Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/dlr8SqhxW9ruN6UFMaSimO9v2xo.roa
File:                     dlr8SqhxW9ruN6UFMaSimO9v2xo.roa (raw, json)
Hash identifier:          WweyGc2V4JjUHjRR3LejZxe/ScFqktt80Nqbkw6uVV0=
Subject key identifier:   76:5A:FC:4A:A8:71:5B:DA:EE:37:A5:05:31:A4:A2:98:EF:6F:DB:1A
Certificate issuer:       /CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
Certificate serial:       01830E67EAE0BA15E89D905CB53066B9EE23
Authority key identifier: AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/dlr8SqhxW9ruN6UFMaSimO9v2xo.roa
Signing time:             Mon 05 Sep 2022 16:07:14 +0000
ROA not before:           Mon 05 Sep 2022 16:07:14 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     50316
IP address blocks:        92.245.184.0/24 maxlen: 24
                          92.245.185.0/24 maxlen: 24
                          92.245.186.0/24 maxlen: 24
                          92.245.187.0/24 maxlen: 24
                          147.123.112.0/24 maxlen: 24
                          147.123.118.0/24 maxlen: 24
                          147.123.116.0/24 maxlen: 24
                          147.123.117.0/24 maxlen: 24
                          147.123.115.0/24 maxlen: 24
                          147.123.113.0/24 maxlen: 24
                          147.123.114.0/24 maxlen: 24
                          147.123.119.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:83:0e:67:ea:e0:ba:15:e8:9d:90:5c:b5:30:66:b9:ee:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
        Validity
            Not Before: Sep  5 16:07:14 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=765afc4aa8715bdaee37a50531a4a298ef6fdb1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:1f:53:c0:56:a6:7e:1d:e9:01:06:d7:46:72:
                    3d:61:9c:5f:c9:f2:3f:a0:d3:31:19:e9:f0:23:10:
                    fa:08:f7:99:73:7d:90:e5:52:5b:57:84:76:2e:31:
                    bb:ae:ed:da:d0:07:7d:78:f4:75:4b:8b:e0:91:35:
                    75:a2:48:cb:12:8d:3e:12:c9:75:9a:2d:d0:30:d1:
                    34:66:1b:b0:51:7d:63:be:4c:de:a5:9e:3f:e5:d0:
                    e2:91:aa:54:16:a3:f4:ec:d1:a6:bd:4c:6a:10:9e:
                    e4:d5:d0:a6:50:94:35:07:9c:80:4f:ec:f1:3f:de:
                    69:db:44:20:48:3a:f9:c3:5c:7c:73:e9:65:89:2f:
                    eb:24:cf:96:6e:d6:05:c8:08:dc:45:33:e7:a4:c8:
                    8f:e1:e7:2e:59:29:ff:7e:31:5c:52:a7:bc:ef:d1:
                    f8:0c:cf:b4:a2:91:e5:f0:9f:b0:a2:81:cc:cf:c3:
                    7b:ae:29:47:58:2d:b7:a2:ae:9f:89:e7:14:2e:f8:
                    89:8b:68:22:57:07:7d:c1:42:43:ae:7f:bc:65:bb:
                    b7:dc:13:9d:b5:b1:15:43:ea:00:c2:25:fd:fb:fe:
                    76:96:33:46:1e:63:c1:fa:3c:b7:2a:0d:d6:f1:2e:
                    65:58:0f:07:d9:3c:6c:83:c3:1d:0b:39:3f:99:55:
