Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/ujIGh_CrQUV-T5qOeLJx88GjGOU.roa
File:                     ujIGh_CrQUV-T5qOeLJx88GjGOU.roa (raw, json)
Hash identifier:          Vx8a+MiF1/VaumWL9qrw1T96YiwgPTnHVxsTrD/YU4M=
Subject key identifier:   BA:32:06:87:F0:AB:41:45:7E:4F:9A:8E:78:B2:71:F3:C1:A3:18:E5
Certificate issuer:       /CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Certificate serial:       3802B1C2
Authority key identifier: E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/ujIGh_CrQUV-T5qOeLJx88GjGOU.roa
Signing time:             Sat 01 Jan 2022 11:02:19 +0000
ROA not before:           Sat 01 Jan 2022 11:02:19 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     30823
IP address blocks:        87.251.25.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 939700674 (0x3802b1c2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e501815c6f98f3a2b6184afebf18ea341be882ea
        Validity
            Not Before: Jan  1 11:02:19 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ba320687f0ab41457e4f9a8e78b271f3c1a318e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:c4:42:4b:8e:b7:20:ff:76:10:ac:8e:5e:88:
                    33:73:b9:c9:43:c6:90:9a:16:e8:73:e2:a6:6c:9d:
                    6c:a4:29:be:c2:cb:80:4e:69:08:48:00:ac:a1:9f:
                    41:b5:f0:54:f9:40:5b:e8:e2:60:1f:0f:56:7a:1d:
                    ae:f8:c7:92:98:3e:d8:62:ed:6f:00:7f:a7:17:64:
                    35:37:a9:60:9b:dd:1a:e9:d1:98:09:7e:db:6b:50:
                    1b:2f:b3:08:a9:7b:a9:5a:c1:22:f7:4c:21:d8:70:
                    f5:b1:00:90:ef:bd:2a:48:20:e6:a3:57:92:9b:c7:
                    c6:58:74:b4:64:ad:27:e6:31:c2:43:98:5f:76:a6:
                    98:3d:84:00:6d:d9:c0:2a:7e:29:0a:83:3a:af:c6:
                    6d:ad:df:b7:3d:eb:d0:1f:a7:c6:3d:f7:e1:d1:99:
                    44:49:6f:e0:cc:9e:1c:59:ab:0c:55:9e:83:ac:08:
                    16:34:b7:f9:a6:e9:55:97:d4:73:da:f9:06:e5:7b:
                    8e:de:74:1d:03:24:73:bf:a0:35:75:7b:d0:4f:66:
                    49:7a:c3:d6:e9:f7:e8:a5:bc:4e:d5:ac:fe:e2:ea:
                    02:fe:5b:cd:ad:17:c6:7d:ed:13:03:b9:2d:0c:ae:
                    2f:bd:b1:4e:3c:91:c6:5a:ac:5d:f9:f1:65:56:e9:
                    d9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:32:06:87:F0:AB:41:45:7E:4F:9A:8E:78:B2:71:F3:C1:A3:18:E5
            X509v3 Authority Key Identifier:
                keyid:E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/ujIGh_CrQUV-T5qOeLJx88GjGOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:11:4f:19:37:a1:f4:2c:01:41:08:19:8f:7c:75:85:19:a9:
