Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/TlYSvutgocx7dgwChommgqeDXkc.roa
File:                     TlYSvutgocx7dgwChommgqeDXkc.roa (raw, json)
Hash identifier:          95Fayr7Bbi42MeYlJunKXFucuL06fHfuP80yYp8y2bQ=
Subject key identifier:   4E:56:12:BE:EB:60:A1:CC:7B:76:0C:02:86:89:A6:82:A7:83:5E:47
Certificate issuer:       /CN=c76bf6b781bcf8c28008a8e8fdde60e7ae3122aa
Certificate serial:       0185710C0123E14DBEF171E6CEC7FCD6758B
Authority key identifier: C7:6B:F6:B7:81:BC:F8:C2:80:08:A8:E8:FD:DE:60:E7:AE:31:22:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x2v2t4G8-MKACKjo_d5g564xIqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/TlYSvutgocx7dgwChommgqeDXkc.roa
Signing time:             Mon 02 Jan 2023 05:54:50 +0000
ROA not before:           Mon 02 Jan 2023 05:54:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60597
IP address blocks:        185.185.158.0/24 maxlen: 24
                          185.185.157.0/24 maxlen: 24
                          185.185.156.0/24 maxlen: 24
                          185.185.159.0/24 maxlen: 24
                          185.14.203.0/24 maxlen: 24
                          185.14.202.0/24 maxlen: 24
                          185.14.201.0/24 maxlen: 24
                          185.14.200.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:0c:01:23:e1:4d:be:f1:71:e6:ce:c7:fc:d6:75:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c76bf6b781bcf8c28008a8e8fdde60e7ae3122aa
        Validity
            Not Before: Jan  2 05:54:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4e5612beeb60a1cc7b760c028689a682a7835e47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:80:66:ee:66:b4:e8:e9:80:9f:cd:a5:c4:04:
                    18:ef:c2:04:25:0d:00:85:7b:d6:1d:61:3d:95:71:
                    18:cf:67:3e:5a:ba:92:94:af:e3:47:63:08:06:b8:
                    dd:02:a0:fa:06:d8:fc:84:02:68:0b:1a:fc:26:3d:
                    d8:83:0d:f6:8e:89:53:6e:0f:1f:23:32:73:d4:be:
                    66:ba:66:12:ea:10:2f:be:b3:74:4c:51:25:80:c7:
                    f1:61:ab:b9:20:f7:8c:67:9b:68:cd:33:77:01:86:
                    8b:03:01:d1:d3:fb:e2:56:34:d4:de:cf:af:52:ea:
                    1e:b0:35:9e:7a:c5:f3:87:a7:7d:78:c6:cd:c1:9a:
                    c1:3e:38:43:7b:fb:dd:06:15:96:1a:be:e2:39:b3:
                    8c:9f:ca:c3:b7:36:29:88:7d:8d:6a:5e:fc:66:95:
                    26:0a:d2:2e:84:34:1c:6d:01:bc:ce:64:22:33:26:
                    6f:ec:01:5c:a8:6f:41:e5:de:d8:63:01:2e:90:e0:
                    63:78:f3:e7:99:e5:30:5d:2b:90:28:f9:1b:a8:37:
                    cc:e4:a0:f8:47:05:86:f6:8a:15:9a:74:f2:18:9f:
                    62:d1:d5:2b:9e:1b:00:50:90:b0:a5:43:02:d6:cb:
                    5d:52:97:c1:70:d8:48:51:5c:93:6b:cf:db:31:e7:
                    9e:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:56:12:BE:EB:60:A1:CC:7B:76:0C:02:86:89:A6:82:A7:83:5E:47
            X509v3 Authority Key Identifier:
