Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Vr7LldKVcemqTMQZV8pvAQKsHw0.roa
File:                     Vr7LldKVcemqTMQZV8pvAQKsHw0.roa (raw, json)
Hash identifier:          5vSjdGrXRKek9YdHXv6b7XDqQjlGTf/1Eq7dNHdo5b4=
Subject key identifier:   56:BE:CB:95:D2:95:71:E9:AA:4C:C4:19:57:CA:6F:01:02:AC:1F:0D
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01842C7A6DB7D55DD61E0F214B2028BCFDF8
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Vr7LldKVcemqTMQZV8pvAQKsHw0.roa
Signing time:             Mon 31 Oct 2022 05:18:51 +0000
ROA not before:           Mon 31 Oct 2022 05:18:51 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     209813
IP address blocks:        185.238.152.0/24 maxlen: 24
                          46.161.31.0/24 maxlen: 24
                          5.8.66.0/24 maxlen: 24
                          5.8.67.0/24 maxlen: 24
                          185.238.153.0/24 maxlen: 24
                          185.238.155.0/24 maxlen: 24
                          185.238.154.0/24 maxlen: 24
                          5.188.50.0/24 maxlen: 24
                          5.188.194.0/24 maxlen: 24
                          5.188.195.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:2c:7a:6d:b7:d5:5d:d6:1e:0f:21:4b:20:28:bc:fd:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Oct 31 05:18:51 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=56becb95d29571e9aa4cc41957ca6f0102ac1f0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:58:d3:37:08:83:6b:7d:34:8d:02:88:b2:89:
                    74:34:69:6b:d4:1f:46:5b:72:91:f6:f6:a1:04:ba:
                    d1:e3:b4:93:95:f1:2d:54:be:0c:e0:91:44:fb:9e:
                    e8:7c:44:63:37:19:f0:e5:1e:20:dc:b6:12:97:64:
                    b5:bb:b8:4b:0d:fe:b3:94:54:99:8f:81:49:65:cc:
                    e4:3b:a8:99:51:5a:50:9f:d4:f1:c8:7a:9f:52:5d:
                    14:eb:77:9d:4a:d6:ce:6e:ed:0e:42:97:88:e8:7b:
                    d6:7c:4b:c9:32:99:56:ef:48:59:91:72:56:a0:d5:
                    3b:2d:88:81:81:97:46:d8:93:44:13:bd:d9:21:72:
                    ed:7a:a6:09:a8:89:9a:03:b6:39:a0:06:6b:3f:e0:
                    23:d3:ad:c8:72:d8:21:14:77:bb:7c:10:d1:9b:70:
                    b5:94:31:5d:74:6a:c6:e2:e1:05:5e:a9:1b:9e:09:
                    86:be:df:38:9f:00:31:0b:57:3e:6a:0d:9d:2d:12:
                    c1:f6:f9:8b:22:d5:b2:e1:29:14:f6:1a:9a:7a:58:
                    31:5c:74:b7:ce:90:16:54:9c:16:b0:af:d2:20:8b:
                    e1:90:a0:38:eb:71:f1:d7:53:7b:53:d8:b4:f4:c4:
                    6a:14:f3:64:b9:ca:1b:17:5e:c3:53:be:f1:f0:6b:
                    03:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:BE:CB:95:D2:95:71:E9:AA:4C:C4:19:57:CA:6F:01:02:AC:1F:0D
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Vr7LldKVcemqTMQZV8pvAQKsHw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.66.0/23
                  5.188.50.0/24
                  5.188.194.0/23
                  46.161.31.0/24
                  185.238.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:02:29:e4:73:b6:0c:6e:4a:6d:a4:7d:5b:41:fb:8c:c5:fc:
         d9:05:cd:9a:ee:cd:31:58:c4:12:b5:e0:0b:20:19:a5:04:62:
         f7:dc:d2:89:fc:19:0b:41:58:7e:9b:84:de:aa:5d:47:15:ac:
         c5:cd:52:77:51:b3:5e:4b:c9:7d:85:da:b5:8d:9d:1b:fe:df:
         86:25:76:3d:37:64:44:89:7d:54:77:2f:ce:23:0b:62:8d:7c:
         9b:49:2d:06:61:88:05:15:ab:e6:41:70:ad:da:d9:c3:18:8a:
         48:36:5f:c3:94:97:89:2b:bf:ad:0e:be:a2:d3:1d:9b:68:98:
         42:69:c7:30:cc:8d:be:ee:4a:21:fe:f0:04:e6:82:92:81:f3:
         6a:43:59:dc:b6:99:30:85:55:51:9d:4e:53:97:be:05:2c:6e:
         cc:ab:cf:3c:61:f2:e8:df:7a:99:f3:b3:e7:c1:b3:28:f3:ca:
         6b:09:10:a9:64:25:5e:9f:c4:53:0c:65:da:56:b7:71:cb:6d:
         a9:fe:e0:82:20:06:17:cf:ea:ca:9b:b2:6d:1c:c0:a2:41:60:
         37:90:7d:9f:da:cc:e4:c9:32:1e:df:e9:93:3a:a0:c8:c9:56:
         0e:a0:85:8f:02:64:98:a2:14:a4:14:8e:0a:f8:26:d5:fe:68:
         ef:c8:b3:7b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYQsem231V3WHg8hSyAovP34MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjIxMDMxMDUxODUxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmJlY2I5NWQyOTU3MWU5YWE0Y2M0MTk1N2NhNmYwMTAyYWMxZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlljTNwiDa300jQKIsol0NGlr1B9G
W3KR9vahBLrR47STlfEtVL4M4JFE+57ofERjNxnw5R4g3LYSl2S1u7hLDf6zlFSZ
j4FJZczkO6iZUVpQn9TxyHqfUl0U63edStbObu0OQpeI6HvWfEvJMplW70hZkXJW
oNU7LYiBgZdG2JNEE73ZIXLteqYJqImaA7Y5oAZrP+Aj063IctghFHe7fBDRm3C1
lDFddGrG4uEFXqkbngmGvt84nwAxC1c+ag2dLRLB9vmLItWy4SkU9hqaelgxXHS3
zpAWVJwWsK/SIIvhkKA463Hx11N7U9i09MRqFPNkucobF17DU77x8GsDvwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFFa+y5XSlXHpqkzEGVfKbwECrB8NMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvVnI3TGxkS1ZjZW1xVE1RWlY4cHZBUUtzSHcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBBQhCAwQA
BbwyAwQBBbzCAwQALqEfAwQCue6YMA0GCSqGSIb3DQEBCwUAA4IBAQA9Ainkc7YM
bkptpH1bQfuMxfzZBc2a7s0xWMQSteALIBmlBGL33NKJ/BkLQVh+m4Teql1HFazF
zVJ3UbNeS8l9hdq1jZ0b/t+GJXY9N2REiX1Udy/OIwtijXybSS0GYYgFFavmQXCt
2tnDGIpINl/DlJeJK7+tDr6i0x2baJhCaccwzI2+7koh/vAE5oKSgfNqQ1nctpkw
hVVRnU5Tl74FLG7Mq888YfLo33qZ87PnwbMo88prCRCpZCVen8RTDGXaVrdxy22p
/uCCIAYXz+rKm7JtHMCiQWA3kH2f2szkyTIe3+mTOqDIyVYOoIWPAmSYohSkFI4K
+CbV/mjvyLN7
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:29 2024 by rpki-client on console-fra.rpki-client.org