Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/_e89UcfxAsI5s4Dg2fWBSWvy2CI.roa
File:                     _e89UcfxAsI5s4Dg2fWBSWvy2CI.roa (raw, json)
Hash identifier:          c1i0Irw7kSLVHQhPuYNIJpAXafwAm2/v//qNnbF6o+s=
Subject key identifier:   FD:EF:3D:51:C7:F1:02:C2:39:B3:80:E0:D9:F5:81:49:6B:F2:D8:22
Certificate issuer:       /CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Certificate serial:       0185729ED7071CA51E7FA62A0A94A69EECC5
Authority key identifier: E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/_e89UcfxAsI5s4Dg2fWBSWvy2CI.roa
Signing time:             Mon 02 Jan 2023 13:14:50 +0000
ROA not before:           Mon 02 Jan 2023 13:14:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        185.96.168.0/23 maxlen: 24
                          87.251.0.0/20 maxlen: 24
                          87.251.16.0/22 maxlen: 24
                          87.251.24.0/22 maxlen: 24
                          185.203.35.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:9e:d7:07:1c:a5:1e:7f:a6:2a:0a:94:a6:9e:ec:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e501815c6f98f3a2b6184afebf18ea341be882ea
        Validity
            Not Before: Jan  2 13:14:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fdef3d51c7f102c239b380e0d9f581496bf2d822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:70:cf:94:da:1c:22:7d:4a:31:fe:6c:5b:c8:
                    23:81:c8:22:29:b9:bc:af:5f:83:57:51:e5:25:04:
                    d6:e0:fe:fa:45:87:5e:04:e9:59:5b:9c:ef:5b:2b:
                    2c:96:a6:9d:c0:84:a6:3d:d7:ac:b1:47:1c:54:5b:
                    02:fb:22:4c:4c:e4:b2:08:6b:a1:ab:14:ff:41:1b:
                    7c:f0:65:ca:95:ae:54:4e:ba:4f:a7:d5:1d:03:43:
                    06:57:2c:30:e4:fd:c4:0c:5a:60:23:ba:55:51:84:
                    4b:09:c1:37:a8:13:7a:de:8e:fa:93:dc:5b:70:74:
                    f6:78:3c:30:91:fa:fa:a7:4d:86:4f:56:9a:40:b8:
                    6e:f5:60:d9:2b:6a:22:7a:cf:4d:98:16:c8:09:95:
                    4b:c0:18:bf:ed:ae:b7:c9:21:f0:33:12:f8:2c:df:
                    ca:d0:6b:10:83:3f:77:91:39:ee:30:ca:4f:df:b7:
                    52:8c:26:27:f9:29:a9:54:78:e9:d0:00:62:fb:cb:
                    ed:be:58:4a:bf:d3:4a:c9:63:44:79:f6:d5:5a:98:
                    dc:72:2b:07:52:55:aa:4f:aa:3f:3f:f6:1f:f7:99:
                    93:df:18:84:62:59:d9:af:0a:f7:aa:67:6a:f9:99:
                    7d:52:f9:29:81:fe:3a:98:4d:83:4b:dc:38:70:68:
                    57:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:EF:3D:51:C7:F1:02:C2:39:B3:80:E0:D9:F5:81:49:6B:F2:D8:22
            X509v3 Authority Key Identifier:
                keyid:E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/_e89UcfxAsI5s4Dg2fWBSWvy2CI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.0.0-87.251.19.255
