Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/7hkgNs2DqnxQnUJfD8fHUOMG1A8.roa
File:                     7hkgNs2DqnxQnUJfD8fHUOMG1A8.roa (raw, json)
Hash identifier:          Srn6E4/zk2gY9c/wPl2JEiYAhCcewmtOB/2bZJOQmy4=
Subject key identifier:   EE:19:20:36:CD:83:AA:7C:50:9D:42:5F:0F:C7:C7:50:E3:06:D4:0F
Certificate issuer:       /CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Certificate serial:       018CC9BA704324BCC2048936CE19ADF231A6
Authority key identifier: E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/7hkgNs2DqnxQnUJfD8fHUOMG1A8.roa
Signing time:             Tue 02 Jan 2024 10:31:28 +0000
ROA not before:           Tue 02 Jan 2024 10:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        87.251.0.0/23 maxlen: 23
                          87.251.2.0/24 maxlen: 24
                          87.251.4.0/23 maxlen: 23
                          87.251.10.0/23 maxlen: 23
                          87.251.7.0/24 maxlen: 24
                          87.251.8.0/23 maxlen: 23
                          87.251.17.0/24 maxlen: 24
                          87.251.20.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:70:43:24:bc:c2:04:89:36:ce:19:ad:f2:31:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e501815c6f98f3a2b6184afebf18ea341be882ea
        Validity
            Not Before: Jan  2 10:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee192036cd83aa7c509d425f0fc7c750e306d40f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:33:01:a8:59:e7:20:4c:a1:9e:4a:03:e2:79:
                    96:b7:8e:3e:0b:40:31:ce:9a:ae:e3:df:c7:29:a0:
                    88:73:2f:c5:6f:11:11:ed:0f:c2:66:fa:1b:92:5c:
                    01:61:84:a4:8c:43:e7:0c:8c:d1:a1:39:1b:05:9d:
                    a1:07:0c:34:d9:76:32:64:72:13:74:a0:41:76:7a:
                    84:81:76:df:60:48:c6:81:ce:78:2e:fb:49:50:90:
                    eb:1a:14:e7:07:34:b0:db:4e:6a:4e:61:df:9c:ad:
                    8c:05:78:a3:94:5e:a2:5b:83:9e:57:9f:6a:fd:c1:
                    8d:eb:85:2a:c1:c8:3f:3b:02:b4:2e:cb:a3:a0:8d:
                    9d:3d:15:2d:11:09:12:61:85:c6:ca:79:33:1d:c1:
                    bb:e0:36:3d:4c:28:bc:be:54:13:dd:82:52:22:53:
                    cc:0b:97:58:1e:27:fb:0d:21:3f:59:0c:bf:8d:0e:
                    f9:8c:e3:30:0a:08:db:5e:20:5b:e3:34:7a:ef:1a:
                    ab:4d:95:8c:f9:d2:9b:90:ef:27:50:52:40:c8:d7:
                    de:80:47:55:d9:cc:5d:17:46:0f:ee:c7:c4:8e:bd:
                    c9:88:6f:cb:76:40:2a:57:cf:3c:c3:15:83:c9:83:
                    84:e0:14:a4:17:40:f4:51:16:91:dd:eb:61:05:b5:
                    33:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:19:20:36:CD:83:AA:7C:50:9D:42:5F:0F:C7:C7:50:E3:06:D4:0F
            X509v3 Authority Key Identifier:
