Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/08e15b-4a24-4ce0-9454-f87a322a7776/1/Hx_c3jtCynPXFJBZaTGsfEU2GtY.roa
File:                     Hx_c3jtCynPXFJBZaTGsfEU2GtY.roa (raw, json)
Hash identifier:          fFqw+b3bTdxvTfukeabKzjtwhcI2v0HV5GI2aEXnsc0=
Subject key identifier:   1F:1F:DC:DE:3B:42:CA:73:D7:14:90:59:69:31:AC:7C:45:36:1A:D6
Certificate issuer:       /CN=1bd21dfb24f7d8ce2311ba4076775474bd50be64
Certificate serial:       01856E6FB8532EB0D464C60E1ABABE928AB7
Authority key identifier: 1B:D2:1D:FB:24:F7:D8:CE:23:11:BA:40:76:77:54:74:BD:50:BE:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G9Id-yT32M4jEbpAdndUdL1QvmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/08e15b-4a24-4ce0-9454-f87a322a7776/1/Hx_c3jtCynPXFJBZaTGsfEU2GtY.roa
Signing time:             Sun 01 Jan 2023 17:44:53 +0000
ROA not before:           Sun 01 Jan 2023 17:44:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29286
IP address blocks:        130.255.16.0/22 maxlen: 22
                          130.255.16.0/23 maxlen: 23
                          185.17.44.0/22 maxlen: 22
                          130.255.18.0/24 maxlen: 24
                          130.255.20.0/24 maxlen: 24
                          130.255.27.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:6f:b8:53:2e:b0:d4:64:c6:0e:1a:ba:be:92:8a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bd21dfb24f7d8ce2311ba4076775474bd50be64
        Validity
            Not Before: Jan  1 17:44:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1f1fdcde3b42ca73d71490596931ac7c45361ad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:59:72:7c:5d:d1:72:3f:f9:f6:78:00:47:e3:
                    b8:2a:8b:b8:78:2e:62:f4:84:e2:5f:af:4f:a4:aa:
                    d9:e4:5c:7b:99:40:f1:2e:8d:71:01:73:8c:28:91:
                    8f:ed:ef:4a:32:64:24:bc:04:cd:96:a5:77:1a:a0:
                    65:04:58:22:c3:c4:3d:aa:10:47:6e:f6:89:5c:7c:
                    39:00:e8:c4:b1:45:2c:36:55:cd:26:a7:95:c9:f3:
                    b1:dd:5f:36:b6:6b:51:c2:24:ab:be:fd:36:1f:8b:
                    85:77:f6:4a:30:43:0e:4b:51:7f:b0:3a:69:7f:91:
                    b7:27:54:1c:c1:0b:57:b7:2b:db:fa:90:2a:0a:56:
                    43:73:ab:cd:b6:45:f2:cf:07:f1:e5:78:a4:c3:29:
                    8a:d6:08:1a:a7:b7:03:78:c2:8d:48:7b:31:2f:5d:
                    d3:db:1c:f3:46:82:5c:64:0d:c6:be:62:1c:c7:00:
                    e7:12:75:7c:fd:a3:24:f3:55:8c:3e:16:6b:d9:39:
                    b8:49:37:da:82:44:93:6c:e0:f2:c2:ef:fc:bf:eb:
                    4b:0b:2b:22:14:7c:4a:d2:02:b0:80:68:ec:f5:27:
                    3d:fe:ce:78:f9:28:82:4c:b8:6f:d2:b0:d3:4e:30:
                    da:72:30:74:e9:89:2b:25:4a:7e:22:50:ea:b7:f1:
                    db:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:1F:DC:DE:3B:42:CA:73:D7:14:90:59:69:31:AC:7C:45:36:1A:D6
            X509v3 Authority Key Identifier:
                keyid:1B:D2:1D:FB:24:F7:D8:CE:23:11:BA:40:76:77:54:74:BD:50:BE:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G9Id-yT32M4jEbpAdndUdL1QvmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/08e15b-4a24-4ce0-9454-f87a322a7776/1/Hx_c3jtCynPXFJBZaTGsfEU2GtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/08e15b-4a24-4ce0-9454-f87a322a7776/1/G9Id-yT32M4jEbpAdndUdL1QvmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.255.16.0-130.255.20.255
                  130.255.27.0/24
                  185.17.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:2f:f3:b5:37:15:70:a2:2a:18:3a:0f:30:cc:55:79:ce:9d:
         6d:f7:6e:df:41:70:62:63:6c:85:79:7e:b9:3c:5a:bf:1c:47:
         08:d6:70:c5:24:db:9d:a3:2a:03:f7:05:6d:d3:9d:ab:b5:62:
         29:53:7e:7d:50:4d:8c:35:bb:b6:b9:ca:3f:10:82:21:98:9d:
         28:71:54:79:c5:e2:17:c0:e8:3d:f9:ea:c2:62:53:6a:2d:b1:
         2c:4a:15:18:27:73:4c:b5:e6:e1:75:50:3f:ad:86:f4:a4:e5:
         88:ad:0e:28:79:bd:5c:8c:ef:0d:29:ee:ac:03:a1:c5:b6:58:
         ac:d4:43:88:cc:aa:5f:b6:3a:7c:f4:9a:86:4e:2b:01:13:0b:
         6b:76:f5:cd:1f:c2:55:b0:41:f1:3a:3b:1e:e6:7f:b9:b3:a2:
         72:77:72:c8:71:fa:26:cf:c3:38:7e:10:8c:00:a0:e2:5d:dd:
         ae:13:43:72:2e:1c:26:33:6c:37:da:02:68:d1:53:b5:2b:15:
         e6:7e:bf:d7:4a:1f:2f:3b:b8:54:06:8f:76:d6:69:c7:30:8d:
         fb:29:b3:f0:98:b2:43:5e:a4:13:d0:e3:75:e7:f2:d3:18:be:
         29:0c:5f:b5:16:7a:08:81:0e:fc:6b:e8:34:d1:f3:6c:3a:3c:
         3f:7a:eb:64
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVub7hTLrDUZMYOGrq+koq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZDIxZGZiMjRmN2Q4Y2UyMzExYmE0MDc2Nzc1NDc0YmQ1
MGJlNjQwHhcNMjMwMTAxMTc0NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjFmZGNkZTNiNDJjYTczZDcxNDkwNTk2OTMxYWM3YzQ1MzYxYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVlyfF3Rcj/59ngAR+O4Kou4eC5i
9ITiX69PpKrZ5Fx7mUDxLo1xAXOMKJGP7e9KMmQkvATNlqV3GqBlBFgiw8Q9qhBH
bvaJXHw5AOjEsUUsNlXNJqeVyfOx3V82tmtRwiSrvv02H4uFd/ZKMEMOS1F/sDpp
f5G3J1QcwQtXtyvb+pAqClZDc6vNtkXyzwfx5XikwymK1ggap7cDeMKNSHsxL13T
2xzzRoJcZA3GvmIcxwDnEnV8/aMk81WMPhZr2Tm4STfagkSTbODywu/8v+tLCysi
FHxK0gKwgGjs9Sc9/s54+SiCTLhv0rDTTjDacjB06YkrJUp+IlDqt/HbYwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFB8f3N47Qspz1xSQWWkxrHxFNhrWMB8GA1UdIwQY
MBaAFBvSHfsk99jOIxG6QHZ3VHS9UL5kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzlJZC15VDMyTTRqRWJwQWRuZFVkTDFRdm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wOGUxNWItNGEyNC00Y2UwLTk0NTQt
Zjg3YTMyMmE3Nzc2LzEvSHhfYzNqdEN5blBYRkpCWmFUR3NmRVUyR3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wOGUxNWItNGEyNC00Y2UwLTk0NTQtZjg3YTMyMmE3Nzc2
LzEvRzlJZC15VDMyTTRqRWJwQWRuZFVkTDFRdm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBASC/xAD
BACC/xQDBACC/xsDBAK5ESwwDQYJKoZIhvcNAQELBQADggEBALgv87U3FXCiKhg6
DzDMVXnOnW33bt9BcGJjbIV5frk8Wr8cRwjWcMUk252jKgP3BW3Tnau1YilTfn1Q
TYw1u7a5yj8QgiGYnShxVHnF4hfA6D356sJiU2otsSxKFRgnc0y15uF1UD+thvSk
5YitDih5vVyM7w0p7qwDocW2WKzUQ4jMql+2Onz0moZOKwETC2t29c0fwlWwQfE6
Ox7mf7mzonJ3cshx+ibPwzh+EIwAoOJd3a4TQ3IuHCYzbDfaAmjRU7UrFeZ+v9dK
Hy87uFQGj3bWaccwjfsps/CYskNepBPQ43Xn8tMYvikMX7UWegiBDvxr6DTR82w6
PD9662Q=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:45 2024 by rpki-client on console-fra.rpki-client.org