Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/_wXO93-aeqDFEBVj4HSTUVUA4qg.roa
File:                     _wXO93-aeqDFEBVj4HSTUVUA4qg.roa (raw, json)
Hash identifier:          BGWauWzx2X84S/Lx0peXyvNpJAaEw7Cpt12DIf6QOnU=
Subject key identifier:   FF:05:CE:F7:7F:9A:7A:A0:C5:10:15:63:E0:74:93:51:55:00:E2:A8
Certificate issuer:       /CN=813e051cb831d1989607bb76c0bc5693ff947b53
Certificate serial:       01860D0C79D605369DA91FA4860CFE168B74
Authority key identifier: 81:3E:05:1C:B8:31:D1:98:96:07:BB:76:C0:BC:56:93:FF:94:7B:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/_wXO93-aeqDFEBVj4HSTUVUA4qg.roa
Signing time:             Wed 01 Feb 2023 12:56:06 +0000
ROA not before:           Wed 01 Feb 2023 12:56:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44889
IP address blocks:        185.79.96.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:0d:0c:79:d6:05:36:9d:a9:1f:a4:86:0c:fe:16:8b:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=813e051cb831d1989607bb76c0bc5693ff947b53
        Validity
            Not Before: Feb  1 12:56:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ff05cef77f9a7aa0c5101563e07493515500e2a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:07:ab:44:bd:5c:1a:e9:e7:17:13:1e:fe:98:
                    61:0e:c4:8a:f3:b3:12:4d:96:b0:ae:66:ba:ae:0d:
                    f9:13:5b:79:94:af:d5:dd:c0:af:2a:d6:cf:9c:6d:
                    5b:e9:a5:b4:9a:71:5a:1f:c4:db:d7:e2:45:2b:fb:
                    85:32:83:0b:3c:63:5e:ac:f4:69:9a:c5:12:79:ce:
                    2a:9d:05:40:eb:fc:1d:24:39:04:1c:61:b9:d2:c9:
                    d9:3b:ef:1d:d6:d2:cd:8d:4b:e7:05:66:12:63:d4:
                    0b:b1:be:67:e1:41:dd:ec:d9:62:a5:1b:f0:d9:fc:
                    ea:23:9f:d3:0e:09:c1:ba:07:70:69:dd:6c:ff:0f:
                    37:7f:bd:5c:87:77:9e:99:29:c0:69:81:d7:a6:0c:
                    a0:bf:60:6d:a2:f3:b4:43:6f:18:25:ea:98:9e:f3:
                    a0:8d:17:ab:c9:85:19:93:26:5c:07:cc:8c:f5:05:
                    cd:70:42:2b:fe:85:5d:5b:b4:f5:7f:f2:01:6d:da:
                    b3:6c:b1:b8:59:a4:ae:48:eb:be:b2:86:77:f1:9d:
                    2b:ea:b2:e6:0e:52:91:ef:b5:71:67:72:96:79:32:
                    d3:60:01:0a:04:a0:fa:a2:6b:0f:9d:29:fd:a5:f8:
                    1b:50:28:80:2b:cb:10:b2:e2:06:e5:af:d8:2d:2a:
                    b7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:05:CE:F7:7F:9A:7A:A0:C5:10:15:63:E0:74:93:51:55:00:E2:A8
            X509v3 Authority Key Identifier:
                keyid:81:3E:05:1C:B8:31:D1:98:96:07:BB:76:C0:BC:56:93:FF:94:7B:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/_wXO93-aeqDFEBVj4HSTUVUA4qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/e45ad6-e5ae-4819-9f24-f577aa46de83/1/gT4FHLgx0ZiWB7t2wLxWk_-Ue1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.79.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:f6:3b:0d:6e:77:38:16:cd:3f:bd:f3:bc:c3:6b:06:19:d7:
         70:d3:0d:93:82:06:7c:2c:5e:84:64:83:78:f6:3a:4e:c0:7b:
         8b:42:e6:28:88:33:be:d5:ea:8f:53:ae:04:e2:8f:77:40:06:
         d6:80:06:6f:8d:1c:2c:80:1c:ae:85:0d:06:d5:79:09:4f:23:
         b9:e3:f0:bf:6c:70:0a:5d:d3:0c:83:cc:92:b8:a1:85:b4:73:
         e0:de:ab:9a:0b:b1:f6:a8:ef:65:59:47:5d:d6:f8:d7:94:cf:
         00:6b:86:22:7c:00:50:30:2c:da:ed:3f:39:32:d4:37:f6:9c:
         a9:6d:9d:d6:b4:d0:63:99:9e:40:2a:02:ca:74:02:55:26:26:
         34:66:2c:8e:32:c8:25:44:06:9e:0c:1e:c7:35:b9:78:ce:31:
         5a:0e:44:e8:6c:f5:ef:36:54:07:63:b3:38:b9:fb:64:f6:a0:
         de:58:5f:06:db:ef:e2:8f:2e:b8:17:73:e6:1e:4c:aa:7b:01:
         ad:41:5c:88:3a:f4:ea:7c:0a:0b:ab:89:93:f7:43:f8:9b:1e:
         60:c0:19:be:3e:4e:72:21:0c:22:45:b6:9a:93:a7:f2:1e:9a:
         9d:6b:66:af:a5:32:83:fc:b2:c3:86:21:9a:35:4e:91:fb:8e:
         01:cf:24:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYYNDHnWBTadqR+khgz+Fot0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxM2UwNTFjYjgzMWQxOTg5NjA3YmI3NmMwYmM1NjkzZmY5
NDdiNTMwHhcNMjMwMjAxMTI1NjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjA1Y2VmNzdmOWE3YWEwYzUxMDE1NjNlMDc0OTM1MTU1MDBlMmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigerRL1cGunnFxMe/phhDsSK87MS
TZawrma6rg35E1t5lK/V3cCvKtbPnG1b6aW0mnFaH8Tb1+JFK/uFMoMLPGNerPRp
msUSec4qnQVA6/wdJDkEHGG50snZO+8d1tLNjUvnBWYSY9QLsb5n4UHd7NlipRvw
2fzqI5/TDgnBugdwad1s/w83f71ch3eemSnAaYHXpgygv2BtovO0Q28YJeqYnvOg
jReryYUZkyZcB8yM9QXNcEIr/oVdW7T1f/IBbdqzbLG4WaSuSOu+soZ38Z0r6rLm
DlKR77VxZ3KWeTLTYAEKBKD6omsPnSn9pfgbUCiAK8sQsuIG5a/YLSq3jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8Fzvd/mnqgxRAVY+B0k1FVAOKoMB8GA1UdIwQY
MBaAFIE+BRy4MdGYlge7dsC8VpP/lHtTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1Q0RkhMZ3gwWmlXQjd0MndMeFdrXy1VZTFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9lNDVhZDYtZTVhZS00ODE5LTlmMjQt
ZjU3N2FhNDZkZTgzLzEvX3dYTzkzLWFlcURGRUJWajRIU1RVVlVBNHFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9lNDVhZDYtZTVhZS00ODE5LTlmMjQtZjU3N2FhNDZkZTgz
LzEvZ1Q0RkhMZ3gwWmlXQjd0MndMeFdrXy1VZTFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU9gMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ9jsNbnc4Fs0/vfO8w2sGGddw0w2TggZ8LF6EZIN4
9jpOwHuLQuYoiDO+1eqPU64E4o93QAbWgAZvjRwsgByuhQ0G1XkJTyO54/C/bHAK
XdMMg8ySuKGFtHPg3quaC7H2qO9lWUdd1vjXlM8Aa4YifABQMCza7T85MtQ39pyp
bZ3WtNBjmZ5AKgLKdAJVJiY0ZiyOMsglRAaeDB7HNbl4zjFaDkTobPXvNlQHY7M4
uftk9qDeWF8G2+/ijy64F3PmHkyqewGtQVyIOvTqfAoLq4mT90P4mx5gwBm+Pk5y
IQwiRbaak6fyHpqda2avpTKD/LLDhiGaNU6R+44BzyR2
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:50 2024 by rpki-client on console-fra.rpki-client.org