Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/mBM6sCXtqyoT-YzLGoXpzTKcusc.roa
File:                     mBM6sCXtqyoT-YzLGoXpzTKcusc.roa (raw, json)
Hash identifier:          Q+IUqLUwlHa/hKSJ5VBAsrtLNbraL5ToPdeKhTdToMM=
Subject key identifier:   98:13:3A:B0:25:ED:AB:2A:13:F9:8C:CB:1A:85:E9:CD:32:9C:BA:C7
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       018572B421A938F77C81B76FB98A81B6051D
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/mBM6sCXtqyoT-YzLGoXpzTKcusc.roa
Signing time:             Mon 02 Jan 2023 13:38:05 +0000
ROA not before:           Mon 02 Jan 2023 13:38:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     40676
IP address blocks:        185.149.14.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:b4:21:a9:38:f7:7c:81:b7:6f:b9:8a:81:b6:05:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jan  2 13:38:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=98133ab025edab2a13f98ccb1a85e9cd329cbac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:29:9e:de:de:31:5b:c9:d4:4a:43:00:80:e9:
                    5d:91:c2:4a:be:3b:33:76:cd:ed:21:57:d7:69:e7:
                    45:87:ee:1b:d5:eb:72:32:d1:92:ae:59:4b:89:4d:
                    e0:b9:5b:1b:2a:a6:e4:93:e4:8d:2b:75:5f:8b:b9:
                    7a:d9:8a:3c:f4:73:06:e4:37:59:2b:e2:07:d8:b8:
                    9b:7b:c2:5f:c9:a6:ff:91:d9:ec:31:ec:00:a5:57:
                    4b:8b:56:ca:a3:3a:a6:29:82:6f:a5:e6:bb:7e:80:
                    c0:71:6c:9c:7e:d4:d9:cf:42:d7:e8:9f:18:da:3a:
                    99:e6:bd:99:ba:89:37:ea:0b:d3:44:df:c6:a3:7b:
                    22:95:f4:ba:60:f6:10:12:46:fc:4e:b2:0c:7e:3a:
                    eb:0e:dd:ef:e8:d9:16:1d:00:a2:8c:7d:2c:e3:8d:
                    49:3f:8f:77:ae:cc:95:69:8a:6f:7d:02:c0:28:ca:
                    92:f7:25:fb:8d:32:32:a1:ee:9c:58:3a:de:f8:0c:
                    96:ac:07:81:12:51:fa:6e:c6:9b:5f:2c:c4:9b:1b:
                    f4:54:6a:13:47:40:98:d6:36:22:0d:d4:71:d0:36:
                    6c:ec:23:97:1e:c4:5c:c6:f5:fe:de:5c:fa:c7:40:
                    5f:24:5b:00:7d:b4:75:61:49:83:e3:8b:54:65:da:
                    68:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:13:3A:B0:25:ED:AB:2A:13:F9:8C:CB:1A:85:E9:CD:32:9C:BA:C7
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/mBM6sCXtqyoT-YzLGoXpzTKcusc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:3f:c9:b4:19:63:cb:a0:e7:e6:cc:fc:21:c2:4d:40:3d:3a:
         3f:f8:9c:fc:b2:d7:89:0f:8c:b4:99:4f:a1:3b:f8:e8:0b:f3:
         59:ba:e9:62:4d:6f:f4:86:cc:af:40:51:82:1e:99:3d:04:52:
         e6:e5:37:b0:f1:c5:f2:ca:ec:d9:31:80:4f:13:70:9b:e0:d1:
         d1:83:bf:11:4e:6f:eb:9b:76:bf:ba:b5:5c:d8:de:c5:2c:94:
         c2:7d:e3:cd:43:d6:27:7a:1c:07:b1:96:24:58:13:f7:42:2a:
         65:09:7f:dc:b8:6b:b9:a9:48:ce:e4:4d:46:a6:86:a2:48:e0:
         9a:b5:a4:da:c7:03:76:84:ca:78:60:a2:48:fe:4b:b4:4a:bd:
         af:39:d2:84:ec:7a:2b:b5:ee:ab:34:68:59:2f:60:11:d7:aa:
         39:2c:92:56:2b:c9:15:8d:d1:3e:cc:9f:66:95:43:bc:e8:49:
         2b:42:7f:f5:23:13:f1:a4:69:5a:0c:76:34:93:bb:08:6c:e3:
         94:67:81:5f:d6:bb:e0:f5:49:34:a5:b8:68:53:9b:fe:d1:19:
         3e:29:07:7a:1b:7b:6a:d3:79:06:03:24:e9:96:7a:a5:af:87:
         1d:92:98:3b:1c:07:1b:93:a9:fb:d7:2b:4f:fe:cf:8e:e2:a7:
         6c:cd:b9:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVytCGpOPd8gbdvuYqBtgUdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwMTAyMTMzODA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODEzM2FiMDI1ZWRhYjJhMTNmOThjY2IxYTg1ZTljZDMyOWNiYWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsime3t4xW8nUSkMAgOldkcJKvjsz
ds3tIVfXaedFh+4b1etyMtGSrllLiU3guVsbKqbkk+SNK3Vfi7l62Yo89HMG5DdZ
K+IH2Libe8Jfyab/kdnsMewApVdLi1bKozqmKYJvpea7foDAcWycftTZz0LX6J8Y
2jqZ5r2Zuok36gvTRN/Go3silfS6YPYQEkb8TrIMfjrrDt3v6NkWHQCijH0s441J
P493rsyVaYpvfQLAKMqS9yX7jTIyoe6cWDre+AyWrAeBElH6bsabXyzEmxv0VGoT
R0CY1jYiDdRx0DZs7COXHsRcxvX+3lz6x0BfJFsAfbR1YUmD44tUZdpo0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJgTOrAl7asqE/mMyxqF6c0ynLrHMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvbUJNNnNDWHRxeW9ULVl6TEdvWHB6VEtjdXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZUOMA0G
CSqGSIb3DQEBCwUAA4IBAQAsP8m0GWPLoOfmzPwhwk1APTo/+Jz8steJD4y0mU+h
O/joC/NZuuliTW/0hsyvQFGCHpk9BFLm5Tew8cXyyuzZMYBPE3Cb4NHRg78RTm/r
m3a/urVc2N7FLJTCfePNQ9YnehwHsZYkWBP3QiplCX/cuGu5qUjO5E1GpoaiSOCa
taTaxwN2hMp4YKJI/ku0Sr2vOdKE7Horte6rNGhZL2AR16o5LJJWK8kVjdE+zJ9m
lUO86EkrQn/1IxPxpGlaDHY0k7sIbOOUZ4Ff1rvg9Uk0pbhoU5v+0Rk+KQd6G3tq
03kGAyTplnqlr4cdkpg7HAcbk6n71ytP/s+O4qdszbmw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:25 2024 by rpki-client on console-ams.rpki-client.org