Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/KT-1_LuAAMlyqxVo3FFLEw1Cllw.roa
File:                     KT-1_LuAAMlyqxVo3FFLEw1Cllw.roa (raw, json)
Hash identifier:          ZRT5K/eY5C3hmSCgDi2XtyXH2RgRhEKVFEno4IhAHEc=
Subject key identifier:   29:3F:B5:FC:BB:80:00:C9:72:AB:15:68:DC:51:4B:13:0D:42:96:5C
Certificate issuer:       /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial:       018570D563D4F8FF491A59C0576C22FE893F
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/KT-1_LuAAMlyqxVo3FFLEw1Cllw.roa
Signing time:             Mon 02 Jan 2023 04:55:10 +0000
ROA not before:           Mon 02 Jan 2023 04:55:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201971
IP address blocks:        185.192.247.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:d5:63:d4:f8:ff:49:1a:59:c0:57:6c:22:fe:89:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
        Validity
            Not Before: Jan  2 04:55:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=293fb5fcbb8000c972ab1568dc514b130d42965c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:23:cc:fb:37:19:a7:e3:1a:9d:27:27:e6:79:
                    59:02:06:8b:22:04:d7:ca:c1:1f:57:41:c7:70:93:
                    29:e8:c5:83:31:c4:87:4f:42:93:18:87:eb:d5:69:
                    c5:16:a0:c8:14:52:c1:68:5d:93:cc:3c:7c:17:0e:
                    f2:1f:1b:ab:62:27:d2:a9:fb:1e:53:62:14:fb:10:
                    cc:4b:12:3b:4e:02:17:ba:92:c9:03:2a:93:6a:1b:
                    05:15:de:3b:d2:42:50:d0:6f:60:be:b9:3f:65:5e:
                    78:f9:94:cc:2e:b4:60:ec:f6:d5:f7:72:82:ab:a6:
                    c0:7d:f2:ab:1b:2a:9b:66:82:09:16:b9:38:19:77:
                    8f:46:21:33:58:02:1e:45:9e:c7:1e:6b:ec:c2:7a:
                    41:82:dd:d6:f0:c3:c9:97:18:03:95:98:8b:b8:b3:
                    85:82:68:c7:46:fc:ba:1e:cd:e5:d6:29:e8:fc:08:
                    2b:58:6f:46:04:fa:c8:2c:26:49:01:3a:8a:30:cf:
                    9c:17:67:4a:bd:94:c5:f6:14:87:05:bf:b8:1c:ea:
                    00:07:af:d4:b4:76:ea:79:3a:59:6e:43:89:37:17:
                    14:be:a3:ec:50:7a:90:bb:01:4f:d9:43:b9:a5:90:
                    62:e9:6e:57:57:68:52:1e:dd:3a:19:01:a8:bf:47:
                    90:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:3F:B5:FC:BB:80:00:C9:72:AB:15:68:DC:51:4B:13:0D:42:96:5C
            X509v3 Authority Key Identifier:
                keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/KT-1_LuAAMlyqxVo3FFLEw1Cllw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:a2:de:ee:02:11:6c:6c:48:4f:55:a2:05:30:56:96:7e:dd:
         8c:80:f3:01:a6:00:bf:a1:05:67:79:42:b3:ad:c0:9b:f2:c0:
         f1:1f:c0:e7:2e:33:c2:8d:a8:e5:e4:2c:2d:8f:f3:c4:55:03:
         bc:8e:ea:20:4b:2e:85:d8:c8:fb:37:56:ff:32:4f:44:1d:35:
         af:cb:ef:78:e5:04:32:cd:1d:ee:dc:df:20:e2:41:d9:03:c5:
         6c:96:b9:b2:83:50:35:62:fd:a7:02:ca:c8:9b:6f:d8:d1:54:
         a9:4e:4c:b6:38:a1:9b:e8:1b:88:e0:89:b9:92:c0:e1:67:de:
         54:dd:99:8e:16:8a:95:de:6a:12:ca:1b:d3:c5:b8:4c:49:5a:
         65:39:c5:82:13:07:4e:64:fe:2c:0d:20:e9:d7:86:d2:aa:9e:
         df:39:44:12:c5:82:11:e3:28:82:0d:42:a7:fe:1b:53:68:a1:
         86:83:ca:3a:49:32:68:40:b7:00:87:fe:d7:cb:9f:91:7e:5c:
         ac:3d:c3:31:26:42:16:e6:cd:72:49:72:51:14:27:fa:ad:17:
         01:1a:25:4b:49:cd:36:14:98:f9:12:0e:b5:a3:a6:57:e4:22:
         ed:bc:a0:b2:ea:95:43:5b:fd:72:43:81:41:dc:ec:38:cb:c4:
         34:78:dd:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVw1WPU+P9JGlnAV2wi/ok/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwMTAyMDQ1NTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTNmYjVmY2JiODAwMGM5NzJhYjE1NjhkYzUxNGIxMzBkNDI5NjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiPM+zcZp+ManScn5nlZAgaLIgTX
ysEfV0HHcJMp6MWDMcSHT0KTGIfr1WnFFqDIFFLBaF2TzDx8Fw7yHxurYifSqfse
U2IU+xDMSxI7TgIXupLJAyqTahsFFd470kJQ0G9gvrk/ZV54+ZTMLrRg7PbV93KC
q6bAffKrGyqbZoIJFrk4GXePRiEzWAIeRZ7HHmvswnpBgt3W8MPJlxgDlZiLuLOF
gmjHRvy6Hs3l1ino/AgrWG9GBPrILCZJATqKMM+cF2dKvZTF9hSHBb+4HOoAB6/U
tHbqeTpZbkOJNxcUvqPsUHqQuwFP2UO5pZBi6W5XV2hSHt06GQGov0eQRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCk/tfy7gADJcqsVaNxRSxMNQpZcMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvS1QtMV9MdUFBTWx5cXhWbzNGRkxFdzFDbGx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucD3MA0G
CSqGSIb3DQEBCwUAA4IBAQAaot7uAhFsbEhPVaIFMFaWft2MgPMBpgC/oQVneUKz
rcCb8sDxH8DnLjPCjajl5Cwtj/PEVQO8juogSy6F2Mj7N1b/Mk9EHTWvy+945QQy
zR3u3N8g4kHZA8Vslrmyg1A1Yv2nAsrIm2/Y0VSpTky2OKGb6BuI4Im5ksDhZ95U
3ZmOFoqV3moSyhvTxbhMSVplOcWCEwdOZP4sDSDp14bSqp7fOUQSxYIR4yiCDUKn
/htTaKGGg8o6STJoQLcAh/7Xy5+RflysPcMxJkIW5s1ySXJRFCf6rRcBGiVLSc02
FJj5Eg61o6ZX5CLtvKCy6pVDW/1yQ4FB3Ow4y8Q0eN3c
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:46 2024 by rpki-client on console-ams.rpki-client.org