Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/OzIyelTC-tnql9mlFicz1tRBFp0.roa
File:                     OzIyelTC-tnql9mlFicz1tRBFp0.roa (raw, json)
Hash identifier:          hwnuXQB224UwgV9YDzoYrTeku0dV26cwK8dD9zD+4do=
Subject key identifier:   3B:32:32:7A:54:C2:FA:D9:EA:97:D9:A5:16:27:33:D6:D4:41:16:9D
Certificate issuer:       /CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
Certificate serial:       018A8FCD982C3083A3E203C69880398B9E6A
Authority key identifier: 12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/OzIyelTC-tnql9mlFicz1tRBFp0.roa
Signing time:             Wed 13 Sep 2023 18:28:50 +0000
ROA not before:           Wed 13 Sep 2023 18:28:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41555
IP address blocks:        170.237.95.0/24 maxlen: 24
                          170.237.8.0/23 maxlen: 23
                          170.237.6.0/23 maxlen: 23
                          170.236.180.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:8f:cd:98:2c:30:83:a3:e2:03:c6:98:80:39:8b:9e:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
        Validity
            Not Before: Sep 13 18:28:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3b32327a54c2fad9ea97d9a5162733d6d441169d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:91:b5:aa:1c:3d:54:99:9b:62:7c:82:d8:f3:
                    be:fb:03:14:e4:cf:a8:08:f2:ef:4d:a0:b6:b6:79:
                    00:b8:27:9b:d1:e6:d7:d6:e6:fd:f0:32:af:a5:a8:
                    fa:dd:90:12:6e:2c:24:51:db:93:63:2d:af:62:c7:
                    6d:03:1f:0c:61:c2:e2:80:ef:06:9c:75:93:66:3f:
                    a0:a1:dc:c0:32:16:72:57:ef:a6:4f:01:04:48:e4:
                    c3:31:13:be:db:48:86:45:16:11:7c:cb:a4:12:05:
                    00:15:f2:a4:fd:33:2d:c9:c5:e8:0c:34:96:3a:43:
                    66:df:6d:a4:9d:56:2d:3d:97:8a:d5:53:17:92:e4:
                    39:35:55:ff:e0:43:38:61:08:79:3f:76:dc:59:f2:
                    d7:61:76:81:c7:b1:17:4c:42:82:fa:cf:b8:d3:e5:
                    4f:49:fc:cc:0f:2d:8a:99:2d:94:b2:ed:66:f0:5e:
                    7a:3d:98:d4:73:a1:45:e7:39:17:70:68:a9:cb:a1:
                    e6:c6:ff:69:46:54:c2:9a:36:6c:d7:a7:c1:d3:3a:
                    43:f2:1f:2a:4e:28:90:1d:9d:03:20:a1:f6:9a:d2:
                    47:4d:75:7a:24:06:d9:ed:12:0d:59:72:b6:1d:d8:
                    73:6f:b8:63:3b:38:40:7c:f5:1c:68:a0:a1:9b:5a:
                    f3:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:32:32:7A:54:C2:FA:D9:EA:97:D9:A5:16:27:33:D6:D4:41:16:9D
            X509v3 Authority Key Identifier:
                keyid:12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/OzIyelTC-tnql9mlFicz1tRBFp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.236.180.0/24
                  170.237.6.0-170.237.9.255
                  170.237.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:31:3c:20:2c:0a:f0:bd:4b:b5:95:ac:35:0e:90:f4:a9:ef:
         1b:29:bd:d0:3e:a2:47:3e:cb:c6:b7:95:f7:af:ae:12:4c:77:
         ba:24:35:7f:17:1b:e8:0d:58:dd:14:b3:57:84:88:77:64:bb:
         b8:61:cb:fb:0a:b1:5d:f9:05:46:fd:a1:a5:41:90:b4:2f:ce:
         0a:fc:f4:ad:af:ee:c2:58:56:74:56:42:38:12:94:24:ad:35:
         c9:2d:85:69:cf:88:ed:ad:3c:87:41:a8:e3:d6:bf:2d:cb:9d:
         48:57:42:ad:5f:a9:67:b0:75:eb:37:c3:46:47:14:7f:82:4c:
         2c:54:7b:53:d6:46:3f:b4:d7:98:c5:c1:63:c1:93:a1:74:ba:
         2f:12:80:23:b4:cf:84:71:ce:32:34:15:93:52:ff:6f:d5:60:
         9e:ad:8b:df:d5:e9:cf:38:63:87:5f:aa:5a:67:7e:de:ff:43:
         76:6f:5f:a5:ae:a5:45:9b:02:a5:5a:cb:c9:70:49:23:f8:8a:
         b3:db:e0:fd:e6:0f:e6:9e:b0:a4:8f:23:af:c5:79:2e:fb:e4:
         93:a9:95:30:0f:1f:64:a7:42:dd:73:26:ef:2e:18:1a:5f:6f:
         fb:29:ca:e3:63:42:5b:e0:ba:00:a5:60:d1:76:bc:dd:ee:10:
         8c:57:68:9c
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYqPzZgsMIOj4gPGmIA5i55qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMjRlNWVmZjFhYmMwZTZkOGJmMDI5ZTRmNzMyZTBhYjcx
YmMxNmEwHhcNMjMwOTEzMTgyODUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjMyMzI3YTU0YzJmYWQ5ZWE5N2Q5YTUxNjI3MzNkNmQ0NDExNjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZG1qhw9VJmbYnyC2PO++wMU5M+o
CPLvTaC2tnkAuCeb0ebX1ub98DKvpaj63ZASbiwkUduTYy2vYsdtAx8MYcLigO8G
nHWTZj+godzAMhZyV++mTwEESOTDMRO+20iGRRYRfMukEgUAFfKk/TMtycXoDDSW
OkNm322knVYtPZeK1VMXkuQ5NVX/4EM4YQh5P3bcWfLXYXaBx7EXTEKC+s+40+VP
SfzMDy2KmS2Usu1m8F56PZjUc6FF5zkXcGipy6Hmxv9pRlTCmjZs16fB0zpD8h8q
TiiQHZ0DIKH2mtJHTXV6JAbZ7RINWXK2Hdhzb7hjOzhAfPUcaKChm1rzDQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFDsyMnpUwvrZ6pfZpRYnM9bUQRadMB8GA1UdIwQY
MBaAFBIk5e/xq8Dm2L8Cnk9zLgq3G8FqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEt
NTM4NmIxZDk2M2JjLzEvT3pJeWVsVEMtdG5xbDltbEZpY3oxdFJCRnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEtNTM4NmIxZDk2M2Jj
LzEvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAquy0MAwD
BAGq7QYDBAGq7QgDBACq7V8wDQYJKoZIhvcNAQELBQADggEBADMxPCAsCvC9S7WV
rDUOkPSp7xspvdA+okc+y8a3lfevrhJMd7okNX8XG+gNWN0Us1eEiHdku7hhy/sK
sV35BUb9oaVBkLQvzgr89K2v7sJYVnRWQjgSlCStNckthWnPiO2tPIdBqOPWvy3L
nUhXQq1fqWewdes3w0ZHFH+CTCxUe1PWRj+015jFwWPBk6F0ui8SgCO0z4RxzjI0
FZNS/2/VYJ6ti9/V6c84Y4dfqlpnft7/Q3ZvX6WupUWbAqVay8lwSSP4irPb4P3m
D+aesKSPI6/FeS775JOplTAPH2SnQt1zJu8uGBpfb/spyuNjQlvgugClYNF2vN3u
EIxXaJw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:28 2024 by rpki-client on console-fra.rpki-client.org