Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/TqoI9W3ik9rbUtY8B7108Kkyyac.roa
File:                     TqoI9W3ik9rbUtY8B7108Kkyyac.roa (raw, json)
Hash identifier:          PnOTRYHjuVcjFOPjwON8fvQxXuMMq8BVcBaiEQP/yvI=
Subject key identifier:   4E:AA:08:F5:6D:E2:93:DA:DB:52:D6:3C:07:BD:74:F0:A9:32:C9:A7
Certificate issuer:       /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial:       018458364A3ACA6988643F31F08A83D8B960
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/TqoI9W3ik9rbUtY8B7108Kkyyac.roa
Signing time:             Tue 08 Nov 2022 17:07:43 +0000
ROA not before:           Tue 08 Nov 2022 17:07:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     59854
IP address blocks:        188.214.142.0/24 maxlen: 24
                          89.35.173.0/24 maxlen: 24
                          93.119.227.0/24 maxlen: 24
                          185.171.185.0/24 maxlen: 24
                          185.171.184.0/24 maxlen: 24
                          185.171.187.0/24 maxlen: 24
                          77.81.164.0/23 maxlen: 23
                          188.215.36.0/24 maxlen: 24
                          86.105.187.0/24 maxlen: 24
                          128.0.46.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:58:36:4a:3a:ca:69:88:64:3f:31:f0:8a:83:d8:b9:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
        Validity
            Not Before: Nov  8 17:07:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4eaa08f56de293dadb52d63c07bd74f0a932c9a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e4:0c:b7:d4:2d:39:cf:91:75:8a:61:93:e0:
                    66:41:b5:10:eb:8a:41:96:1e:b2:54:d5:36:50:7b:
                    64:a1:29:f1:a5:4e:60:cc:a9:18:44:cd:09:77:f5:
                    6c:8e:ff:0b:59:c7:9b:90:58:8c:01:7c:5c:10:8f:
                    f7:1a:e9:e8:50:72:d7:79:f9:5b:d6:58:57:24:9e:
                    85:3b:9c:28:69:f0:59:95:3c:ae:f7:2c:9f:d2:ae:
                    6b:38:d5:eb:78:b5:29:49:e9:62:38:d4:10:55:4e:
                    07:d1:75:b1:61:ff:dd:82:e8:00:ad:74:7a:e7:df:
                    d1:b7:e2:fe:f2:74:17:bc:00:5b:ef:a3:ac:c0:79:
                    a3:49:7c:11:e6:a4:a9:27:d8:d1:80:ab:95:61:4b:
                    c4:05:bb:0d:fc:3b:fe:92:27:7c:41:7a:03:9e:40:
                    68:4b:b1:74:8c:d1:fa:69:bd:d4:55:45:60:94:44:
                    24:8e:4b:81:35:55:f4:6a:6b:7e:37:4a:06:bc:ef:
                    8c:0e:38:a8:f2:5f:02:6a:27:b8:6a:17:36:52:2c:
                    74:f6:2e:6c:04:50:d8:ad:47:bc:5d:f2:aa:86:15:
                    e3:0e:a0:e0:b2:ea:40:ec:6a:c0:38:2d:1e:d5:02:
                    21:90:2f:b0:59:4e:2b:c6:65:7c:1f:94:74:84:18:
                    15:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:AA:08:F5:6D:E2:93:DA:DB:52:D6:3C:07:BD:74:F0:A9:32:C9:A7
            X509v3 Authority Key Identifier:
                keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/TqoI9W3ik9rbUtY8B7108Kkyyac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.164.0/23
                  86.105.187.0/24
                  89.35.173.0/24
                  93.119.227.0/24
                  128.0.46.0/23
                  185.171.184.0/23
                  185.171.187.0/24
                  188.214.142.0/24
                  188.215.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:05:21:86:0e:e0:c0:e2:94:c4:da:f3:23:f7:1b:04:0e:04:
         e8:aa:91:25:4c:61:93:1e:bf:b4:ed:1a:71:11:40:ee:1b:b6:
         c0:b3:e8:c0:b3:a8:57:ab:c7:6c:d0:4e:80:79:50:08:2f:8d:
         3b:42:ca:31:9a:d8:8f:51:7f:85:01:95:dc:c8:df:dc:81:be:
         4e:b4:09:12:dd:8e:f6:10:73:bf:ce:c4:1a:56:d4:01:d7:eb:
         cf:ca:0d:25:f2:96:19:01:06:8a:75:bc:1a:97:9c:ff:41:13:
         38:33:22:1c:fa:bf:54:8f:47:1a:f6:e4:e8:8d:9c:89:94:e4:
         a1:a4:89:f4:00:87:14:5d:18:00:52:0a:21:48:99:f6:55:6d:
         04:07:50:0d:83:bd:93:fa:71:3a:5b:d4:4c:e9:be:c9:7d:59:
         6a:8f:ef:d2:c3:ad:f6:08:5a:f7:c6:43:90:73:9d:a8:1b:9d:
         13:24:4a:ef:ea:44:68:f8:10:8d:ce:27:ea:a8:c7:ef:eb:37:
         7d:49:46:30:38:71:3d:8e:c5:ab:01:25:82:2d:ab:09:9b:a3:
         f2:07:6c:53:23:7d:98:f4:f8:01:6d:97:39:8d:fb:2a:f4:5d:
         ad:aa:ce:67:17:5f:42:f6:d8:30:19:02:64:98:ab:e3:f2:76:
         c7:6f:a0:27
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYRYNko6ymmIZD8x8IqD2LlgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjIxMTA4MTcwNzQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWFhMDhmNTZkZTI5M2RhZGI1MmQ2M2MwN2JkNzRmMGE5MzJjOWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOQMt9QtOc+RdYphk+BmQbUQ64pB
lh6yVNU2UHtkoSnxpU5gzKkYRM0Jd/Vsjv8LWcebkFiMAXxcEI/3GunoUHLXeflb
1lhXJJ6FO5woafBZlTyu9yyf0q5rONXreLUpSeliONQQVU4H0XWxYf/dgugArXR6
59/Rt+L+8nQXvABb76OswHmjSXwR5qSpJ9jRgKuVYUvEBbsN/Dv+kid8QXoDnkBo
S7F0jNH6ab3UVUVglEQkjkuBNVX0amt+N0oGvO+MDjio8l8Caie4ahc2Uix09i5s
BFDYrUe8XfKqhhXjDqDgsupA7GrAOC0e1QIhkC+wWU4rxmV8H5R0hBgVHwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFE6qCPVt4pPa21LWPAe9dPCpMsmnMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvVHFvSTlXM2lrOXJiVXRZOEI3MTA4S2t5eWFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBTVGkAwQA
Vmm7AwQAWSOtAwQAXXfjAwQBgAAuAwQBuau4AwQAuau7AwQAvNaOAwQAvNckMA0G
CSqGSIb3DQEBCwUAA4IBAQB6BSGGDuDA4pTE2vMj9xsEDgToqpElTGGTHr+07Rpx
EUDuG7bAs+jAs6hXq8ds0E6AeVAIL407QsoxmtiPUX+FAZXcyN/cgb5OtAkS3Y72
EHO/zsQaVtQB1+vPyg0l8pYZAQaKdbwal5z/QRM4MyIc+r9Uj0ca9uTojZyJlOSh
pIn0AIcUXRgAUgohSJn2VW0EB1ANg72T+nE6W9RM6b7JfVlqj+/Sw632CFr3xkOQ
c52oG50TJErv6kRo+BCNzifqqMfv6zd9SUYwOHE9jsWrASWCLasJm6PyB2xTI32Y
9PgBbZc5jfsq9F2tqs5nF19C9tgwGQJkmKvj8nbHb6An
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:06 2024 by rpki-client on console-ams.rpki-client.org