Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/Dgr29JFFxN76ZMfmIAhY8rcU7Ig.roa
File:                     Dgr29JFFxN76ZMfmIAhY8rcU7Ig.roa (raw, json)
Hash identifier:          bN50Sm1mloRWxDCjaY6lJ9j92tayVdqeMrjwPj9aqqE=
Subject key identifier:   0E:0A:F6:F4:91:45:C4:DE:FA:64:C7:E6:20:08:58:F2:B7:14:EC:88
Certificate issuer:       /CN=813e051cb831d1989607bb76c0bc5693ff947b53
Certificate serial:       01856F9DD18CD97049DD9AA250860E348A27
Authority key identifier: 81:3E:05:1C:B8:31:D1:98:96:07:BB:76:C0:BC:56:93:FF:94:7B:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/Dgr29JFFxN76ZMfmIAhY8rcU7Ig.roa
Signing time:             Sun 01 Jan 2023 23:14:51 +0000
ROA not before:           Sun 01 Jan 2023 23:14:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25124
IP address blocks:        185.232.152.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:9d:d1:8c:d9:70:49:dd:9a:a2:50:86:0e:34:8a:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=813e051cb831d1989607bb76c0bc5693ff947b53
        Validity
            Not Before: Jan  1 23:14:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0e0af6f49145c4defa64c7e6200858f2b714ec88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:45:1a:44:88:6a:a2:d1:95:da:24:e6:ee:cb:
                    db:41:51:51:2b:9a:c2:c7:cc:4c:ea:ae:ea:9f:02:
                    e2:95:1c:6f:26:0f:ba:f6:d7:2b:cc:72:89:00:46:
                    01:46:ea:54:8d:1d:8e:b7:33:b0:58:2f:40:43:a0:
                    97:b2:1f:0e:9d:bb:99:5b:1f:d4:fe:f8:35:7a:a3:
                    04:e0:01:43:f3:27:95:66:f2:71:1f:30:2e:23:66:
                    be:2e:e8:20:04:e4:ed:35:19:14:2f:ec:87:3c:67:
                    d6:2d:4b:cc:e7:dc:d8:91:4c:6b:36:e7:71:0f:b0:
                    50:dc:72:74:ee:c1:e0:7a:63:35:a6:aa:21:f6:be:
                    ff:a3:c2:9e:62:9b:c8:22:63:61:97:ee:ce:bf:65:
                    8f:c4:81:6e:d9:11:5e:7b:43:26:d3:38:42:11:79:
                    e9:2a:f2:2e:89:e3:47:f3:e2:ea:55:6d:de:fe:3c:
                    79:c3:fb:ea:79:29:c0:f4:d8:bd:41:63:38:95:95:
                    dd:8f:2b:b2:e1:b8:77:10:c5:aa:34:44:31:a2:8d:
                    fb:5d:f8:1d:72:e8:fd:7d:e6:e8:12:94:3e:55:18:
                    b5:47:4c:82:83:01:f2:aa:12:88:51:47:80:16:74:
                    10:d7:5b:a7:25:52:d4:37:10:25:11:01:48:c1:a4:
                    1d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:0A:F6:F4:91:45:C4:DE:FA:64:C7:E6:20:08:58:F2:B7:14:EC:88
            X509v3 Authority Key Identifier:
                keyid:81:3E:05:1C:B8:31:D1:98:96:07:BB:76:C0:BC:56:93:FF:94:7B:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/Dgr29JFFxN76ZMfmIAhY8rcU7Ig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:44:a8:a5:54:c5:a8:18:ac:8d:4d:be:9f:67:3c:5f:ee:ea:
