Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/Q5oKM4WDIkqaZ88ZCWs795kNjIE.roa
File:                     Q5oKM4WDIkqaZ88ZCWs795kNjIE.roa (raw, json)
Hash identifier:          EAisIguVCSRSmD7zprnTi4PCNHV4HW4IuZWFlqDunkw=
Subject key identifier:   43:9A:0A:33:85:83:22:4A:9A:67:CF:19:09:6B:3B:F7:99:0D:8C:81
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       018964895C68752D7E74852A2AD8DD6F0712
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/Q5oKM4WDIkqaZ88ZCWs795kNjIE.roa
Signing time:             Mon 17 Jul 2023 15:47:50 +0000
ROA not before:           Mon 17 Jul 2023 15:47:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202656
IP address blocks:        193.5.1.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:64:89:5c:68:75:2d:7e:74:85:2a:2a:d8:dd:6f:07:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Jul 17 15:47:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=439a0a338583224a9a67cf19096b3bf7990d8c81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b7:45:11:ba:ac:a1:f0:13:eb:dc:1b:e0:47:
                    ba:b7:ec:2f:f2:ea:1c:c2:62:f9:8f:34:e8:72:bb:
                    09:26:74:7f:d1:14:03:06:5b:bf:1f:dc:42:11:ca:
                    d5:82:aa:6b:f8:23:8e:d8:ff:43:ab:ff:3d:de:c5:
                    7e:80:e3:ff:13:05:52:1f:c7:93:6e:fd:97:df:53:
                    8e:23:41:f6:2f:05:f2:1c:8f:eb:bd:56:1a:ed:67:
                    7f:6b:e6:28:e5:c3:1c:50:7f:36:de:12:68:8e:6a:
                    ee:9e:1c:80:c1:81:47:65:74:b9:af:f7:5a:63:3d:
                    8f:33:39:97:19:21:22:50:d9:7c:11:21:72:46:09:
                    8e:d6:a6:57:ab:5c:de:17:a1:6b:be:73:db:97:ff:
                    66:4e:6e:09:e2:de:91:e0:30:c3:e2:90:9e:39:33:
                    76:e7:10:cf:9f:1d:9b:75:4d:69:79:ca:0b:4d:bf:
                    f8:43:cb:6c:02:70:3e:04:fa:63:0d:a2:4a:8f:fc:
                    12:b4:5c:58:50:6b:e3:e6:eb:18:a7:57:33:e7:44:
                    3b:a8:74:e0:fe:f2:8f:05:fa:6d:80:34:8d:9a:64:
                    ea:7a:9f:48:9b:d0:00:13:62:a1:d0:d4:6f:24:84:
                    12:58:dc:d9:e0:17:86:fd:32:0b:bc:3c:6f:0a:a4:
                    33:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:9A:0A:33:85:83:22:4A:9A:67:CF:19:09:6B:3B:F7:99:0D:8C:81
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/Q5oKM4WDIkqaZ88ZCWs795kNjIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:5f:28:75:97:bd:a5:d0:50:fc:74:0c:40:d7:36:be:0b:ac:
         36:6a:75:e9:d7:bd:cc:bd:b6:c7:16:a5:84:91:71:6d:51:68:
         d1:c8:30:78:bd:db:b6:07:30:4f:3d:8a:dd:e5:23:8b:1e:ae:
         83:e6:9a:b4:9a:a9:b6:18:98:99:38:8a:ed:0a:d5:9d:8e:f8:
         22:74:c1:23:9a:c8:e4:62:93:23:93:bd:2d:1c:3f:74:09:a0:
         4f:02:56:8e:dd:8f:48:16:23:87:d8:3b:28:3a:48:95:68:ed:
         ea:b2:52:fa:f1:7c:90:4a:82:b2:17:d3:e7:fb:bc:df:7f:26:
         2c:e4:bf:c8:85:ac:ba:1a:02:f8:25:a8:5a:0e:02:ea:73:44:
         76:0a:5b:51:5c:24:39:93:92:25:55:42:f1:c2:5e:b1:16:f9:
         25:cc:6a:40:66:4e:45:aa:ab:58:b1:6c:77:97:f0:4a:77:e6:
         2b:f4:bf:80:bf:78:48:14:9f:8d:a3:3b:fc:25:11:44:fc:c4:
         16:5d:85:d3:5f:ec:c6:b3:97:b9:64:ef:b9:74:ee:8b:24:f8:
         af:07:ea:d1:fb:23:84:0d:49:4f:45:99:2f:c4:12:47:78:bb:
         28:ea:1b:1a:07:27:8b:ae:8f:32:12:a3:27:20:d3:9a:d8:d2:
         c4:ea:b9:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYlkiVxodS1+dIUqKtjdbwcSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjMwNzE3MTU0NzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzlhMGEzMzg1ODMyMjRhOWE2N2NmMTkwOTZiM2JmNzk5MGQ4YzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbdFEbqsofAT69wb4Ee6t+wv8uoc
wmL5jzTocrsJJnR/0RQDBlu/H9xCEcrVgqpr+COO2P9Dq/893sV+gOP/EwVSH8eT
bv2X31OOI0H2LwXyHI/rvVYa7Wd/a+Yo5cMcUH823hJojmrunhyAwYFHZXS5r/da
Yz2PMzmXGSEiUNl8ESFyRgmO1qZXq1zeF6FrvnPbl/9mTm4J4t6R4DDD4pCeOTN2
5xDPnx2bdU1pecoLTb/4Q8tsAnA+BPpjDaJKj/wStFxYUGvj5usYp1cz50Q7qHTg
/vKPBfptgDSNmmTqep9Im9AAE2Kh0NRvJIQSWNzZ4BeG/TILvDxvCqQzVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOaCjOFgyJKmmfPGQlrO/eZDYyBMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvUTVvS000V0RJa3FhWjg4WkNXczc5NWtOaklFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQUBMA0G
CSqGSIb3DQEBCwUAA4IBAQAPXyh1l72l0FD8dAxA1za+C6w2anXp173MvbbHFqWE
kXFtUWjRyDB4vdu2BzBPPYrd5SOLHq6D5pq0mqm2GJiZOIrtCtWdjvgidMEjmsjk
YpMjk70tHD90CaBPAlaO3Y9IFiOH2DsoOkiVaO3qslL68XyQSoKyF9Pn+7zffyYs
5L/Ihay6GgL4JahaDgLqc0R2CltRXCQ5k5IlVULxwl6xFvklzGpAZk5FqqtYsWx3
l/BKd+Yr9L+Av3hIFJ+Nozv8JRFE/MQWXYXTX+zGs5e5ZO+5dO6LJPivB+rR+yOE
DUlPRZkvxBJHeLso6hsaByeLro8yEqMnINOa2NLE6rmK
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:17 2024 by rpki-client on console-fra.rpki-client.org