Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/c90860-8138-433c-b24f-92c780ca3260/1/nNAiU29ivgVOcTYnaslS-7WEj2c.roa
File:                     nNAiU29ivgVOcTYnaslS-7WEj2c.roa (raw, json)
Hash identifier:          EYLq1iSRHFGwgdPE8JWvk7ua6RzPIGzJrNvjz5/s2U8=
Subject key identifier:   9C:D0:22:53:6F:62:BE:05:4E:71:36:27:6A:C9:52:FB:B5:84:8F:67
Certificate issuer:       /CN=269f4f7143b4067805cba9a40f639732ee7d42e5
Certificate serial:       3714466D
Authority key identifier: 26:9F:4F:71:43:B4:06:78:05:CB:A9:A4:0F:63:97:32:EE:7D:42:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jp9PcUO0BngFy6mkD2OXMu59QuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/c90860-8138-433c-b24f-92c780ca3260/1/nNAiU29ivgVOcTYnaslS-7WEj2c.roa
Signing time:             Sat 01 Jan 2022 13:59:04 +0000
ROA not before:           Sat 01 Jan 2022 13:59:04 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     199185
IP address blocks:        188.64.148.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 924075629 (0x3714466d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=269f4f7143b4067805cba9a40f639732ee7d42e5
        Validity
            Not Before: Jan  1 13:59:04 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=9cd022536f62be054e7136276ac952fbb5848f67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:83:ba:eb:73:87:82:0b:35:41:e0:f9:84:c0:
                    48:b8:68:46:f1:19:8c:69:7a:80:5b:ec:00:7c:6e:
                    43:c0:21:16:4b:10:e3:96:1c:9d:9d:3d:01:4d:f2:
                    db:ad:25:3b:34:b8:c7:8d:7a:e7:12:c8:6c:c0:0f:
                    ce:a9:da:10:78:a3:a3:9e:2b:bb:e8:92:fd:73:30:
                    08:6d:8a:11:e6:66:70:13:01:2c:ed:17:0a:bb:2a:
                    34:18:ad:69:8a:0c:0d:38:f8:77:80:5a:57:f5:3c:
                    2d:5a:e0:43:31:cb:9f:35:8c:0c:f4:a6:7b:5f:9f:
                    17:5c:1d:0b:30:c5:70:fa:7b:bc:8f:3c:70:19:4b:
                    39:4a:25:ea:d6:3e:71:ea:d0:86:a1:77:34:38:66:
                    8a:73:cf:bf:a2:60:e1:c9:d0:fb:40:75:8e:17:26:
                    cf:e2:9e:a5:36:e1:fd:3a:cf:e3:e6:03:7b:27:7d:
                    ac:16:b9:0b:22:73:d4:8e:d4:f7:50:af:9c:1c:42:
                    e0:ae:fb:4e:db:93:f1:c1:4a:11:0a:c2:41:73:c2:
                    f1:e4:b3:d6:9c:dc:5f:cb:55:f4:cd:94:bd:ca:1e:
                    3a:d8:2b:61:d3:0f:1e:56:bf:ff:95:9f:81:89:a8:
                    a8:49:a9:22:7b:3f:36:d0:ed:3d:4a:67:58:34:bf:
                    32:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:D0:22:53:6F:62:BE:05:4E:71:36:27:6A:C9:52:FB:B5:84:8F:67
            X509v3 Authority Key Identifier:
                keyid:26:9F:4F:71:43:B4:06:78:05:CB:A9:A4:0F:63:97:32:EE:7D:42:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jp9PcUO0BngFy6mkD2OXMu59QuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/c90860-8138-433c-b24f-92c780ca3260/1/nNAiU29ivgVOcTYnaslS-7WEj2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/c90860-8138-433c-b24f-92c780ca3260/1/Jp9PcUO0BngFy6mkD2OXMu59QuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.64.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:e0:10:0c:cb:ee:3f:77:93:1a:57:3b:3f:7d:f6:fb:40:3e:
         4a:ee:0c:22:06:6a:5c:4c:6a:b1:f6:47:2e:dc:b6:9c:fa:69:
         59:4e:92:26:5a:c5:4d:25:5a:14:f5:7b:19:4d:6b:54:e9:b5:
         18:03:40:0e:14:2a:d1:9f:7a:91:ce:df:bb:c0:f5:f1:40:74:
         4b:49:ac:90:91:64:97:27:a4:a0:ba:d3:61:75:01:79:ea:07:
         d5:06:9d:01:da:d2:7e:5b:0b:b5:53:40:98:13:df:02:cb:34:
         04:ea:00:33:7a:60:f7:24:ad:86:5d:32:1a:69:54:2b:60:13:
         60:a6:1b:bd:1f:27:8d:84:b1:0c:a5:a6:2c:9e:b4:a5:2a:d1:
         87:cd:91:a0:1b:23:40:b6:c2:0c:6a:68:6a:07:15:15:98:57:
         6d:12:bb:7c:86:d8:32:bb:b5:bf:a1:d8:10:66:be:fe:6f:d2:
         8b:e6:9b:33:c7:6a:a4:8a:d0:56:a3:08:a3:10:d8:b0:84:3d:
         71:32:8e:5c:ea:55:87:4e:81:44:bd:64:d0:02:df:ba:3b:30:
         2b:0a:86:69:ab:8c:27:69:44:39:68:98:a4:b6:d1:52:23:00:
         01:92:c8:da:72:15:ad:2a:5e:b2:d5:e9:f1:b4:30:6d:ae:28:
         ca:d8:fc:9d
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIENxRGbTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
NjlmNGY3MTQzYjQwNjc4MDVjYmE5YTQwZjYzOTczMmVlN2Q0MmU1MB4XDTIyMDEw
MTEzNTkwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWNkMDIyNTM2ZjYy
YmUwNTRlNzEzNjI3NmFjOTUyZmJiNTg0OGY2NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJODuutzh4ILNUHg+YTASLhoRvEZjGl6gFvsAHxuQ8AhFksQ
45YcnZ09AU3y260lOzS4x4165xLIbMAPzqnaEHijo54ru+iS/XMwCG2KEeZmcBMB
LO0XCrsqNBitaYoMDTj4d4BaV/U8LVrgQzHLnzWMDPSme1+fF1wdCzDFcPp7vI88
cBlLOUol6tY+cerQhqF3NDhminPPv6Jg4cnQ+0B1jhcmz+KepTbh/TrP4+YDeyd9
rBa5CyJz1I7U91CvnBxC4K77TtuT8cFKEQrCQXPC8eSz1pzcX8tV9M2UvcoeOtgr
YdMPHla//5WfgYmoqEmpIns/NtDtPUpnWDS/MrsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBSc0CJTb2K+BU5xNidqyVL7tYSPZzAfBgNVHSMEGDAWgBQmn09xQ7QGeAXL
qaQPY5cy7n1C5TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0pwOVBjVU8wQm5nRnk2bWtEMk9YTXU1OVF1VS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWUvYzkwODYwLTgxMzgtNDMzYy1iMjRmLTkyYzc4MGNhMzI2MC8x
L25OQWlVMjlpdmdWT2NUWW5hc2xTLTdXRWoyYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWUv
YzkwODYwLTgxMzgtNDMzYy1iMjRmLTkyYzc4MGNhMzI2MC8xL0pwOVBjVU8wQm5n
Rnk2bWtEMk9YTXU1OVF1VS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALxAlDANBgkqhkiG9w0BAQsFAAOC
AQEAYeAQDMvuP3eTGlc7P332+0A+Su4MIgZqXExqsfZHLty2nPppWU6SJlrFTSVa
FPV7GU1rVOm1GANADhQq0Z96kc7fu8D18UB0S0mskJFklyekoLrTYXUBeeoH1Qad
AdrSflsLtVNAmBPfAss0BOoAM3pg9ySthl0yGmlUK2ATYKYbvR8njYSxDKWmLJ60
pSrRh82RoBsjQLbCDGpoagcVFZhXbRK7fIbYMru1v6HYEGa+/m/Si+abM8dqpIrQ
VqMIoxDYsIQ9cTKOXOpVh06BRL1k0ALfujswKwqGaauMJ2lEOWiYpLbRUiMAAZLI
2nIVrSpestXp8bQwba4oytj8nQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:57 2024 by rpki-client on console-fra.rpki-client.org