Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/V4SieAT7swEegHJArCYxS-J_6Rw.roa
File:                     V4SieAT7swEegHJArCYxS-J_6Rw.roa (raw, json)
Hash identifier:          IMKLlW4vCyJji4eSz8fpF6GjJwAZI4XI+7WufmyA2iY=
Subject key identifier:   57:84:A2:78:04:FB:B3:01:1E:80:72:40:AC:26:31:4B:E2:7F:E9:1C
Certificate issuer:       /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial:       018D13D7F23E92B1B4AAD24EBA3735DF5436
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/V4SieAT7swEegHJArCYxS-J_6Rw.roa
Signing time:             Tue 16 Jan 2024 19:55:35 +0000
ROA not before:           Tue 16 Jan 2024 19:55:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        31.40.250.0/24 maxlen: 24
                          146.19.129.0/24 maxlen: 24
                          194.69.164.0/24 maxlen: 24
                          213.109.153.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:13:d7:f2:3e:92:b1:b4:aa:d2:4e:ba:37:35:df:54:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
        Validity
            Not Before: Jan 16 19:55:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5784a27804fbb3011e807240ac26314be27fe91c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1e:43:53:0b:bb:db:7a:a3:85:bc:06:28:a9:
                    01:f8:4c:c2:60:c5:e6:e0:0b:2b:6f:78:3f:32:0f:
                    07:58:b6:4f:7f:bd:9a:51:1e:6f:48:8a:ad:38:e3:
                    b3:81:68:92:e8:79:f3:3b:54:79:69:2c:0f:d5:88:
                    8a:ad:48:28:39:da:2c:70:dd:16:60:e8:7c:c1:18:
                    5d:cf:4b:2a:35:53:cd:bd:c5:fb:34:68:66:6c:a4:
                    9e:16:4e:85:1e:99:a5:06:ba:29:9d:de:41:f3:ee:
                    1a:ed:c1:89:f0:eb:19:88:8b:87:db:49:a0:91:4f:
                    31:2e:46:3b:b0:05:ef:ef:81:cb:ee:dc:08:7e:c9:
                    ff:c2:57:4a:8f:3f:56:57:33:b6:de:9b:97:65:b7:
                    7f:a7:79:7a:91:3d:2f:54:36:8e:9b:ea:18:76:ad:
                    e6:41:26:99:6c:a4:b1:45:b5:b1:0c:70:84:9f:79:
                    42:24:29:43:3f:6c:50:97:50:61:ef:70:ef:ab:99:
                    32:a3:a5:99:fb:9c:36:b7:d7:1f:bf:20:87:98:f8:
                    e3:31:62:9b:08:b4:84:80:a8:97:b7:c5:6c:8c:17:
                    af:2b:54:fa:18:d7:2d:77:a8:8d:f1:1e:b1:f3:36:
                    01:0a:97:7e:e0:85:03:34:7b:d5:c8:fe:69:e2:c4:
                    0d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:84:A2:78:04:FB:B3:01:1E:80:72:40:AC:26:31:4B:E2:7F:E9:1C
            X509v3 Authority Key Identifier:
                keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/V4SieAT7swEegHJArCYxS-J_6Rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.250.0/24
                  146.19.129.0/24
                  194.69.164.0/24
                  213.109.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:e8:14:af:ac:ae:8e:ed:39:fc:c5:ec:66:9d:43:3f:00:fd:
         11:a8:1e:dc:35:58:71:a5:b7:1e:54:8a:5a:43:bb:e2:fc:67:
         81:49:d6:d6:6f:31:f0:af:b2:91:94:32:77:55:49:2e:45:a4:
         5d:4e:80:28:2a:6a:1a:79:c0:78:b5:f1:5b:16:91:89:88:d7:
         4c:78:9d:5a:98:97:e1:c8:22:bd:9a:20:38:a6:0a:f3:56:a6:
         45:ab:df:a4:e2:9e:1c:06:45:05:dc:e2:15:0a:d3:25:13:d3:
         60:ab:45:4f:27:30:94:f5:2e:68:24:aa:5e:10:60:4c:37:b8:
         c0:45:65:bd:2c:ce:17:0f:06:d2:6f:5c:6c:1a:79:c7:d0:73:
         8e:19:54:29:d8:58:3d:ab:4b:4d:80:ca:f2:1f:cf:e7:9b:fb:
         fa:0a:86:27:1b:d3:75:5d:c6:cc:45:99:5f:ad:38:69:0e:cb:
         6e:2b:1e:38:00:fd:47:78:5d:06:b2:48:20:ee:61:52:aa:5d:
         0b:5f:4d:18:79:c1:57:7b:c1:e0:01:b3:1c:78:97:f2:3f:12:
         4d:8c:37:3e:de:3f:7f:92:26:58:4f:03:f1:ac:94:a1:e6:92:
         7a:e5:18:da:42:17:bd:1f:6b:e8:3c:73:5b:b3:4c:c1:b3:17:
         3d:7e:a1:1a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY0T1/I+krG0qtJOujc131Q2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjQwMTE2MTk1NTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Nzg0YTI3ODA0ZmJiMzAxMWU4MDcyNDBhYzI2MzE0YmUyN2ZlOTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoh5DUwu723qjhbwGKKkB+EzCYMXm
4Asrb3g/Mg8HWLZPf72aUR5vSIqtOOOzgWiS6HnzO1R5aSwP1YiKrUgoOdoscN0W
YOh8wRhdz0sqNVPNvcX7NGhmbKSeFk6FHpmlBropnd5B8+4a7cGJ8OsZiIuH20mg
kU8xLkY7sAXv74HL7twIfsn/wldKjz9WVzO23puXZbd/p3l6kT0vVDaOm+oYdq3m
QSaZbKSxRbWxDHCEn3lCJClDP2xQl1Bh73Dvq5kyo6WZ+5w2t9cfvyCHmPjjMWKb
CLSEgKiXt8VsjBevK1T6GNctd6iN8R6x8zYBCpd+4IUDNHvVyP5p4sQNmwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFFeEongE+7MBHoByQKwmMUvif+kcMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvVjRTaWVBVDdzd0VlZ0hKQXJDWXhTLUpfNlJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAHyj6AwQA
khOBAwQAwkWkAwQA1W2ZMA0GCSqGSIb3DQEBCwUAA4IBAQBD6BSvrK6O7Tn8xexm
nUM/AP0RqB7cNVhxpbceVIpaQ7vi/GeBSdbWbzHwr7KRlDJ3VUkuRaRdToAoKmoa
ecB4tfFbFpGJiNdMeJ1amJfhyCK9miA4pgrzVqZFq9+k4p4cBkUF3OIVCtMlE9Ng
q0VPJzCU9S5oJKpeEGBMN7jARWW9LM4XDwbSb1xsGnnH0HOOGVQp2Fg9q0tNgMry
H8/nm/v6CoYnG9N1XcbMRZlfrThpDstuKx44AP1HeF0Gskgg7mFSql0LX00YecFX
e8HgAbMceJfyPxJNjDc+3j9/kiZYTwPxrJSh5pJ65RjaQhe9H2voPHNbs0zBsxc9
fqEa
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:02 2024 by rpki-client on console-fra.rpki-client.org