Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/NPZq7rJWNvS1RS4fnSJh_ryuLiM.roa
File:                     NPZq7rJWNvS1RS4fnSJh_ryuLiM.roa (raw, json)
Hash identifier:          IffVmAhspmGfHFH4e+1KKgnlBiqH2pPkWdMQPr7tR5U=
Subject key identifier:   34:F6:6A:EE:B2:56:36:F4:B5:45:2E:1F:9D:22:61:FE:BC:AE:2E:23
Certificate issuer:       /CN=537f9bf84b69a09042432dae8377ee0ac8ff1c61
Certificate serial:       01856FA6E7E3FA41E84253A219D84F9D12F4
Authority key identifier: 53:7F:9B:F8:4B:69:A0:90:42:43:2D:AE:83:77:EE:0A:C8:FF:1C:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/NPZq7rJWNvS1RS4fnSJh_ryuLiM.roa
Signing time:             Sun 01 Jan 2023 23:24:47 +0000
ROA not before:           Sun 01 Jan 2023 23:24:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        193.218.0.0/24 maxlen: 24
                          185.1.226.0/23 maxlen: 23
                          2001:67c:29f0::/48 maxlen: 48

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:a6:e7:e3:fa:41:e8:42:53:a2:19:d8:4f:9d:12:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=537f9bf84b69a09042432dae8377ee0ac8ff1c61
        Validity
            Not Before: Jan  1 23:24:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=34f66aeeb25636f4b5452e1f9d2261febcae2e23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:65:60:c3:8e:2a:85:01:b2:e8:67:d3:3d:6e:
                    29:5e:8f:01:69:fe:29:8d:7a:6f:01:16:7b:25:03:
                    f9:93:03:5b:3b:92:06:37:c4:bf:e8:6a:6d:91:2d:
                    3e:53:4a:f1:9c:1b:c1:6f:72:f4:36:64:8b:b3:3c:
                    e4:9d:f8:ba:f8:cf:92:10:c6:c3:be:1f:14:c5:41:
                    67:fd:36:e1:39:eb:3e:ff:6f:32:5e:7a:0d:be:22:
                    72:ec:83:ee:d5:88:fa:6b:c1:78:28:bb:7d:1c:f3:
                    b4:fb:f1:c3:8f:be:96:19:7b:5c:32:5f:db:b0:d5:
                    dc:23:c6:94:10:14:e4:52:7d:3b:2f:82:17:3d:9e:
                    e2:55:8c:ae:20:99:c8:17:4c:be:c6:47:0d:19:06:
                    68:89:9d:5a:8b:a4:fc:3d:54:84:4e:14:6b:cb:70:
                    b0:e2:a0:68:02:c1:56:88:7b:89:b7:51:af:61:63:
                    c9:2d:a4:d9:94:c0:c9:e9:98:c1:db:0e:5f:2c:b4:
                    d1:cc:05:b0:48:eb:f8:11:f1:fa:ca:e1:2f:0b:f7:
                    5b:ca:38:bb:da:61:a6:b9:da:d0:9f:93:81:af:c6:
                    1c:9c:bf:e6:9a:be:11:a4:53:06:0a:ae:8b:ca:f4:
                    2a:5d:d6:63:59:3b:7a:2d:e5:0a:fb:33:5d:33:80:
                    cf:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:F6:6A:EE:B2:56:36:F4:B5:45:2E:1F:9D:22:61:FE:BC:AE:2E:23
            X509v3 Authority Key Identifier:
                keyid:53:7F:9B:F8:4B:69:A0:90:42:43:2D:AE:83:77:EE:0A:C8:FF:1C:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U3-b-EtpoJBCQy2ug3fuCsj_HGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/NPZq7rJWNvS1RS4fnSJh_ryuLiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cbc746-416b-4da9-9225-892ec6ff4771/1/U3-b-EtpoJBCQy2ug3fuCsj_HGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.226.0/23
