Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/pQYciBPsV-dDGL19M1xNLDJZHNQ.roa
File:                     pQYciBPsV-dDGL19M1xNLDJZHNQ.roa (raw, json)
Hash identifier:          jZSHjHUiMTZnFPxiFJekc7KXxR5DNxn84LmP36Q2yas=
Subject key identifier:   A5:06:1C:88:13:EC:57:E7:43:18:BD:7D:33:5C:4D:2C:32:59:1C:D4
Certificate issuer:       /CN=aecd64c97837d7bfac06637dd952bdede0c25d85
Certificate serial:       C6DBA6
Authority key identifier: AE:CD:64:C9:78:37:D7:BF:AC:06:63:7D:D9:52:BD:ED:E0:C2:5D:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/pQYciBPsV-dDGL19M1xNLDJZHNQ.roa
Signing time:             Sat 01 Jan 2022 02:54:05 +0000
ROA not before:           Sat 01 Jan 2022 02:54:05 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     38999
IP address blocks:        212.98.134.0/24 maxlen: 24
                          5.57.0.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13032358 (0xc6dba6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aecd64c97837d7bfac06637dd952bdede0c25d85
        Validity
            Not Before: Jan  1 02:54:05 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=a5061c8813ec57e74318bd7d335c4d2c32591cd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:33:08:93:58:85:7f:8a:ab:98:5a:9b:9a:5c:
                    e9:29:a1:ce:78:d5:9f:0c:24:7f:79:79:56:76:2a:
                    91:dc:47:00:50:fb:13:14:a0:49:11:0d:6a:6b:c4:
                    36:66:1b:73:5d:f9:9a:d9:e2:70:34:56:b7:62:05:
                    e3:ae:9e:47:07:71:ca:db:8f:85:08:63:f9:1f:28:
                    a2:07:25:f6:ca:b6:8d:80:f4:d4:5f:30:5f:cc:48:
                    e9:76:bb:34:fb:ff:f8:81:c9:d8:ea:5e:03:a9:3f:
                    5a:a1:a5:2b:13:21:54:a6:f5:2a:5b:11:0f:ae:36:
                    86:5b:c8:ce:17:92:4e:22:f8:16:c3:b4:96:c0:af:
                    a9:cf:9e:aa:f5:9a:f0:b8:ba:7e:f7:3f:e0:f9:a3:
                    e8:c6:7f:42:51:0d:41:23:74:31:98:7e:34:f2:73:
                    c4:d2:06:ce:01:6d:66:d9:5d:76:dd:00:05:0a:b6:
                    1e:89:4c:2f:55:54:c6:05:a0:03:20:12:0e:80:5a:
                    93:7b:6f:eb:e1:33:c8:e6:35:ae:b2:56:0a:2a:e5:
                    d5:73:63:86:b2:b9:4a:23:79:89:6a:25:f9:1f:fc:
                    2b:7c:2d:37:50:e2:80:23:47:84:6e:81:b8:6d:5c:
                    46:e8:1a:5a:0e:f2:db:08:a0:0e:a7:51:a0:40:47:
                    3b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:06:1C:88:13:EC:57:E7:43:18:BD:7D:33:5C:4D:2C:32:59:1C:D4
            X509v3 Authority Key Identifier:
                keyid:AE:CD:64:C9:78:37:D7:BF:AC:06:63:7D:D9:52:BD:ED:E0:C2:5D:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/pQYciBPsV-dDGL19M1xNLDJZHNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.0.0/24