         b3:a6:5b:12:25:27:da:3b:08:b7:90:ef:02:54:fc:cc:c3:30:
         b7:d1:41:36:fa:8b:dd:45:57:f0:57:7d:46:3a:99:59:79:43:
         9a:62:ad:90:2d:d9:08:7a:44:27:a7:ac:01:9f:e2:60:e4:e2:
         c5:30:64:a6:11:5f:d2:05:59:0b:e4:d9:c3:50:ec:78:d5:d1:
         4c:fe:a2:01:93:35:c8:7c:33:ba:d6:93:6e:27:47:d3:57:ac:
         75:e1:ed:40:67:94:74:f9:cf:e1:5a:86:b7:49:a6:e7:56:f7:
         50:9e:9d:36:0a:81:13:9f:26:5c:40:fd:66:16:4a:29:6a:ed:
         92:03:12:9b:3d:4b:70:0a:10:81:a8:f0:27:14:63:8a:1f:38:
         c9:55:fb:2a:38:88:04:95:b0:4c:a6:ca:02:c3:8f:a0:c2:34:
         83:7f:30:97:ec:26:9e:94:cd:a5:e0:2e:47:9b:3c:d7:1b:53:
         ff:87:ec:3e:4a:16:fc:4f:6f:38:3e:01:d0:e5:34:78:e3:18:
         cc:eb:a6:90:35:67:44:6b:01:48:1e:63:fd:e7:5e:77:f2:27:
         4e:bf:57:27:5c:4b:dc:7a:49:c9:8a:ef:ee:2c:2e:83:55:fe:
         9c:4a:7d:0a
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEOAKxwjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
NTAxODE1YzZmOThmM2EyYjYxODRhZmViZjE4ZWEzNDFiZTg4MmVhMB4XDTIyMDEw
MTExMDIxOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmEzMjA2ODdmMGFi
NDE0NTdlNGY5YThlNzhiMjcxZjNjMWEzMThlNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOLEQkuOtyD/dhCsjl6IM3O5yUPGkJoW6HPipmydbKQpvsLL
gE5pCEgArKGfQbXwVPlAW+jiYB8PVnodrvjHkpg+2GLtbwB/pxdkNTepYJvdGunR
mAl+22tQGy+zCKl7qVrBIvdMIdhw9bEAkO+9Kkgg5qNXkpvHxlh0tGStJ+YxwkOY
X3ammD2EAG3ZwCp+KQqDOq/Gba3ftz3r0B+nxj334dGZRElv4MyeHFmrDFWeg6wI
FjS3+abpVZfUc9r5BuV7jt50HQMkc7+gNXV70E9mSXrD1un36KW8TtWs/uLqAv5b
za0Xxn3tEwO5LQyuL72xTjyRxlqsXfnxZVbp2d0CAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBS6MgaH8KtBRX5Pmo54snHzwaMY5TAfBgNVHSMEGDAWgBTlAYFcb5jzorYY
Sv6/GOo0G+iC6jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzVRR0JYRy1ZODZLMkdFci12eGpxTkJ2b2d1by5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWMvNWIwMjIyLWVkNjQtNGY1NS1iNDViLTAwNTlmNzM3ZWYwNS8x
L3VqSUdoX0NyUVVWLVQ1cU9lTEp4ODhHakdPVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWMv
NWIwMjIyLWVkNjQtNGY1NS1iNDViLTAwNTlmNzM3ZWYwNS8xLzVRR0JYRy1ZODZL
MkdFci12eGpxTkJ2b2d1by5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFf7GTANBgkqhkiG9w0BAQsFAAOC
AQEAMRFPGTeh9CwBQQgZj3x1hRmps6ZbEiUn2jsIt5DvAlT8zMMwt9FBNvqL3UVX
8Fd9RjqZWXlDmmKtkC3ZCHpEJ6esAZ/iYOTixTBkphFf0gVZC+TZw1DseNXRTP6i
AZM1yHwzutaTbidH01esdeHtQGeUdPnP4VqGt0mm51b3UJ6dNgqBE58mXED9ZhZK
KWrtkgMSmz1LcAoQgajwJxRjih84yVX7KjiIBJWwTKbKAsOPoMI0g38wl+wmnpTN
peAuR5s81xtT/4fsPkoW/E9vOD4B0OU0eOMYzOumkDVnRGsBSB5j/eded/InTr9X
J1xL3HpJyYrv7iwug1X+nEp9Cg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:59 2024 by rpki-client on console-ams.rpki-client.org