Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/mLkVZzOpdsi3FOjVIEJoqNKIKvY.roa
File:                     mLkVZzOpdsi3FOjVIEJoqNKIKvY.roa (raw, json)
Hash identifier:          3R3PJ6OMUpulrSc6amT49ydFU49Cv4BlcLLqugK208w=
Subject key identifier:   98:B9:15:67:33:A9:76:C8:B7:14:E8:D5:20:42:68:A8:D2:88:2A:F6
Certificate issuer:       /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial:       018CC4255598C1936AFFB3CE0FB7BBEF58B1
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/mLkVZzOpdsi3FOjVIEJoqNKIKvY.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203377
IP address blocks:        194.147.216.0/24 maxlen: 24
                          2a0a:37c0::/48 maxlen: 48
                          2a0a:37c0:1::/48 maxlen: 48
                          2a0a:37c0:2::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:55:98:c1:93:6a:ff:b3:ce:0f:b7:bb:ef:58:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98b9156733a976c8b714e8d5204268a8d2882af6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:bb:ef:fa:3f:cc:8a:31:18:73:cd:59:0a:e6:
                    6d:bf:29:68:50:6d:61:61:f6:b1:c1:5c:c1:cd:9f:
                    15:78:d8:24:19:e2:6c:d2:a4:d7:63:47:af:50:a7:
                    34:f8:3a:62:49:11:6d:eb:b9:91:d6:65:a5:1e:c3:
                    67:ea:30:dd:d3:ee:6d:6f:5b:a7:ae:26:47:bb:64:
                    79:4b:7a:78:dd:61:6c:e8:30:ca:bc:0b:41:57:b2:
                    fc:52:3b:9e:37:53:02:ad:f5:47:f7:c7:55:04:c0:
                    4a:e1:f2:c3:53:27:9e:d4:85:40:9c:e6:39:8f:43:
                    9b:40:03:d5:f2:eb:c2:01:a5:65:00:72:f0:22:20:
                    30:58:a4:f6:f9:ed:d0:4b:51:96:fe:5c:91:6a:4e:
                    f0:74:3b:00:84:d9:a0:0d:50:2f:5c:3a:a9:36:a5:
                    20:9f:fb:a5:7d:1b:2e:a9:83:49:46:10:d4:58:35:
                    7d:2a:f3:41:5f:90:8b:58:45:9b:22:4e:34:3c:25:
                    06:63:78:30:4b:c7:67:f8:f5:5d:44:bc:96:bf:03:
                    f0:78:48:b8:aa:52:44:9a:ca:c8:67:c0:89:4b:21:
                    13:f9:12:92:8f:88:48:0b:0c:2e:bc:10:50:42:49:
                    f2:aa:42:ca:08:33:15:72:5b:68:9a:5d:01:64:2b:
                    62:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:B9:15:67:33:A9:76:C8:B7:14:E8:D5:20:42:68:A8:D2:88:2A:F6
            X509v3 Authority Key Identifier:
                keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/mLkVZzOpdsi3FOjVIEJoqNKIKvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.216.0/24
                IPv6:
                  2a0a:37c0::-2a0a:37c0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         59:d2:e0:ad:44:26:49:e0:34:ec:3a:c2:59:7a:03:10:e1:ac:
         ee:11:6a:e2:09:96:fb:f0:a4:0d:bf:ca:41:87:9b:43:8d:dd:
         2c:08:c9:c1:8c:04:fa:19:7a:e4:75:0b:a8:f0:3f:ce:5f:94:
         30:97:17:a2:b4:5b:59:7c:71:0c:47:e0:16:fe:30:39:d4:e7:
         ae:e3:97:0b:45:7d:72:cd:43:fd:2d:6f:52:f1:18:03:d2:0d:
         87:09:70:fe:89:e5:83:ed:eb:24:25:d5:a3:a4:d8:5c:31:85:
         0c:58:51:c5:cd:38:23:f0:56:0d:18:3a:2b:60:30:9b:f5:ad:
         36:dd:dc:e1:a8:be:97:9b:c7:40:de:69:e6:cb:75:84:5c:ed:
         2a:e9:fb:f8:a8:79:e1:57:99:99:5b:24:52:67:e9:6b:e4:6c:
         74:16:38:44:12:cd:75:53:d5:bd:37:91:46:35:9f:fb:57:99:
         5f:4b:7b:33:f0:90:cd:b3:ac:64:a6:16:61:d4:9c:4f:2b:68:
         84:0e:56:f6:5c:96:95:96:4b:7e:3b:65:0e:d9:c9:3e:9f:34:
         5b:47:f7:0a:bd:24:21:33:28:7d:86:da:db:eb:cc:00:46:4d:
         64:d2:fa:6d:ae:05:5c:fa:49:6c:06:12:b8:ca:e3:21:3a:07:
         6f:c1:75:b4
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzEJVWYwZNq/7POD7e771ixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGI5MTU2NzMzYTk3NmM4YjcxNGU4ZDUyMDQyNjhhOGQyODgyYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrvv+j/MijEYc81ZCuZtvyloUG1h
YfaxwVzBzZ8VeNgkGeJs0qTXY0evUKc0+DpiSRFt67mR1mWlHsNn6jDd0+5tb1un
riZHu2R5S3p43WFs6DDKvAtBV7L8UjueN1MCrfVH98dVBMBK4fLDUyee1IVAnOY5
j0ObQAPV8uvCAaVlAHLwIiAwWKT2+e3QS1GW/lyRak7wdDsAhNmgDVAvXDqpNqUg
n/ulfRsuqYNJRhDUWDV9KvNBX5CLWEWbIk40PCUGY3gwS8dn+PVdRLyWvwPweEi4
qlJEmsrIZ8CJSyET+RKSj4hICwwuvBBQQknyqkLKCDMVcltoml0BZCtiTQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFJi5FWczqXbItxTo1SBCaKjSiCr2MB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvbUxrVlp6T3Bkc2kzRk9qVklFSm9xTktJS3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAwpPYMBgE
AgACMBIwEAMFBioKN8ADBwAqCjfAAAIwDQYJKoZIhvcNAQELBQADggEBAFnS4K1E
JkngNOw6wll6AxDhrO4RauIJlvvwpA2/ykGHm0ON3SwIycGMBPoZeuR1C6jwP85f
lDCXF6K0W1l8cQxH4Bb+MDnU567jlwtFfXLNQ/0tb1LxGAPSDYcJcP6J5YPt6yQl
1aOk2FwxhQxYUcXNOCPwVg0YOitgMJv1rTbd3OGovpebx0DeaebLdYRc7Srp+/io
eeFXmZlbJFJn6WvkbHQWOEQSzXVT1b03kUY1n/tXmV9LezPwkM2zrGSmFmHUnE8r
aIQOVvZclpWWS347ZQ7ZyT6fNFtH9wq9JCEzKH2G2tvrzABGTWTS+m2uBVz6SWwG
ErjK4yE6B2/BdbQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:19 2024 by rpki-client on console-fra.rpki-client.org