                keyid:E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/7hkgNs2DqnxQnUJfD8fHUOMG1A8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.0.0-87.251.2.255
                  87.251.4.0/23
                  87.251.7.0-87.251.11.255
                  87.251.17.0/24
                  87.251.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:6a:ac:26:d3:a7:d1:d1:d6:57:66:7f:c0:2c:ca:65:4c:76:
         c4:44:e5:8d:f0:11:ee:89:b8:7f:32:86:7e:ab:f2:bd:9a:3a:
         1a:71:22:d2:4b:ac:1d:da:6d:3a:d3:55:4b:cf:0e:a0:5b:00:
         42:78:de:1c:12:25:21:00:63:e2:77:99:cd:64:c6:aa:b3:d6:
         66:40:83:0f:4e:63:f6:f8:e3:8f:8d:e2:9e:89:8a:c9:ee:d1:
         c1:31:68:d9:19:2a:9c:6b:76:f7:06:94:4e:bb:f5:2e:be:e9:
         50:d2:38:70:cb:bc:b8:2c:9e:76:5a:23:d8:e7:97:e9:a2:7d:
         38:6e:0c:36:11:88:90:cf:d0:7c:78:39:84:e2:21:25:5a:d5:
         6f:1d:c8:71:15:f7:73:34:66:79:34:4b:16:41:3e:55:e0:f6:
         5d:76:36:a8:28:e7:ba:f9:0a:3e:5b:93:d1:cd:5d:50:5b:7f:
         09:03:cf:fb:18:41:4a:f4:1f:00:e8:e6:79:4c:3a:87:eb:4e:
         e5:56:f0:a9:1e:dd:13:b1:56:64:64:4b:d2:be:58:42:7b:0c:
         c1:f0:42:d0:ec:1f:3a:f3:a0:40:62:5a:29:d5:8b:57:0c:fe:
         39:84:67:3d:a0:08:85:ea:3c:06:96:47:67:17:30:4d:85:9d:
         27:bd:93:3a
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzJunBDJLzCBIk2zhmt8jGmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MDE4MTVjNmY5OGYzYTJiNjE4NGFmZWJmMThlYTM0MWJl
ODgyZWEwHhcNMjQwMTAyMTAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTE5MjAzNmNkODNhYTdjNTA5ZDQyNWYwZmM3Yzc1MGUzMDZkNDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDMBqFnnIEyhnkoD4nmWt44+C0Ax
zpqu49/HKaCIcy/FbxER7Q/CZvobklwBYYSkjEPnDIzRoTkbBZ2hBww02XYyZHIT
dKBBdnqEgXbfYEjGgc54LvtJUJDrGhTnBzSw205qTmHfnK2MBXijlF6iW4OeV59q
/cGN64Uqwcg/OwK0LsujoI2dPRUtEQkSYYXGynkzHcG74DY9TCi8vlQT3YJSIlPM
C5dYHif7DSE/WQy/jQ75jOMwCgjbXiBb4zR67xqrTZWM+dKbkO8nUFJAyNfegEdV
2cxdF0YP7sfEjr3JiG/LdkAqV888wxWDyYOE4BSkF0D0URaR3ethBbUzNwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFO4ZIDbNg6p8UJ1CXw/Hx1DjBtQPMB8GA1UdIwQY
MBaAFOUBgVxvmPOithhK/r8Y6jQb6ILqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWIt
MDA1OWY3MzdlZjA1LzEvN2hrZ05zMkRxbnhRblVKZkQ4ZkhVT01HMUE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWItMDA1OWY3MzdlZjA1
LzEvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAzBAIAATAtMAsDAwBX+wME
AFf7AgMEAVf7BDAMAwQAV/sHAwQCV/sIAwQAV/sRAwQCV/sUMA0GCSqGSIb3DQEB
CwUAA4IBAQAqaqwm06fR0dZXZn/ALMplTHbEROWN8BHuibh/MoZ+q/K9mjoacSLS
S6wd2m0601VLzw6gWwBCeN4cEiUhAGPid5nNZMaqs9ZmQIMPTmP2+OOPjeKeiYrJ
7tHBMWjZGSqca3b3BpROu/UuvulQ0jhwy7y4LJ52WiPY55fpon04bgw2EYiQz9B8
eDmE4iElWtVvHchxFfdzNGZ5NEsWQT5V4PZddjaoKOe6+Qo+W5PRzV1QW38JA8/7
GEFK9B8A6OZ5TDqH607lVvCpHt0TsVZkZEvSvlhCewzB8ELQ7B8686BAYlop1YtX
DP45hGc9oAiF6jwGlkdnFzBNhZ0nvZM6
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:59 2024 by rpki-client on console-ams.rpki-client.org