                  87.251.24.0/22
                  185.96.168.0/23
                  185.203.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:01:68:1e:ed:7f:bf:ef:a8:58:56:a3:02:d3:7f:1c:e1:53:
         3b:7b:b1:16:0a:8c:ee:98:14:cb:4d:9b:57:0e:69:65:5d:af:
         6d:85:d8:dd:e3:d6:23:c7:12:56:4e:62:5f:a5:73:89:45:60:
         fc:f9:40:32:d0:ec:92:58:85:ca:a4:f8:77:e0:d7:f2:4a:6f:
         98:b3:5e:00:3f:f5:fa:de:87:67:3d:76:18:d6:81:8f:7d:21:
         19:2c:ea:7b:ec:54:77:68:72:82:bd:6f:cd:2a:9d:ca:f9:d7:
         e1:7e:4d:93:85:2e:c3:32:d3:2f:bb:e1:5e:d9:72:ce:c5:09:
         2a:49:9a:1a:c8:da:e0:83:f8:31:be:b1:fa:c8:01:aa:11:0d:
         ac:99:14:b1:68:85:32:1d:19:1b:92:ce:08:a1:be:23:cb:f7:
         33:6c:0b:bb:2b:15:33:71:ad:4e:ba:0f:35:dd:3d:d9:d4:64:
         5a:4f:67:7b:48:ff:93:03:bf:7b:41:c1:b3:64:c0:bf:3e:d0:
         1e:13:1c:1e:8b:3a:f5:64:09:19:3d:8e:30:79:e5:63:a8:5f:
         ae:bd:fd:a6:fb:75:9a:56:03:c5:b1:8b:59:27:d1:ad:4f:a2:
         81:fe:84:68:64:69:28:7c:13:dd:a1:34:24:c6:0c:e9:5a:34:
         7a:d0:ed:6a
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYVyntcHHKUef6YqCpSmnuzFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MDE4MTVjNmY5OGYzYTJiNjE4NGFmZWJmMThlYTM0MWJl
ODgyZWEwHhcNMjMwMTAyMTMxNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGVmM2Q1MWM3ZjEwMmMyMzliMzgwZTBkOWY1ODE0OTZiZjJkODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3DPlNocIn1KMf5sW8gjgcgiKbm8
r1+DV1HlJQTW4P76RYdeBOlZW5zvWysslqadwISmPdessUccVFsC+yJMTOSyCGuh
qxT/QRt88GXKla5UTrpPp9UdA0MGVyww5P3EDFpgI7pVUYRLCcE3qBN63o76k9xb
cHT2eDwwkfr6p02GT1aaQLhu9WDZK2oies9NmBbICZVLwBi/7a63ySHwMxL4LN/K
0GsQgz93kTnuMMpP37dSjCYn+SmpVHjp0ABi+8vtvlhKv9NKyWNEefbVWpjccisH
UlWqT6o/P/Yf95mT3xiEYlnZrwr3qmdq+Zl9Uvkpgf46mE2DS9w4cGhXJwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFP3vPVHH8QLCObOA4Nn1gUlr8tgiMB8GA1UdIwQY
MBaAFOUBgVxvmPOithhK/r8Y6jQb6ILqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWIt
MDA1OWY3MzdlZjA1LzEvX2U4OVVjZnhBc0k1czREZzJmV0JTV3Z5MkNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWItMDA1OWY3MzdlZjA1
LzEvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAlBAIAATAfMAsDAwBX+wME
Alf7EAMEAlf7GAMEAblgqAMEALnLIzANBgkqhkiG9w0BAQsFAAOCAQEAtwFoHu1/
v++oWFajAtN/HOFTO3uxFgqM7pgUy02bVw5pZV2vbYXY3ePWI8cSVk5iX6VziUVg
/PlAMtDskliFyqT4d+DX8kpvmLNeAD/1+t6HZz12GNaBj30hGSzqe+xUd2hygr1v
zSqdyvnX4X5Nk4UuwzLTL7vhXtlyzsUJKkmaGsja4IP4Mb6x+sgBqhENrJkUsWiF
Mh0ZG5LOCKG+I8v3M2wLuysVM3GtTroPNd092dRkWk9ne0j/kwO/e0HBs2TAvz7Q
HhMcHos69WQJGT2OMHnlY6hfrr39pvt1mlYDxbGLWSfRrU+igf6EaGRpKHwT3aE0
JMYM6Vo0etDtag==
-----END CERTIFICATE-----
Generated at Wed Aug 2 10:59:40 2023 by rpki-client on console-ams.rpki-client.org