Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/2WYaeXKghOuI6XNR1-pC8Vqk7u0.roa
File:                     2WYaeXKghOuI6XNR1-pC8Vqk7u0.roa (raw, json)
Hash identifier:          LnSffnKumFclVjBhof4rqgrRoEgaf7+5W3+x92JSlng=
Subject key identifier:   D9:66:1A:79:72:A0:84:EB:88:E9:73:51:D7:EA:42:F1:5A:A4:EE:ED
Certificate issuer:       /CN=94846741139263388d984db1e97e031669c6486e
Certificate serial:       018CC56E6E3557E3042F2A84824E420C6D12
Authority key identifier: 94:84:67:41:13:92:63:38:8D:98:4D:B1:E9:7E:03:16:69:C6:48:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lIRnQROSYziNmE2x6X4DFmnGSG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/2WYaeXKghOuI6XNR1-pC8Vqk7u0.roa
Signing time:             Mon 01 Jan 2024 14:29:57 +0000
ROA not before:           Mon 01 Jan 2024 14:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34636
IP address blocks:        195.190.144.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:6e:35:57:e3:04:2f:2a:84:82:4e:42:0c:6d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94846741139263388d984db1e97e031669c6486e
        Validity
            Not Before: Jan  1 14:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9661a7972a084eb88e97351d7ea42f15aa4eeed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:2f:95:c0:f2:ea:13:38:12:0e:5b:ed:62:ed:
                    bd:99:e3:5c:78:de:d0:b9:66:4c:1b:38:30:23:60:
                    5c:b3:f6:4a:21:e9:12:10:01:ab:47:e7:02:27:64:
                    6c:e2:c5:c1:00:01:0d:b6:ba:24:7e:4e:31:80:0d:
                    02:5b:28:02:f6:1f:fe:52:2b:2c:25:b2:58:c5:66:
                    16:a0:7d:25:ef:13:90:17:1d:a7:d9:38:a7:63:83:
                    6c:4a:47:8d:43:b0:2c:37:e7:b4:30:63:87:1c:e0:
                    4e:e8:8f:ea:c4:30:d4:97:75:da:9b:cb:ce:ae:ce:
                    26:9b:2e:08:45:95:57:40:a5:04:d3:ce:4f:6f:99:
                    e0:d3:48:d9:82:e9:5a:50:a9:93:58:aa:b7:d5:5f:
                    70:2f:20:35:75:8c:3e:fe:1f:7a:e4:80:c0:16:ac:
                    59:8c:b5:35:5c:19:35:c2:2a:18:06:b4:0c:c1:22:
                    51:23:db:2b:a0:ff:9f:f6:bb:d2:a4:e0:30:47:1e:
                    c6:97:9e:db:6c:17:c8:27:09:ae:a0:73:1e:04:b7:
                    b5:6e:e6:a4:49:b3:7d:4e:4f:98:6f:09:6b:36:38:
                    99:c7:18:21:f3:c6:99:04:6d:1b:c6:90:eb:f9:d6:
                    65:e7:d2:93:60:f7:cc:14:b4:fd:63:3a:18:42:f2:
                    6f:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:66:1A:79:72:A0:84:EB:88:E9:73:51:D7:EA:42:F1:5A:A4:EE:ED
            X509v3 Authority Key Identifier:
                keyid:94:84:67:41:13:92:63:38:8D:98:4D:B1:E9:7E:03:16:69:C6:48:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lIRnQROSYziNmE2x6X4DFmnGSG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/2WYaeXKghOuI6XNR1-pC8Vqk7u0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/lIRnQROSYziNmE2x6X4DFmnGSG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:9a:1e:e5:dd:60:9f:29:f8:cd:77:4f:c8:b3:5c:bc:68:f5:
         7c:17:85:41:cc:ad:7c:c6:6d:7c:99:73:66:ed:89:7f:ea:90:
         53:55:68:2f:1c:a4:fa:e6:5a:e3:29:84:a8:06:f6:32:e9:ee:
         a3:5d:b1:60:e1:0b:a9:6c:53:90:81:65:0e:16:ed:4a:27:08:
         e0:46:af:73:16:25:88:de:84:c7:c8:cd:57:21:91:07:bf:7f:
         39:4e:a9:3c:b3:93:5b:49:d8:9a:8d:af:8b:08:6f:4b:f6:a9:
         78:8c:3f:f3:62:96:21:11:41:70:9e:1f:27:c4:15:6b:6c:ce:
         57:e2:57:80:51:64:5b:f1:34:d7:c2:a2:e9:26:42:95:31:e1:
         08:60:0b:1a:4d:b7:c8:a3:69:83:c1:0b:56:14:16:d8:f6:70:
         69:29:eb:79:03:d8:28:30:c4:ce:42:4c:03:70:c7:49:ed:9b:
         0f:36:de:04:f4:87:43:43:15:11:e3:96:85:3e:da:af:0f:33:
         cc:98:70:da:ee:9b:89:70:0e:c2:d9:e3:a5:5d:fe:18:00:b9:
         96:c3:63:94:60:b3:56:46:34:63:26:d9:12:8d:f9:e8:86:2e:
         b9:46:26:3c:57:f7:ff:ad:bc:1a:84:30:a8:2c:19:91:9b:09:
         48:fa:03:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbm41V+MELyqEgk5CDG0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ODQ2NzQxMTM5MjYzMzg4ZDk4NGRiMWU5N2UwMzE2Njlj
NjQ4NmUwHhcNMjQwMTAxMTQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTY2MWE3OTcyYTA4NGViODhlOTczNTFkN2VhNDJmMTVhYTRlZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjy+VwPLqEzgSDlvtYu29meNceN7Q
uWZMGzgwI2Bcs/ZKIekSEAGrR+cCJ2Rs4sXBAAENtrokfk4xgA0CWygC9h/+Uiss
JbJYxWYWoH0l7xOQFx2n2TinY4NsSkeNQ7AsN+e0MGOHHOBO6I/qxDDUl3Xam8vO
rs4mmy4IRZVXQKUE085Pb5ng00jZgulaUKmTWKq31V9wLyA1dYw+/h965IDAFqxZ
jLU1XBk1wioYBrQMwSJRI9sroP+f9rvSpOAwRx7Gl57bbBfIJwmuoHMeBLe1buak
SbN9Tk+YbwlrNjiZxxgh88aZBG0bxpDr+dZl59KTYPfMFLT9YzoYQvJvkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlmGnlyoITriOlzUdfqQvFapO7tMB8GA1UdIwQY
MBaAFJSEZ0ETkmM4jZhNsel+AxZpxkhuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbElSblFST1NZemlObUUyeDZYNERGbW5HU0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9hNDkxMDItMDYxMi00N2EwLTgxMTct
Y2IxMTI1MDA3ZGZiLzEvMldZYWVYS2doT3VJNlhOUjEtcEM4VnFrN3UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9hNDkxMDItMDYxMi00N2EwLTgxMTctY2IxMTI1MDA3ZGZi
LzEvbElSblFST1NZemlObUUyeDZYNERGbW5HU0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw76QMA0G
CSqGSIb3DQEBCwUAA4IBAQC1mh7l3WCfKfjNd0/Is1y8aPV8F4VBzK18xm18mXNm
7Yl/6pBTVWgvHKT65lrjKYSoBvYy6e6jXbFg4QupbFOQgWUOFu1KJwjgRq9zFiWI
3oTHyM1XIZEHv385Tqk8s5NbSdiaja+LCG9L9ql4jD/zYpYhEUFwnh8nxBVrbM5X
4leAUWRb8TTXwqLpJkKVMeEIYAsaTbfIo2mDwQtWFBbY9nBpKet5A9goMMTOQkwD
cMdJ7ZsPNt4E9IdDQxUR45aFPtqvDzPMmHDa7puJcA7C2eOlXf4YALmWw2OUYLNW
RjRjJtkSjfnohi65RiY8V/f/rbwahDCoLBmRmwlI+gOP
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:51 2024 by rpki-client on console-fra.rpki-client.org