Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/VUmo8p1U3V-x45C5M4nebFL8ZAw.roa
File:                     VUmo8p1U3V-x45C5M4nebFL8ZAw.roa (raw, json)
Hash identifier:          CxpijDap9tZjDFQUn6HjoN9YfIcQw2tF11NQy3Pu2Cs=
Subject key identifier:   55:49:A8:F2:9D:54:DD:5F:B1:E3:90:B9:33:89:DE:6C:52:FC:64:0C
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0184A8939B1F74C4DCF73A52F56F4F967663
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/VUmo8p1U3V-x45C5M4nebFL8ZAw.roa
Signing time:             Thu 24 Nov 2022 07:39:16 +0000
ROA not before:           Thu 24 Nov 2022 07:39:16 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     40676
IP address blocks:        185.149.14.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:a8:93:9b:1f:74:c4:dc:f7:3a:52:f5:6f:4f:96:76:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Nov 24 07:39:16 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=5549a8f29d54dd5fb1e390b93389de6c52fc640c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6c:c7:e1:28:c8:ee:1c:6b:20:80:b8:c8:d7:
                    09:c7:a6:80:8c:f7:44:d8:c8:78:ce:05:53:ff:3d:
                    ac:29:e6:da:a1:2f:30:af:9d:4a:ee:6a:f0:c1:12:
                    df:cc:be:6f:29:12:13:15:42:2f:d3:15:fa:93:92:
                    38:6c:2b:40:a2:62:bf:62:42:e0:3e:22:0f:f1:55:
                    cc:dd:19:b9:9b:b1:a2:a8:f6:4e:74:03:2d:75:21:
                    da:56:5d:a1:20:6e:a4:05:89:9a:e0:43:7f:5a:00:
                    11:6a:70:b3:8f:2a:1b:be:b9:06:17:ff:e2:f7:06:
                    b0:ce:cc:e4:ce:7c:1a:50:84:c0:df:18:31:67:4a:
                    dd:8f:8a:6c:68:81:34:1e:97:47:b7:e6:58:98:b0:
                    c8:11:18:c9:04:7f:b9:e9:92:65:ac:af:f6:a9:e2:
                    31:55:c4:75:ce:80:8e:a5:f8:86:74:6d:74:0e:25:
                    7b:07:35:9d:bf:5f:e1:72:78:e9:ab:a6:09:50:f4:
                    91:5d:03:49:12:fa:1b:9c:ed:d0:3e:7b:d6:67:06:
                    4e:df:d5:49:8e:3a:2e:8c:ff:f4:2a:2d:27:89:b7:
                    11:64:57:d2:00:dd:bc:1f:ab:10:b2:6a:68:2d:9e:
                    5f:bb:13:91:e9:ed:30:42:48:ac:8f:8d:d0:60:68:
                    67:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:49:A8:F2:9D:54:DD:5F:B1:E3:90:B9:33:89:DE:6C:52:FC:64:0C
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/VUmo8p1U3V-x45C5M4nebFL8ZAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:ad:7d:6b:a6:12:18:42:9b:e2:cd:52:b5:22:70:96:44:b2:
         be:c0:5a:9f:1a:c5:29:5b:3f:6b:ee:5d:3f:a6:f4:20:88:22:
         04:b2:5b:dc:bd:94:af:7b:54:e8:d0:bb:7c:f9:a6:33:07:9d:
         67:bb:f5:4c:e8:d1:fa:ac:54:19:3b:65:cd:dd:c7:e2:3b:8a:
         33:59:dd:29:ee:f7:7d:f9:45:c8:9e:2d:db:15:49:c5:14:83:
         15:f8:22:b9:94:ba:ba:9a:d4:12:12:21:35:28:64:5a:37:4e:
         c4:83:79:b4:f3:6b:21:25:e7:b1:30:aa:af:fc:34:ec:1b:dc:
         81:3f:a6:02:14:43:21:99:6d:10:4d:47:e6:36:07:ea:73:26:
         bc:59:9f:54:c6:9b:44:ff:a0:83:ce:f2:25:55:ae:a9:6e:3f:
         45:a8:f9:d4:c4:59:9c:f0:85:4a:a4:5a:4e:62:1e:bb:5b:5a:
         0f:cb:c4:61:02:64:b6:f5:85:dc:57:99:c6:e7:93:df:ae:2b:
         b5:c0:4d:9f:79:f7:17:d3:b3:45:40:52:f1:80:6e:3a:a3:ed:
         e7:a3:65:98:b1:ec:d9:cd:e0:f8:10:d3:b6:75:bc:e8:62:0c:
         49:62:ec:27:17:6f:50:38:cb:55:a7:5d:79:f0:fb:17:8d:79:
         d0:51:bf:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSok5sfdMTc9zpS9W9PlnZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjIxMTI0MDczOTE2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTQ5YThmMjlkNTRkZDVmYjFlMzkwYjkzMzg5ZGU2YzUyZmM2NDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumzH4SjI7hxrIIC4yNcJx6aAjPdE
2Mh4zgVT/z2sKebaoS8wr51K7mrwwRLfzL5vKRITFUIv0xX6k5I4bCtAomK/YkLg
PiIP8VXM3Rm5m7GiqPZOdAMtdSHaVl2hIG6kBYma4EN/WgARanCzjyobvrkGF//i
9wawzszkznwaUITA3xgxZ0rdj4psaIE0HpdHt+ZYmLDIERjJBH+56ZJlrK/2qeIx
VcR1zoCOpfiGdG10DiV7BzWdv1/hcnjpq6YJUPSRXQNJEvobnO3QPnvWZwZO39VJ
jjoujP/0Ki0nibcRZFfSAN28H6sQsmpoLZ5fuxOR6e0wQkisj43QYGhnYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVJqPKdVN1fseOQuTOJ3mxS/GQMMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvVlVtbzhwMVUzVi14NDVDNU00bmViRkw4WkF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZUOMA0G
CSqGSIb3DQEBCwUAA4IBAQBmrX1rphIYQpvizVK1InCWRLK+wFqfGsUpWz9r7l0/
pvQgiCIEslvcvZSve1To0Lt8+aYzB51nu/VM6NH6rFQZO2XN3cfiO4ozWd0p7vd9
+UXIni3bFUnFFIMV+CK5lLq6mtQSEiE1KGRaN07Eg3m082shJeexMKqv/DTsG9yB
P6YCFEMhmW0QTUfmNgfqcya8WZ9UxptE/6CDzvIlVa6pbj9FqPnUxFmc8IVKpFpO
Yh67W1oPy8RhAmS29YXcV5nG55Pfriu1wE2fefcX07NFQFLxgG46o+3no2WYsezZ
zeD4ENO2dbzoYgxJYuwnF29QOMtVp1158PsXjXnQUb/N
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:25 2024 by rpki-client on console-ams.rpki-client.org