Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/9FMNFQgBlwP3kReZKleBNvy1A2o.roa
File:                     9FMNFQgBlwP3kReZKleBNvy1A2o.roa (raw, json)
Hash identifier:          wVPUH5LhGRXuCsyAG4U18qmPIhTlTyrJfbEpyGaNKRs=
Subject key identifier:   F4:53:0D:15:08:01:97:03:F7:91:17:99:2A:57:81:36:FC:B5:03:6A
Certificate issuer:       /CN=3cd37ec23719b2f142f46e6f3317664034adf598
Certificate serial:       0186D251131A96D3C5770B62716BA412E862
Authority key identifier: 3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/9FMNFQgBlwP3kReZKleBNvy1A2o.roa
Signing time:             Sat 11 Mar 2023 20:16:13 +0000
ROA not before:           Sat 11 Mar 2023 20:16:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48147
IP address blocks:        185.83.181.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d2:51:13:1a:96:d3:c5:77:0b:62:71:6b:a4:12:e8:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cd37ec23719b2f142f46e6f3317664034adf598
        Validity
            Not Before: Mar 11 20:16:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f4530d1508019703f79117992a578136fcb5036a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d4:1b:cd:b5:42:90:0e:1d:83:96:69:12:06:
                    c8:c0:05:0d:e2:51:93:73:ea:a1:9f:ba:84:4e:9e:
                    6a:e1:98:ec:51:fb:20:56:54:18:5d:8f:3b:e4:95:
                    c6:b0:d9:14:02:ca:de:95:45:21:67:f0:65:36:81:
                    20:c9:56:b7:9d:80:6c:bf:a4:80:77:b5:d3:f6:fe:
                    8c:60:cb:65:db:3e:33:d3:da:0a:50:2e:13:ee:50:
                    81:8f:46:7a:02:91:64:22:7c:52:29:ce:a0:38:7f:
                    6d:79:54:a2:de:55:70:3d:f5:33:5c:1a:e0:0a:9d:
                    80:50:b0:50:7f:5e:0b:93:12:3a:f4:cf:ea:e6:d7:
                    65:dc:3d:a4:65:4e:ec:fe:91:fb:0c:71:04:64:6a:
                    e8:64:ef:76:3e:7c:ba:81:ce:68:08:71:e9:00:1f:
                    f2:d1:32:f6:a7:f7:a9:d3:18:15:bd:65:31:b5:26:
                    ff:28:6a:96:17:ad:73:c9:e4:7b:28:a4:94:e3:6c:
                    a7:c4:fa:14:a6:ce:de:02:1b:d6:d4:62:68:27:fe:
                    13:7d:6d:99:13:99:4e:8a:94:92:fb:0c:19:fb:d1:
                    ac:fa:62:96:96:be:90:2f:35:fb:52:b6:a0:b6:70:
                    0d:db:81:1f:f3:b9:6e:56:42:e9:13:02:3f:e1:3e:
                    ff:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:53:0D:15:08:01:97:03:F7:91:17:99:2A:57:81:36:FC:B5:03:6A
            X509v3 Authority Key Identifier:
                keyid:3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/9FMNFQgBlwP3kReZKleBNvy1A2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:db:20:6a:37:bc:5f:56:f4:d0:02:e7:50:e7:6f:53:b6:41:
         f2:c0:49:d0:b6:42:87:cc:79:00:9a:84:58:09:68:c2:14:97:
         58:38:5e:07:15:35:7f:39:63:ea:2d:a4:98:4b:39:24:12:87:
         d2:73:7e:4b:9c:28:bb:0a:30:17:8e:7b:ce:29:05:60:f9:56:
         0d:15:44:6d:78:83:b0:a5:57:c0:81:67:7b:45:11:9c:9c:fa:
         35:77:90:13:83:73:29:fa:bf:35:fd:00:08:92:ac:fa:f1:71:
         5c:27:35:c6:82:2b:b5:88:68:89:ad:f5:cc:b1:e7:cf:b0:73:
         05:21:93:59:53:cb:b3:02:43:70:68:ea:aa:73:68:3b:e1:eb:
         a4:d4:d0:28:9e:aa:1c:ad:fa:94:75:27:71:db:ac:28:2e:4c:
         79:ca:72:57:45:ae:aa:51:57:a9:71:70:f7:09:64:7f:e5:39:
         61:79:58:07:34:d3:ea:56:81:c8:eb:50:86:0f:36:32:ba:b6:
         e7:95:67:94:2e:9b:de:41:69:1b:46:af:a4:df:9d:6e:96:12:
         a4:10:df:11:9b:aa:20:df:ae:3a:e5:ea:c5:f5:7f:25:32:af:
         c9:19:3d:40:93:ef:54:6b:4e:95:ac:44:4a:69:2d:0e:25:93:
         72:ff:be:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYbSURMaltPFdwticWukEuhiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZDM3ZWMyMzcxOWIyZjE0MmY0NmU2ZjMzMTc2NjQwMzRh
ZGY1OTgwHhcNMjMwMzExMjAxNjEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDUzMGQxNTA4MDE5NzAzZjc5MTE3OTkyYTU3ODEzNmZjYjUwMzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9QbzbVCkA4dg5ZpEgbIwAUN4lGT
c+qhn7qETp5q4ZjsUfsgVlQYXY875JXGsNkUAsrelUUhZ/BlNoEgyVa3nYBsv6SA
d7XT9v6MYMtl2z4z09oKUC4T7lCBj0Z6ApFkInxSKc6gOH9teVSi3lVwPfUzXBrg
Cp2AULBQf14LkxI69M/q5tdl3D2kZU7s/pH7DHEEZGroZO92Pny6gc5oCHHpAB/y
0TL2p/ep0xgVvWUxtSb/KGqWF61zyeR7KKSU42ynxPoUps7eAhvW1GJoJ/4TfW2Z
E5lOipSS+wwZ+9Gs+mKWlr6QLzX7UragtnAN24Ef87luVkLpEwI/4T7/0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRTDRUIAZcD95EXmSpXgTb8tQNqMB8GA1UdIwQY
MBaAFDzTfsI3GbLxQvRubzMXZkA0rfWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYt
YTkzODhmMzFiNDdlLzEvOUZNTkZRZ0Jsd1Aza1JlWktsZUJOdnkxQTJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYtYTkzODhmMzFiNDdl
LzEvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVO1MA0G
CSqGSIb3DQEBCwUAA4IBAQBf2yBqN7xfVvTQAudQ529TtkHywEnQtkKHzHkAmoRY
CWjCFJdYOF4HFTV/OWPqLaSYSzkkEofSc35LnCi7CjAXjnvOKQVg+VYNFURteIOw
pVfAgWd7RRGcnPo1d5ATg3Mp+r81/QAIkqz68XFcJzXGgiu1iGiJrfXMsefPsHMF
IZNZU8uzAkNwaOqqc2g74euk1NAonqocrfqUdSdx26woLkx5ynJXRa6qUVepcXD3
CWR/5TlheVgHNNPqVoHI61CGDzYyurbnlWeULpveQWkbRq+k351ulhKkEN8Rm6og
36465erF9X8lMq/JGT1Ak+9Ua06VrERKaS0OJZNy/77f
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:35 2024 by rpki-client on console-ams.rpki-client.org