Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/373bcf-79d6-4863-9bf0-d8c964591afa/1/S6aB8iYJbH5fdCx45TDuPKj0_JM.roa
File:                     S6aB8iYJbH5fdCx45TDuPKj0_JM.roa (raw, json)
Hash identifier:          mkfiCiWVmH+EgHgL2MUHzS+nci4fjJWFTnbBnke1yoo=
Subject key identifier:   4B:A6:81:F2:26:09:6C:7E:5F:74:2C:78:E5:30:EE:3C:A8:F4:FC:93
Certificate issuer:       /CN=7c46a3cad80965af86cbb0083dfb40ab2ff1bacf
Certificate serial:       01856E2FA2DAD2CDAF960A2E4AABFA4CC2C7
Authority key identifier: 7C:46:A3:CA:D8:09:65:AF:86:CB:B0:08:3D:FB:40:AB:2F:F1:BA:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fEajytgJZa-Gy7AIPftAqy_xus8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/373bcf-79d6-4863-9bf0-d8c964591afa/1/S6aB8iYJbH5fdCx45TDuPKj0_JM.roa
Signing time:             Sun 01 Jan 2023 16:34:53 +0000
ROA not before:           Sun 01 Jan 2023 16:34:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60949
IP address blocks:        130.185.160.0/21 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:2f:a2:da:d2:cd:af:96:0a:2e:4a:ab:fa:4c:c2:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c46a3cad80965af86cbb0083dfb40ab2ff1bacf
        Validity
            Not Before: Jan  1 16:34:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4ba681f226096c7e5f742c78e530ee3ca8f4fc93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:43:a4:23:2c:ae:08:69:08:48:a5:46:ca:d6:
                    49:98:88:70:f3:67:86:7d:f5:ad:43:be:d8:d8:c6:
                    50:02:3f:8d:4a:0c:57:56:bd:88:05:7c:34:d8:72:
                    63:08:10:9d:45:ec:e3:78:49:e5:40:53:22:c6:a7:
                    c7:2a:c0:2d:a0:2a:f5:d3:9b:99:04:ac:c0:a4:d5:
                    0c:e1:8b:f8:25:19:4e:36:51:fb:69:a7:54:5b:7d:
                    98:04:76:6e:ce:df:1b:69:db:d7:1a:04:d2:0b:d9:
                    2b:85:73:cc:d9:4d:b2:31:eb:b4:e9:05:ab:76:ee:
                    be:b8:88:42:e1:0f:5f:55:cf:d9:47:0f:0d:51:a6:
                    d3:ab:09:11:dc:a8:5a:a9:c5:83:d6:79:e6:9b:91:
                    cc:01:2e:60:a4:1d:7d:89:43:ed:ac:ed:8e:ba:54:
                    7f:19:d4:a2:c0:b9:cb:fb:ea:8f:55:af:16:02:81:
                    78:63:1c:12:d8:e0:bf:ff:84:66:6a:a5:02:f1:25:
                    8c:b6:5c:b0:8d:2b:37:69:59:0d:4c:fb:40:84:99:
                    bb:0a:b5:00:8d:b4:be:8e:85:7b:cd:7f:c6:a7:8e:
                    bd:59:2a:2d:6a:a5:51:06:26:90:09:cc:5c:9f:ab:
                    3d:29:da:b7:44:e9:84:2f:76:61:28:23:78:61:d7:
                    90:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:A6:81:F2:26:09:6C:7E:5F:74:2C:78:E5:30:EE:3C:A8:F4:FC:93
            X509v3 Authority Key Identifier:
                keyid:7C:46:A3:CA:D8:09:65:AF:86:CB:B0:08:3D:FB:40:AB:2F:F1:BA:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fEajytgJZa-Gy7AIPftAqy_xus8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/373bcf-79d6-4863-9bf0-d8c964591afa/1/S6aB8iYJbH5fdCx45TDuPKj0_JM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/373bcf-79d6-4863-9bf0-d8c964591afa/1/fEajytgJZa-Gy7AIPftAqy_xus8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.185.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         cf:bd:df:ac:18:30:6a:ba:ec:98:66:e3:24:bf:e0:47:52:1a:
         59:ad:2a:86:62:c5:36:f9:f2:e0:58:64:a3:f7:84:de:57:f7:
         f1:2c:7e:03:2e:29:74:3e:ea:81:b7:0c:0e:c2:dc:75:32:b0:
         85:72:19:b4:42:f9:af:76:27:56:ad:ab:f7:dc:ed:7e:1a:c4:
         8c:50:1d:23:87:8e:52:03:8e:fe:f8:ac:d5:70:80:cf:00:82:
         e5:bb:3f:73:0a:16:8c:5f:bf:80:a4:e8:7f:97:29:55:f4:62:
         a6:52:8d:6b:fe:1b:2d:f7:e2:49:d3:17:eb:f1:93:d2:3d:8e:
         c7:14:be:a9:e7:0f:58:32:b6:4a:bc:ae:e8:7c:fc:f2:0b:29:
         1e:b3:df:ee:06:52:c9:4c:e3:1b:15:86:d5:2e:6e:13:c9:19:
         15:ef:c1:10:36:b1:bf:3d:cb:0b:9d:d0:92:a3:5f:a7:a1:e0:
         db:d4:6c:2b:c9:63:56:a0:00:4b:8b:40:7f:f4:9b:b1:fb:17:
         14:7e:1f:1b:ae:fa:e5:5a:e1:ca:c9:ce:a7:1a:eb:25:4c:d6:
         6a:11:5f:93:91:cf:6c:5f:66:6b:08:44:7d:86:52:9d:54:34:
         75:5b:08:4a:ce:d6:46:21:8d:dc:34:b1:fc:2a:37:b1:6f:06:
         36:54:92:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuL6La0s2vlgouSqv6TMLHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNDZhM2NhZDgwOTY1YWY4NmNiYjAwODNkZmI0MGFiMmZm
MWJhY2YwHhcNMjMwMTAxMTYzNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmE2ODFmMjI2MDk2YzdlNWY3NDJjNzhlNTMwZWUzY2E4ZjRmYzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUOkIyyuCGkISKVGytZJmIhw82eG
ffWtQ77Y2MZQAj+NSgxXVr2IBXw02HJjCBCdRezjeEnlQFMixqfHKsAtoCr105uZ
BKzApNUM4Yv4JRlONlH7aadUW32YBHZuzt8badvXGgTSC9krhXPM2U2yMeu06QWr
du6+uIhC4Q9fVc/ZRw8NUabTqwkR3KhaqcWD1nnmm5HMAS5gpB19iUPtrO2OulR/
GdSiwLnL++qPVa8WAoF4YxwS2OC//4RmaqUC8SWMtlywjSs3aVkNTPtAhJm7CrUA
jbS+joV7zX/Gp469WSotaqVRBiaQCcxcn6s9Kdq3ROmEL3ZhKCN4YdeQWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEumgfImCWx+X3QseOUw7jyo9PyTMB8GA1UdIwQY
MBaAFHxGo8rYCWWvhsuwCD37QKsv8brPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkVhanl0Z0paYS1HeTdBSVBmdEFxeV94dXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zNzNiY2YtNzlkNi00ODYzLTliZjAt
ZDhjOTY0NTkxYWZhLzEvUzZhQjhpWUpiSDVmZEN4NDVURHVQS2owX0pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zNzNiY2YtNzlkNi00ODYzLTliZjAtZDhjOTY0NTkxYWZh
LzEvZkVhanl0Z0paYS1HeTdBSVBmdEFxeV94dXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDgrmgMA0G
CSqGSIb3DQEBCwUAA4IBAQDPvd+sGDBquuyYZuMkv+BHUhpZrSqGYsU2+fLgWGSj
94TeV/fxLH4DLil0PuqBtwwOwtx1MrCFchm0QvmvdidWrav33O1+GsSMUB0jh45S
A47++KzVcIDPAILluz9zChaMX7+ApOh/lylV9GKmUo1r/hst9+JJ0xfr8ZPSPY7H
FL6p5w9YMrZKvK7ofPzyCykes9/uBlLJTOMbFYbVLm4TyRkV78EQNrG/PcsLndCS
o1+noeDb1GwryWNWoABLi0B/9Jux+xcUfh8brvrlWuHKyc6nGuslTNZqEV+Tkc9s
X2ZrCER9hlKdVDR1WwhKztZGIY3cNLH8KjexbwY2VJJT
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:19 2024 by rpki-client on console-ams.rpki-client.org