Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/_dEv_uk2HHhaZhHrb4P2_rJ4Uas.roa
File:                     _dEv_uk2HHhaZhHrb4P2_rJ4Uas.roa (raw, json)
Hash identifier:          EFrATROMk8ez14gcqMEHYG3TeTrHQeA5SRhtpREsg8c=
Subject key identifier:   FD:D1:2F:FE:E9:36:1C:78:5A:66:11:EB:6F:83:F6:FE:B2:78:51:AB
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018A238F79F073626719B5E524E028846240
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/_dEv_uk2HHhaZhHrb4P2_rJ4Uas.roa
Signing time:             Wed 23 Aug 2023 18:01:59 +0000
ROA not before:           Wed 23 Aug 2023 18:01:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     398465
IP address blocks:        194.180.238.0/24 maxlen: 24
                          185.15.136.0/23 maxlen: 24
                          195.149.127.0/24 maxlen: 24
                          89.32.126.0/24 maxlen: 24
                          45.149.160.0/22 maxlen: 24
                          185.243.140.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:23:8f:79:f0:73:62:67:19:b5:e5:24:e0:28:84:62:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Aug 23 18:01:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fdd12ffee9361c785a6611eb6f83f6feb27851ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a1:42:6b:3a:ef:04:26:74:48:cf:70:0a:be:
                    f3:a6:c3:df:d2:73:71:ef:8a:b0:6e:df:9d:1f:75:
                    cd:9b:75:d9:b1:09:49:12:83:22:72:8e:44:23:64:
                    11:f4:0d:1d:04:8b:e4:b4:cd:51:4b:ab:a7:9a:28:
                    e5:97:ae:ad:e8:ff:a8:2b:87:9b:66:72:22:44:a7:
                    7b:9c:c3:86:58:c1:19:f3:c6:aa:e3:b6:1c:9a:ef:
                    b4:50:a5:7e:45:35:d7:d8:56:fa:09:12:c5:9f:1d:
                    9a:f2:c9:22:a1:44:39:ed:2f:1e:07:94:65:9b:60:
                    a4:e3:ef:0b:79:7c:66:12:6e:64:69:eb:d6:af:b6:
                    35:1c:4d:af:25:4b:4e:05:9f:6d:5f:da:13:cd:41:
                    02:28:fe:7a:24:a4:35:c8:0e:ef:c2:c5:79:6c:a1:
                    ca:8d:bd:29:f8:50:44:7a:80:e9:57:13:b0:97:f9:
                    28:60:16:85:42:db:43:77:5f:39:dc:31:63:d9:c3:
                    73:a5:43:dd:3a:74:47:78:e9:5f:fe:99:d5:32:b4:
                    c8:70:bb:18:c4:7b:49:be:69:ad:65:6d:14:fb:da:
                    db:a7:b7:52:31:8e:c9:b7:b9:f2:d0:0d:f4:44:2b:
                    1e:b0:cb:9d:13:74:e0:b6:8e:26:88:82:34:62:12:
                    d1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:D1:2F:FE:E9:36:1C:78:5A:66:11:EB:6F:83:F6:FE:B2:78:51:AB
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/_dEv_uk2HHhaZhHrb4P2_rJ4Uas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.160.0/22
                  89.32.126.0/24
                  185.15.136.0/23
                  185.243.140.0/22
                  194.180.238.0/24
                  195.149.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:6b:7c:60:7b:c2:21:c7:d5:6a:1c:1d:78:74:6a:d0:04:2f:
         fd:f0:b7:10:c9:9b:aa:17:81:cf:e3:9e:5f:47:fb:02:45:ab:
         c5:50:54:a9:49:26:10:22:4f:53:60:09:e4:5f:46:0d:9e:20:
         75:9f:04:11:80:db:52:ff:0f:b7:47:52:1c:3b:91:cf:7b:61:
         c6:2c:9b:af:5f:fa:49:2c:0b:0a:ff:01:8a:ef:99:c4:dc:50:
         31:a5:c5:ea:18:2a:d6:d2:35:a1:e0:90:37:63:6f:3f:19:bf:
         d0:78:ac:46:2e:52:c5:37:f5:03:a2:a8:5c:f0:33:af:19:1a:
         24:91:ca:db:c5:0e:ab:d6:52:52:cf:71:4b:c7:1b:6b:da:e2:
         2b:0e:31:d3:22:b5:5c:06:3b:f9:fd:07:2e:ae:fa:f2:8f:7d:
         bf:75:be:9c:24:92:5a:bd:0e:6d:a8:0b:d7:f5:57:00:56:73:
         00:9d:a6:93:4a:12:62:84:ba:29:08:69:ba:26:2a:40:42:a8:
         21:c9:43:09:87:18:cc:6d:52:4a:a9:16:fc:f3:f2:df:95:ad:
         c7:86:e7:3c:92:c7:ba:bc:af:d6:e7:5a:fd:c5:e7:9b:30:39:
         80:dc:1e:44:c2:ea:9e:33:1b:2e:af:1e:5f:a2:97:27:4e:d0:
         d2:de:c2:3e
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYojj3nwc2JnGbXlJOAohGJAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwODIzMTgwMTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGQxMmZmZWU5MzYxYzc4NWE2NjExZWI2ZjgzZjZmZWIyNzg1MWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0aFCazrvBCZ0SM9wCr7zpsPf0nNx
74qwbt+dH3XNm3XZsQlJEoMico5EI2QR9A0dBIvktM1RS6unmijll66t6P+oK4eb
ZnIiRKd7nMOGWMEZ88aq47Ycmu+0UKV+RTXX2Fb6CRLFnx2a8skioUQ57S8eB5Rl
m2Ck4+8LeXxmEm5kaevWr7Y1HE2vJUtOBZ9tX9oTzUECKP56JKQ1yA7vwsV5bKHK
jb0p+FBEeoDpVxOwl/koYBaFQttDd1853DFj2cNzpUPdOnRHeOlf/pnVMrTIcLsY
xHtJvmmtZW0U+9rbp7dSMY7Jt7ny0A30RCsesMudE3Tgto4miII0YhLRjQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFP3RL/7pNhx4WmYR62+D9v6yeFGrMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvX2RFdl91azJISGhhWmhIcmI0UDJfcko0VWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCLZWgAwQA
WSB+AwQBuQ+IAwQCufOMAwQAwrTuAwQAw5V/MA0GCSqGSIb3DQEBCwUAA4IBAQAF
a3xge8Ihx9VqHB14dGrQBC/98LcQyZuqF4HP455fR/sCRavFUFSpSSYQIk9TYAnk
X0YNniB1nwQRgNtS/w+3R1IcO5HPe2HGLJuvX/pJLAsK/wGK75nE3FAxpcXqGCrW
0jWh4JA3Y28/Gb/QeKxGLlLFN/UDoqhc8DOvGRokkcrbxQ6r1lJSz3FLxxtr2uIr
DjHTIrVcBjv5/Qcurvryj32/db6cJJJavQ5tqAvX9VcAVnMAnaaTShJihLopCGm6
JipAQqghyUMJhxjMbVJKqRb88/Lfla3Hhuc8kse6vK/W51r9xeebMDmA3B5Ewuqe
Mxsurx5fopcnTtDS3sI+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org