Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/WD0WpUqOZtHxJ5tbR2zYZiN5hpo.roa
File:                     WD0WpUqOZtHxJ5tbR2zYZiN5hpo.roa (raw, json)
Hash identifier:          hsIUTNf2bdfsXUVWdApw4DfBkWG1w4QMO+cW7acYaBU=
Subject key identifier:   58:3D:16:A5:4A:8E:66:D1:F1:27:9B:5B:47:6C:D8:66:23:79:86:9A
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       0186084939159C81A3AD4A5662FC4552FCDD
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/WD0WpUqOZtHxJ5tbR2zYZiN5hpo.roa
Signing time:             Tue 31 Jan 2023 14:44:21 +0000
ROA not before:           Tue 31 Jan 2023 14:44:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205874
IP address blocks:        95.169.202.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:08:49:39:15:9c:81:a3:ad:4a:56:62:fc:45:52:fc:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Jan 31 14:44:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=583d16a54a8e66d1f1279b5b476cd8662379869a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:67:9d:d4:38:ed:a5:5d:7b:48:27:8a:bd:eb:
                    5c:00:bc:e1:52:23:b7:2a:e5:08:20:90:04:fb:67:
                    dd:24:21:c2:18:31:ad:42:06:56:44:70:63:30:13:
                    d1:4f:cb:10:65:5d:37:96:78:d2:98:8e:4f:6e:5c:
                    4e:9d:e4:ba:df:14:bc:d2:4b:0f:8f:29:dc:8b:0f:
                    6c:47:36:0a:9c:29:a1:f5:c0:81:c8:69:11:89:ed:
                    fd:23:72:89:6d:81:5f:73:c7:c5:ae:cf:25:b2:8c:
                    59:6b:fb:a0:e4:8f:12:59:19:91:8e:44:2b:c6:fa:
                    1d:87:c6:6c:a9:65:b1:f0:37:16:d0:73:c3:c8:16:
                    c8:db:3e:e3:7d:84:c3:73:f0:92:b2:5e:8a:9e:fe:
                    7a:8a:67:3d:38:60:75:8f:fb:f0:ee:34:e9:3f:b0:
                    27:89:9b:ed:92:42:02:26:0f:34:e7:23:14:c1:ab:
                    f8:1b:e3:db:09:50:1b:d3:ba:b5:a7:f1:83:d2:63:
                    20:45:d9:2c:2c:be:73:2e:53:7b:ac:f4:a5:44:9d:
                    d7:60:2f:c2:b6:6c:9d:1e:2f:04:37:f3:1a:ff:7b:
                    e4:b4:c6:d8:32:b1:81:99:13:4a:e0:15:8d:d4:de:
                    ec:33:cf:7f:aa:bd:c8:52:7e:cb:35:2c:b7:a2:3d:
                    8d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:3D:16:A5:4A:8E:66:D1:F1:27:9B:5B:47:6C:D8:66:23:79:86:9A
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/WD0WpUqOZtHxJ5tbR2zYZiN5hpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.169.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:07:5d:7d:42:c9:a5:5c:86:1f:f5:0c:99:a9:8e:04:37:bc:
         42:b9:98:7c:58:62:22:70:9e:3d:4a:9e:37:99:11:f1:79:0e:
         7a:e9:c2:a4:82:74:42:0e:47:7f:0a:c3:c5:89:ac:1f:f2:81:
         d5:cd:e6:41:eb:d1:ca:78:3e:92:88:46:10:2f:89:1d:7b:99:
         bd:1e:4b:2e:7c:1b:a8:3a:86:2f:42:13:7e:fa:86:53:55:4b:
         12:14:cf:43:af:cd:6f:d7:fa:db:36:74:07:33:e6:db:3d:7e:
         bf:16:36:9a:9b:7c:b1:69:8c:f9:83:ef:4f:d4:8b:66:9d:d5:
         30:44:4e:66:f8:3b:19:37:b3:ab:ba:68:94:7e:0c:3b:f2:94:
         69:99:8f:c7:83:34:58:1b:9a:1f:e9:c7:dd:6a:2c:b3:11:45:
         f7:fd:cc:a7:d7:6f:e6:74:78:18:59:a1:d7:09:15:df:e1:4c:
         89:6e:00:54:87:2d:df:17:4f:fc:0c:80:7f:d2:66:8f:94:6b:
         b4:f4:7e:fc:2a:59:94:c6:06:b2:d0:8a:8d:5b:d9:a4:90:d2:
         98:4f:da:f9:e7:5c:3a:74:90:2a:ca:33:2f:58:80:de:ca:e9:
         c9:1f:da:ef:2d:bc:aa:12:ec:5b:0a:bf:01:e2:0b:8a:ab:05:
         84:e9:6d:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYYISTkVnIGjrUpWYvxFUvzdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjMwMTMxMTQ0NDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODNkMTZhNTRhOGU2NmQxZjEyNzliNWI0NzZjZDg2NjIzNzk4NjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmed1DjtpV17SCeKvetcALzhUiO3
KuUIIJAE+2fdJCHCGDGtQgZWRHBjMBPRT8sQZV03lnjSmI5PblxOneS63xS80ksP
jynciw9sRzYKnCmh9cCByGkRie39I3KJbYFfc8fFrs8lsoxZa/ug5I8SWRmRjkQr
xvodh8ZsqWWx8DcW0HPDyBbI2z7jfYTDc/CSsl6Knv56imc9OGB1j/vw7jTpP7An
iZvtkkICJg805yMUwav4G+PbCVAb07q1p/GD0mMgRdksLL5zLlN7rPSlRJ3XYC/C
tmydHi8EN/Ma/3vktMbYMrGBmRNK4BWN1N7sM89/qr3IUn7LNSy3oj2NnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFg9FqVKjmbR8SebW0ds2GYjeYaaMB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvV0QwV3BVcU9adEh4SjV0YlIyellaaU41aHBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6nKMA0G
CSqGSIb3DQEBCwUAA4IBAQAeB119QsmlXIYf9QyZqY4EN7xCuZh8WGIicJ49Sp43
mRHxeQ566cKkgnRCDkd/CsPFiawf8oHVzeZB69HKeD6SiEYQL4kde5m9HksufBuo
OoYvQhN++oZTVUsSFM9Dr81v1/rbNnQHM+bbPX6/Fjaam3yxaYz5g+9P1ItmndUw
RE5m+DsZN7OrumiUfgw78pRpmY/HgzRYG5of6cfdaiyzEUX3/cyn12/mdHgYWaHX
CRXf4UyJbgBUhy3fF0/8DIB/0maPlGu09H78KlmUxgay0IqNW9mkkNKYT9r551w6
dJAqyjMvWIDeyunJH9rvLbyqEuxbCr8B4guKqwWE6W1Q
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:06 2024 by rpki-client on console-fra.rpki-client.org