                keyid:C7:6B:F6:B7:81:BC:F8:C2:80:08:A8:E8:FD:DE:60:E7:AE:31:22:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x2v2t4G8-MKACKjo_d5g564xIqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/TlYSvutgocx7dgwChommgqeDXkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/x2v2t4G8-MKACKjo_d5g564xIqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.200.0/22
                  185.185.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:16:1d:1b:8e:75:ae:b5:f4:0b:f9:62:f9:2b:15:2a:a7:e2:
         fe:4e:a1:96:ee:5c:01:31:7c:53:ff:dd:97:d5:2f:d4:50:01:
         f0:32:59:92:e4:62:2e:f2:db:4c:5d:46:e6:a9:23:00:cc:36:
         82:c4:bd:29:58:74:86:4c:13:c2:6d:00:b9:bb:3b:1f:0c:c1:
         ed:44:7e:ff:d5:8f:43:0f:0d:5d:b3:3d:19:ce:ce:af:b6:ce:
         2d:f0:ac:76:d8:32:27:92:aa:fc:a5:f6:ef:26:7c:29:5a:b4:
         b4:08:b0:13:59:e3:66:4a:73:8f:3a:a8:45:cf:09:0b:95:4f:
         5e:e2:15:96:ae:e5:c8:86:55:e3:09:29:1a:5a:15:81:90:b7:
         22:0a:f2:24:18:d1:8e:c3:48:0d:2e:40:87:a0:d3:01:0f:84:
         8c:ee:a9:e2:ef:3d:b7:31:f9:ba:d5:58:46:17:6e:60:36:c3:
         70:5d:a8:4c:f6:fa:65:db:5c:f4:26:0f:51:06:2f:b3:b3:0f:
         c2:6f:36:ea:5e:cd:9e:eb:51:3a:4c:23:ce:ab:28:d4:79:29:
         e2:8b:98:68:cf:77:30:00:ff:ca:0f:f1:f2:9d:0b:a5:84:a0:
         dd:7e:10:a2:d7:38:53:26:1f:37:d5:e0:1c:b7:2e:f4:c3:55:
         80:fe:78:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVxDAEj4U2+8XHmzsf81nWLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NmJmNmI3ODFiY2Y4YzI4MDA4YThlOGZkZGU2MGU3YWUz
MTIyYWEwHhcNMjMwMTAyMDU1NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTU2MTJiZWViNjBhMWNjN2I3NjBjMDI4Njg5YTY4MmE3ODM1ZTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4Bm7ma06OmAn82lxAQY78IEJQ0A
hXvWHWE9lXEYz2c+WrqSlK/jR2MIBrjdAqD6Btj8hAJoCxr8Jj3Ygw32jolTbg8f
IzJz1L5mumYS6hAvvrN0TFElgMfxYau5IPeMZ5tozTN3AYaLAwHR0/viVjTU3s+v
UuoesDWeesXzh6d9eMbNwZrBPjhDe/vdBhWWGr7iObOMn8rDtzYpiH2Nal78ZpUm
CtIuhDQcbQG8zmQiMyZv7AFcqG9B5d7YYwEukOBjePPnmeUwXSuQKPkbqDfM5KD4
RwWG9ooVmnTyGJ9i0dUrnhsAUJCwpUMC1stdUpfBcNhIUVyTa8/bMeeewQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE5WEr7rYKHMe3YMAoaJpoKng15HMB8GA1UdIwQY
MBaAFMdr9reBvPjCgAio6P3eYOeuMSKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDJ2MnQ0RzgtTUtBQ0tqb19kNWc1NjR4SXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iMTc4YmQtYjZhNS00NjEwLThjNmEt
YWJmNDg0MGVhNjA3LzEvVGxZU3Z1dGdvY3g3ZGd3Q2hvbW1ncWVEWGtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iMTc4YmQtYjZhNS00NjEwLThjNmEtYWJmNDg0MGVhNjA3
LzEveDJ2MnQ0RzgtTUtBQ0tqb19kNWc1NjR4SXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuQ7IAwQC
ubmcMA0GCSqGSIb3DQEBCwUAA4IBAQADFh0bjnWutfQL+WL5KxUqp+L+TqGW7lwB
MXxT/92X1S/UUAHwMlmS5GIu8ttMXUbmqSMAzDaCxL0pWHSGTBPCbQC5uzsfDMHt
RH7/1Y9DDw1dsz0Zzs6vts4t8Kx22DInkqr8pfbvJnwpWrS0CLATWeNmSnOPOqhF
zwkLlU9e4hWWruXIhlXjCSkaWhWBkLciCvIkGNGOw0gNLkCHoNMBD4SM7qni7z23
Mfm61VhGF25gNsNwXahM9vpl21z0Jg9RBi+zsw/CbzbqXs2e61E6TCPOqyjUeSni
i5hoz3cwAP/KD/HynQulhKDdfhCi1zhTJh831eActy70w1WA/njF
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:51 2024 by rpki-client on console-fra.rpki-client.org