Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/ebacbd-8190-4e5a-a03a-cd439492b7ae/1/1-ESQ6YMYPyzJHVI1BjdBD_1BxE4.roa
File:                     1-ESQ6YMYPyzJHVI1BjdBD_1BxE4.roa (raw, json)
Hash identifier:          Qgn6JPcH5Sz2iJeQyZ2ISbVQ0GkW77V6eeQ5oiFlF70=
Subject key identifier:   F8:44:90:E9:83:18:3F:2C:C9:1D:52:35:06:37:41:0F:FD:41:C4:4E
Certificate issuer:       /CN=6811e125cb357076f2fa3138c93e9a2681b17893
Certificate serial:       0184D37C61094E80431F148BC9DBD26CB021
Authority key identifier: 68:11:E1:25:CB:35:70:76:F2:FA:31:38:C9:3E:9A:26:81:B1:78:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aBHhJcs1cHby-jE4yT6aJoGxeJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/ebacbd-8190-4e5a-a03a-cd439492b7ae/1/1-ESQ6YMYPyzJHVI1BjdBD_1BxE4.roa
Signing time:             Fri 02 Dec 2022 15:37:34 +0000
ROA not before:           Fri 02 Dec 2022 15:37:34 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     21734
IP address blocks:        95.172.76.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:d3:7c:61:09:4e:80:43:1f:14:8b:c9:db:d2:6c:b0:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6811e125cb357076f2fa3138c93e9a2681b17893
        Validity
            Not Before: Dec  2 15:37:34 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=f84490e983183f2cc91d52350637410ffd41c44e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f5:c9:51:67:bd:ac:7d:72:da:8a:bd:d5:ab:
                    26:e5:77:aa:f2:0a:00:51:a7:db:fc:ad:c9:6b:d8:
                    e4:72:d7:17:ca:4a:aa:a6:6c:95:0a:e6:5a:63:80:
                    e3:c4:96:9c:96:2d:7c:99:1c:27:6e:91:29:39:b5:
                    57:68:41:ec:33:e7:03:91:f6:6f:b1:48:ec:57:ee:
                    f0:83:32:ad:11:30:c0:d2:f7:5b:1e:dd:3b:e4:ea:
                    45:43:1c:fd:cc:27:c3:0a:82:66:0e:fc:9c:2a:3e:
                    4b:41:7c:ef:62:b9:ae:e7:3a:a8:8e:03:6b:80:89:
                    bc:26:f4:da:bc:ed:22:9c:0c:ba:3f:57:32:1b:f6:
                    7d:44:1d:92:ea:f5:70:ce:d8:56:72:7f:b4:18:98:
                    0b:31:7f:a2:59:98:6c:d0:22:52:e2:b9:db:ee:48:
                    f3:40:5d:f8:38:92:08:c0:30:cd:f1:04:0f:0d:de:
                    e6:d8:d3:ea:e7:76:8f:8d:36:06:5e:41:3e:94:4d:
                    0e:1b:e0:91:84:38:6b:58:e2:5f:a4:71:11:47:0d:
                    a2:dc:e8:a0:7d:2f:bd:71:d9:dc:b4:d4:2f:2c:fb:
                    e4:3d:ef:d2:7a:03:53:c0:68:d0:e8:f1:bb:3a:26:
                    74:09:79:4b:b0:fe:3e:26:c8:df:43:45:cf:83:86:
                    5a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:44:90:E9:83:18:3F:2C:C9:1D:52:35:06:37:41:0F:FD:41:C4:4E
            X509v3 Authority Key Identifier:
                keyid:68:11:E1:25:CB:35:70:76:F2:FA:31:38:C9:3E:9A:26:81:B1:78:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aBHhJcs1cHby-jE4yT6aJoGxeJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ebacbd-8190-4e5a-a03a-cd439492b7ae/1/1-ESQ6YMYPyzJHVI1BjdBD_1BxE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ebacbd-8190-4e5a-a03a-cd439492b7ae/1/aBHhJcs1cHby-jE4yT6aJoGxeJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.172.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:f4:62:c0:7e:6a:a0:99:5f:8e:4b:33:26:37:49:78:1c:a7:
         b0:44:5b:64:68:62:65:ec:46:60:19:a3:2e:2f:72:02:39:bd:
         2a:12:42:7b:7e:df:18:3f:a8:46:d4:2d:f8:72:5d:7a:52:57:
         40:01:68:8a:a8:c5:3b:8b:2c:03:79:ca:0a:12:96:15:d5:aa:
         62:7f:8c:63:6c:2e:ca:5f:9d:b6:be:20:38:78:53:e8:48:8c:
         61:2a:ca:e8:c3:2d:5a:a3:9b:fe:da:dc:1c:fc:cd:a7:8b:70:
         7a:bc:15:4e:f5:a3:89:85:b7:f8:42:4e:8d:2f:a9:76:72:94:
         34:62:f3:3a:3b:71:c8:31:6e:88:77:7d:2c:75:10:bc:20:e4:
         3a:4f:bf:c6:aa:8a:e5:b3:d8:23:eb:2b:1c:84:e7:d7:b4:8e:
         28:0f:13:25:39:a3:9d:4b:c4:be:ef:12:77:44:60:64:0f:5e:
         81:ff:72:23:18:ff:13:eb:d2:25:12:28:51:0d:42:d3:03:28:
         64:03:18:db:82:38:14:80:47:53:03:3e:1f:a4:61:0a:f6:c2:
         bd:a8:2f:c7:a7:50:76:06:54:8f:d9:05:12:d7:aa:dd:7c:cf:
         08:9c:1c:06:96:5d:e5:0e:ef:41:8c:f0:ee:88:67:3f:4c:83:
         02:bd:c7:3a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYTTfGEJToBDHxSLydvSbLAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MTFlMTI1Y2IzNTcwNzZmMmZhMzEzOGM5M2U5YTI2ODFi
MTc4OTMwHhcNMjIxMjAyMTUzNzM0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODQ0OTBlOTgzMTgzZjJjYzkxZDUyMzUwNjM3NDEwZmZkNDFjNDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofXJUWe9rH1y2oq91asm5Xeq8goA
Uafb/K3Ja9jkctcXykqqpmyVCuZaY4DjxJacli18mRwnbpEpObVXaEHsM+cDkfZv
sUjsV+7wgzKtETDA0vdbHt075OpFQxz9zCfDCoJmDvycKj5LQXzvYrmu5zqojgNr
gIm8JvTavO0inAy6P1cyG/Z9RB2S6vVwzthWcn+0GJgLMX+iWZhs0CJS4rnb7kjz
QF34OJIIwDDN8QQPDd7m2NPq53aPjTYGXkE+lE0OG+CRhDhrWOJfpHERRw2i3Oig
fS+9cdnctNQvLPvkPe/SegNTwGjQ6PG7OiZ0CXlLsP4+JsjfQ0XPg4ZaPQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPhEkOmDGD8syR1SNQY3QQ/9QcROMB8GA1UdIwQY
MBaAFGgR4SXLNXB28voxOMk+miaBsXiTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUJIaEpjczFjSGJ5LWpFNHlUNmFKb0d4ZUpNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lYmFjYmQtODE5MC00ZTVhLWEwM2Et
Y2Q0Mzk0OTJiN2FlLzEvMS1FU1E2WU1ZUHl6SkhWSTFCamRCRF8xQnhFNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTEvZWJhY2JkLTgxOTAtNGU1YS1hMDNhLWNkNDM5NDkyYjdh
ZS8xL2FCSGhKY3MxY0hieS1qRTR5VDZhSm9HeGVKTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAF+sTDAN
BgkqhkiG9w0BAQsFAAOCAQEAgPRiwH5qoJlfjkszJjdJeBynsERbZGhiZexGYBmj
Li9yAjm9KhJCe37fGD+oRtQt+HJdelJXQAFoiqjFO4ssA3nKChKWFdWqYn+MY2wu
yl+dtr4gOHhT6EiMYSrK6MMtWqOb/trcHPzNp4twerwVTvWjiYW3+EJOjS+pdnKU
NGLzOjtxyDFuiHd9LHUQvCDkOk+/xqqK5bPYI+srHITn17SOKA8TJTmjnUvEvu8S
d0RgZA9egf9yIxj/E+vSJRIoUQ1C0wMoZAMY24I4FIBHUwM+H6RhCvbCvagvx6dQ
dgZUj9kFEteq3XzPCJwcBpZd5Q7vQYzw7ohnP0yDAr3HOg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:08 2024 by rpki-client on console-ams.rpki-client.org