Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/5wUbHP3trvhzaZdB7QTB0XzxRiY.roa
File:                     5wUbHP3trvhzaZdB7QTB0XzxRiY.roa (raw, json)
Hash identifier:          w94mumSVVgJMbLoYFf6b1cMYDDsx9fTgINia9gNtS5M=
Subject key identifier:   E7:05:1B:1C:FD:ED:AE:F8:73:69:97:41:ED:04:C1:D1:7C:F1:46:26
Certificate issuer:       /CN=97ebf14a8e54f12dd8b245353df683e182a096c5
Certificate serial:       018D13D7EFD965DE889FB7A3F005B7D3A1FB
Authority key identifier: 97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/5wUbHP3trvhzaZdB7QTB0XzxRiY.roa
Signing time:             Tue 16 Jan 2024 19:55:35 +0000
ROA not before:           Tue 16 Jan 2024 19:55:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212667
IP address blocks:        194.26.193.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:13:d7:ef:d9:65:de:88:9f:b7:a3:f0:05:b7:d3:a1:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ebf14a8e54f12dd8b245353df683e182a096c5
        Validity
            Not Before: Jan 16 19:55:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7051b1cfdedaef873699741ed04c1d17cf14626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a0:e1:20:9e:b3:e2:f7:92:f9:7d:a0:ac:ae:
                    f3:2f:63:72:0b:28:0c:c9:14:7e:7a:a0:1c:a3:b1:
                    9b:e8:2d:c4:0e:91:b0:11:5e:1c:92:cd:71:22:6d:
                    63:50:0c:e7:32:e1:83:51:c4:63:38:b9:00:ef:b6:
                    d5:00:54:c1:ae:5f:5f:c8:55:3f:06:96:65:ac:f7:
                    87:0e:b2:05:6e:06:be:c1:ad:f7:c0:11:a1:6c:7f:
                    73:df:ee:c9:7b:1f:db:04:5b:46:e6:a9:34:04:58:
                    04:08:3d:9e:49:05:ce:f5:5c:b7:a9:a2:0a:6b:ed:
                    e6:4d:58:c3:dd:0a:96:93:f1:31:2b:26:b4:5d:67:
                    48:44:3b:c6:63:74:aa:7b:00:ce:72:91:35:3a:f5:
                    ac:03:ec:3e:44:8a:97:e0:5b:94:f5:03:f5:a1:72:
                    87:42:72:f6:0e:f9:36:ef:9c:6c:5c:2b:9e:49:59:
                    0d:d5:c0:d8:6a:19:c4:b3:37:a7:e1:f8:b2:82:97:
                    bd:bc:16:94:b2:3e:87:4d:e3:4f:83:d0:2a:21:f0:
                    28:6e:48:19:a8:0f:ff:5e:92:ae:cc:12:31:47:b7:
                    c8:4d:41:cc:98:32:f8:35:4c:a7:ab:51:0c:01:a8:
                    ae:49:3f:af:5a:09:3a:fe:3b:e5:9b:27:ff:ff:e0:
                    54:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:05:1B:1C:FD:ED:AE:F8:73:69:97:41:ED:04:C1:D1:7C:F1:46:26
            X509v3 Authority Key Identifier:
                keyid:97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/5wUbHP3trvhzaZdB7QTB0XzxRiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/l-vxSo5U8S3YskU1PfaD4YKglsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:7b:39:7e:fc:55:bf:d9:10:2f:34:ce:b5:56:ec:1b:3b:b2:
         ba:a5:15:41:fa:e2:d6:65:7a:87:88:f7:ab:d0:a2:71:e5:fc:
         1a:5a:ec:b8:d7:16:7b:ef:a4:1a:24:a7:37:28:ab:e9:43:81:
         be:bc:96:2d:c9:d7:c6:ab:16:95:3a:aa:ac:cc:ff:06:2d:09:
         07:97:20:e0:64:30:e3:44:90:67:8f:09:99:d2:33:8b:4d:01:
         ac:cd:3e:e6:3d:77:6f:bb:40:f9:bf:29:f1:47:3c:ee:1f:a1:
         50:59:ec:9f:93:28:21:62:8e:45:cb:38:37:09:d1:eb:56:f4:
         ce:51:b3:d4:96:a2:cb:77:0f:64:f3:09:c1:f1:12:8f:e9:31:
         40:33:42:79:90:c6:6c:f1:54:9f:73:af:e6:74:dc:29:ce:24:
         e1:50:82:74:88:55:28:ac:bf:44:fe:99:a5:61:7c:e8:08:bc:
         fc:04:f1:60:1e:b3:01:76:71:e3:22:68:05:f5:2c:b6:a7:fd:
         46:2b:ec:7b:9a:1e:9e:d3:1f:41:40:4d:aa:07:65:4d:c5:1e:
         06:a7:2f:47:0e:e1:20:8b:57:bc:5e:74:70:14:3d:27:56:cc:
         0b:ba:2c:34:0e:7f:0d:5f:a0:02:0e:a4:3e:6b:cb:71:c9:69:
         97:67:4e:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0T1+/ZZd6In7ej8AW306H7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWJmMTRhOGU1NGYxMmRkOGIyNDUzNTNkZjY4M2UxODJh
MDk2YzUwHhcNMjQwMTE2MTk1NTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzA1MWIxY2ZkZWRhZWY4NzM2OTk3NDFlZDA0YzFkMTdjZjE0NjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqDhIJ6z4veS+X2grK7zL2NyCygM
yRR+eqAco7Gb6C3EDpGwEV4cks1xIm1jUAznMuGDUcRjOLkA77bVAFTBrl9fyFU/
BpZlrPeHDrIFbga+wa33wBGhbH9z3+7Jex/bBFtG5qk0BFgECD2eSQXO9Vy3qaIK
a+3mTVjD3QqWk/ExKya0XWdIRDvGY3SqewDOcpE1OvWsA+w+RIqX4FuU9QP1oXKH
QnL2Dvk275xsXCueSVkN1cDYahnEszen4fiygpe9vBaUsj6HTeNPg9AqIfAobkgZ
qA//XpKuzBIxR7fITUHMmDL4NUynq1EMAaiuST+vWgk6/jvlmyf//+BUrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcFGxz97a74c2mXQe0EwdF88UYmMB8GA1UdIwQY
MBaAFJfr8UqOVPEt2LJFNT32g+GCoJbFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUt
MjQwOWFhZDA4MWQyLzEvNXdVYkhQM3Rydmh6YVpkQjdRVEIwWHp4UmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUtMjQwOWFhZDA4MWQy
LzEvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhrBMA0G
CSqGSIb3DQEBCwUAA4IBAQCQezl+/FW/2RAvNM61VuwbO7K6pRVB+uLWZXqHiPer
0KJx5fwaWuy41xZ776QaJKc3KKvpQ4G+vJYtydfGqxaVOqqszP8GLQkHlyDgZDDj
RJBnjwmZ0jOLTQGszT7mPXdvu0D5vynxRzzuH6FQWeyfkyghYo5Fyzg3CdHrVvTO
UbPUlqLLdw9k8wnB8RKP6TFAM0J5kMZs8VSfc6/mdNwpziThUIJ0iFUorL9E/pml
YXzoCLz8BPFgHrMBdnHjImgF9Sy2p/1GK+x7mh6e0x9BQE2qB2VNxR4Gpy9HDuEg
i1e8XnRwFD0nVswLuiw0Dn8NX6ACDqQ+a8txyWmXZ06r
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:09 2024 by rpki-client on console-ams.rpki-client.org