                  193.218.0.0/24
                IPv6:
                  2001:67c:29f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:18:a4:01:85:48:c8:d0:fb:59:09:6d:5e:26:fc:aa:13:9b:
         c2:a1:e5:d7:3a:45:a7:9b:80:0b:3d:4b:eb:14:f6:03:e8:47:
         cc:41:24:d6:69:65:e9:b7:af:ef:d9:9e:58:b1:fe:48:d6:6a:
         c0:cb:3a:ab:85:62:62:de:ea:d8:7e:15:c7:60:be:29:0c:aa:
         29:81:19:b3:70:94:e0:83:9a:9f:26:0f:63:ba:1a:ba:d1:fd:
         74:b7:67:7c:29:2d:c8:57:ac:61:ec:30:2f:b7:61:5b:7e:8e:
         bd:df:cc:29:38:fe:f9:c4:17:30:ae:12:fc:94:96:ff:9d:76:
         20:81:30:63:00:d4:91:12:e1:39:24:07:61:41:f8:68:78:fc:
         26:24:ca:bf:39:e5:4a:43:3b:a7:72:14:0b:21:d4:86:38:50:
         f8:3b:a7:f8:be:c3:82:5f:49:16:66:04:7e:70:c9:6a:06:5b:
         62:a1:ba:eb:32:98:b8:fe:82:6f:6f:53:9f:de:cf:d9:c8:4c:
         66:3a:b5:a6:72:39:e6:ea:a3:e3:b9:4a:ec:a2:37:24:2a:5a:
         e7:6b:39:06:c7:da:f1:11:9d:a2:20:71:14:65:54:3c:0a:28:
         13:cc:a8:5c:b0:f3:e5:21:96:d6:31:4c:b3:57:46:c0:b3:27:
         04:7b:db:2c
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVvpufj+kHoQlOiGdhPnRL0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzN2Y5YmY4NGI2OWEwOTA0MjQzMmRhZTgzNzdlZTBhYzhm
ZjFjNjEwHhcNMjMwMTAxMjMyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGY2NmFlZWIyNTYzNmY0YjU0NTJlMWY5ZDIyNjFmZWJjYWUyZTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGVgw44qhQGy6GfTPW4pXo8Baf4p
jXpvARZ7JQP5kwNbO5IGN8S/6GptkS0+U0rxnBvBb3L0NmSLszzknfi6+M+SEMbD
vh8UxUFn/TbhOes+/28yXnoNviJy7IPu1Yj6a8F4KLt9HPO0+/HDj76WGXtcMl/b
sNXcI8aUEBTkUn07L4IXPZ7iVYyuIJnIF0y+xkcNGQZoiZ1ai6T8PVSEThRry3Cw
4qBoAsFWiHuJt1GvYWPJLaTZlMDJ6ZjB2w5fLLTRzAWwSOv4EfH6yuEvC/dbyji7
2mGmudrQn5OBr8YcnL/mmr4RpFMGCq6LyvQqXdZjWTt6LeUK+zNdM4DPbwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFDT2au6yVjb0tUUuH50iYf68ri4jMB8GA1UdIwQY
MBaAFFN/m/hLaaCQQkMtroN37grI/xxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTMtYi1FdHBvSkJDUXkydWczZnVDc2pfSEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jYmM3NDYtNDE2Yi00ZGE5LTkyMjUt
ODkyZWM2ZmY0NzcxLzEvTlBacTdySldOdlMxUlM0Zm5TSmhfcnl1TGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jYmM3NDYtNDE2Yi00ZGE5LTkyMjUtODkyZWM2ZmY0Nzcx
LzEvVTMtYi1FdHBvSkJDUXkydWczZnVDc2pfSEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBuQHiAwQA
wdoAMA8EAgACMAkDBwAgAQZ8KfAwDQYJKoZIhvcNAQELBQADggEBAIAYpAGFSMjQ
+1kJbV4m/KoTm8Kh5dc6RaebgAs9S+sU9gPoR8xBJNZpZem3r+/Znlix/kjWasDL
OquFYmLe6th+FcdgvikMqimBGbNwlOCDmp8mD2O6GrrR/XS3Z3wpLchXrGHsMC+3
YVt+jr3fzCk4/vnEFzCuEvyUlv+ddiCBMGMA1JES4TkkB2FB+Gh4/CYkyr855UpD
O6dyFAsh1IY4UPg7p/i+w4JfSRZmBH5wyWoGW2KhuusymLj+gm9vU5/ez9nITGY6
taZyOebqo+O5SuyiNyQqWudrOQbH2vERnaIgcRRlVDwKKBPMqFyw8+UhltYxTLNX
RsCzJwR72yw=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:47:15 2023 by rpki-client on console-fra.rpki-client.org