         00:51:85:a8:c7:df:d6:60:58:7d:bd:d9:89:f9:a8:af:f8:7e:
         0e:07:e1:3a:77:e2:69:b4:98:3d:e7:d8:20:be:21:ca:b7:3e:
         23:0e:ab:f5:98:3c:9c:29:a6:0b:ce:b4:01:95:9d:03:1f:b1:
         6e:44:8f:03:cc:23:ea:6b:e2:bd:18:72:0c:22:fa:c1:c9:b5:
         26:a5:a8:a2:94:e3:fb:27:e8:7f:7c:ee:4b:46:67:b7:e9:f9:
         54:7c:b2:31:81:8f:57:e5:9a:1e:69:20:b2:82:24:13:69:22:
         a7:18:ab:e8:b9:8b:a0:2e:1e:75:35:88:2d:eb:18:b3:41:5c:
         e9:c6:10:74:31:35:76:5b:9d:32:bc:44:29:e3:2f:f9:51:4a:
         b9:90:83:90:4a:b4:58:c0:6d:f3:a7:1f:5b:28:56:87:7a:5b:
         82:9d:29:a2:fc:4d:67:22:a2:e0:5a:ab:8d:36:da:02:a8:81:
         98:c1:e4:c2:53:ac:30:fe:92:ed:ee:33:fc:a4:86:45:6d:69:
         50:59:60:06:eb:6c:29:62:f9:50:14:0f:3a:2a:5c:1d:ac:0c:
         ac:93:c6:8f:fe:e8:45:b9:1c:41:c1:65:f4:f8:4d:b2:ee:b8:
         b7:19:ae:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvndGM2XBJ3ZqiUIYONIonMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxM2UwNTFjYjgzMWQxOTg5NjA3YmI3NmMwYmM1NjkzZmY5
NDdiNTMwHhcNMjMwMTAxMjMxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTBhZjZmNDkxNDVjNGRlZmE2NGM3ZTYyMDA4NThmMmI3MTRlYzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUUaRIhqotGV2iTm7svbQVFRK5rC
x8xM6q7qnwLilRxvJg+69tcrzHKJAEYBRupUjR2OtzOwWC9AQ6CXsh8OnbuZWx/U
/vg1eqME4AFD8yeVZvJxHzAuI2a+LuggBOTtNRkUL+yHPGfWLUvM59zYkUxrNudx
D7BQ3HJ07sHgemM1pqoh9r7/o8KeYpvIImNhl+7Ov2WPxIFu2RFee0Mm0zhCEXnp
KvIuieNH8+LqVW3e/jx5w/vqeSnA9Ni9QWM4lZXdjyuy4bh3EMWqNEQxoo37Xfgd
cuj9feboEpQ+VRi1R0yCgwHyqhKIUUeAFnQQ11unJVLUNxAlEQFIwaQdIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4K9vSRRcTe+mTH5iAIWPK3FOyIMB8GA1UdIwQY
MBaAFIE+BRy4MdGYlge7dsC8VpP/lHtTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1Q0RkhMZ3gwWmlXQjd0MndMeFdrXy1VZTFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9lNDVhZDYtZTVhZS00ODE5LTlmMjQt
ZjU3N2FhNDZkZTgzLzEvRGdyMjlKRkZ4Tjc2Wk1mbUlBaFk4cmNVN0lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9lNDVhZDYtZTVhZS00ODE5LTlmMjQtZjU3N2FhNDZkZTgz
LzEvZ1Q0RkhMZ3gwWmlXQjd0MndMeFdrXy1VZTFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueiYMA0G
CSqGSIb3DQEBCwUAA4IBAQBzRKilVMWoGKyNTb6fZzxf7uoAUYWox9/WYFh9vdmJ
+aiv+H4OB+E6d+JptJg959ggviHKtz4jDqv1mDycKaYLzrQBlZ0DH7FuRI8DzCPq
a+K9GHIMIvrBybUmpaiilOP7J+h/fO5LRme36flUfLIxgY9X5ZoeaSCygiQTaSKn
GKvouYugLh51NYgt6xizQVzpxhB0MTV2W50yvEQp4y/5UUq5kIOQSrRYwG3zpx9b
KFaHeluCnSmi/E1nIqLgWquNNtoCqIGYweTCU6ww/pLt7jP8pIZFbWlQWWAG62wp
YvlQFA86KlwdrAysk8aP/uhFuRxBwWX0+E2y7ri3Ga4J
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:50 2024 by rpki-client on console-fra.rpki-client.org