                  212.98.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:17:df:1c:1c:49:9d:46:fc:63:5c:6a:56:cc:c9:e8:a2:f1:
         4b:59:c7:9f:e2:62:b3:24:5c:f1:aa:ee:c7:d9:17:61:a8:69:
         70:97:54:44:bc:c3:65:ae:b5:f3:cd:d1:b1:13:d8:52:d2:91:
         07:d6:9e:df:ad:84:e0:0a:c6:3d:7c:90:aa:c4:35:ea:74:9a:
         9d:98:fe:ba:74:9b:d0:96:9d:b8:b9:57:18:cd:83:18:5c:3f:
         5d:fa:16:de:e6:43:89:37:fd:93:1e:98:09:2d:2d:a9:63:ec:
         86:b1:86:ea:f4:c9:27:1e:29:cd:2f:11:ec:78:85:81:20:34:
         c2:89:0f:30:74:f7:51:16:8e:fc:98:d5:ee:55:8f:c1:61:14:
         56:3e:5c:7b:6b:0d:a4:0d:8e:af:b9:da:20:0a:d0:2e:61:db:
         47:96:0c:1f:b2:fc:95:c6:f4:31:56:af:92:9b:a2:bd:93:d0:
         6f:35:09:fc:43:54:b7:fb:c7:b6:68:a6:0d:be:8a:4e:05:9e:
         56:41:14:cc:d6:1a:37:61:f4:22:c6:34:be:3e:f5:dd:0e:e8:
         14:67:d0:ba:e1:2c:95:58:e4:88:04:7d:92:45:ce:ff:99:68:
         d5:a7:40:11:36:7d:12:18:35:0d:80:2b:12:23:e1:80:ef:65:
         44:dc:31:e4
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEAMbbpjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZWNkNjRjOTc4MzdkN2JmYWMwNjYzN2RkOTUyYmRlZGUwYzI1ZDg1MB4XDTIyMDEw
MTAyNTQwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTUwNjFjODgxM2Vj
NTdlNzQzMThiZDdkMzM1YzRkMmMzMjU5MWNkNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJMzCJNYhX+Kq5ham5pc6SmhznjVnwwkf3l5VnYqkdxHAFD7
ExSgSRENamvENmYbc135mtnicDRWt2IF466eRwdxytuPhQhj+R8oogcl9sq2jYD0
1F8wX8xI6Xa7NPv/+IHJ2OpeA6k/WqGlKxMhVKb1KlsRD642hlvIzheSTiL4FsO0
lsCvqc+eqvWa8Li6fvc/4Pmj6MZ/QlENQSN0MZh+NPJzxNIGzgFtZtlddt0ABQq2
HolML1VUxgWgAyASDoBak3tv6+EzyOY1rrJWCirl1XNjhrK5SiN5iWol+R/8K3wt
N1DigCNHhG6BuG1cRugaWg7y2wigDqdRoEBHO2UCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBSlBhyIE+xX50MYvX0zXE0sMlkc1DAfBgNVHSMEGDAWgBSuzWTJeDfXv6wG
Y33ZUr3t4MJdhTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3JzMWt5WGczMTctc0JtTjkyVks5N2VEQ1hZVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGYvNTkyZDRmLWQ3MWUtNGU4Yi1hNjMyLTFlY2RlMTc5MTUxMS8x
L3BRWWNpQlBzVi1kREdMMTlNMXhOTERKWkhOUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGYv
NTkyZDRmLWQ3MWUtNGU4Yi1hNjMyLTFlY2RlMTc5MTUxMS8xL3JzMWt5WGczMTct
c0JtTjkyVks5N2VEQ1hZVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAAU5AAMEANRihjANBgkqhkiG9w0B
AQsFAAOCAQEAOxffHBxJnUb8Y1xqVszJ6KLxS1nHn+JisyRc8arux9kXYahpcJdU
RLzDZa61883RsRPYUtKRB9ae362E4ArGPXyQqsQ16nSanZj+unSb0JaduLlXGM2D
GFw/XfoW3uZDiTf9kx6YCS0tqWPshrGG6vTJJx4pzS8R7HiFgSA0wokPMHT3URaO
/JjV7lWPwWEUVj5ce2sNpA2Or7naIArQLmHbR5YMH7L8lcb0MVavkpuivZPQbzUJ
/ENUt/vHtmimDb6KTgWeVkEUzNYaN2H0IsY0vj713Q7oFGfQuuEslVjkiAR9kkXO
/5lo1adAETZ9Ehg1DYArEiPhgO9lRNwx5A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:01 2024 by rpki-client on console-fra.rpki-client.org