Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/mYiBAEZ2bgEgNiKEKDePWEh_Z7s.roa
File:                     mYiBAEZ2bgEgNiKEKDePWEh_Z7s.roa (raw, json)
Hash identifier:          UFXkn+hQ4Rzwc459WyoMqZMypC331nBCDQdOzcsyHsE=
Subject key identifier:   99:88:81:00:46:76:6E:01:20:36:22:84:28:37:8F:58:48:7F:67:BB
Certificate issuer:       /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial:       018A36F9417BFBC3DCE93530865751D9724C
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/mYiBAEZ2bgEgNiKEKDePWEh_Z7s.roa
Signing time:             Sun 27 Aug 2023 12:30:19 +0000
ROA not before:           Sun 27 Aug 2023 12:30:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203377
IP address blocks:        194.147.216.0/24 maxlen: 24
                          2a0a:37c0::/48 maxlen: 48
                          2a0a:37c0:1::/48 maxlen: 48
                          2a0a:37c0:2::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:36:f9:41:7b:fb:c3:dc:e9:35:30:86:57:51:d9:72:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
        Validity
            Not Before: Aug 27 12:30:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9988810046766e012036228428378f58487f67bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ba:42:55:ee:dd:c2:f6:7c:f8:87:74:3c:9c:
                    90:34:a5:61:18:0c:4f:5e:db:00:08:2f:8b:59:07:
                    10:2c:70:1a:9e:4e:13:86:e0:cb:43:b8:b0:18:a3:
                    db:e0:07:d6:65:87:37:5a:7d:05:8a:c7:b3:5b:1d:
                    3d:2c:26:12:e0:c0:7e:46:47:94:df:7c:4b:27:61:
                    99:31:50:c2:c8:81:29:f1:67:bb:5b:a8:90:14:af:
                    5f:2a:c9:c2:4a:39:6f:f0:3d:cc:bc:d4:14:bb:53:
                    7c:7b:04:fd:c8:36:a4:f3:0a:2a:ee:6e:f4:56:aa:
                    6d:69:c9:b2:13:67:f3:43:ea:d0:6d:0d:2e:48:cb:
                    fc:89:ca:da:80:bb:ee:8f:87:2e:ff:1d:e5:8e:4f:
                    29:93:8d:31:41:be:0e:86:03:3e:1b:64:50:8f:23:
                    60:ec:bc:35:0a:ab:ad:62:60:74:44:25:84:98:d2:
                    f2:10:e8:ed:86:69:e0:bb:7b:a9:73:9d:ed:ca:10:
                    9e:c2:4d:a1:db:c0:dd:b7:c9:d0:28:d7:ea:04:cb:
                    af:4c:c2:11:f5:1f:01:1f:6f:65:5b:bf:c7:5e:46:
                    e5:d7:f4:43:aa:03:4d:52:95:53:f6:f5:67:a1:99:
                    44:0b:aa:87:e3:89:26:f2:83:ba:8f:f3:f6:7c:30:
                    38:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:88:81:00:46:76:6E:01:20:36:22:84:28:37:8F:58:48:7F:67:BB
            X509v3 Authority Key Identifier:
                keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/mYiBAEZ2bgEgNiKEKDePWEh_Z7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.216.0/24
                IPv6:
                  2a0a:37c0::-2a0a:37c0:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         a9:1a:66:22:c9:84:99:89:88:5b:f2:ee:fe:cb:45:b3:15:5c:
         bd:58:c8:98:1c:4d:28:f8:72:40:aa:a1:bd:47:71:19:f3:d5:
         7a:de:96:52:02:7f:9f:9a:02:1d:d9:c0:d1:65:64:a2:bd:19:
         bb:c1:2a:dc:cd:fe:4b:6f:5c:31:ea:8f:48:40:7b:cb:4e:13:
         ce:26:32:f4:63:8b:70:60:73:ba:8c:53:d5:b2:42:67:fc:1b:
         74:e2:3c:c4:6e:1f:a9:ee:5c:3e:94:d3:c1:4c:95:6c:e6:dd:
         e8:18:c4:f3:33:ad:6a:31:e7:6e:8b:2c:99:fa:cf:f6:5e:f0:
         bf:bf:b3:1f:97:22:39:e9:74:9e:f0:69:d6:33:cf:ad:77:71:
         8d:65:e2:ac:39:ed:1b:8d:86:9d:69:ed:d6:dd:43:05:c3:b5:
         f8:dc:a1:44:64:73:ff:d5:1f:28:fa:a3:51:d1:74:d8:d3:5e:
         3e:36:fd:30:88:6c:3e:32:29:ae:a5:c7:f5:1a:3a:fa:72:c3:
         46:e7:63:c8:b7:f4:48:14:5b:03:ff:a7:04:48:ab:3a:52:c0:
         b9:dd:43:a6:fa:20:89:e7:8d:82:b5:2e:90:25:96:71:8d:ef:
         24:c4:77:fc:db:67:df:2a:9d:39:a8:ca:e7:c6:17:f8:10:8b:
         27:51:e8:2b
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYo2+UF7+8Pc6TUwhldR2XJMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjMwODI3MTIzMDE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTg4ODEwMDQ2NzY2ZTAxMjAzNjIyODQyODM3OGY1ODQ4N2Y2N2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7pCVe7dwvZ8+Id0PJyQNKVhGAxP
XtsACC+LWQcQLHAank4ThuDLQ7iwGKPb4AfWZYc3Wn0FisezWx09LCYS4MB+RkeU
33xLJ2GZMVDCyIEp8We7W6iQFK9fKsnCSjlv8D3MvNQUu1N8ewT9yDak8woq7m70
VqptacmyE2fzQ+rQbQ0uSMv8icragLvuj4cu/x3ljk8pk40xQb4OhgM+G2RQjyNg
7Lw1CqutYmB0RCWEmNLyEOjthmngu3upc53tyhCewk2h28Ddt8nQKNfqBMuvTMIR
9R8BH29lW7/HXkbl1/RDqgNNUpVT9vVnoZlEC6qH44km8oO6j/P2fDA4IQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFJmIgQBGdm4BIDYihCg3j1hIf2e7MB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvbVlpQkFFWjJiZ0VnTmlLRUtEZVBXRWhfWjdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAwpPYMBgE
AgACMBIwEAMFBioKN8ADBwAqCjfAAAIwDQYJKoZIhvcNAQELBQADggEBAKkaZiLJ
hJmJiFvy7v7LRbMVXL1YyJgcTSj4ckCqob1HcRnz1XrellICf5+aAh3ZwNFlZKK9
GbvBKtzN/ktvXDHqj0hAe8tOE84mMvRji3Bgc7qMU9WyQmf8G3TiPMRuH6nuXD6U
08FMlWzm3egYxPMzrWox526LLJn6z/Ze8L+/sx+XIjnpdJ7wadYzz613cY1l4qw5
7RuNhp1p7dbdQwXDtfjcoURkc//VHyj6o1HRdNjTXj42/TCIbD4yKa6lx/UaOvpy
w0bnY8i39EgUWwP/pwRIqzpSwLndQ6b6IInnjYK1LpAllnGN7yTEd/zbZ98qnTmo
yufGF/gQiydR6Cs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:02 2024 by rpki-client on console-ams.rpki-client.org