                    cc:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:5A:FC:4A:A8:71:5B:DA:EE:37:A5:05:31:A4:A2:98:EF:6F:DB:1A
            X509v3 Authority Key Identifier:
                keyid:AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/dlr8SqhxW9ruN6UFMaSimO9v2xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.245.184.0/22
                  147.123.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         56:6c:fc:59:20:c3:1f:2c:15:65:c8:8f:7d:dd:7e:f7:be:a7:
         b6:84:c7:f1:7b:dc:a2:d3:7a:72:8f:9a:7f:4c:b0:2f:97:ff:
         72:67:7a:4e:b7:ed:36:d6:f5:b5:91:8c:3b:d6:fd:b8:2e:58:
         09:ab:e2:a7:59:e1:37:8c:ef:46:33:da:aa:2e:e9:2a:4e:1f:
         f7:f6:64:f5:8c:74:ac:36:99:88:5c:b2:7d:00:48:50:e5:41:
         dc:48:32:24:79:29:ee:79:bb:5d:0c:24:40:73:74:d9:bd:c0:
         e8:27:a2:75:c7:cd:56:34:f3:19:4a:73:d5:c1:01:16:61:fe:
         71:6f:7e:22:b6:e4:5f:8f:0f:0e:be:57:ba:0a:7d:46:c7:be:
         c3:ba:4c:68:8e:45:40:7c:4d:90:a3:b8:84:1e:1d:c6:67:e1:
         83:1a:1d:cd:8a:e3:2b:47:fd:b8:be:b5:24:3e:8e:41:33:dc:
         73:8e:5a:53:5a:cf:f4:31:5b:60:86:24:1f:87:ed:94:5f:43:
         d1:c6:74:f3:e8:c7:42:35:d2:e1:dd:95:71:4a:83:01:40:12:
         4e:5c:31:46:1c:7c:d8:69:d6:4b:09:14:24:88:bc:50:33:56:
         32:10:28:3c:1f:48:1f:fa:63:fc:f5:bb:c7:26:d5:c4:6a:82:
         d1:ab:cc:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYMOZ+rguhXonZBctTBmue4jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjN2NjMzM0ZjUxZDJiNmViNGUyN2Q2ZDU2YjliY2UzZTg1
NTYwY2MwHhcNMjIwOTA1MTYwNzE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjVhZmM0YWE4NzE1YmRhZWUzN2E1MDUzMWE0YTI5OGVmNmZkYjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzR9TwFamfh3pAQbXRnI9YZxfyfI/
oNMxGenwIxD6CPeZc32Q5VJbV4R2LjG7ru3a0Ad9ePR1S4vgkTV1okjLEo0+Esl1
mi3QMNE0ZhuwUX1jvkzepZ4/5dDikapUFqP07NGmvUxqEJ7k1dCmUJQ1B5yAT+zx
P95p20QgSDr5w1x8c+lliS/rJM+WbtYFyAjcRTPnpMiP4ecuWSn/fjFcUqe879H4
DM+0opHl8J+wooHMz8N7rilHWC23oq6fiecULviJi2giVwd9wUJDrn+8Zbu33BOd
tbEVQ+oAwiX9+/52ljNGHmPB+jy3Kg3W8S5lWA8H2Txsg8MdCzk/mVXMeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHZa/EqocVva7jelBTGkopjvb9saMB8GA1UdIwQY
MBaAFKx8wzT1HStutOJ9bVa5vOPoVWDMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTct
MWNmMTViMmJhN2JlLzEvZGxyOFNxaHhXOXJ1TjZVRk1hU2ltTzl2MnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTctMWNmMTViMmJhN2Jl
LzEvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXPW4AwQD
k3twMA0GCSqGSIb3DQEBCwUAA4IBAQBWbPxZIMMfLBVlyI993X73vqe2hMfxe9yi
03pyj5p/TLAvl/9yZ3pOt+021vW1kYw71v24LlgJq+KnWeE3jO9GM9qqLukqTh/3
9mT1jHSsNpmIXLJ9AEhQ5UHcSDIkeSnuebtdDCRAc3TZvcDoJ6J1x81WNPMZSnPV
wQEWYf5xb34ituRfjw8Ovle6Cn1Gx77DukxojkVAfE2Qo7iEHh3GZ+GDGh3NiuMr
R/24vrUkPo5BM9xzjlpTWs/0MVtghiQfh+2UX0PRxnTz6MdCNdLh3ZVxSoMBQBJO
XDFGHHzYadZLCRQkiLxQM1YyECg8H0gf+mP89bvHJtXEaoLRq8xW
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:14 2024 by rpki-client on console-fra.rpki-client.org