Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/MXxSNPhqGKrVYJqf6o7XsFI67fc.roa
File:                     MXxSNPhqGKrVYJqf6o7XsFI67fc.roa (raw, json)
Hash identifier:          nbPTi5DsM16Odd8RU+cZtxZIq1QIq633ShLoOk5YN6M=
Subject key identifier:   31:7C:52:34:F8:6A:18:AA:D5:60:9A:9F:EA:8E:D7:B0:52:3A:ED:F7
Certificate issuer:       /CN=94846741139263388d984db1e97e031669c6486e
Certificate serial:       0185703991F80E015094675ED483DE83FA07
Authority key identifier: 94:84:67:41:13:92:63:38:8D:98:4D:B1:E9:7E:03:16:69:C6:48:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lIRnQROSYziNmE2x6X4DFmnGSG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/MXxSNPhqGKrVYJqf6o7XsFI67fc.roa
Signing time:             Mon 02 Jan 2023 02:04:58 +0000
ROA not before:           Mon 02 Jan 2023 02:04:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210818
IP address blocks:        195.190.144.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:39:91:f8:0e:01:50:94:67:5e:d4:83:de:83:fa:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94846741139263388d984db1e97e031669c6486e
        Validity
            Not Before: Jan  2 02:04:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=317c5234f86a18aad5609a9fea8ed7b0523aedf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a0:4c:38:7c:65:b8:a4:48:08:14:e4:79:c1:
                    bf:c8:3d:8f:e6:8a:5c:23:bc:7d:03:a8:7a:a9:c1:
                    9a:5c:1b:c9:d8:1c:17:f9:e5:fc:cb:c3:d8:c8:7f:
                    44:5f:88:ce:eb:2d:0c:6d:ac:d0:56:ca:7b:6a:a5:
                    83:14:d3:5c:e3:e2:33:13:3d:aa:de:e5:3d:06:94:
                    39:61:28:a3:fa:91:02:19:35:4c:df:3c:a0:30:b0:
                    74:a3:15:2d:02:7a:25:1c:ff:de:d0:1d:60:03:71:
                    22:b7:0e:05:09:5a:e6:67:2a:33:a6:c6:e4:00:2d:
                    36:43:82:b8:f1:d4:f9:df:5e:12:53:8d:11:6b:d4:
                    91:51:bb:c9:d7:85:88:92:39:28:82:1d:65:28:fb:
                    9c:4e:e0:85:7b:73:86:57:26:19:ae:33:4c:48:ce:
                    82:87:db:3a:dc:ef:f7:4c:42:e9:ba:a3:81:e6:c7:
                    e4:67:3e:74:f2:1d:ad:19:de:54:f2:39:e4:e8:d1:
                    b6:53:f6:a3:0d:ba:5f:25:4e:cc:9e:e0:6a:d0:fe:
                    6f:a8:73:12:8c:7d:8c:f7:f9:df:e8:4c:75:ee:77:
                    06:da:8d:54:4b:50:a3:87:57:68:f6:fd:54:7b:8f:
                    60:8a:c3:63:94:ac:54:c9:8f:88:0f:21:93:e5:09:
                    71:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:7C:52:34:F8:6A:18:AA:D5:60:9A:9F:EA:8E:D7:B0:52:3A:ED:F7
            X509v3 Authority Key Identifier:
                keyid:94:84:67:41:13:92:63:38:8D:98:4D:B1:E9:7E:03:16:69:C6:48:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lIRnQROSYziNmE2x6X4DFmnGSG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/MXxSNPhqGKrVYJqf6o7XsFI67fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a49102-0612-47a0-8117-cb1125007dfb/1/lIRnQROSYziNmE2x6X4DFmnGSG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:d9:5b:f4:48:c5:5f:60:e6:74:9b:66:5f:f9:69:d8:98:9c:
         af:b0:d5:df:2e:14:9d:62:ce:01:5e:eb:42:58:3f:07:2b:33:
         89:db:19:7c:67:9c:40:d6:f4:35:5d:68:3a:ab:5d:3b:b9:c4:
         6e:76:46:24:44:0f:4b:24:94:f3:48:58:f7:4b:35:17:55:3a:
         63:dc:41:e7:ec:fe:dd:9b:f2:97:80:5f:63:98:55:4d:60:fe:
         54:67:2c:ac:98:39:b6:92:c6:36:5e:e1:a5:4b:74:27:cd:dc:
         c7:89:93:e9:df:8a:2f:40:e5:87:2f:d1:9f:97:1e:9d:2d:e9:
         2d:a7:e9:34:56:a3:10:3d:9b:7c:18:67:a9:e3:fa:69:6c:dc:
         47:46:b5:3e:28:54:a7:7c:48:dd:58:54:f8:f9:1e:04:dd:de:
         a7:a0:ea:1d:8c:95:17:c4:ac:cb:e3:f7:d6:ff:24:2c:10:f0:
         b2:bf:c5:0a:69:6f:58:35:ee:af:4f:7f:3d:e7:59:dd:ba:74:
         68:16:33:ef:e8:ee:84:dc:ae:72:ee:fb:6c:c2:7c:13:79:d0:
         60:11:d1:94:df:6d:a6:73:0c:c6:03:1b:1d:49:9e:29:a9:a0:
         ab:a3:bf:d8:26:b4:3b:f8:14:69:0e:ee:ef:0e:9f:ea:4e:f2:
         d0:6c:4f:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwOZH4DgFQlGde1IPeg/oHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ODQ2NzQxMTM5MjYzMzg4ZDk4NGRiMWU5N2UwMzE2Njlj
NjQ4NmUwHhcNMjMwMTAyMDIwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTdjNTIzNGY4NmExOGFhZDU2MDlhOWZlYThlZDdiMDUyM2FlZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaBMOHxluKRICBTkecG/yD2P5opc
I7x9A6h6qcGaXBvJ2BwX+eX8y8PYyH9EX4jO6y0MbazQVsp7aqWDFNNc4+IzEz2q
3uU9BpQ5YSij+pECGTVM3zygMLB0oxUtAnolHP/e0B1gA3Eitw4FCVrmZyozpsbk
AC02Q4K48dT5314SU40Ra9SRUbvJ14WIkjkogh1lKPucTuCFe3OGVyYZrjNMSM6C
h9s63O/3TELpuqOB5sfkZz508h2tGd5U8jnk6NG2U/ajDbpfJU7MnuBq0P5vqHMS
jH2M9/nf6Ex17ncG2o1US1Cjh1do9v1Ue49gisNjlKxUyY+IDyGT5QlxHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDF8UjT4ahiq1WCan+qO17BSOu33MB8GA1UdIwQY
MBaAFJSEZ0ETkmM4jZhNsel+AxZpxkhuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbElSblFST1NZemlObUUyeDZYNERGbW5HU0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9hNDkxMDItMDYxMi00N2EwLTgxMTct
Y2IxMTI1MDA3ZGZiLzEvTVh4U05QaHFHS3JWWUpxZjZvN1hzRkk2N2ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9hNDkxMDItMDYxMi00N2EwLTgxMTctY2IxMTI1MDA3ZGZi
LzEvbElSblFST1NZemlObUUyeDZYNERGbW5HU0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw76QMA0G
CSqGSIb3DQEBCwUAA4IBAQDA2Vv0SMVfYOZ0m2Zf+WnYmJyvsNXfLhSdYs4BXutC
WD8HKzOJ2xl8Z5xA1vQ1XWg6q107ucRudkYkRA9LJJTzSFj3SzUXVTpj3EHn7P7d
m/KXgF9jmFVNYP5UZyysmDm2ksY2XuGlS3QnzdzHiZPp34ovQOWHL9Gflx6dLekt
p+k0VqMQPZt8GGep4/ppbNxHRrU+KFSnfEjdWFT4+R4E3d6noOodjJUXxKzL4/fW
/yQsEPCyv8UKaW9YNe6vT38951ndunRoFjPv6O6E3K5y7vtswnwTedBgEdGU322m
cwzGAxsdSZ4pqaCro7/YJrQ7+BRpDu7vDp/qTvLQbE+i
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:51 2024 by rpki-client on console-fra.rpki-client.org