Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/aj15t9cVobh7_2lYyBTzkS52ybg.roa
File:                     aj15t9cVobh7_2lYyBTzkS52ybg.roa (raw, json)
Hash identifier:          4VWNhJ8/YWL2jlHpTFCUix2WwEvw7QkQwfdwywcL6mI=
Subject key identifier:   6A:3D:79:B7:D7:15:A1:B8:7B:FF:69:58:C8:14:F3:91:2E:76:C9:B8
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       01857139ABF0239915B8D0AFBA923C894383
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/aj15t9cVobh7_2lYyBTzkS52ybg.roa
Signing time:             Mon 02 Jan 2023 06:44:43 +0000
ROA not before:           Mon 02 Jan 2023 06:44:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200918
IP address blocks:        185.32.182.0/23 maxlen: 23
                          185.30.160.0/23 maxlen: 23
                          185.144.98.0/24 maxlen: 24
                          185.91.116.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:39:ab:f0:23:99:15:b8:d0:af:ba:92:3c:89:43:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 06:44:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6a3d79b7d715a1b87bff6958c814f3912e76c9b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:40:01:17:ea:83:53:44:ee:1f:11:b9:a3:41:
                    05:02:b6:5e:58:94:cc:66:2a:f5:fd:6b:6c:81:40:
                    e7:37:94:2f:0d:c7:98:64:c1:a6:0b:15:99:1f:29:
                    f0:96:9a:fa:d2:5c:c0:8b:df:0e:ca:9f:8e:0a:53:
                    5f:86:38:3d:1f:14:74:cd:32:01:60:7b:35:5d:d2:
                    50:77:24:d5:89:e6:e7:dd:f5:fa:05:8e:80:fe:1f:
                    0c:81:04:5e:37:6f:6a:4f:96:f9:76:3c:f7:93:15:
                    5b:ed:c7:63:58:9d:04:5c:85:25:e1:b9:ff:e8:e3:
                    5a:9b:5c:b3:26:b5:4f:dc:b7:5f:4d:32:8c:23:23:
                    7c:37:f2:25:44:30:ed:3c:a6:a6:eb:da:23:fc:cd:
                    2c:e0:f2:ef:31:ef:61:b4:00:99:ae:0a:57:eb:c2:
                    c5:b2:d9:0f:77:1d:b9:6a:91:b9:63:fb:6c:bb:7f:
                    37:33:b7:64:18:47:3c:57:d9:e6:ad:17:9a:f7:c2:
                    4e:16:28:c9:93:71:32:cf:c1:ba:87:e6:59:a8:37:
                    f8:56:07:19:96:cd:06:f2:df:53:47:9b:a3:c1:f8:
                    13:61:d8:e8:44:44:26:8b:69:3c:39:7b:79:18:20:
                    34:88:31:eb:f6:13:a7:45:c6:38:65:31:8f:53:a9:
                    63:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:3D:79:B7:D7:15:A1:B8:7B:FF:69:58:C8:14:F3:91:2E:76:C9:B8
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/aj15t9cVobh7_2lYyBTzkS52ybg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.160.0/23
                  185.32.182.0/23
                  185.91.116.0/22
                  185.144.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:07:32:6e:40:e8:16:d9:da:bc:c8:4a:1b:d6:9b:42:6b:66:
         ca:ef:1b:1d:cd:bf:e6:7c:1d:df:c9:6f:16:57:ec:9a:8c:62:
         76:09:7a:49:b1:96:82:40:71:79:86:26:76:f6:75:60:36:76:
         20:d7:e1:23:e6:21:61:9e:11:4f:4b:4d:5f:21:b4:77:e3:b0:
         d6:27:9b:7f:3a:af:be:f3:f9:63:81:4f:37:f2:44:1c:9f:9a:
         1b:bd:5a:a3:c2:65:3e:a5:25:57:e7:5b:91:06:d2:93:de:c0:
         de:d7:8f:15:93:ee:fd:b2:df:d7:0c:6e:6a:1c:8c:37:97:23:
         bd:ad:91:6e:50:f2:08:07:f1:65:ef:3a:bc:17:f3:1d:36:6a:
         e0:4f:63:1d:84:36:d1:3e:7a:44:55:3d:a8:2a:75:31:53:de:
         fb:b8:5c:6c:15:1a:c4:82:61:f5:61:6c:a8:da:87:04:58:07:
         d0:49:81:12:d1:03:37:0b:8e:4e:df:d1:3f:c3:17:be:59:95:
         e7:6c:09:46:63:47:88:aa:b1:63:9e:6c:40:67:a8:01:e5:b5:
         43:53:26:47:56:c8:aa:7c:51:e3:20:c6:86:e6:c6:c0:a2:ca:
         c2:8b:23:5e:42:ec:3c:8e:29:e5:08:74:f1:94:2a:41:58:3c:
         f8:a6:16:ce
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVxOavwI5kVuNCvupI8iUODMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjMwMTAyMDY0NDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTNkNzliN2Q3MTVhMWI4N2JmZjY5NThjODE0ZjM5MTJlNzZjOWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkABF+qDU0TuHxG5o0EFArZeWJTM
Zir1/WtsgUDnN5QvDceYZMGmCxWZHynwlpr60lzAi98Oyp+OClNfhjg9HxR0zTIB
YHs1XdJQdyTViebn3fX6BY6A/h8MgQReN29qT5b5djz3kxVb7cdjWJ0EXIUl4bn/
6ONam1yzJrVP3LdfTTKMIyN8N/IlRDDtPKam69oj/M0s4PLvMe9htACZrgpX68LF
stkPdx25apG5Y/tsu383M7dkGEc8V9nmrRea98JOFijJk3Eyz8G6h+ZZqDf4VgcZ
ls0G8t9TR5ujwfgTYdjoREQmi2k8OXt5GCA0iDHr9hOnRcY4ZTGPU6lj6wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGo9ebfXFaG4e/9pWMgU85Eudsm4MB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvYWoxNXQ5Y1ZvYmg3XzJsWXlCVHprUzUyeWJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBuR6gAwQB
uSC2AwQCuVt0AwQAuZBiMA0GCSqGSIb3DQEBCwUAA4IBAQCBBzJuQOgW2dq8yEob
1ptCa2bK7xsdzb/mfB3fyW8WV+yajGJ2CXpJsZaCQHF5hiZ29nVgNnYg1+Ej5iFh
nhFPS01fIbR347DWJ5t/Oq++8/ljgU838kQcn5obvVqjwmU+pSVX51uRBtKT3sDe
148Vk+79st/XDG5qHIw3lyO9rZFuUPIIB/Fl7zq8F/MdNmrgT2MdhDbRPnpEVT2o
KnUxU977uFxsFRrEgmH1YWyo2ocEWAfQSYES0QM3C45O39E/wxe+WZXnbAlGY0eI
qrFjnmxAZ6gB5bVDUyZHVsiqfFHjIMaG5sbAosrCiyNeQuw8jinlCHTxlCpBWDz4
phbO
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:34 2024 by rpki-client on console-fra.rpki-client.org