Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/0Ivr2o5FTRJm1il2j1ica7l1VGI.roa
File:                     0Ivr2o5FTRJm1il2j1ica7l1VGI.roa (raw, json)
Hash identifier:          LGp293Uo/uFjXMtc7gxI14JpRBAmXTP+9KLGMtS2yYI=
Subject key identifier:   D0:8B:EB:DA:8E:45:4D:12:66:D6:29:76:8F:58:9C:6B:B9:75:54:62
Certificate issuer:       /CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
Certificate serial:       01828B9CC3E9A832156701F335BC789EA844
Authority key identifier: 21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/0Ivr2o5FTRJm1il2j1ica7l1VGI.roa
Signing time:             Thu 11 Aug 2022 06:34:43 +0000
ROA not before:           Thu 11 Aug 2022 06:34:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     199270
IP address blocks:        147.234.96.0/21 maxlen: 21
                          147.234.92.0/23 maxlen: 23
                          147.234.95.0/24 maxlen: 24
                          147.234.94.0/23 maxlen: 23

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:82:8b:9c:c3:e9:a8:32:15:67:01:f3:35:bc:78:9e:a8:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21bad74e7f6c0949a2736a57478496d7d8b450e6
        Validity
            Not Before: Aug 11 06:34:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d08bebda8e454d1266d629768f589c6bb9755462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:78:f9:6e:a1:d6:f6:92:46:5c:d9:fc:df:37:
                    62:a8:a8:1c:c0:2a:a1:6b:22:a7:36:94:fd:4c:7e:
                    83:2d:49:34:43:c9:3f:34:13:bb:c7:a6:15:fb:44:
                    96:f7:2c:19:b1:94:cf:f3:99:b5:0b:9c:d4:da:5d:
                    0f:9b:e6:05:6c:9e:59:7a:71:0f:32:30:9d:2c:31:
                    18:5f:e4:20:be:66:4b:51:56:bb:73:1a:cf:12:e6:
                    8c:0c:f0:b5:54:9c:ab:65:6b:c0:bc:18:58:fe:dc:
                    86:94:86:71:51:20:c8:a1:1f:72:4b:3a:1a:78:bc:
                    0c:b8:55:0c:02:1a:e1:fd:18:d4:7c:56:3e:a3:90:
                    1b:c9:bb:35:c6:84:db:18:d6:f2:22:ac:ca:7e:96:
                    b3:b4:60:ce:9e:83:87:3c:d3:ee:0b:d0:48:89:39:
                    4d:65:d1:0a:12:85:8f:19:5d:78:78:7c:80:21:71:
                    39:53:ec:a7:0d:29:94:b6:bd:24:70:41:a1:fe:fa:
                    af:a5:a4:b7:aa:90:77:1b:17:c6:3d:f7:ce:34:c4:
                    01:0a:ae:21:45:c7:5c:1f:26:75:32:7d:84:f4:ad:
                    ba:68:7d:69:06:2b:4f:3d:ea:01:b5:c0:76:47:1d:
                    c1:f8:06:2b:41:0a:14:3e:a4:81:71:60:c0:ed:c0:
                    f9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:8B:EB:DA:8E:45:4D:12:66:D6:29:76:8F:58:9C:6B:B9:75:54:62
            X509v3 Authority Key Identifier:
                keyid:21:BA:D7:4E:7F:6C:09:49:A2:73:6A:57:47:84:96:D7:D8:B4:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IbrXTn9sCUmic2pXR4SW19i0UOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/0Ivr2o5FTRJm1il2j1ica7l1VGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8ddc38-7a1a-4906-a8ed-4433229a8473/1/IbrXTn9sCUmic2pXR4SW19i0UOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.234.92.0-147.234.103.255

    Signature Algorithm: sha256WithRSAEncryption
         28:c4:6f:11:4e:68:c1:b6:66:23:89:b9:d3:36:43:0a:0c:24:
         df:91:c9:7b:d4:d8:6c:7f:fa:cd:f4:13:f7:86:a5:d9:61:37:
         f0:df:de:83:de:60:5a:41:36:bf:1e:fc:ed:bb:38:b1:4d:60:
         df:de:1f:1a:4c:ee:0a:cc:84:9e:0b:79:cb:a0:e4:a3:9d:8b:
         f5:1d:6c:00:53:51:c4:33:11:44:9d:ba:3f:54:69:a3:e4:0d:
         b2:48:e5:1f:6c:dd:66:91:1c:46:09:f2:39:f5:0e:50:9a:8a:
         f4:64:2e:c6:d9:c5:f5:f4:ca:83:a8:94:0d:39:e7:8e:ee:b6:
         8f:9f:a5:92:8b:c6:28:0e:fd:70:f6:fc:96:9f:41:53:3c:35:
         a0:cc:f3:31:d2:51:07:48:52:51:b8:dd:32:b7:63:dd:01:af:
         92:41:3b:c8:76:72:80:98:52:7d:55:f2:9c:c4:5d:19:93:e1:
         c4:82:54:e3:fe:22:2b:f2:ea:ec:47:45:8b:05:cc:d6:47:9d:
         c8:2a:51:d2:f3:89:ad:02:f7:e6:d7:0d:e0:39:61:6c:eb:20:
         20:f2:09:fc:fc:98:5b:7b:a6:46:70:e2:66:e8:69:c7:92:f3:
         f8:68:97:95:47:97:64:c2:0a:fe:3a:ea:6d:0c:24:23:ed:5b:
         54:3f:cd:55
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYKLnMPpqDIVZwHzNbx4nqhEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmFkNzRlN2Y2YzA5NDlhMjczNmE1NzQ3ODQ5NmQ3ZDhi
NDUwZTYwHhcNMjIwODExMDYzNDQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDhiZWJkYThlNDU0ZDEyNjZkNjI5NzY4ZjU4OWM2YmI5NzU1NDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHj5bqHW9pJGXNn83zdiqKgcwCqh
ayKnNpT9TH6DLUk0Q8k/NBO7x6YV+0SW9ywZsZTP85m1C5zU2l0Pm+YFbJ5ZenEP
MjCdLDEYX+QgvmZLUVa7cxrPEuaMDPC1VJyrZWvAvBhY/tyGlIZxUSDIoR9ySzoa
eLwMuFUMAhrh/RjUfFY+o5Abybs1xoTbGNbyIqzKfpaztGDOnoOHPNPuC9BIiTlN
ZdEKEoWPGV14eHyAIXE5U+ynDSmUtr0kcEGh/vqvpaS3qpB3GxfGPffONMQBCq4h
RcdcHyZ1Mn2E9K26aH1pBitPPeoBtcB2Rx3B+AYrQQoUPqSBcWDA7cD53QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNCL69qORU0SZtYpdo9YnGu5dVRiMB8GA1UdIwQY
MBaAFCG6105/bAlJonNqV0eEltfYtFDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQt
NDQzMzIyOWE4NDczLzEvMEl2cjJvNUZUUkptMWlsMmoxaWNhN2wxVkdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZGRjMzgtN2ExYS00OTA2LWE4ZWQtNDQzMzIyOWE4NDcz
LzEvSWJyWFRuOXNDVW1pYzJwWFI0U1cxOWkwVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKT6lwD
BAOT6mAwDQYJKoZIhvcNAQELBQADggEBACjEbxFOaMG2ZiOJudM2QwoMJN+RyXvU
2Gx/+s30E/eGpdlhN/Df3oPeYFpBNr8e/O27OLFNYN/eHxpM7grMhJ4Lecug5KOd
i/UdbABTUcQzEUSduj9UaaPkDbJI5R9s3WaRHEYJ8jn1DlCaivRkLsbZxfX0yoOo
lA05547uto+fpZKLxigO/XD2/JafQVM8NaDM8zHSUQdIUlG43TK3Y90Br5JBO8h2
coCYUn1V8pzEXRmT4cSCVOP+Iivy6uxHRYsFzNZHncgqUdLzia0C9+bXDeA5YWzr
ICDyCfz8mFt7pkZw4mboaceS8/hol5VHl2TCCv466m0MJCPtW1Q/zVU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:13:56 2024 by rpki-client on console-ams.rpki-client.org