Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZetHe6MYEP5qt7DcgC54kka82C4.roa
File:                     ZetHe6MYEP5qt7DcgC54kka82C4.roa (raw, json)
Hash identifier:          j855zya9SpFN83L4gDUjgwlKM7LhiNGT/ry3l46A730=
Subject key identifier:   65:EB:47:7B:A3:18:10:FE:6A:B7:B0:DC:80:2E:78:92:46:BC:D8:2E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01856D820D55DD39A160010DEFB0C386F6A6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZetHe6MYEP5qt7DcgC54kka82C4.roa
Signing time:             Sun 01 Jan 2023 13:25:17 +0000
ROA not before:           Sun 01 Jan 2023 13:25:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206873
IP address blocks:        193.37.43.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:82:0d:55:dd:39:a1:60:01:0d:ef:b0:c3:86:f6:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  1 13:25:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=65eb477ba31810fe6ab7b0dc802e789246bcd82e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:52:bf:a3:1a:f1:14:b3:1b:e9:03:69:0f:df:
                    90:52:a9:3a:df:c8:e1:db:b6:be:b8:ff:fb:58:ef:
                    c5:18:9c:bb:bd:75:cd:66:af:53:2d:95:d1:fd:b2:
                    ae:d3:10:67:b0:de:c7:8c:f7:7f:d9:27:3a:3c:86:
                    78:f8:d4:75:54:83:6c:82:5e:16:2b:48:4e:15:0b:
                    b1:87:0a:a5:e1:fc:02:1e:d4:52:1e:b1:38:9f:9c:
                    e3:55:c3:9b:a7:59:99:cb:49:a9:f8:13:f1:4c:4e:
                    ab:ca:fa:73:95:24:22:d9:ab:11:84:03:24:b8:b4:
                    17:a6:c1:b4:fc:df:b9:3c:fb:e5:63:ff:19:46:e6:
                    c0:62:41:43:45:cf:81:90:f4:21:50:2d:a2:6a:5c:
                    50:94:3e:e6:da:4d:11:dd:71:75:31:25:64:83:b2:
                    c9:a3:38:32:ea:1a:ec:c3:f9:4e:3d:2c:d2:8d:5a:
                    d0:ab:09:13:5e:96:e4:e1:23:bf:0a:82:48:9d:18:
                    b2:c4:d6:98:66:25:3d:0c:dc:2f:5f:9d:c1:13:2c:
                    bd:20:4c:55:c5:12:39:d8:2f:b0:ce:8c:d1:48:d2:
                    df:0c:61:64:99:e6:2b:b2:40:e0:c2:e7:57:3c:74:
                    9b:8b:c1:d9:90:d9:f0:47:5d:2b:ec:f7:5d:31:4e:
                    85:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:EB:47:7B:A3:18:10:FE:6A:B7:B0:DC:80:2E:78:92:46:BC:D8:2E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZetHe6MYEP5qt7DcgC54kka82C4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:f0:07:53:0e:92:c4:4e:f1:bd:3e:3a:7a:dd:b0:cc:0b:47:
         46:03:26:e1:d7:e2:91:70:51:96:38:4d:0a:1e:08:c1:f7:87:
         df:4f:59:ff:d3:56:55:9e:4b:10:e2:80:d4:0f:b5:98:46:b9:
         00:6e:df:90:08:12:1a:5e:dd:af:0a:b1:de:a5:b6:d5:83:ac:
         43:ad:cd:29:cd:75:06:19:3a:58:10:b4:38:b3:e3:3b:8a:4b:
         6d:2f:fb:d1:43:1e:72:87:2f:68:da:57:fa:29:9a:b3:ad:ae:
         4e:cf:6e:aa:70:c2:ad:02:e4:f6:33:89:64:9b:ea:41:4d:f1:
         50:fe:a1:ca:63:b2:a1:1c:4e:bc:28:4d:08:09:f6:be:d7:a9:
         7d:18:17:2b:97:b5:20:25:8a:4b:5d:60:6d:7a:b6:ff:fb:c7:
         ec:03:5d:23:2b:d3:b9:ca:81:e9:33:dd:7f:80:68:0a:71:e5:
         39:8d:58:06:3b:1e:ee:c0:e1:5d:56:30:60:38:74:ad:94:ed:
         7e:06:14:a3:76:e3:93:c3:35:5e:8b:95:78:81:55:73:a9:f1:
         12:ec:8b:32:52:26:df:ec:06:7e:aa:aa:6d:67:7e:5f:61:50:
         8c:63:22:4c:7f:38:39:ea:ab:4e:01:cf:1f:ee:ad:b0:24:71:
         5c:2f:cd:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtgg1V3TmhYAEN77DDhvamMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTAxMTMyNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWViNDc3YmEzMTgxMGZlNmFiN2IwZGM4MDJlNzg5MjQ2YmNkODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1K/oxrxFLMb6QNpD9+QUqk638jh
27a+uP/7WO/FGJy7vXXNZq9TLZXR/bKu0xBnsN7HjPd/2Sc6PIZ4+NR1VINsgl4W
K0hOFQuxhwql4fwCHtRSHrE4n5zjVcObp1mZy0mp+BPxTE6ryvpzlSQi2asRhAMk
uLQXpsG0/N+5PPvlY/8ZRubAYkFDRc+BkPQhUC2ialxQlD7m2k0R3XF1MSVkg7LJ
ozgy6hrsw/lOPSzSjVrQqwkTXpbk4SO/CoJInRiyxNaYZiU9DNwvX53BEyy9IExV
xRI52C+wzozRSNLfDGFkmeYrskDgwudXPHSbi8HZkNnwR10r7PddMU6FdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXrR3ujGBD+arew3IAueJJGvNguMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWmV0SGU2TVlFUDVxdDdEY2dDNTRra2E4MkM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSUrMA0G
CSqGSIb3DQEBCwUAA4IBAQCy8AdTDpLETvG9Pjp63bDMC0dGAybh1+KRcFGWOE0K
HgjB94ffT1n/01ZVnksQ4oDUD7WYRrkAbt+QCBIaXt2vCrHepbbVg6xDrc0pzXUG
GTpYELQ4s+M7ikttL/vRQx5yhy9o2lf6KZqzra5Oz26qcMKtAuT2M4lkm+pBTfFQ
/qHKY7KhHE68KE0ICfa+16l9GBcrl7UgJYpLXWBterb/+8fsA10jK9O5yoHpM91/
gGgKceU5jVgGOx7uwOFdVjBgOHStlO1+BhSjduOTwzVei5V4gVVzqfES7IsyUibf
7AZ+qqptZ35fYVCMYyJMfzg56qtOAc8f7q2wJHFcL80K
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:36 2024 by rpki-client on console-ams.rpki-client.org