Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/FkuOmqt321eicqa3-NATwDo_V1U.roa
File:                     FkuOmqt321eicqa3-NATwDo_V1U.roa (raw, json)
Hash identifier:          0Jey/eVY4HeCDcLOWX0IoKVuZ03kVQWAlQS9ebclCFE=
Subject key identifier:   16:4B:8E:9A:AB:77:DB:57:A2:72:A6:B7:F8:D0:13:C0:3A:3F:57:55
Certificate issuer:       /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial:       018C1BFFDAF7737D01F09628271CBA9D4505
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/FkuOmqt321eicqa3-NATwDo_V1U.roa
Signing time:             Wed 29 Nov 2023 16:53:21 +0000
ROA not before:           Wed 29 Nov 2023 16:53:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207967
IP address blocks:        178.130.132.0/22 maxlen: 22
                          109.172.92.0/22 maxlen: 22

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:1b:ff:da:f7:73:7d:01:f0:96:28:27:1c:ba:9d:45:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
        Validity
            Not Before: Nov 29 16:53:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=164b8e9aab77db57a272a6b7f8d013c03a3f5755
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:48:83:9d:c4:35:c5:fc:78:30:da:d2:14:34:
                    4d:8c:7e:b1:d5:eb:e8:5c:d0:58:31:f2:a3:cc:ee:
                    e3:63:b2:c1:ef:3b:e4:32:33:8b:88:e1:c0:b6:7e:
                    93:00:00:be:02:b8:82:d5:ba:9d:ca:b8:45:c2:d5:
                    31:1e:ec:e1:32:70:68:76:8e:89:a5:38:bc:33:c1:
                    37:04:9f:38:f8:0f:a9:e7:6c:86:f2:d7:fe:3a:78:
                    5f:1f:de:f2:8d:dc:35:31:e3:55:cb:4f:2e:93:e8:
                    f2:05:a9:54:a4:d2:06:d7:f9:89:4d:bf:94:46:f1:
                    12:7c:5b:30:5b:6c:c9:94:0f:2e:bf:82:19:ee:0c:
                    3e:fc:eb:94:3c:e1:98:e6:da:27:79:39:f6:a1:91:
                    1c:ce:6e:0c:31:3c:dc:33:b9:04:54:82:14:c2:9d:
                    83:62:7c:b9:4f:44:db:7a:2d:54:46:ce:d2:3d:eb:
                    11:10:5c:5d:f4:e6:f7:c2:de:00:69:18:67:aa:c2:
                    cb:0a:75:d3:11:0f:04:25:e0:e7:4f:61:45:52:c0:
                    52:35:33:9d:bb:32:4f:da:91:0b:8f:26:61:b2:2e:
                    5f:08:05:b4:6b:21:ed:d5:29:a5:ca:7b:19:da:a9:
                    36:58:9f:59:bc:db:bb:a4:e5:04:e1:24:0d:13:bf:
                    15:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:4B:8E:9A:AB:77:DB:57:A2:72:A6:B7:F8:D0:13:C0:3A:3F:57:55
            X509v3 Authority Key Identifier:
                keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/FkuOmqt321eicqa3-NATwDo_V1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.172.92.0/22
                  178.130.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:30:ae:c1:cb:d6:2f:96:74:6b:1b:b4:e5:0d:84:54:15:9b:
         b3:06:9b:7b:00:f7:ea:90:71:f1:c1:54:f2:7d:df:2e:60:41:
         39:33:a4:e3:e2:f7:31:12:a9:d3:b8:38:72:54:2c:0d:5e:39:
         02:89:b5:c0:06:8e:bd:77:6d:89:0b:df:17:c3:09:fd:30:10:
         bb:7f:36:07:02:2d:e8:79:ef:19:2f:ba:cf:52:23:ec:f7:4c:
         89:cb:4e:75:19:aa:a2:f1:22:dd:f5:50:d7:54:86:69:ef:4e:
         07:eb:91:23:f3:11:ef:4a:1e:00:08:f9:d6:ee:ad:d5:58:7d:
         0f:01:1d:7b:fa:3f:fb:47:db:e5:66:de:a6:b5:2a:e9:7a:12:
         5b:46:a0:9b:f9:cc:ac:5c:e3:fe:72:35:8b:f1:65:3c:f7:24:
         bc:f9:7a:6a:57:55:52:f5:8d:c2:c1:39:bf:0f:fe:82:42:0b:
         f4:72:b4:bf:7d:4e:89:cd:ff:90:a2:fc:ce:a6:f4:c7:bc:5a:
         68:04:c9:4e:d4:7a:a9:9a:5c:3e:b4:33:b5:77:ad:af:11:c6:
         dc:2e:10:6e:d7:5c:30:83:0b:5b:23:9a:82:32:2f:fe:d6:10:
         2b:13:78:53:01:59:43:82:81:06:11:20:a1:47:b9:ad:0f:7e:
         d2:ac:f6:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYwb/9r3c30B8JYoJxy6nUUFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjMxMTI5MTY1MzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjRiOGU5YWFiNzdkYjU3YTI3MmE2YjdmOGQwMTNjMDNhM2Y1NzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkiDncQ1xfx4MNrSFDRNjH6x1evo
XNBYMfKjzO7jY7LB7zvkMjOLiOHAtn6TAAC+AriC1bqdyrhFwtUxHuzhMnBodo6J
pTi8M8E3BJ84+A+p52yG8tf+OnhfH97yjdw1MeNVy08uk+jyBalUpNIG1/mJTb+U
RvESfFswW2zJlA8uv4IZ7gw+/OuUPOGY5toneTn2oZEczm4MMTzcM7kEVIIUwp2D
Yny5T0Tbei1URs7SPesREFxd9Ob3wt4AaRhnqsLLCnXTEQ8EJeDnT2FFUsBSNTOd
uzJP2pELjyZhsi5fCAW0ayHt1SmlynsZ2qk2WJ9ZvNu7pOUE4SQNE78VcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBZLjpqrd9tXonKmt/jQE8A6P1dVMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvRmt1T21xdDMyMWVpY3FhMy1OQVR3RG9fVjFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCbaxcAwQC
soKEMA0GCSqGSIb3DQEBCwUAA4IBAQCwMK7By9YvlnRrG7TlDYRUFZuzBpt7APfq
kHHxwVTyfd8uYEE5M6Tj4vcxEqnTuDhyVCwNXjkCibXABo69d22JC98Xwwn9MBC7
fzYHAi3oee8ZL7rPUiPs90yJy051Gaqi8SLd9VDXVIZp704H65Ej8xHvSh4ACPnW
7q3VWH0PAR17+j/7R9vlZt6mtSrpehJbRqCb+cysXOP+cjWL8WU89yS8+XpqV1VS
9Y3CwTm/D/6CQgv0crS/fU6Jzf+QovzOpvTHvFpoBMlO1Hqpmlw+tDO1d62vEcbc
LhBu11wwgwtbI5qCMi/+1hArE3hTAVlDgoEGESChR7mtD37SrPYX
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:09 2024 by rpki-client on console-fra.rpki-client.org