Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/HhOHJvNTBElguaOH8xhLltrrbJM.roa
File:                     HhOHJvNTBElguaOH8xhLltrrbJM.roa (raw, json)
Hash identifier:          B851Myi72DN4KCrXpW5OhD+rVa/V17UjZYgePjLIU+U=
Subject key identifier:   1E:13:87:26:F3:53:04:49:60:B9:A3:87:F3:18:4B:96:DA:EB:6C:93
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0AF17478
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/HhOHJvNTBElguaOH8xhLltrrbJM.roa
Signing time:             Mon 25 Apr 2022 09:28:32 +0000
ROA not before:           Mon 25 Apr 2022 09:28:32 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     33387
IP address blocks:        185.149.12.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 183596152 (0xaf17478)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Apr 25 09:28:32 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=1e138726f353044960b9a387f3184b96daeb6c93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:7f:82:b6:1c:c8:47:7e:5a:2f:2d:49:28:b2:
                    18:1a:a4:e1:a9:a1:ff:bb:c9:ee:8a:37:23:e4:3c:
                    2b:a4:b9:29:0a:6d:76:92:2b:ec:4b:cd:94:93:38:
                    f4:ad:95:65:4d:64:62:58:80:c4:3d:05:a1:8b:3d:
                    74:98:14:5d:4e:79:05:c6:b6:bf:11:56:ed:c7:6b:
                    26:28:f5:e2:70:7c:23:5e:93:46:ab:75:56:be:fb:
                    b6:17:d2:29:91:d1:f5:2b:9f:1f:1b:e1:3a:f6:2a:
                    fa:d6:91:58:dc:b2:b9:3d:2f:8d:67:15:f8:d2:c0:
                    c3:47:20:2e:b9:86:4f:b1:07:6c:0a:e4:5f:6a:a1:
                    c9:72:7f:81:ca:bd:95:c3:43:42:c0:a0:65:00:65:
                    7f:9c:52:f2:e4:a2:ef:36:a9:0e:dc:90:c4:d7:39:
                    09:a0:22:d3:d1:de:c7:9f:ae:ac:b1:ec:ee:19:3c:
                    d1:ca:68:25:7d:5f:47:b1:fe:9c:f2:1c:20:5a:b8:
                    cd:25:21:ab:06:5c:24:9d:a1:d4:d6:56:59:98:07:
                    49:9f:c4:cc:4b:ce:d7:e1:15:6c:ba:2f:b0:12:fc:
                    b7:51:10:82:83:33:ba:66:01:5b:df:d8:98:22:d0:
                    6f:76:af:ba:8d:a5:fb:c0:a2:4d:7f:09:f2:a4:9e:
                    80:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:13:87:26:F3:53:04:49:60:B9:A3:87:F3:18:4B:96:DA:EB:6C:93
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/HhOHJvNTBElguaOH8xhLltrrbJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:c3:f5:37:37:48:ec:50:fb:fa:0c:bb:ba:2f:68:74:72:69:
         09:7e:ac:21:34:cd:27:7d:47:30:7d:f8:22:a7:74:2e:27:16:
         77:af:b2:f7:38:54:93:ca:97:26:0b:d3:19:81:2d:97:99:83:
         ba:86:d3:b8:0d:3d:d8:29:a4:32:bf:5d:21:b2:60:96:3d:3d:
         67:2c:55:27:71:be:48:85:4c:62:4e:57:ab:d4:2e:fe:72:42:
         f1:9a:52:93:aa:2e:88:eb:c1:38:46:39:7c:dd:3f:54:45:17:
         91:53:23:a6:db:07:19:b4:c4:8f:1d:f8:65:b6:cb:51:06:af:
         d4:3b:67:fe:64:f7:5c:cd:d7:c3:5b:66:e4:b8:e2:1d:98:0c:
         eb:0a:c7:e2:b6:d3:27:ae:05:1a:0d:39:77:b3:75:30:c1:a2:
         00:94:8b:fd:e4:26:2e:5e:1e:a2:ea:72:29:99:4f:60:61:f5:
         a8:23:c1:a2:43:8f:0f:af:f5:46:05:c2:a3:fb:8e:5f:da:22:
         61:78:8c:b7:48:ee:35:75:40:a9:b3:9c:d7:7a:ee:6a:82:6a:
         20:35:6e:94:6f:d7:61:db:f0:5a:01:3a:b5:7b:1c:a7:57:3b:
         ae:e4:98:b0:e0:0a:58:f7:0f:17:e6:68:bc:f9:80:c2:43:67:
         b8:61:b3:08
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECvF0eDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDQy
NTA5MjgzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWUxMzg3MjZmMzUz
MDQ0OTYwYjlhMzg3ZjMxODRiOTZkYWViNmM5MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMZ/grYcyEd+Wi8tSSiyGBqk4amh/7vJ7oo3I+Q8K6S5KQpt
dpIr7EvNlJM49K2VZU1kYliAxD0FoYs9dJgUXU55Bca2vxFW7cdrJij14nB8I16T
Rqt1Vr77thfSKZHR9SufHxvhOvYq+taRWNyyuT0vjWcV+NLAw0cgLrmGT7EHbArk
X2qhyXJ/gcq9lcNDQsCgZQBlf5xS8uSi7zapDtyQxNc5CaAi09Hex5+urLHs7hk8
0cpoJX1fR7H+nPIcIFq4zSUhqwZcJJ2h1NZWWZgHSZ/EzEvO1+EVbLovsBL8t1EQ
goMzumYBW9/YmCLQb3avuo2l+8CiTX8J8qSegDsCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQeE4cm81MESWC5o4fzGEuW2utskzAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L0hoT0hKdk5UQkVsZ3VhT0g4eGhMbHRycmJKTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmVDDANBgkqhkiG9w0BAQsFAAOC
AQEAKMP1NzdI7FD7+gy7ui9odHJpCX6sITTNJ31HMH34Iqd0LicWd6+y9zhUk8qX
JgvTGYEtl5mDuobTuA092CmkMr9dIbJglj09ZyxVJ3G+SIVMYk5Xq9Qu/nJC8ZpS
k6ouiOvBOEY5fN0/VEUXkVMjptsHGbTEjx34ZbbLUQav1Dtn/mT3XM3Xw1tm5Lji
HZgM6wrH4rbTJ64FGg05d7N1MMGiAJSL/eQmLl4eoupyKZlPYGH1qCPBokOPD6/1
RgXCo/uOX9oiYXiMt0juNXVAqbOc13ruaoJqIDVulG/XYdvwWgE6tXscp1c7ruSY
sOAKWPcPF+ZovPmAwkNnuGGzCA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org