Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/DAQ3ZUTvbNsSo48ehWoOuyWWrnQ.roa
File:                     DAQ3ZUTvbNsSo48ehWoOuyWWrnQ.roa (raw, json)
Hash identifier:          ha/243gQdxULO8a3HIUHLu/vWu80splaYGM6C75iojA=
Subject key identifier:   0C:04:37:65:44:EF:6C:DB:12:A3:8F:1E:85:6A:0E:BB:25:96:AE:74
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018562F689349D440B217BA40D74CDDA5585
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/DAQ3ZUTvbNsSo48ehWoOuyWWrnQ.roa
Signing time:             Fri 30 Dec 2022 12:16:42 +0000
ROA not before:           Fri 30 Dec 2022 12:16:42 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     42694
IP address blocks:        193.163.74.0/24 maxlen: 24
                          185.15.136.0/24 maxlen: 24
                          193.163.101.0/24 maxlen: 24
                          2a13:5800::/29 maxlen: 29

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:62:f6:89:34:9d:44:0b:21:7b:a4:0d:74:cd:da:55:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Dec 30 12:16:42 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=0c04376544ef6cdb12a38f1e856a0ebb2596ae74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:40:f1:10:57:a2:0a:7d:e8:e1:b7:90:22:56:
                    32:ba:ff:fd:6f:a4:bb:d7:84:03:91:77:21:50:8c:
                    03:ac:75:9e:a6:5e:c3:11:be:15:11:e8:f3:db:78:
                    70:be:19:c3:a2:ac:fe:ca:a5:88:67:9a:cb:cf:4f:
                    87:f7:c4:13:44:b3:02:96:d6:03:73:f1:01:b6:32:
                    94:04:43:c7:5a:04:66:63:90:b8:71:00:0e:3c:4f:
                    11:99:e6:83:7f:c3:ca:d8:b4:19:ed:af:14:5e:a0:
                    b3:57:12:30:d9:30:ee:9f:39:17:b6:2f:e4:aa:0d:
                    ac:82:61:c9:f7:4f:24:bc:f2:7a:14:97:88:14:62:
                    00:93:fc:03:96:73:83:8a:b4:ba:68:db:b1:84:66:
                    fa:4c:0c:ca:22:60:a9:ed:8e:84:8d:4e:28:85:b8:
                    2e:2e:7e:6f:4b:6e:26:b3:e7:de:a1:e3:80:f7:82:
                    13:5b:cc:cb:91:c4:e0:b7:1b:84:47:be:6e:a0:0a:
                    d3:ff:1c:43:09:cb:77:42:3d:a1:95:e0:10:3b:8a:
                    58:30:54:50:72:20:e2:4b:e2:45:96:d4:57:be:82:
                    81:33:e8:75:6e:74:af:eb:02:70:5c:9d:df:4f:b6:
                    18:bd:99:dd:de:1e:76:17:c7:35:a0:10:fe:08:b0:
                    1a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:04:37:65:44:EF:6C:DB:12:A3:8F:1E:85:6A:0E:BB:25:96:AE:74
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/DAQ3ZUTvbNsSo48ehWoOuyWWrnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.136.0/24
                  193.163.74.0/24
                  193.163.101.0/24
                IPv6:
                  2a13:5800::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:b2:49:c3:79:3d:45:6f:bd:a3:52:ad:1a:fd:65:34:b4:c6:
         64:df:42:4e:1b:15:29:a9:f2:4c:2d:78:01:42:60:c2:7c:a2:
         ec:0a:7a:12:07:5f:5f:6f:f7:a1:4b:84:2c:0d:b1:84:1e:ce:
         fc:ae:83:23:16:ff:18:e1:a3:34:00:4e:ee:36:dc:f8:4c:de:
         00:b0:27:b4:58:f6:92:b9:12:58:20:19:42:e1:6f:37:d3:21:
         62:ca:86:59:cb:33:9b:59:2a:32:36:d2:63:80:3b:0e:29:e5:
         7b:6d:55:cc:10:6d:b7:19:98:f8:8c:de:a7:1c:49:f5:b3:0b:
         ff:94:f2:5c:20:99:1c:07:5a:70:28:2b:ec:65:09:f7:86:a4:
         36:d8:0b:61:39:95:bf:6b:ce:58:a2:07:00:37:60:00:6e:8f:
         e8:08:7d:91:2a:b3:6a:80:ef:21:05:53:4f:07:42:6a:fd:88:
         c2:eb:16:74:6b:c5:b0:1e:fb:4a:96:df:d4:81:76:5f:92:b1:
         07:13:d9:9e:bd:8a:ed:55:8c:ef:18:da:15:43:47:94:b6:66:
         2a:c8:46:6e:da:01:ea:38:f4:19:ad:fc:b6:99:3f:30:18:80:
         e5:b1:b9:d0:65:15:90:60:55:24:ef:28:ab:35:52:6c:29:09:
         c6:17:48:52
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVi9ok0nUQLIXukDXTN2lWFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjIxMjMwMTIxNjQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzA0Mzc2NTQ0ZWY2Y2RiMTJhMzhmMWU4NTZhMGViYjI1OTZhZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkDxEFeiCn3o4beQIlYyuv/9b6S7
14QDkXchUIwDrHWepl7DEb4VEejz23hwvhnDoqz+yqWIZ5rLz0+H98QTRLMCltYD
c/EBtjKUBEPHWgRmY5C4cQAOPE8RmeaDf8PK2LQZ7a8UXqCzVxIw2TDunzkXti/k
qg2sgmHJ908kvPJ6FJeIFGIAk/wDlnODirS6aNuxhGb6TAzKImCp7Y6EjU4ohbgu
Ln5vS24ms+feoeOA94ITW8zLkcTgtxuER75uoArT/xxDCct3Qj2hleAQO4pYMFRQ
ciDiS+JFltRXvoKBM+h1bnSv6wJwXJ3fT7YYvZnd3h52F8c1oBD+CLAa7wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFAwEN2VE72zbEqOPHoVqDrsllq50MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvREFRM1pVVHZiTnNTbzQ4ZWhXb091eVdXcm5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAuQ+IAwQA
waNKAwQAwaNlMA0EAgACMAcDBQMqE1gAMA0GCSqGSIb3DQEBCwUAA4IBAQAksknD
eT1Fb72jUq0a/WU0tMZk30JOGxUpqfJMLXgBQmDCfKLsCnoSB19fb/ehS4QsDbGE
Hs78roMjFv8Y4aM0AE7uNtz4TN4AsCe0WPaSuRJYIBlC4W830yFiyoZZyzObWSoy
NtJjgDsOKeV7bVXMEG23GZj4jN6nHEn1swv/lPJcIJkcB1pwKCvsZQn3hqQ22Ath
OZW/a85YogcAN2AAbo/oCH2RKrNqgO8hBVNPB0Jq/YjC6xZ0a8WwHvtKlt/UgXZf
krEHE9mevYrtVYzvGNoVQ0eUtmYqyEZu2gHqOPQZrfy2mT8wGIDlsbnQZRWQYFUk
7yirNVJsKQnGF0hS
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org