Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/_9FOdyTmCXN2_p_MRJQFX3QesOE.roa
File:                     _9FOdyTmCXN2_p_MRJQFX3QesOE.roa (raw, json)
Hash identifier:          A5eVEGLyyXga6Lxjs8i8kASYPHO7GnOd5VFwQnx6jYw=
Subject key identifier:   FF:D1:4E:77:24:E6:09:73:76:FE:9F:CC:44:94:05:5F:74:1E:B0:E1
Certificate issuer:       /CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Certificate serial:       414BCFF3
Authority key identifier: 2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/_9FOdyTmCXN2_p_MRJQFX3QesOE.roa
Signing time:             Sat 01 Jan 2022 05:58:36 +0000
ROA not before:           Sat 01 Jan 2022 05:58:36 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     203953
IP address blocks:        89.150.128.0/18 maxlen: 18

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1095487475 (0x414bcff3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
        Validity
            Not Before: Jan  1 05:58:36 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=ffd14e7724e6097376fe9fcc4494055f741eb0e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:46:bd:22:31:5e:d8:a6:bf:ec:53:3d:b3:97:
                    19:92:d2:78:09:f8:4b:6d:a2:a5:85:ec:b7:55:e1:
                    4e:f9:0d:e2:2e:81:76:d8:91:e7:b7:76:fa:11:08:
                    e5:af:ce:6c:cf:b9:a5:13:ef:d6:95:e8:75:23:cb:
                    e4:14:9c:22:5b:ba:8c:76:ce:bf:bc:ba:31:22:c2:
                    65:ee:91:3f:98:69:2d:80:ea:e8:75:95:c0:43:21:
                    ae:43:9b:cb:ce:7b:52:cb:b3:c6:0b:b4:94:34:fd:
                    67:ef:9b:25:7c:de:53:84:e7:b9:5e:56:b4:af:3a:
                    3d:93:2d:d4:3f:7b:24:c2:3e:c5:60:5b:35:37:07:
                    f4:5f:8a:7f:ba:e0:ed:fc:86:70:d7:60:f0:f1:5e:
                    8e:4f:6f:35:04:84:62:95:a8:2c:ce:e1:15:0e:20:
                    c5:a7:b0:db:19:b4:23:eb:7d:15:52:5e:6e:d1:f5:
                    a4:e6:0d:9b:34:e8:15:65:82:1b:9c:25:e7:82:eb:
                    c9:6f:ce:2a:ea:ff:4e:08:93:77:57:ee:a9:fa:03:
                    77:4b:f8:5f:ae:57:19:16:89:05:17:d4:b7:07:8b:
                    26:e8:a9:9f:5b:01:57:5d:9d:cb:05:3b:3e:ea:be:
                    96:c2:47:ef:e5:7a:11:a2:47:c0:ce:3b:d2:68:90:
                    e1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:D1:4E:77:24:E6:09:73:76:FE:9F:CC:44:94:05:5F:74:1E:B0:E1
            X509v3 Authority Key Identifier:
                keyid:2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/_9FOdyTmCXN2_p_MRJQFX3QesOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.150.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         72:54:31:ad:cd:af:2b:1b:dd:fe:bd:71:03:cb:83:fd:b9:bd:
         e7:9f:15:65:a5:d1:c2:a7:b5:93:2a:b3:99:07:75:8a:c0:89:
         ba:06:b9:4c:25:e2:8a:cd:66:db:e9:5b:87:61:a7:00:ba:74:
         95:f1:3b:59:f5:38:9d:e0:2e:f8:8f:b8:52:e8:86:b5:00:56:
         74:6a:05:0d:3f:7d:72:f9:3a:9e:f9:6f:bc:7d:a8:f4:cc:c0:
         f6:5f:a9:08:6d:71:e6:c7:fb:0c:be:a6:39:48:20:28:e7:e6:
         73:05:eb:da:f3:3a:4d:5e:d3:dd:7d:6f:4f:1f:6b:61:66:12:
         5b:72:94:13:db:d3:fe:ec:69:e7:fb:35:fd:40:e6:ba:f5:27:
         32:02:34:b9:62:43:b5:dc:c9:2a:2e:fe:1b:e3:0c:86:99:ce:
         c0:3c:69:fa:df:40:6a:58:a0:4e:d5:42:08:92:70:d0:e1:7c:
         70:6c:41:b6:69:ca:51:09:fb:78:ea:7f:54:c8:bc:ef:d8:a9:
         c9:a5:d2:05:74:8e:70:78:f6:69:92:d0:a5:b8:9c:74:be:a2:
         e0:5b:76:bf:19:e2:e1:3d:ba:98:fa:cb:37:f5:78:38:17:51:
         44:17:2d:a6:40:f2:7f:d9:e8:48:b7:d4:64:58:80:0e:49:1d:
         12:ef:27:26
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEQUvP8zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ZThiMjRjNzZhZDg3YTZjMWZlZGZmYWYwOGQ5YjE3YjQ1MjQ5OTkxMB4XDTIyMDEw
MTA1NTgzNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmZkMTRlNzcyNGU2
MDk3Mzc2ZmU5ZmNjNDQ5NDA1NWY3NDFlYjBlMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL5GvSIxXtimv+xTPbOXGZLSeAn4S22ipYXst1XhTvkN4i6B
dtiR57d2+hEI5a/ObM+5pRPv1pXodSPL5BScIlu6jHbOv7y6MSLCZe6RP5hpLYDq
6HWVwEMhrkOby857Usuzxgu0lDT9Z++bJXzeU4TnuV5WtK86PZMt1D97JMI+xWBb
NTcH9F+Kf7rg7fyGcNdg8PFejk9vNQSEYpWoLM7hFQ4gxaew2xm0I+t9FVJebtH1
pOYNmzToFWWCG5wl54LryW/OKur/TgiTd1fuqfoDd0v4X65XGRaJBRfUtweLJuip
n1sBV12dywU7Puq+lsJH7+V6EaJHwM470miQ4dUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBT/0U53JOYJc3b+n8xElAVfdB6w4TAfBgNVHSMEGDAWgBQuiyTHath6bB/t
/68I2bF7RSSZkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0xvc2t4MnJZZW13ZjdmLXZDTm14ZTBVa21aRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmUvMDRkMzQ4LTc1YjktNDhkMi1iZTEwLTkxMTkwYTAyZGI3MC8x
L185Rk9keVRtQ1hOMl9wX01SSlFGWDNRZXNPRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmUv
MDRkMzQ4LTc1YjktNDhkMi1iZTEwLTkxMTkwYTAyZGI3MC8xL0xvc2t4MnJZZW13
ZjdmLXZDTm14ZTBVa21aRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBlmWgDANBgkqhkiG9w0BAQsFAAOC
AQEAclQxrc2vKxvd/r1xA8uD/bm9558VZaXRwqe1kyqzmQd1isCJuga5TCXiis1m
2+lbh2GnALp0lfE7WfU4neAu+I+4UuiGtQBWdGoFDT99cvk6nvlvvH2o9MzA9l+p
CG1x5sf7DL6mOUggKOfmcwXr2vM6TV7T3X1vTx9rYWYSW3KUE9vT/uxp5/s1/UDm
uvUnMgI0uWJDtdzJKi7+G+MMhpnOwDxp+t9AaligTtVCCJJw0OF8cGxBtmnKUQn7
eOp/VMi879ipyaXSBXSOcHj2aZLQpbicdL6i4Ft2vxni4T26mPrLN/V4OBdRRBct
pkDyf9noSLfUZFiADkkdEu8nJg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:00 2024 by rpki-client on console-fra.rpki-client.org