Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/kHy1QTAAZ7fOHe6_sXavtVeOZ9k.roa
File:                     kHy1QTAAZ7fOHe6_sXavtVeOZ9k.roa (raw, json)
Hash identifier:          jHky+b5PwXG1Y8Acz6L7Pqe4IoOawtKghqMRZA5a6s8=
Subject key identifier:   90:7C:B5:41:30:00:67:B7:CE:1D:EE:BF:B1:76:AF:B5:57:8E:67:D9
Certificate issuer:       /CN=51618df006d548d1d87ed6419550662db6fc0606
Certificate serial:       01856F66DABBF4BE8E5667342FA6748C116F
Authority key identifier: 51:61:8D:F0:06:D5:48:D1:D8:7E:D6:41:95:50:66:2D:B6:FC:06:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UWGN8AbVSNHYftZBlVBmLbb8BgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/kHy1QTAAZ7fOHe6_sXavtVeOZ9k.roa
Signing time:             Sun 01 Jan 2023 22:14:49 +0000
ROA not before:           Sun 01 Jan 2023 22:14:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50022
IP address blocks:        213.110.224.0/19 maxlen: 19

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:66:da:bb:f4:be:8e:56:67:34:2f:a6:74:8c:11:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51618df006d548d1d87ed6419550662db6fc0606
        Validity
            Not Before: Jan  1 22:14:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=907cb541300067b7ce1deebfb176afb5578e67d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c2:f4:e7:ef:33:c1:68:f0:c6:e1:84:8d:69:
                    82:89:fa:ce:bd:59:86:c2:7b:f5:bd:3d:7f:fe:5b:
                    e6:f3:16:83:c1:b7:bd:12:ea:02:c1:d0:f8:b6:5b:
                    22:7f:43:61:e8:a0:00:c6:ba:0b:d8:c6:f8:50:3a:
                    5c:d3:34:74:e9:74:e0:c0:ec:22:02:1b:9b:62:39:
                    00:3c:ca:7f:55:5f:39:05:47:04:b2:fa:97:d1:1d:
                    44:7e:d4:2f:1f:49:d9:b0:fc:4c:6f:ed:f6:f6:db:
                    e7:ba:d7:d0:c9:b6:00:01:3b:95:6e:b0:9f:14:96:
                    7e:cf:c3:7b:00:6f:06:8a:40:dd:29:c9:7f:c3:01:
                    71:52:a1:fd:84:8d:e2:4b:68:98:80:ce:75:5c:f7:
                    52:f2:53:5f:be:fb:2d:55:c4:16:25:c2:5d:8f:aa:
                    ca:89:dc:23:74:63:aa:0a:1d:aa:ec:e0:e5:5e:61:
                    8e:8b:aa:37:14:ed:84:c8:07:49:81:64:c8:e4:3d:
                    c9:b1:ba:16:3e:8d:19:5e:23:65:9e:2b:83:d4:76:
                    d7:4c:0c:1a:6f:9d:e7:13:db:7a:fb:06:f1:44:dd:
                    41:2d:b5:95:52:26:24:c4:3d:18:b2:52:e0:4a:8f:
                    90:a3:d2:35:78:59:70:5a:ec:4c:7b:8a:51:63:cd:
                    ae:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:7C:B5:41:30:00:67:B7:CE:1D:EE:BF:B1:76:AF:B5:57:8E:67:D9
            X509v3 Authority Key Identifier:
                keyid:51:61:8D:F0:06:D5:48:D1:D8:7E:D6:41:95:50:66:2D:B6:FC:06:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UWGN8AbVSNHYftZBlVBmLbb8BgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/kHy1QTAAZ7fOHe6_sXavtVeOZ9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/d5ffe7-3b48-4f80-8d6a-317c2fb0a35b/1/UWGN8AbVSNHYftZBlVBmLbb8BgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.110.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         05:ce:56:e8:32:76:f0:7a:ae:48:d5:cb:bf:2a:56:ce:7d:33:
         f3:fd:34:e8:35:86:b1:86:5f:7a:31:2e:ee:2b:a2:e7:4d:d1:
         04:b2:b3:ca:94:1c:38:6c:03:70:14:55:60:0c:d8:37:ac:2e:
         ce:71:78:91:7e:56:de:b6:dd:8c:8c:5a:c3:45:8f:83:f1:69:
         dd:2e:e4:88:b0:24:57:59:c1:5d:94:18:a7:6a:84:d0:07:88:
         bd:d5:17:c4:89:7b:be:b9:c1:1e:27:0f:b9:16:82:d5:63:15:
         ca:75:7b:d8:fb:09:ed:16:ab:44:d0:52:c9:48:c2:32:00:f6:
         96:dd:46:f2:d3:fd:a4:ea:02:7c:9f:df:99:26:d9:51:3d:39:
         37:f4:15:ea:65:7e:31:98:9c:a6:78:fa:ac:b4:bc:7d:66:7a:
         d4:3e:70:72:db:0b:93:77:99:d5:99:bb:e8:8d:de:57:11:03:
         a8:8d:28:4a:aa:b5:87:09:cd:ee:56:59:b8:df:4e:5f:c1:b7:
         5f:65:1e:af:22:50:21:28:29:d3:2c:f6:45:97:0f:80:7d:8f:
         fb:ce:fa:67:f2:fa:8a:4d:94:1e:95:2d:88:23:71:db:74:0e:
         d0:5e:4c:b1:ac:a2:b3:88:58:9c:51:f1:b7:05:3d:41:9a:7d:
         d6:0d:a6:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvZtq79L6OVmc0L6Z0jBFvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNjE4ZGYwMDZkNTQ4ZDFkODdlZDY0MTk1NTA2NjJkYjZm
YzA2MDYwHhcNMjMwMTAxMjIxNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDdjYjU0MTMwMDA2N2I3Y2UxZGVlYmZiMTc2YWZiNTU3OGU2N2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisL05+8zwWjwxuGEjWmCifrOvVmG
wnv1vT1//lvm8xaDwbe9EuoCwdD4tlsif0Nh6KAAxroL2Mb4UDpc0zR06XTgwOwi
AhubYjkAPMp/VV85BUcEsvqX0R1EftQvH0nZsPxMb+329tvnutfQybYAATuVbrCf
FJZ+z8N7AG8GikDdKcl/wwFxUqH9hI3iS2iYgM51XPdS8lNfvvstVcQWJcJdj6rK
idwjdGOqCh2q7ODlXmGOi6o3FO2EyAdJgWTI5D3JsboWPo0ZXiNlniuD1HbXTAwa
b53nE9t6+wbxRN1BLbWVUiYkxD0YslLgSo+Qo9I1eFlwWuxMe4pRY82upwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJB8tUEwAGe3zh3uv7F2r7VXjmfZMB8GA1UdIwQY
MBaAFFFhjfAG1UjR2H7WQZVQZi22/AYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVdHTjhBYlZTTkhZZnRaQmxWQm1MYmI4QmdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9kNWZmZTctM2I0OC00ZjgwLThkNmEt
MzE3YzJmYjBhMzViLzEva0h5MVFUQUFaN2ZPSGU2X3NYYXZ0VmVPWjlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9kNWZmZTctM2I0OC00ZjgwLThkNmEtMzE3YzJmYjBhMzVi
LzEvVVdHTjhBYlZTTkhZZnRaQmxWQm1MYmI4QmdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1W7gMA0G
CSqGSIb3DQEBCwUAA4IBAQAFzlboMnbweq5I1cu/KlbOfTPz/TToNYaxhl96MS7u
K6LnTdEEsrPKlBw4bANwFFVgDNg3rC7OcXiRflbett2MjFrDRY+D8WndLuSIsCRX
WcFdlBinaoTQB4i91RfEiXu+ucEeJw+5FoLVYxXKdXvY+wntFqtE0FLJSMIyAPaW
3Uby0/2k6gJ8n9+ZJtlRPTk39BXqZX4xmJymePqstLx9ZnrUPnBy2wuTd5nVmbvo
jd5XEQOojShKqrWHCc3uVlm4305fwbdfZR6vIlAhKCnTLPZFlw+AfY/7zvpn8vqK
TZQelS2II3HbdA7QXkyxrKKziFicUfG3BT1Bmn3WDabb
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:19 2024 by rpki-client on console-ams.rpki-client.org