ed:82:7c:f5:4b:66:18:2f:
         da:ee:2d:58:0c:ec:fc:f9:b5:12:43:d1:2c:19:e0:3e:ba:3e:
         b7:61:cb:d8:f1:72:79:fb:3b:2a:82:5c:22:9a:fd:31:8a:4b:
         f8:c0:c3:42:1e:d4:77:6d:00:cd:aa:24:95:23:f5:4a:63:53:
         a0:b5:0e:79:19:3a:84:ac:d5:fa:48:f7:c7:22:de:e7:ec:ee:
         1a:21:5b:6c:3e:71:69:9e:e1:f3:6b:cb:c6:75:92:33:d3:c5:
         5b:db:59:f3:b6:92:2c:32:3d:c5:83:39:df:6e:c3:14:78:27:
         a5:1a:54:69:7f:2e:66:4b:13:27:26:9d:02:b9:bc:f5:e8:9b:
         94:f6:89:cb:62:f3:af:45:0e:be:e9:3e:38:90:47:86:7c:a2:
         ff:7d:c4:98:b2:46:18:2a:c3:0b:f3:21:00:5d:0f:88:b0:47:
         06:e2:cd:a5:8a:84:c6:a4:be:ab:2c:bc:0c:07:dc:35:cd:92:
         67:fb:10:d8:4a:f1:7c:0b:01:39:49:94:dc:8d:65:97:f6:d4:
         ce:cb:0d:ce
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzu2Re8UEbNT1bxiFfpqC7SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTA5MTUzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGUyNDk5NGU5NWZjN2QzZmQ3MDk3YTllODNlYTMyZDBiMDM0YTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRCsoWwL49gaHwCoEIwnWvLFIFjQ
5CnmB8mEicNGQZO5560L+khtUXDQjlOPLLJx4HHB4uxQw2ouh4RstSnJQAjqydY2
IQcg7Kvwg7G4lRGffnhQMBZ3DcCL+BsnMtgPBv+sRhgD+ge4D3D57Nvte8wWWso2
Ujj+QcrM8fqyUkSoeXnAgEPDf8GSAn9hSWYXY1S0FZwNteiTmoCEeQc5NGdH9ryO
7bFIr+ZcJtV2AmP6wCXMuyOZKxtxW6T//g7X8FHihh753R0AQj0Bjxmm5scFBl2z
EMjqNPEmDDDlv5kAB1GWbCTom9+WT7gd1T4HQXwkdlB0U3vK7fUV3UFxPQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFOTiSZTpX8fT/XCXqeg+oy0LA0pYMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNU9KSmxPbGZ4OVA5Y0plcDZENmpMUXNEU2xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAXXtUAwQA
X9YYAwQAbc7tAwQAudhFMA0GCSqGSIb3DQEBCwUAA4IBAQCO5egUnnWf/tiYc8Ys
kvgzAj+uhVpZDbtiHCOsLHRpeTqGkJAVGxhk3s0D/9i07YJ89UtmGC/a7i1YDOz8
+bUSQ9EsGeA+uj63YcvY8XJ5+zsqglwimv0xikv4wMNCHtR3bQDNqiSVI/VKY1Og
tQ55GTqErNX6SPfHIt7n7O4aIVtsPnFpnuHza8vGdZIz08Vb21nztpIsMj3Fgznf
bsMUeCelGlRpfy5mSxMnJp0Cubz16JuU9onLYvOvRQ6+6T44kEeGfKL/fcSYskYY
KsML8yEAXQ+IsEcG4s2lioTGpL6rLLwMB9w1zZJn+xDYSvF8CwE5SZTcjWWX9tTO
yw3O
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:58 2024 by rpki-client on console-fra.rpki-client.org